coffin

secure lan file storage on a device
git clone git://parazyd.org/coffin.git
Log | Files | Refs | Submodules | README | LICENSE
commit f93af1133909fc68bb6a6d4aa83a219750a197b8
parent 261391f4c40c528e0ae379dfb7eed32bf99a1e38
Author: parazyd <parazyd@dyne.org>
Date:   Tue, 29 Mar 2016 17:00:43 +0200

installation script

Diffstat:

MMakefile | 5+----


Aconf/README | 9+++++++++


Aconf/coffindav.conf | 14++++++++++++++


Aconf/config.sh | 102+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Aconf/davpass | 3+++


Aconf/webdav.skel | 12++++++++++++


6 files changed, 141 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
@@ -1,9 +1,6 @@
 all:
 	make -C src/tomb/kdf-keys
-	@echo
-	@echo "Stuff compiled. Run `make install` as root to install"
-	@echo "and configure coffin on this device..."
-	@echo
+	@./conf/config.sh checkdep
 
 install:
 	make -C src/tomb install
diff --git a/conf/README b/conf/README
@@ -0,0 +1,9 @@
+To generate a WebDAV login entry by yourself, issue
+
+`echo -n "yourUsername:WebDAV:" \
+	&& echo -n "yourUsername:WebDAV:yourDavPassword" \
+	| md5sum \
+	| awk '{print $1}'`
+
+and add the output to 'davpasswd' which is located in the 
+apache directory. Or add it now here, before installing.
diff --git a/conf/coffindav.conf b/conf/coffindav.conf
@@ -0,0 +1,14 @@
+<IfModule mod_ssl.c>
+	<VirtualHost _default_:443>
+		# Apache2.4 configuration file for coffin's WebDAV
+		# Will be additionally filled up after you use it.
+
+		ServerAdmin dav@coffin
+		DocumentRoot /var/www/html
+
+		SSLEngine on
+		SSLCertificateFile /etc/ssl/coffin/coffin.pem
+		SSLCertificateKeyFile /etc/ssl/coffin/coffin.key
+
+	</VirtualHost>
+</IfModule>
diff --git a/conf/config.sh b/conf/config.sh
@@ -0,0 +1,102 @@
+#!/usr/bin/env zsh
+#
+# configuration script for coffin. run only through Makefile
+#
+# ~ parazyd
+
+# `make`
+[[ $1 == "checkdep" ]] && {
+	missing=()
+	which apache2 >/dev/null || missing+=(apache)
+	which cryptsetup >/dev/null || missing+=(cryptsetup)	
+	which inotifywatch >/dev/null || missing+=(inotify-tools)
+	which wipe >/dev/null || missing+=(wipe)
+	which pinentry >/dev/null || missing+=(pinentry)
+	which pwgen >/dev/null || missing+=(pwgen)
+	which gettext >/dev/null || missing+=(gettext)
+	which openssl >/dev/null || missing+=(openssl)
+#	Optional:
+#	which haveged || missing+=(haveged)
+#	which sshfs || missing+=(sshfs)
+	(( $#missing == 0 )) || {
+		for i in $missing; do
+			print "$i is missing."
+		done
+		print "Please install and retry."
+		return 1
+	}
+	print "All dependencies solved, run 'make install' as root"
+	print "to install and configure coffin on this device."
+	return 0
+}
+
+# `make install`
+[[ $1 == "snowman" || $1 == "unsnowman" ]] && {
+	[[ $UID = 0 ]] || {
+		print "You must run this as root!"
+		return 1
+	}
+}
+
+edit-sudo() {
+	print "%coffin coffin=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)
+	[[ $? = 0 ]] && print "Added coffin group to sudoers"
+}
+
+# because all cool software has snowmen in them
+[[ $1 == "snowman" ]] && {
+	pushd `pwd`/conf		
+
+	# install files
+	install -m640 coffindav.conf /etc/apache2/sites-available/
+	install -m600 davpasswd /etc/apache2/
+
+	# ssl
+	print "Generating ssl certificate..."
+	openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \
+		-keyout coffin.key -out coffin.pem
+	[[ $? = 0 ]] || {
+		print "Failed generating openssl certificate."	
+		return 1
+	}
+
+	mkdir -p /etc/ssl/coffin
+	install -m 444 coffin.pem /etc/ssl/coffin/
+	install -m 400 coffin.key /etc/ssl/coffin/
+	print "Done!"
+
+	# Apache
+	apachemods=(dav dav_fs dav_lock ssl)
+	print "Enabling Apache modules..."
+	for i in $apachemods; do
+		a2enmod $i
+	done
+	
+	a2ensite coffindav.conf
+
+	print "Creating coffin group..."
+	groupadd coffin && print "Done!"
+
+	/etc/init.d/apache2 restart
+	[[ -f /etc/init.d/ssh ]] && { /etc/init.d/ssh start }
+
+	edit-sudo
+
+	# TODO: add initscript
+
+	print "Successfully installed and configured coffin!"
+
+	print "######################################"
+	fprint=`openssl x509 -noout -in coffin.pem -fingerprint \
+		awk -F\= '{print $2}'`
+	print "The fingerptint of your SSL certificate is: $fprint"
+	print "Compare it and/or set is as trusted when you connect to coffin."
+	print "######################################"
+
+	popd
+}
+
+[[ $1 == "unsnowman" ]] && {
+	print "Uninstalling coffin. Why? Why? Why?"
+	print "*cries*\n"
+}
diff --git a/conf/davpass b/conf/davpass
@@ -0,0 +1,3 @@
+# This is the htpasswd file of coffin. It will be filled
+# by usage, or you can fill it up manually. See the README
+# for more info.
diff --git a/conf/webdav.skel b/conf/webdav.skel
@@ -0,0 +1,12 @@
+# Add this to /etc/apache2/sites-enabled/coffindav.conf
+
+alias /yourTombName /media/yourTombName
+<Directory "/media/yourTombName">
+	Dav On
+	AllowOverride none
+	Options Indexes FollowSymlinks
+	AuthType Digest
+	AuthName WebDAV
+	AuthUserFile /etc/apache2/davpasswd
+	Require user yourCoffinUsername
+</Directory>