def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h",
['help', 'virtual-subnet=', 'domain='])
except getopt.GetoptError as e:
usage(e)
profile = ""
virtual_subnet = ""
domain = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--profile':
profile = val
elif opt == '--virtual-subnet':
virtual_subnet = val
elif opt == '--domain':
domain = val
dialog = Dialog("TurnKey Linux - First boot configuration")
if not profile:
profile = dialog.menu(
"Wireguard Profile",
"Choose a profile for this server.\n\n* Server: clients will route traffic through the VPN.",
[('server', 'Accccept VPN connections from clients*'),
('client', 'Initiate VPN connections to a server')])
if not profile in ('server', 'client'):
fatal(f'invalid profile: {profile!r}')
if profile == 'client':
return
if not virtual_subnet:
virtual_subnet = dialog.get_input(
"Wireguard Virtual Address",
"Enter IP address in CIDR of server reachable by clients",
"10.0.0.0/8")
if not domain:
domain = dialog.get_input(
"Wireguard Public Address",
"Used in client configuration as wireguard endpoint",
"www.example.com")
cmd = os.path.join(os.path.dirname(os.path.abspath(__file__)),
'wireguard-server-init.sh')
subprocess.run([cmd, virtual_subnet, domain])
elif opt == '--key-email':
key_email = val
elif opt == '--public-address':
public_address = val
elif opt == '--virtual-subnet':
virtual_subnet = val
elif opt == '--private-subnet':
private_subnet = val
dialog = Dialog('TurnKey Linux - First boot configuration')
if not profile:
profile = dialog.menu(
"OpenVPN Profile",
"Choose a profile for this server.\n\n* Gateway: clients will be configured to route all\n their traffic through the VPN.",
[
('server', 'Accept VPN connections from clients'),
('gateway', 'Accept VPN connections from clients*'),
('client', 'Initiate VPN connections to a server')
])
if not profile in ('server', 'gateway', 'client'):
fatal('invalid profile: %s' % profile)
if profile == "client":
return
if not key_email:
key_email = dialog.get_email(
"OpenVPN Email",
"Enter email address for the OpenVPN server key.",
"*****@*****.**")
profile = val
elif opt == '--key-email':
key_email = val
elif opt == '--public-address':
public_address = val
elif opt == '--virtual-subnet':
virtual_subnet = val
elif opt == '--private-subnet':
private_subnet = val
dialog = Dialog('TurnKey Linux - First boot configuration')
if not profile:
profile = dialog.menu(
"OpenVPN Profile",
"Choose a profile for this server.\n\n* Gateway: clients will be configured to route all\n their traffic through the VPN.",
[('server', 'Accept VPN connections from clients'),
('gateway', 'Accept VPN connections from clients*'),
('client', 'Initiate VPN connections to a server')])
if not profile in ('server', 'gateway', 'client'):
fatal('invalid profile: %s' % profile)
if profile == "client":
return
if not key_email:
key_email = dialog.get_email(
"OpenVPN Email", "Enter email address for the OpenVPN server key.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', key_email)
variant_cur = os.path.basename(os.path.realpath(APP_DEFAULT_PATH))
variant_avail = map(lambda d: os.path.basename(d), glob.glob(os.path.join(APPS_PATH, 'foodsoft-*')))
if len(variant_avail) == 1:
variant = variant_avail[0]
elif not variant:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
# put foodsoft-standard in front of the list
variant_avail.insert(0, variant_avail.pop(variant_avail.index('foodsoft-standard')))
# and give all of them titles
choices = map(lambda c: [c, foodsoft_variant_desc(c)], variant_avail)
variant = d.menu(
"Foodsoft variant",
"Select which version of Foodsoft you'd like to use.",
choices=choices)
print "Please wait ..."
# need mysql running for these updates
popen('service mysql status >/dev/null || service mysql start').wait()
if variant_cur != variant:
# use chosen variant
os.unlink(APP_DEFAULT_PATH)
os.symlink(variant, APP_DEFAULT_PATH)
# since we switched directory, we may need to regenerate the secret key; also restarts webapp
popen('/usr/lib/inithooks/firstboot.d/20regen-rails-secrets').wait()
popen('bundle exec rake -s db:migrate').wait()
popen('bundle exec whenever --user www-data --write-crontab').wait()
variant_avail = map(lambda d: os.path.basename(d),
glob.glob(os.path.join(APPS_PATH, 'foodsoft-*')))
if len(variant_avail) == 1:
variant = variant_avail[0]
elif not variant:
if 'd' not in locals():
d = Dialog('TurnKey Linux - First boot configuration')
# put foodsoft-standard in front of the list
variant_avail.insert(
0, variant_avail.pop(variant_avail.index('foodsoft-standard')))
# and give all of them titles
choices = map(lambda c: [c, foodsoft_variant_desc(c)], variant_avail)
variant = d.menu("Foodsoft variant",
"Select which version of Foodsoft you'd like to use.",
choices=choices)
print "Please wait ..."
# need mysql running for these updates
popen('service mysql status >/dev/null || service mysql start').wait()
if variant_cur != variant:
# use chosen variant
os.unlink(APP_DEFAULT_PATH)
os.symlink(variant, APP_DEFAULT_PATH)
# since we switched directory, we may need to regenerate the secret key; also restarts webapp
popen('/usr/lib/inithooks/firstboot.d/20regen-rails-secrets').wait()
popen('bundle exec rake -s db:migrate').wait()
popen('bundle exec whenever --user www-data --write-crontab').wait()
def main():
try:
opts, args = getopt.gnu_getopt(
sys.argv[1:], "h",
['help', 'pass='******'ip_bind=', 'protected_mode='])
except getopt.GetoptError as e:
usage(e)
password = ""
bind = ""
protected_mode = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--bind':
bind = val
elif opt == '--pass':
password = val
elif opt == '--protected_mode':
protected_mode = val
if not password:
d = Dialog('TurnKey Linux - First boot configuration')
password = d.get_password(
"Redis-commander 'admin' password",
"Enter password for 'addmin' access to redis-commander UI")
if not bind:
d = Dialog('TurnKey Linux - First boot configuration')
bind = d.menu(
"Interface(s) for Redis to bind to",
("Inteface for Redis to bind to?\n\nIf you wish to securely"
" allow remote connections using 'all', ensure the system"
" firewall is enabled & block all traffic on port 6379,"
" except for the desired remote IP(s).\n\nManually edit the"
" config file to set a custom interface."),
choices=(("localhost",
"Redis will not respond to remote computer"),
("all", "Redis will allow all connections")))
if bind == "all":
bind_ip = "0.0.0.0"
else:
bind_ip = "127.0.0.1"
if not protected_mode:
d = Dialog('TurnKey Linux - First boot configuration')
protected_mode = d.yesno(
'Keep protected-mode enabled?',
"In protected mode Redis only replies to queries from"
" localhost. Clients connecting from other addresses will"
" receive an error, noting why & how to configure Redis.\n"
"\nUnless you set really good password, this is recommended",
'Yes', 'No')
protected_mode_string = {True: "yes", False: "no"}
conf = "/etc/redis/redis.conf"
redis_commander_conf = "/etc/init.d/redis-commander"
subprocess.run(["sed", "-i", "s|^bind .*|bind %s|" % bind_ip, conf])
subprocess.run([
"sed", "-i",
"s|^protected-mode .*|protected-mode %s|" %
protected_mode_string[protected_mode], conf
])
subprocess.run([
"sed", "-i",
"s|--http-auth-password=.*|--http-auth-password=%s|" % password,
redis_commander_conf
])
# restart redis and redis commander if running so change takes effect
try:
subprocess.run(
["systemctl", "is-active", "--quiet", "redis-server.service"])
subprocess.run(["service", "redis-server", "restart"])
except ExecError as e:
pass
try:
subprocess.run(
["systemctl", "is-active", "--quiet", "redis-commander.service"])
subprocess.run(["systemctl", "daemon-reload"])
subprocess.run(["service", "redis-commander", "restart"])
except ExecError as e:
pass
def main():
try:
opts, args = getopt.gnu_getopt(sys.argv[1:], "h", [
'help', 'profile=', 'key-email=', 'public-address=',
'virtual-subnet=', 'private-subnet='
])
except getopt.GetoptError as e:
usage(e)
profile = ""
key_email = ""
public_address = ""
virtual_subnet = ""
private_subnet = ""
redirect_client_gateway = ""
for opt, val in opts:
if opt in ('-h', '--help'):
usage()
elif opt == '--profile':
profile = val
elif opt == '--key-email':
key_email = val
elif opt == '--public-address':
public_address = val
elif opt == '--virtual-subnet':
virtual_subnet = val
elif opt == '--private-subnet':
private_subnet = val
dialog = Dialog('TurnKey Linux - First boot configuration')
if not profile:
profile = dialog.menu(
"OpenVPN Profile",
"Choose a profile for this server.\n\n* Gateway: clients will be configured to route all\n their traffic through the VPN.",
[('server', 'Accept VPN connections from clients'),
('gateway', 'Accept VPN connections from clients*'),
('client', 'Initiate VPN connections to a server')])
if not profile in ('server', 'gateway', 'client'):
fatal('invalid profile: %s' % profile)
if profile == "client":
return
if not key_email:
key_email = dialog.get_email(
"OpenVPN Email", "Enter email address for the OpenVPN server key.",
"*****@*****.**")
inithooks_cache.write('APP_EMAIL', key_email)
if not public_address:
public_address = dialog.get_input(
"OpenVPN Public Address",
"Enter FQDN or IP address of server reachable by clients",
"vpn.example.com")
auto_virtual_subnet = "10.%d.%d.0/24" % (r(2, 254), r(2, 254))
if not virtual_subnet:
virtual_subnet = dialog.get_input(
"OpenVPN Virtual Subnet",
"Enter CIDR subnet address pool to allocate to clients. This server will be configured with x.x.x.1. The CIDR must not be in-use on your network.",
auto_virtual_subnet)
if virtual_subnet.upper() == "AUTO":
virtual_subnet = auto_virtual_subnet
if profile == "server":
if not private_subnet:
retcode, private_subnet = dialog.inputbox(
"OpenVPN Private Subnet",
"Enter CIDR subnet behind server for clients to reach.",
"10.0.1.0/24", "Apply", "Skip")
if private_subnet.upper() == "SKIP":
private_subnet = ""
cmd = os.path.join(os.path.dirname(__file__), 'openvpn-server-init.sh')
subprocess.run([cmd, key_email, public_address, virtual_subnet])
if profile == "gateway":
fh = open("/etc/openvpn/server.conf", "a")
fh.write(
"# configure clients to route all their traffic through the vpn\n")
fh.write("push \"redirect-gateway def1 bypass-dhcp\"\n\n")
fh.close()
if private_subnet:
fh = open("/etc/openvpn/server.conf", "a")
fh.write(
"# push routes to clients to allow them to reach private subnets\n"
)
for _private_subnet in private_subnet.split(','):
fh.write("push \"route %s\"\n" % expand_cidr(_private_subnet))
fh.close()
subprocess.run(['systemctl', 'start', 'openvpn@server'])
