From d20914188f70fe6f6e0c54235c7a95fd041bc797 Mon Sep 17 00:00:00 2001 From: Zen Date: Wed, 2 Feb 2022 21:46:06 -0600 Subject: [PATCH] Done for the day (4 hours total) --- resources/ao-config | 31 ++++ resources/ao.nginx.conf | 17 +++ resources/sample_bitcoin.conf | 7 + resources/sample_lightning_config | 6 + resources/tor-service-template | 41 +++++ scripts/ao.sh | 240 ++++++++++++++++++++++++++++-- scripts/createPrivateKey.js | 18 +++ 7 files changed, 350 insertions(+), 10 deletions(-) create mode 100644 resources/ao-config create mode 100644 resources/ao.nginx.conf create mode 100644 resources/sample_bitcoin.conf create mode 100644 resources/sample_lightning_config create mode 100644 resources/tor-service-template create mode 100644 scripts/createPrivateKey.js diff --git a/resources/ao-config b/resources/ao-config new file mode 100644 index 0000000..8a3b8d7 --- /dev/null +++ b/resources/ao-config @@ -0,0 +1,31 @@ +export default { + bitcoind: { + network: 'mainnet' + }, + bitcoinAverage: { + pub: '', + secret: '' + }, + sqlite3: { + //file: '$HOME/.ao/database.sqlite3' + file: 'SQLITE_DATABASE' + }, + clightning: { + //dir: '$HOME/.lightning/bitcoin' + dir: 'CLIGHTNING_DIR' + }, + tor: { + //hostname: '$TORHOSTNAME' + hostname: 'TOR_HOSTNAME' + }, + memes: { + //dir: '$HOME/.ao/memes' + dir: 'MEMES_DIR' + }, + jitsi: { + domain: 'meet.dctrl.ca' + }, + socketUrl: 'http://localhost:8003' // development + // socketUrl: null // production +} + diff --git a/resources/ao.nginx.conf b/resources/ao.nginx.conf new file mode 100644 index 0000000..1ca6fac --- /dev/null +++ b/resources/ao.nginx.conf @@ -0,0 +1,17 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + + server_name SERVER_NAME; + root FILE_ROOT; + index index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location / { + proxy_pass http://localhost:8003; + } +} diff --git a/resources/sample_bitcoin.conf b/resources/sample_bitcoin.conf new file mode 100644 index 0000000..96f9acb --- /dev/null +++ b/resources/sample_bitcoin.conf @@ -0,0 +1,7 @@ +proxy=127.0.0.1:9050 +txindex=1 +listen=1 +bind=127.0.0.1 +disablewallet=1 +zmqpubrawblock=tcp://127.0.0.1:28332 +zmqpubrawtx=tcp://127.0.0.1:28333 diff --git a/resources/sample_lightning_config b/resources/sample_lightning_config new file mode 100644 index 0000000..d786be3 --- /dev/null +++ b/resources/sample_lightning_config @@ -0,0 +1,6 @@ +network=bitcoin +plugin=clboss +log-level=debug:clboss +proxy=127.0.0.1:9050 +bind-addr=127.0.0.1:9735 +addr=statictor:127.0.0.1:9051 diff --git a/resources/tor-service-template b/resources/tor-service-template new file mode 100644 index 0000000..05aa265 --- /dev/null +++ b/resources/tor-service-template @@ -0,0 +1,41 @@ +[Unit] +Description=Anonymizing overlay network for TCP (multi-instance-master) +After=network.target + +[Service] +#$USER +User=USER +Group=USER +Type=simple +#Type=forking +PrivateTmp=yes +PermissionsStartOnly=true + +ExecStartPre=-/bin/mkdir /var/run/tor +ExecStartPre=/bin/cp TORRCPATH /var/run/tor +ExecStartPre=/bin/chmod a-wx,go-rwx /var/run/tor/torrc +ExecStartPre=/bin/chown -R USER:USER /var/run/tor + +ExecStart=/usr/local/bin/tor -f TORRCPATH +ExecReload=/bin/kill -HUP MAINPID + +#LimitNPROC = 2 +#DeviceAllow = /dev/null rw +#DeviceAllow = /dev/urandom r +#DeviceAllow = /dev/random r +#InaccessibleDirectories = / +#ReadOnlyDirectories = /etc/usr +#ReadWriteDirectories = /var/lib/tor /var/log/tor + +#PIDFile=/var/run/tor/tor.pid +KillSignal=SIGINT +LimitNOFILE=8192 +PrivateDevices=yes + +#Type=oneshot +#RemainAfterExit=yes +#ExecStart=/bin/true +#ExecReload=/bin/true + +[Install] +WantedBy=multi-user.target diff --git a/scripts/ao.sh b/scripts/ao.sh index 4bdf99b..bcb3e0b 100755 --- a/scripts/ao.sh +++ b/scripts/ao.sh @@ -4,9 +4,9 @@ # Zen, 2022 # Font decoration for better a e s t h e t i c -RED="\e[0;91m" -GREEN="\e[0;92m" -BLUE="\e[0;94m" +RED="\e[0;31m" +GREEN="\e[0;32m" +BLUE="\e[0;34m" BOLD="\e[1m" ULINE="\e[4m" RESET="\e[0m" @@ -68,6 +68,7 @@ echo "" echo -e "Got it! Next we're going to make sure the system's repositories (where they get their data from)\nare updated and that you have all the basic command line utilities we need to continue. \n\n${BLUE}(enter)${RESET}" read +# This is a bash function! install_if_needed() { for package in "$@" do @@ -170,10 +171,20 @@ if [ $AO = "vue" ] || [ $AO = 'react' ]; then echo -e "${BOLD}Installing Node.js${RESET}" chmod +x scripts/nvm_install.sh scripts/nvm_install.sh - source ~/.bashrc + if [ "$SHELL" = '/bin/zsh' ]; then + echo 'sourcing zshrc' + source ~/.zshrc + else + source ~/.bashrc + fi nvm install v16.13.0 nvm alias default v16.13.0 - source ~/.bashrc + if [ "$SHELL" = '/bin/zsh' ]; then + echo 'sourcing zshrc' + source ~/.zshrc + else + source ~/.bashrc + fi echo "" fi @@ -212,34 +223,243 @@ if [ $AO = "vue" ] || [ $AO = 'react' ]; then #cd .. echo -e "${BOLD}Bitcoin installed!${RESET} Let's make sure it's configured now." + if [ -f $HOME/.bitcoin/bitcoin.conf ]; then + echo 'bitcoin config exists' + else + cp resources/sample_bitcoin.conf $HOME/.bitcoin/bitcoin.conf + echo 'created default bitcoin config' + fi + + if [ -f $HOME/.lightning/config ]; then + echo 'lightning config exists' + else + cp resources/sample_lightning_config $HOME/.lightning/config + echo 'created default lightning config' + fi + + AUTHDEETS=$(python3 ./rpcauth.py ao) + AUTHLINE=$(echo $AUTHDEETS | grep -o rpcauth=ao:[^[:space:]]*[[:space:]]) + PASSLINE=$(echo $AUTHDEETS | grep -o [^[:space:]]*\$) + echo $AUTHLINE >> $HOME/.bitcoin/bitcoin.conf fi echo '' if [ $AO = "vue" ] || [ $AO = 'react' ]; then - echo "We still need to install and configure Tor..." + echo -e "${BOLD}Installing and configuring Tor${RESET}\n" + install_if_needed tor + + TORRCPATH='/usr/local/etc/tor/torrc' + if [ ! -d "/usr/local/etc/tor" ]; + then + sudo mkdir -p /usr/local/etc/tor + fi + + if [ ! -f $TORRCPATH ]; + then + sudo echo "ControlPort 9051" >> $TORRCPATH + sudo echo "CookieAuthentication 1" >> $TORRCPATH + sudo chmod 666 $TORRCPATH # so controlport can modify . . . is this bad? + fi + + if [ $(cat $TORRCPATH | grep -c "HiddenServiceDir /var/lib/tor/ao") -eq 0 ]; + then + echo "HiddenServiceDir /var/lib/tor/ao" | sudo tee -a $TORRCPATH 1>/dev/null 2>&1 + fi + + if [ $(cat $TORRCPATH | grep -c "HiddenServicePort 80 127\.0\.0\.1:8003") -eq 0 ]; + then + echo "HiddenServicePort 80 127.0.0.1:8003" | sudo tee -a $TORRCPATH 1>/dev/null 2>&1 + fi + + if [ ! -d "/var/lib/tor" ]; + then + sudo mkdir -p /var/lib/tor + fi + + if [ ! -d "/var/lib/tor/ao" ]; + then + sudo mkdir -p /var/lib/tor/ao + fi + + sudo chown -R $USER:$USER /var/lib/tor + sudo chmod -R 700 /var/lib/tor fi # ------------------- Step 3 - AO Installation ------------------- +echo -e "${BOLD}Configuring AO Core${RESET}\n" + +if [ -d $HOME/.ao ]; then + echo 'default AO dir exists' +else + mkdir $HOME/.ao +fi + +if [ -f $HOME/.ao/key ]; then + echo 'ao privkey exists' +else + node ./createPrivateKey.js >> $HOME/.ao/key + echo 'created ao privkey' +fi + +echo "" case $AO in "vue") - echo 'Installing ao-3' + echo -e "Installing ${BLUE}ao-3${RESET}" git clone 'https://github.com/AutonomousOrganization/ao-3.git' ~/ao-3 pushd ~/ao-3 npm install npm run build + + if [ -f "$HOME/ao-3/configuration.js" ]; then + echo configuration.js already exists + else + cp resources/ao-config $HOME/ao-react/configuration.js + sed -i "s#SQLITE_DATABASE#${HOME}/.ao/database.sqlite3#" $HOME/ao-react/configuration.js + sed -i "s#CLIGHTNING_DIR#${HOME}/.lightning/bitcoin#" $HOME/ao-react/configuration.js + sed -i "s#MEMES_DIR#${HOME}/.ao/memes#" $HOME/ao-react/configuration.js + fi + npm run checkconfig popd ;; "react") - echo "soon it will be done" + echo -e "Installing ${BLUE}ao-react${RESET}" + git clone 'https://github.com/coalition-of-invisible-colleges/ao-react.git' ~/ao-react + + if [ -f "$HOME/ao-react/configuration.js" ]; then + echo configuration.js already exists + else + cp resources/ao-config $HOME/ao-react/configuration.js + sed -i "s#SQLITE_DATABASE#${HOME}/.ao/database.sqlite3#" $HOME/ao-react/configuration.js + sed -i "s#CLIGHTNING_DIR#${HOME}/.lightning/bitcoin#" $HOME/ao-react/configuration.js + sed -i "s#MEMES_DIR#${HOME}/.ao/memes#" $HOME/ao-react/configuration.js + fi + + pushd ~/ao-react + npm install + npm run webpack + popd + ;; +esac + +# ------------------- Step 4 - NGINX Setup ------------------- + +echo "" +echo "We might need to query DNS records here..." +install_if_needed dig +echo -e "You still there? I need to ask you some questions! \n\n${BLUE}(enter)${RESET}" +read +echo "" +read -p "Do you have a domain name pointing to this computer? (y/n): " dns +echo "" +case $dns in + y | Y) + echo "Good to hear! What is it?" + read -p "http://" domain + ;; + *) + echo "Okay, let's just leave it open for now." + domain=$(dig @resolver4.opendns.com myip.opendns.com +short) + anywhere=1 + echo "Try accessing this AO from either localhost, 127.0.0.1, or ${domain}" + ;; +esac +echo "" +AO_NGINX_CONF=/etc/nginx/sites-available/ao +sudo cp resources/ao.nginx.conf $AO_NGINX_CONF + +if [ -n $anywhere ]; then + sudo sed -i "s#SERVER_NAME#_#" $AO_NGINX_CONF +else + sudo sed -i "s#SERVER_NAME#${domain}#" $AO_NGINX_CONF +fi + +sudo sed -i "s#FILE_ROOT#${HOME}/ao-react/dist#" $AO_NGINX_CONF +sudo ln -s /etc/nginx/sites-available/ao /etc/nginx/sites-enabled/ +echo "" +sudo systemctl reload nginx +echo "Excellent! We've configured $AO_NGINX_CONF to serve your AO from $domain" +echo "" + +read -p "Would you like to enable SSL via Certbot? (y/n): " -n1 ssl +echo "" +case $ssl in + y | Y) + echo "Alright, let's get Certbot in here!" + install_if_needed python3 certbot python3-certbot-nginx + echo -e "${BOLD}Take it away, Certbot${NC}" + sudo certbot --nginx ;; + *) + echo "Yea, SSL is lame anyways..." + ;; esac +echo "" + +# ------------------- Step 7 - Systemd Setup ------------------- + +READY='' +echo -e "Alright, almost there! Now we just need to set up the system daemons for Tor, Bitcoin, Lightning, and the AO so that everything opens on startup." +while [[ -z $AO ]]; do + echo -en "${BLUE}You ready? (y/n):${RESET} " + read -n1 ao_select + echo "" + echo "" + + case $ao_select in + "y" | "Y") + echo "Nice, let's do it.\n" + READY=1 + ;; + *) + echo "wrong answer, fren\n\n" + ;; + esac +done + +echo "Creating tor.service..." +TOR_SERVICE=/etc/systemd/system/tor.service +if [ -f "$TOR_SERVICE" ]; then + echo "Seems like you've already got tor here!" +else + sudo cp resources/tor-service-template $TOR_SERVICE + sudo sed -i "s#USER#${USER}#g" $TOR_SERVICE +fi + -# ------------------- Step 4 - Systemd Setup ------------------- +# ------------------- Step 8 - Health Check ------------------- +# ------------------- Step 9 - Port Testing ------------------- + +echo -e "${BOLD}One more thing!${NC} We need to make sure that your ports are open." +nmap -Pn $domain > nmap.txt +OPEN=1 +if grep -qE "^80/.*(open|filtered)" nmap.txt; then + echo -e "I can see port ${GREEN}80${NC}!" +else + echo -e "Uh oh, port ${RED}80${NC} isn't showing up..." + OPEN=0 +fi + +if grep -qE "^443/.*(open|filtered)" nmap.txt; then + echo -e "I can see port ${GREEN}443${NC} as well!" +else + echo -e "Uh oh, port ${RED}443${NC} isn't showing up..." + OPEN=0 +fi +rm nmap.txt +echo "" +if [[ $OPEN -eq 0 ]]; then + echo -e "${RED}Port configuration needed.${NC} Something (probably your wireless router) is blocking us from serving this page to the rest of the internet." + echo "Port forwarding is relatively simple, but as it stands it is beyond the scope of this script to be able to automate it." + echo -e "You'll probably need to look up the login information for your specific router and forward the red ports to the local IP of this computer (${BOLD}$(ip route | grep default | grep -oP "(?<=src )[^ ]+")${NC})." + echo -e "You can log into your router at this IP address: ${BOLD}$(route -n | grep ^0.0.0.0 | awk '{print $2}')${NC}" + echo "That's all the help I can give you regarding port forwarding. Good luck!" + echo "" +fi +echo "Okay, well that's everything! As long as your ports are forwarded, you should be ready to continue your WordPress setup by opening $domain in your browser." -# ------------------- Step 5 - Health Check ------------------- # echo '' # echo '' diff --git a/scripts/createPrivateKey.js b/scripts/createPrivateKey.js new file mode 100644 index 0000000..9ec1c9b --- /dev/null +++ b/scripts/createPrivateKey.js @@ -0,0 +1,18 @@ +const crypto = require('crypto') +function genNewPrivKey(callback){ + crypto.generateKeyPair('rsa', { + modulusLength: 4096, + publicKeyEncoding: { + type: 'spki', + format: 'pem' + }, + privateKeyEncoding: { + type: 'pkcs8', + format: 'pem', + } + }, callback) +} + +genNewPrivKey((err, pubkey, privkey) => { + console.log(privkey) +})