def main(): try: opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ['help', 'virtual-subnet=', 'domain=']) except getopt.GetoptError as e: usage(e) profile = "" virtual_subnet = "" domain = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--profile': profile = val elif opt == '--virtual-subnet': virtual_subnet = val elif opt == '--domain': domain = val dialog = Dialog("TurnKey Linux - First boot configuration") if not profile: profile = dialog.menu( "Wireguard Profile", "Choose a profile for this server.\n\n* Server: clients will route traffic through the VPN.", [('server', 'Accccept VPN connections from clients*'), ('client', 'Initiate VPN connections to a server')]) if not profile in ('server', 'client'): fatal(f'invalid profile: {profile!r}') if profile == 'client': return if not virtual_subnet: virtual_subnet = dialog.get_input( "Wireguard Virtual Address", "Enter IP address in CIDR of server reachable by clients", "10.0.0.0/8") if not domain: domain = dialog.get_input( "Wireguard Public Address", "Used in client configuration as wireguard endpoint", "www.example.com") cmd = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'wireguard-server-init.sh') subprocess.run([cmd, virtual_subnet, domain])
elif opt == '--key-email': key_email = val elif opt == '--public-address': public_address = val elif opt == '--virtual-subnet': virtual_subnet = val elif opt == '--private-subnet': private_subnet = val dialog = Dialog('TurnKey Linux - First boot configuration') if not profile: profile = dialog.menu( "OpenVPN Profile", "Choose a profile for this server.\n\n* Gateway: clients will be configured to route all\n their traffic through the VPN.", [ ('server', 'Accept VPN connections from clients'), ('gateway', 'Accept VPN connections from clients*'), ('client', 'Initiate VPN connections to a server') ]) if not profile in ('server', 'gateway', 'client'): fatal('invalid profile: %s' % profile) if profile == "client": return if not key_email: key_email = dialog.get_email( "OpenVPN Email", "Enter email address for the OpenVPN server key.", "*****@*****.**")
profile = val elif opt == '--key-email': key_email = val elif opt == '--public-address': public_address = val elif opt == '--virtual-subnet': virtual_subnet = val elif opt == '--private-subnet': private_subnet = val dialog = Dialog('TurnKey Linux - First boot configuration') if not profile: profile = dialog.menu( "OpenVPN Profile", "Choose a profile for this server.\n\n* Gateway: clients will be configured to route all\n their traffic through the VPN.", [('server', 'Accept VPN connections from clients'), ('gateway', 'Accept VPN connections from clients*'), ('client', 'Initiate VPN connections to a server')]) if not profile in ('server', 'gateway', 'client'): fatal('invalid profile: %s' % profile) if profile == "client": return if not key_email: key_email = dialog.get_email( "OpenVPN Email", "Enter email address for the OpenVPN server key.", "*****@*****.**") inithooks_cache.write('APP_EMAIL', key_email)
variant_cur = os.path.basename(os.path.realpath(APP_DEFAULT_PATH)) variant_avail = map(lambda d: os.path.basename(d), glob.glob(os.path.join(APPS_PATH, 'foodsoft-*'))) if len(variant_avail) == 1: variant = variant_avail[0] elif not variant: if 'd' not in locals(): d = Dialog('TurnKey Linux - First boot configuration') # put foodsoft-standard in front of the list variant_avail.insert(0, variant_avail.pop(variant_avail.index('foodsoft-standard'))) # and give all of them titles choices = map(lambda c: [c, foodsoft_variant_desc(c)], variant_avail) variant = d.menu( "Foodsoft variant", "Select which version of Foodsoft you'd like to use.", choices=choices) print "Please wait ..." # need mysql running for these updates popen('service mysql status >/dev/null || service mysql start').wait() if variant_cur != variant: # use chosen variant os.unlink(APP_DEFAULT_PATH) os.symlink(variant, APP_DEFAULT_PATH) # since we switched directory, we may need to regenerate the secret key; also restarts webapp popen('/usr/lib/inithooks/firstboot.d/20regen-rails-secrets').wait() popen('bundle exec rake -s db:migrate').wait() popen('bundle exec whenever --user www-data --write-crontab').wait()
variant_avail = map(lambda d: os.path.basename(d), glob.glob(os.path.join(APPS_PATH, 'foodsoft-*'))) if len(variant_avail) == 1: variant = variant_avail[0] elif not variant: if 'd' not in locals(): d = Dialog('TurnKey Linux - First boot configuration') # put foodsoft-standard in front of the list variant_avail.insert( 0, variant_avail.pop(variant_avail.index('foodsoft-standard'))) # and give all of them titles choices = map(lambda c: [c, foodsoft_variant_desc(c)], variant_avail) variant = d.menu("Foodsoft variant", "Select which version of Foodsoft you'd like to use.", choices=choices) print "Please wait ..." # need mysql running for these updates popen('service mysql status >/dev/null || service mysql start').wait() if variant_cur != variant: # use chosen variant os.unlink(APP_DEFAULT_PATH) os.symlink(variant, APP_DEFAULT_PATH) # since we switched directory, we may need to regenerate the secret key; also restarts webapp popen('/usr/lib/inithooks/firstboot.d/20regen-rails-secrets').wait() popen('bundle exec rake -s db:migrate').wait() popen('bundle exec whenever --user www-data --write-crontab').wait()
def main(): try: opts, args = getopt.gnu_getopt( sys.argv[1:], "h", ['help', 'pass='******'ip_bind=', 'protected_mode=']) except getopt.GetoptError as e: usage(e) password = "" bind = "" protected_mode = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--bind': bind = val elif opt == '--pass': password = val elif opt == '--protected_mode': protected_mode = val if not password: d = Dialog('TurnKey Linux - First boot configuration') password = d.get_password( "Redis-commander 'admin' password", "Enter password for 'addmin' access to redis-commander UI") if not bind: d = Dialog('TurnKey Linux - First boot configuration') bind = d.menu( "Interface(s) for Redis to bind to", ("Inteface for Redis to bind to?\n\nIf you wish to securely" " allow remote connections using 'all', ensure the system" " firewall is enabled & block all traffic on port 6379," " except for the desired remote IP(s).\n\nManually edit the" " config file to set a custom interface."), choices=(("localhost", "Redis will not respond to remote computer"), ("all", "Redis will allow all connections"))) if bind == "all": bind_ip = "0.0.0.0" else: bind_ip = "127.0.0.1" if not protected_mode: d = Dialog('TurnKey Linux - First boot configuration') protected_mode = d.yesno( 'Keep protected-mode enabled?', "In protected mode Redis only replies to queries from" " localhost. Clients connecting from other addresses will" " receive an error, noting why & how to configure Redis.\n" "\nUnless you set really good password, this is recommended", 'Yes', 'No') protected_mode_string = {True: "yes", False: "no"} conf = "/etc/redis/redis.conf" redis_commander_conf = "/etc/init.d/redis-commander" subprocess.run(["sed", "-i", "s|^bind .*|bind %s|" % bind_ip, conf]) subprocess.run([ "sed", "-i", "s|^protected-mode .*|protected-mode %s|" % protected_mode_string[protected_mode], conf ]) subprocess.run([ "sed", "-i", "s|--http-auth-password=.*|--http-auth-password=%s|" % password, redis_commander_conf ]) # restart redis and redis commander if running so change takes effect try: subprocess.run( ["systemctl", "is-active", "--quiet", "redis-server.service"]) subprocess.run(["service", "redis-server", "restart"]) except ExecError as e: pass try: subprocess.run( ["systemctl", "is-active", "--quiet", "redis-commander.service"]) subprocess.run(["systemctl", "daemon-reload"]) subprocess.run(["service", "redis-commander", "restart"]) except ExecError as e: pass
def main(): try: opts, args = getopt.gnu_getopt(sys.argv[1:], "h", [ 'help', 'profile=', 'key-email=', 'public-address=', 'virtual-subnet=', 'private-subnet=' ]) except getopt.GetoptError as e: usage(e) profile = "" key_email = "" public_address = "" virtual_subnet = "" private_subnet = "" redirect_client_gateway = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--profile': profile = val elif opt == '--key-email': key_email = val elif opt == '--public-address': public_address = val elif opt == '--virtual-subnet': virtual_subnet = val elif opt == '--private-subnet': private_subnet = val dialog = Dialog('TurnKey Linux - First boot configuration') if not profile: profile = dialog.menu( "OpenVPN Profile", "Choose a profile for this server.\n\n* Gateway: clients will be configured to route all\n their traffic through the VPN.", [('server', 'Accept VPN connections from clients'), ('gateway', 'Accept VPN connections from clients*'), ('client', 'Initiate VPN connections to a server')]) if not profile in ('server', 'gateway', 'client'): fatal('invalid profile: %s' % profile) if profile == "client": return if not key_email: key_email = dialog.get_email( "OpenVPN Email", "Enter email address for the OpenVPN server key.", "*****@*****.**") inithooks_cache.write('APP_EMAIL', key_email) if not public_address: public_address = dialog.get_input( "OpenVPN Public Address", "Enter FQDN or IP address of server reachable by clients", "vpn.example.com") auto_virtual_subnet = "10.%d.%d.0/24" % (r(2, 254), r(2, 254)) if not virtual_subnet: virtual_subnet = dialog.get_input( "OpenVPN Virtual Subnet", "Enter CIDR subnet address pool to allocate to clients. This server will be configured with x.x.x.1. The CIDR must not be in-use on your network.", auto_virtual_subnet) if virtual_subnet.upper() == "AUTO": virtual_subnet = auto_virtual_subnet if profile == "server": if not private_subnet: retcode, private_subnet = dialog.inputbox( "OpenVPN Private Subnet", "Enter CIDR subnet behind server for clients to reach.", "10.0.1.0/24", "Apply", "Skip") if private_subnet.upper() == "SKIP": private_subnet = "" cmd = os.path.join(os.path.dirname(__file__), 'openvpn-server-init.sh') subprocess.run([cmd, key_email, public_address, virtual_subnet]) if profile == "gateway": fh = open("/etc/openvpn/server.conf", "a") fh.write( "# configure clients to route all their traffic through the vpn\n") fh.write("push \"redirect-gateway def1 bypass-dhcp\"\n\n") fh.close() if private_subnet: fh = open("/etc/openvpn/server.conf", "a") fh.write( "# push routes to clients to allow them to reach private subnets\n" ) for _private_subnet in private_subnet.split(','): fh.write("push \"route %s\"\n" % expand_cidr(_private_subnet)) fh.close() subprocess.run(['systemctl', 'start', 'openvpn@server'])