tinstallation script - coffin - secure lan file storage on a device
HTML git clone git://parazyd.org/coffin.git
DIR Log
DIR Files
DIR Refs
DIR Submodules
DIR README
DIR LICENSE
---
DIR commit f93af1133909fc68bb6a6d4aa83a219750a197b8
DIR parent 261391f4c40c528e0ae379dfb7eed32bf99a1e38
HTML Author: parazyd <parazyd@dyne.org>
Date: Tue, 29 Mar 2016 17:00:43 +0200
installation script
Diffstat:
M Makefile | 5 +----
A conf/README | 9 +++++++++
A conf/coffindav.conf | 14 ++++++++++++++
A conf/config.sh | 102 +++++++++++++++++++++++++++++++
A conf/davpass | 3 +++
A conf/webdav.skel | 12 ++++++++++++
6 files changed, 141 insertions(+), 4 deletions(-)
---
DIR diff --git a/Makefile b/Makefile
t@@ -1,9 +1,6 @@
all:
make -C src/tomb/kdf-keys
- @echo
- @echo "Stuff compiled. Run `make install` as root to install"
- @echo "and configure coffin on this device..."
- @echo
+ @./conf/config.sh checkdep
install:
make -C src/tomb install
DIR diff --git a/conf/README b/conf/README
t@@ -0,0 +1,9 @@
+To generate a WebDAV login entry by yourself, issue
+
+`echo -n "yourUsername:WebDAV:" \
+ && echo -n "yourUsername:WebDAV:yourDavPassword" \
+ | md5sum \
+ | awk '{print $1}'`
+
+and add the output to 'davpasswd' which is located in the
+apache directory. Or add it now here, before installing.
DIR diff --git a/conf/coffindav.conf b/conf/coffindav.conf
t@@ -0,0 +1,14 @@
+<IfModule mod_ssl.c>
+ <VirtualHost _default_:443>
+ # Apache2.4 configuration file for coffin's WebDAV
+ # Will be additionally filled up after you use it.
+
+ ServerAdmin dav@coffin
+ DocumentRoot /var/www/html
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/coffin/coffin.pem
+ SSLCertificateKeyFile /etc/ssl/coffin/coffin.key
+
+ </VirtualHost>
+</IfModule>
DIR diff --git a/conf/config.sh b/conf/config.sh
t@@ -0,0 +1,102 @@
+#!/usr/bin/env zsh
+#
+# configuration script for coffin. run only through Makefile
+#
+# ~ parazyd
+
+# `make`
+[[ $1 == "checkdep" ]] && {
+ missing=()
+ which apache2 >/dev/null || missing+=(apache)
+ which cryptsetup >/dev/null || missing+=(cryptsetup)
+ which inotifywatch >/dev/null || missing+=(inotify-tools)
+ which wipe >/dev/null || missing+=(wipe)
+ which pinentry >/dev/null || missing+=(pinentry)
+ which pwgen >/dev/null || missing+=(pwgen)
+ which gettext >/dev/null || missing+=(gettext)
+ which openssl >/dev/null || missing+=(openssl)
+# Optional:
+# which haveged || missing+=(haveged)
+# which sshfs || missing+=(sshfs)
+ (( $#missing == 0 )) || {
+ for i in $missing; do
+ print "$i is missing."
+ done
+ print "Please install and retry."
+ return 1
+ }
+ print "All dependencies solved, run 'make install' as root"
+ print "to install and configure coffin on this device."
+ return 0
+}
+
+# `make install`
+[[ $1 == "snowman" || $1 == "unsnowman" ]] && {
+ [[ $UID = 0 ]] || {
+ print "You must run this as root!"
+ return 1
+ }
+}
+
+edit-sudo() {
+ print "%coffin coffin=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)
+ [[ $? = 0 ]] && print "Added coffin group to sudoers"
+}
+
+# because all cool software has snowmen in them
+[[ $1 == "snowman" ]] && {
+ pushd `pwd`/conf
+
+ # install files
+ install -m640 coffindav.conf /etc/apache2/sites-available/
+ install -m600 davpasswd /etc/apache2/
+
+ # ssl
+ print "Generating ssl certificate..."
+ openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \
+ -keyout coffin.key -out coffin.pem
+ [[ $? = 0 ]] || {
+ print "Failed generating openssl certificate."
+ return 1
+ }
+
+ mkdir -p /etc/ssl/coffin
+ install -m 444 coffin.pem /etc/ssl/coffin/
+ install -m 400 coffin.key /etc/ssl/coffin/
+ print "Done!"
+
+ # Apache
+ apachemods=(dav dav_fs dav_lock ssl)
+ print "Enabling Apache modules..."
+ for i in $apachemods; do
+ a2enmod $i
+ done
+
+ a2ensite coffindav.conf
+
+ print "Creating coffin group..."
+ groupadd coffin && print "Done!"
+
+ /etc/init.d/apache2 restart
+ [[ -f /etc/init.d/ssh ]] && { /etc/init.d/ssh start }
+
+ edit-sudo
+
+ # TODO: add initscript
+
+ print "Successfully installed and configured coffin!"
+
+ print "######################################"
+ fprint=`openssl x509 -noout -in coffin.pem -fingerprint \
+ awk -F\= '{print $2}'`
+ print "The fingerptint of your SSL certificate is: $fprint"
+ print "Compare it and/or set is as trusted when you connect to coffin."
+ print "######################################"
+
+ popd
+}
+
+[[ $1 == "unsnowman" ]] && {
+ print "Uninstalling coffin. Why? Why? Why?"
+ print "*cries*\n"
+}
DIR diff --git a/conf/davpass b/conf/davpass
t@@ -0,0 +1,3 @@
+# This is the htpasswd file of coffin. It will be filled
+# by usage, or you can fill it up manually. See the README
+# for more info.
DIR diff --git a/conf/webdav.skel b/conf/webdav.skel
t@@ -0,0 +1,12 @@
+# Add this to /etc/apache2/sites-enabled/coffindav.conf
+
+alias /yourTombName /media/yourTombName
+<Directory "/media/yourTombName">
+ Dav On
+ AllowOverride none
+ Options Indexes FollowSymlinks
+ AuthType Digest
+ AuthName WebDAV
+ AuthUserFile /etc/apache2/davpasswd
+ Require user yourCoffinUsername
+</Directory>