#!/bin/sh # Bare Metal Alchemist, 2022 ############################################# # Copper - ♀ # ############################################# # Copper wires form the backbone of electrical systems worldwide # and much of the internet as a whole. # This ingredient is focused around scripts that make it easier to # interact with and create new networks on your system. locate_torrc() { if [ -n $TORRCPATH ]; then if [ -f $HOME/.tor/torrc ]; then TORRCPATH="${HOME}/.tor/torrc" elif [ -f /usr/local/etc/tor/torrc ]; then TORRCPATH='/usr/local/etc/tor/torrc' elif [ -f /etc/tor/torrc ]; then TORRCPATH='/etc/tor/torrc' else echo -e "${RED}Uh oh...${RESET} I couldn't figure out where your torrc file is. That might cause some issues" sleep 3 echo "Anyways..." sleep 2 fi fi echo -e "Your torrc is located at ${BLUE}${TORRCPATH}${RESET}" remember "TORRCPATH=${TORRCPATH}" } configure_tor() { locate_torrc echo -e "Your existing torrc file has the following settings: " echo "" cat $TORRCPATH | grep '^[^#]' echo "" echo -en "Would you like to reset it?: ${BLUE}(y/n)${RESET} " read torrc_reset case $torrc_reset in "Y" | "y") cp resources/torrc-template . sudo sed -i "s#USER#${USER}#g" torrc-template sudo sed -i "s#HOME#${HOME}#g" torrc-template sudo mv torrc-template $TORRCPATH echo -e "${GREEN}Torrc file reset!${RESET}" ;; '*') echo "Okay, we'll leave it as is." ;; esac echo "" echo -e "Tor configuration ${GREEN}complete!${RESET}" } get_external_ip() { case $DISTRO in "arch") install_if_needed dnsutils ;; "*") #install_if_needed dig echo "Not yet supported! Feel free to help out here :)" ;; esac EXTERNAL_IP=$(dig @resolver4.opendns.com myip.opendns.com +short) echo "Your external IP is ${BLUE}$EXTERNAL_IP${RESET}" remember "EXTERNAL_IP=$EXTERNAL_IP" } initialize_nginx() { echo -e "${BOLD}Installing and configuring NGINX${RESET}" echo "" install_if_needed nginx # Making sure this version of NGINX supports sites-enabled if [[ -z $(sudo cat /etc/nginx/nginx.conf | grep sites-enabled) ]]; then sudo mkdir -p /etc/nginx/sites-available sudo mkdir -p /etc/nginx/sites-enabled sudo cp resources/nginx/base.nginx.conf /etc/nginx/nginx.conf fi sudo mkdir -p /etc/nginx/logs } make_site() { SITE=${1} shift if [ -f resources/nginx/${SITE}.nginx.conf ]; then NGINX_SITE_LOCATION=/etc/nginx/sites-available/${SITE} if [ -f $NGINX_SITE_LOCATION ]; then echo -e "You already have a site available for ${BLUE}${SITE}${RESET}, what would you like to do?" echo -en "${BOLD}R${RESET}eset it, ${BOLD}A${RESET}ctivate it, or do ${BOLD}N${RESET}othing? (r/a/n): " read whatdo case $whatdo in "R" | "r") echo "Resetting sites-available/${SITE}" sudo rm /etc/nginx/sites-available/${SITE} ;; "A" | "a") echo "Activating sites-available/${SITE}" if [ ! -e /etc/nginx/sites-enabled/${SITE} ]; then sudo ln -s /etc/nginx/sites-available/${SITE} /etc/nginx/sites-enabled/ fi ;; "N" | "n") echo "Okay, we'll leave it be." ;; *) echo "Instructions unclear, accidentally an choice" ;; esac echo "" fi if [ ! -f $NGINX_SITE_LOCATION ]; then sudo cp resources/nginx/${SITE}.nginx.conf $NGINX_SITE_LOCATION for keyval; do KEY=$(echo $keyval | cut -d'=' -f 1) VAL=$(echo $keyval | cut -d'=' -f 2) echo "Substituting $KEY for $VAL" sudo sed -i "s#$KEY#$VAL#g" $NGINX_SITE_LOCATION done if [ ! -e /etc/nginx/sites-enabled/${SITE} ]; then sudo ln -s /etc/nginx/sites-available/${SITE} /etc/nginx/sites-enabled/ fi fi else echo "" echo -e "${RED}Sorry${RESET}, ${SITE} isn't available as an nginx template" echo "We have..." echo `ls resources/nginx` fi } get_domain() { if [ ! -z $DOMAIN ]; then echo -e "Your domain name is currently set to ${BLUE}${DOMAIN}${RESET}" echo -ne "would you like to change it? ${BLUE}(y/n): ${RESET}" read newdns case $newdns in y | Y) forget "DOMAIN" ;; esac echo "" fi if [ -z $DOMAIN ]; then echo -en "Do you have a domain name pointing to this computer? ${BLUE}(y/n)${RESET}: " read dns echo "" case $dns in y | Y) echo "Good to hear! What is it?" OKAY=0 while [ $OKAY -eq 0 ]; do echo -n "http://" read DOMAIN echo "" echo -ne "is ${BLUE}http://${DOMAIN}${RESET} correct? ${BLUE}(y/n): ${RESET}" read correct case $correct in y | Y) OKAY=1 ;; *) echo "Okay, let's try again! What is your domain name?" ;; esac done echo -e "${BLUE}${DOMAIN}${RESET}, got it." remember "DOMAIN=${DOMAIN}" ;; *) echo "Okay, let's just leave it open for now." ;; esac fi } configure_domain_for_site() { get_domain if [ -f /etc/nginx/sites-enabled/${1} ]; then if [ ! -z $DOMAIN ]; then sudo sed -i "s#server_name.*#server_name $DOMAIN;#" /etc/nginx/sites-enabled/${1} else echo "You didn't provide a domain to configure!" fi else echo "Sorry, we don't have a site enabled for ${1}" fi echo "" } enable_ssl() { if [ ! -z $SSL ]; then echo "We've already gone through the SSL enabling process! Skipping" else if [ ! -z $DOMAIN ]; then read -p "Would you like to enable SSL via Certbot? (y/n): " -n1 ssl echo "" case $ssl in y | Y) echo "Alright, let's get Certbot in here!" install_if_needed python3 certbot python3-certbot-nginx echo -e "${BOLD}Take it away, Certbot${NC}" SSL=$(sudo certbot --nginx) remember "SSL=$SSL" ;; *) echo "Yea, SSL is like, totally whatever anyways..." ;; esac else echo "We can't configure SSL without a domain! Skipping" fi fi if [ -z $DOMAIN ]; then ACCESS_POINT=http://localhost else if [ -z $SSL ]; then ACCESS_POINT=http://$DOMAIN else ACCESS_POINT=https://$DOMAIN fi fi remember "ACCESS_POINT=${ACCESS_POINT}" } check_ports() { echo -e "${BOLD}Checking Port Accessibility${RESET}" if [ -z $DOMAIN ]; then ADDR=$EXTERNAL_IP else ADDR=$DOMAIN fi echo -e "Querying this computer's network from ${BLUE}${ADDR}${RESET}" echo "" install_if_needed nmap nmap -Pn $EXTERNAL_IP > nmap.txt OPEN=1 if grep -qE "^80/.*(open|filtered)" nmap.txt; then echo -e "I can see port ${GREEN}80${RESET}!" else echo -e "Uh oh, port ${RED}80${RESET} isn't showing up..." OPEN=0 fi if grep -qE "^443/.*(open|filtered)" nmap.txt; then echo -e "I can see port ${GREEN}443${RESET} as well!" else echo -e "Uh oh, port ${RED}443${RESET} isn't showing up..." OPEN=0 fi rm nmap.txt echo "" # TODO I changed default to src on the line below - impact? LOCAL_IP=$(ip route | grep src | grep -oP "(?<=src )[^ ]+") ROUTER_IP=$(route -n | grep ^0.0.0.0 | awk '{print $2}') if [[ $OPEN -eq 0 ]]; then echo -e "${RED}Port configuration needed.${RESET} Something (probably your wireless router) is blocking us from serving this page to the rest of the internet." echo "Port forwarding is relatively simple, but as it stands it is beyond the scope of this script to be able to automate it." echo -e "You'll probably need to look up the login information for your specific router and forward the red ports to the local IP of this computer (${BOLD}${LOCAL_IP}${RESET})." echo -e "You can log into your router at this IP address: ${BOLD}${ROUTER_IP}${RESET}" echo "That's all the help I can give you regarding port forwarding. Good luck!" echo "" fi } # TODO Expose ports via firewalld # using yggdrasil could maybe fit in here