Add playSMS install, improve global install

2019-12-10 04:56:02 +01:00 · 2019-12-10 04:56:02 +01:00 · 16f6c4c0bf
parent ce4a730f6c
commit 16f6c4c0bf
12 changed files with 310 additions and 29 deletions
--- a/.install/1-install_requirements.sh
+++ b/.install/1-install_requirements.sh
--- a/.install/2-configure_ipfs_layer.sh
+++ b/.install/2-configure_ipfs_layer.sh
--- a/.install/3-install_copylaradio.sh
+++ b/.install/3-install_copylaradio.sh
--- a/.install/4-install_playsms.sh
+++ b/.install/4-install_playsms.sh
@ -0,0 +1,123 @@
+#!/bin/bash
+
+MY_PATH="`dirname \"$0\"`"              # relative
+MY_PATH="`( cd \"$MY_PATH\" && pwd )`"  # absolutized and normalized
+
+unset err
+
+echo -e "${c_yellow}Choisissez un nom de domain pour playsms: $c_"
+read PSMS_DOMAIN
+
+sudo apt -y update
+sudo apt -y install nginx php7.3-fpm php7.3-gd php7.3-mysql php7.3-curl php7.3-imap php7.3-mbstring php7.3-xml php7.3-cli mysql-server
+
+## Create database
+
+if [[ ! $(sudo mysql -e "show databases;" | grep playsms) ]]; then
+	sudo mysql -e "CREATE DATABASE playsms"
+	sudo mysql -e "CREATE USER 'playsms'@'localhost' IDENTIFIED BY 'playsms@mdp+';"
+	sudo mysql -e "GRANT ALL PRIVILEGES ON playsms.* TO 'playsms'@'localhost';"
+	sudo mysql -e "FLUSH PRIVILEGES;"
+fi
+
+## Clone repo playSMS
+git clone https://github.com/antonraharja/playSMS.git $MY_PATH/playsms
+
+cp $MY_PATH/templates/install-playsms.conf $MY_PATH/playsms/install.conf
+pwdDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 42 | head -n 1)
+sed -i "s/_pwdDB/$pwdDB/g" $MY_PATH/playsms/install.conf
+
+sudo chmod u+x $MY_PATH/playsms/install-playsms.sh
+cd $MY_PATH/playsms
+sudo ./install-playsms.sh
+cd $MY_PATH
+sudo rm -rf playsms
+
+
+## Start playsmsd on boot
+sudo /usr/local/bin/playsmsd start
+[[ ! $(grep playsmsd /etc/rc.local) ]] && sudo sed -i '/^exit 0.*/i /usr/local/bin/playsmsd start' /etc/rc.local
+
+## Tests
+if [[ $(sudo playsmsd status) =~ "is running" ]]; then
+	echo -e "${c_green}playSMS a été installé correctement et le daemon est démarré =)$c_"
+else
+	echo -e "${c_red}Une erreur est survenu$c_"
+	err=1
+fi
+
+## Config NGINX
+
+[[ ! -d /etc/nginx/def_conf ]] && sudo mkdir /etc/nginx/def_conf/
+sudo cp $MY_PATH/templates/proxypass.conf /etc/nginx/def_conf/
+sudo cp $MY_PATH/templates/playsms.conf /etc/nginx/conf.d/
+sudo sed -i "s/_PSMS_DOMAIN/$PSMS_DOMAIN/" /etc/nginx/conf.d/playsms.conf
+
+## Active SSL
+
+manageSSL() {
+
+	local action=$1
+	[[ ! $action =~ ^(on|off|certif)$ ]] && echo "Veuillez choisir ssl, nonssl ou certif pour créer un certificat ssl" && exit 1
+
+        install_certbot(){
+		if [[ $(grep buster /etc/os-release) ]]; then
+                	[[ -z $(cat /etc/apt/sources.list | grep "buster-backports main") ]] && echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
+                	sudo apt update
+                	sudo apt install certbot python-certbot-nginx -t buster-backports -y
+		elif [[ $(grep stretch /etc/os-release) ]]; then
+			sudo apt update
+			sudo apt install certbot python-certbot-nginx -y
+		fi
+        }
+
+        create_certificate() {
+		sudo certbot --nginx certonly --non-interactive --agree-tos -m $USER@$PSMS_DOMAIN -d $PSMS_DOMAIN && echo "Le certificat de $PSMS_DOMAIN a bien été déployé" || echo "Une erreur s'est produite lors de la création du certificat SSL"
+
+                ## Cronification
+                [[ ! -e /opt/scripts ]] && sudo mkdir /opt/scripts
+                sudo cp $MY_PATH/templates/ssl_renew.sh /opt/scripts/
+                [[ -z $(sudo crontab -l | grep "/opt/scripts/ssl_renew.sh") ]] && (sudo crontab -l ; sudo echo "12 2 * * 1 /opt/scripts/ssl_renew.sh") | sudo crontab -u root -
+        }
+
+
+	case $action in
+	on)
+		sudo sed -i 's/ #if/ if/' /etc/nginx/conf.d/playsms.conf
+
+		sudo sed -i "s/listen 443;/listen 443 ssl;/" /etc/nginx/conf.d/playsms.conf
+		[[ ! -d /etc/nginx/includes ]] && sudo mkdir /etc/nginx/includes
+		sudo cp $MY_PATH/templates/ssl.conf /etc/nginx/includes/
+		sudo sed -i "/Content-Security-Policy/a \   include includes/ssl.conf;\n   ssl_certificate /etc/letsencrypt/live/$PSMS_DOMAIN/fullchain.pem;\n   ssl_certificate_key /etc/letsencrypt/live/$PSMS_DOMAIN/privkey.pem;" /etc/nginx/conf.d/playsms.conf
+	;;
+
+	off)
+		sudo sed -i 's/ if/ #if/' /etc/nginx/conf.d/playsms.conf
+		sudo sed -i '/ssl.conf;/d' /etc/nginx/conf.d/playsms.conf
+		sudo sed -i '/ssl_certificate/d' /etc/nginx/conf.d/playsms.conf
+	;;
+        certif)
+                [[ -z $(which certbot) ]] && install_certbot
+                [[ -n /etc/letsencrypt/live/$PSMS_DOMAIN/fullchain.pem ]] && create_certificate
+        ;;
+
+	esac
+}
+
+echo -e "${c_yellow}playSMS ne fonctionne pas sans certifcat SSL.$c_"
+printf "${c_yellow}Voulez activer installer un certificat SSL maintenant pour $PSMS_DOMAIN ? (o/n) $c_"
+read askSSL
+if [[ $askSSL =~ ^(o|y|yes|oui|Y|O|YES)$ ]]; then
+	manageSSL certif
+	if sudo test -f /etc/letsencrypt/live/$PSMS_DOMAIN/fullchain.pem; then manageSSL on; else manageSSL off && echo "Une erreur s'est produite, basculement vers le mode non SSL"; fi
+	http=https
+else
+	manageSSL off
+	http=http
+fi
+
+sudo service nginx restart
+
+[[ ! $err ]] && echo -e "${c_green}Félicitation ! playSMS est accessible via l'URL $http://$PSMS_DOMAIN" || echo -e "${c_red}Installation incomplète$c_"
+
+exit 0
--- a/.install/templates/.profile
+++ b/.install/templates/.profile
@ -0,0 +1,7 @@
+#!/bin/bash
+
+ADMINPSEUDO=
+ADMINPHONE=
+MASTERPHONE=
+ADRESSE=
+
--- a/.install/templates/install-playsms.conf
+++ b/.install/templates/install-playsms.conf
@ -0,0 +1,43 @@
+# MySQL database username
+DBUSER="playsms"
+
+# MySQL database password
+DBPASS="_pwdDB"
+
+# MySQL database name
+DBNAME="playsms"
+
+# MySQL database host
+DBHOST="localhost"
+
+# MySQL database port
+DBPORT="3306"
+
+# Web server's user, for example apache2 user by default is www-data
+# note: please make sure your web server user
+WEBSERVERUSER="www-data"
+
+# Web server's group, for example apache2 group by default is www-data
+# note: please make sure your web server group
+WEBSERVERGROUP="www-data"
+
+# Path to playSMS extracted source files
+PATHSRC="$(pwd)"
+
+# Path to playSMS web files
+# note: please make sure your web root path, in this example its /var/www/html
+PATHWEB="/var/www/playsms"
+
+# Path to playSMS additional files
+PATHLIB="/var/www/playsms/lib/"
+
+# Path to playSMS daemon and other binary files
+PATHBIN="/usr/local/bin"
+
+# Path to playSMS log files
+PATHLOG="/var/log/playsms"
+
+# Path to playSMS daemon configuration file
+# note: this example will create playsmsd.conf in /etc
+PATHCONF="/etc"
+
--- a/.install/templates/playsms.conf
+++ b/.install/templates/playsms.conf
@ -0,0 +1,40 @@
+server {
+   listen 80;
+   listen 443;
+   listen [::]:443 ssl;
+   server_name _PSMS_DOMAIN;
+
+   add_header Content-Security-Policy upgrade-insecure-requests;
+   add_header 'Access-Control-Allow-Origin' '*';
+
+   #if ($http_x_forwarded_proto = "http") { return 301 https://$server_name$request_uri; }
+
+   location / {
+     try_files $uri/ $uri /index.php?/$request_uri; # =404;
+      include /etc/nginx/def_conf/proxypass.conf;
+   }
+
+
+   index  index.php index.html;
+   root	/var/www/playsms/;
+
+    # set expiration of assets to MAX for caching
+    location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {
+            expires max;
+            log_not_found off;
+    }
+
+   # php parsing
+   location ~ \.php$ {
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+   }
+
+   error_log  /var/log/nginx/playsms_error.log;
+   access_log  /var/log/nginx/playsms_access.log;
+
+
+}
+
--- a/.install/templates/proxypass.conf
+++ b/.install/templates/proxypass.conf
@ -0,0 +1,9 @@
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+proxy_set_header Host $http_host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forward-Proto http;
+proxy_set_header X-Nginx-Proxy true;
+
--- a/.install/templates/ssl.conf
+++ b/.install/templates/ssl.conf
@ -0,0 +1,16 @@
+   ssl_session_timeout 4h;
+   ssl_session_cache shared:SSL:50m;
+
+   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+   ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CBC-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+   ssl_prefer_server_ciphers on;
+
+   add_header Strict-Transport-Security max-age=15768000;
+
+   ssl_stapling on;
+   ssl_stapling_verify on;
+
+   resolver 8.8.8.8 8.8.4.4 valid=86400;
+   resolver_timeout 10;
+
+   ssl_session_tickets on;
--- a/.install/templates/ssl_renew.sh
+++ b/.install/templates/ssl_renew.sh
@ -0,0 +1,26 @@
+#!/bin/bash
+
+log="/var/log/ssl_renew.log"
+date=$(date +%d-%m-%Y)
+
+renew=$(certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start")
+
+echo "####################################################################################" >> $log
+echo "#################################### $date ####################################" >> $log
+echo "####################################################################################" >> $log
+
+echo "$renew" >> $log
+
+if [[ $renew = *"No hooks were run"* ]]; then
+  echo "Rien n'a été fait" >> $log
+else
+  sleep 5
+  sudo service nginx stop
+  sleep 1
+  killall nginx
+  sleep 3
+  sudo service nginx restart &>> $log
+  echo "Des certificats ont été renouvellés" >> $log
+fi
+
+exit 0
--- a/.profile
+++ b/.profile
@ -0,0 +1,7 @@
+#!/bin/bash
+
+ADMINPSEUDO=poka
+ADMINPHONE=0650573417
+MASTERPHONE=0699999999
+ADRESSE=Blois
+
--- a/install.sh
+++ b/install.sh
@ -8,59 +8,58 @@ MY_PATH="`dirname \"$0\"`"              # relative
 MY_PATH="`( cd \"$MY_PATH\" && pwd )`"  # absolutized and normalized
 init_loc="$MY_PATH/shell/init.sh"
 now=$(date +%Y-%m-%d)
-repOption=$1
-#force_req="o"

-## Update G1sms+ code
-git pull
+args="$@"
+[[ $args =~ all ]] && repOption=o
+[[ $args =~ noptions ]] && repOption=n
+[[ $args =~ force ]] && force_req=o
+[[ $args =~ noask ]] && noask=o

-chmod u+x $MY_PATH/.install/*.sh
+unset err

 if [ "$EUID" -eq 0 ]
  then echo -e "${c_red}Veuillez ne pas executez ce script en root. Choisissez un utilisateur pour votre serveur G1sms+ (nous recommandons l'utilisateur pi)$c_"
  exit 1
 fi

+## Update G1sms+ code
+git pull || err=1
+
+chmod u+x $MY_PATH/.install/*.sh
+
 $MY_PATH/.install/export_colors.sh
 [[ -f ~/.bash_aliases ]] && source ~/.bash_aliases

 ## Vérifie si IPFS est installé
 if [[ $force_req == "o" || -z $(which ipfs) || -z $(which gammu) ]];then
    echo -e "${c_yellow}IPFS ou gammu n'ont pas été détectés sur votre machine, nous allons installer tous les prérequis...$c_"
-    $MY_PATH/.install/install_requirements.sh
-    $MY_PATH/.install/configure_ipfs_layer.sh
+    $MY_PATH/.install/1-install_requirements.sh || err=1
+    $MY_PATH/.install/2-configure_ipfs_layer.sh || err=1
 else
    echo -e "${c_green}IPFS et gammu sont déjà installé !$c_"
 fi

 echo -e "${c_yellow}Ce script va désormais configurer votre noeud G1sms+$c_"
-IPFS=$(ps auxf --sort=+utime | grep -w ipfs | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1);
+YOU=$(ps auxf --sort=+utime | grep -w ipfs | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1);

+[[ -f .profile ]] && source .profile
 if [[ -f $MY_PATH/.install/templates/init.sh ]]; then
-    echo -e "${c_light}Quel est l'utilisateur du système IPFS (détecté: $IPFS)?$c_"
-    read YOU
-    if [[ "$YOU" == "" ]]; then YOU=$IPFS; fi
+    [[ ! $ADMINPSEUDO ]] && echo -e "${c_light}Votre PSEUDO? (celui de votre Compte membre Duniter)$c_" && read ADMINPSEUDO
+    [[ "$ADMINPSEUDO" == "" ]] && echo -e "${c_red}IMPOSSIBLE DE CONTINUER$c_" && exit 1

-    echo -e "${c_light}Votre PSEUDO? (celui de votre Compte membre Duniter)$c_"
-    read ADMINPSEUDO
-    if [[ "$ADMINPSEUDO" == "" ]]; then echo -e "${c_red}IMPOSSIBLE DE CONTINUER$c_"; exit; fi
+    [[ ! $ADMINPHONE ]] && echo -e "${c_light}Le Numéro de téléphone SMS Admin? (Support de ce noeud) (ex +33611223344)$c_" && read ADMINPHONE
+    [[ "$ADMINPHONE" == "" ]] && echo -e "${c_red}IMPOSSIBLE DE CONTINUER$c_" && exit 1

-    echo -e "${c_light}Le Numéro de téléphone SMS Admin? (Support de ce noeud) (ex +33611223344)$c_"
-    read ADMINPHONE
-    if [[ "$ADMINPHONE" == "" ]]; then echo -e "${c_red}IMPOSSIBLE DE CONTINUER$c_"; exit; fi
+    [[ ! $MASTERPHONE ]] && echo -e "${c_light}Le numéro de la carte SIM, du module SMS. AUCUNE liaison SMS? Laissez vide (défaut: +33600000000)$c_" && read MASTERPHONE
+    [[ "$MASTERPHONE" == "" ]] && MASTERPHONE="+33600000000"

-    echo -e "${c_light}Le numéro de la carte SIM, du module SMS. AUCUNE liaison SMS? Laissez vide (défaut: +33600000000)$c_"
-    read MASTERPHONE
-    if [[ "$MASTERPHONE" == "" ]]; then MASTERPHONE="+33600000000"; fi
+    [[ ! $ADRESSE ]] && echo -e "${c_light}L'adresse où se trouve votre G1Node pour indiquer où venir chercher ses G1Tag (ex: au G1FabLab de Toulouse)$c_" && read ADRESSE

-    echo -e "${c_light}L'adresse où se trouve votre G1Node pour indiquer où venir chercher ses G1Tag (ex: au G1FabLab de Toulouse)$c_"
-    read ADRESSE
-
-    echo -e "${c_light}${c_blue}LES PARAMETRES SONT BONS? Appliquer? ENTER ou CTRL-C ?$c_"
-    read
+    echo -e "ADMINPSEUDO: $ADMINPSEUDO\nADMINPHONE: $ADMINPHONE\nMASTERPHONE: $MASTERPHONE\nADRESSE: $ADRESSE"
+    [[ $noask != "o" ]] && echo -e "${c_light}${c_blue}LES PARAMETRES SONT BONS? Appliquer? ENTER ou CTRL-C ?$c_" && read

    [[ -f shell/init.sh ]] && mv shell/init.sh shell/init.sh.old
-    cp $MY_PATH/.install/templates/init.sh shell/init.sh
+    cp $MY_PATH/.install/templates/init.sh shell/init.sh || err=1

    sed -i s/pi/$YOU/g $init_loc
    sed -i s/+33600000000/$MASTERPHONE/g $init_loc
@ -68,13 +67,24 @@ if [[ -f $MY_PATH/.install/templates/init.sh ]]; then
    sed -i s/+33647683646/$ADMINPHONE/g $init_loc
    sed -i s/Fred/$ADMINPSEUDO/g $init_loc

-    cat $init_loc
+    cat $init_loc || err=1
 else
    echo -e "${c_red}init.sh introuvable...$c_"
+    err=1
    exit 1
 fi

-## Installation optionnel de copylaradio
+## Installations optionnels

+repOld=$repOption
 [[ -z $repOption ]] && echo -e "${c_yellow}Voulez-vous installer les modules complémentaires de copylaradio ? (o/n)$c_" && read repOption
-[[ $repOption =~ ^(o|1|yes|options)$ ]] && .install/install_optional.sh
+[[ $repOption =~ ^(o|1|yes|options|a|all)$ ]] && .install/3-install_copylaradio.sh; repOption=$repOld
+[[ -z $repOption ]] && echo -e "${c_yellow}Voulez-vous installer l'interface web playSMS ? (o/n)$c_" && read repOption
+[[ $repOption =~ ^(o|1|yes|options|a|all)$ ]] && .install/4-install_playsms.sh; repOption=$repOld
+
+if [[ $err ]]; then
+	echo -e "---\n${c_red}L'installation n'est mal déroulé =($c_"
+else
+	echo -e "---\n${c_green}L'installation de votre noeud G1SMS est terminé !\nBienvenue à bord =)$c_"
+fi
+exit 0