#!/usr/bin/env bash hascmd() { command -v "$@" &>/dev/null; } xsudo() { if (( EUID == 0 )); then eval "$@" return $? else if hascmd sudo; then sudo -- "$@" return $? elif hascmd su; then su -c "$*" return $? else >&2 echo -e "\n [!!!] ERROR: Neither sudo nor su appear to be available, and you're not root! Cannot run: $*" >&2 echo -e " [!!!] PLEASE RUN THIS SCRIPT AS ROOT! \n" return 99 fi fi } xupdate() { if hascmd apt; then xsudo apt update -qy elif hascmd dnf; then xsudo dnf update -y elif hascmd yum; then xsudo yum update -y elif hascmd pacman; then xsudo pacman -Sy elif hascmd apk; then xsudo apk update else >&2 echo -e " [!!!] Cannot detect package manager. Cannot update repos." return 99 fi } xinstall() { if hascmd apt; then xsudo apt install -y "$@" elif hascmd dnf; then xsudo dnf install -y "$@" elif hascmd yum; then xsudo yum install -y "$@" elif hascmd pacman; then xsudo pacman -Sy "$@" elif hascmd apk; then xsudo apk add "$@" else >&2 echo -e " [!!!] Cannot detect package manager. Cannot install: $*" return 99 fi } hasuser() { local u="$1" grep -Eq "^${u}:" /etc/passwd } hasgroup() { local u="$1" grep -Eq "^${u}:" /etc/group } if ! hascmd curl && ! hascmd wget; then xupdate xinstall wget xinstall curl fi xdownload() { ZARGS=() if [[ "$1" == "-4" || "$1" == "-6" ]]; then ZARGS+=("$1"); shift fi local srcfile="$1" dstfile="-" ZARGS (( $# > 1 )) && dstfile="$2" if hascmd wget; then wget -q -O "$dstfile" "$srcfile" return $? elif hascmd curl; then if [[ "$dstfile" == "-" ]] || [[ -z "$dstfile" ]]; then curl -fsSL "$srcfile" return $? else curl -fsSL "$srcfile" > "$dstfile" return $? fi fi >&2 echo -e "\n [!!!] ERROR: Neither wget nor curl appear to be available... Cannot download $srcfile to $dstfile" } if ! [[ -f /etc/apt/sources.list.d/privex.list ]]; then xdownload https://apt.privex.io/add-repo.sh | bash fi if ! xsudo ls > /dev/null; then exit 99 fi msg() { echo -e "$@"; } msgerr() { >&2 msg "$@"; } export DEBIAN_FRONTEND=noninteractive msg "\n >>> Running apt update ...\n" xupdate msg " ----------------------------------------------------------------------------------------------- >>> Installing ipfs + ipfs-cluster + pvx-caddy... ----------------------------------------------------------------------------------------------- " xinstall ipfs ipfs-cluster pvx-caddy msg " ----------------------------------------------------------------------------------------------- >>> Installing squid + squid-cgi + squidclient + squid-common ----------------------------------------------------------------------------------------------- " xinstall squid xinstall squidclient xinstall squid-common xinstall squid-cgi if ! hasuser proxy; then xsudo adduser --system --gecos "" --home "/var/spool/proxy" --disabled-password proxy fi hasgroup proxy || xsudo groupadd proxy hasgroup www-data || xsudo groupadd www-data xsudo gpasswd -a proxy proxy xsudo gpasswd -a proxy www-data xsudo gpasswd -a proxy adm xsudo gpasswd -a www-data proxy if hasuser squid; then if hasgroup squid; then xsudo gpasswd -a squid squid xsudo gpasswd -a proxy squid fi xsudo gpasswd -a squid proxy xsudo gpasswd -a squid www-data fi xsudo tee /etc/systemd/system/squid.service.d/override.conf <>> Detecting your external IPv4 / IPv6 address ----------------------------------------------------------------------------------------------- " EXT_V4="$(xdownload -4 https://myip.privex.io/flat/)" EXT_V6="$(xdownload -6 https://myip.privex.io/flat/)" REV_IP="127.0.0.1" msg " ----------------------------------------------------------------------------------------------- Detected IPv4: $EXT_V4 Detected IPv6: $EXT_V6 ----------------------------------------------------------------------------------------------- " if [[ -n "$EXT_V6" ]]; then msg " >>> Looks like you have a public IPv6. Setting IPFS gateway to use all available IPv6 addresses." xsudo su -c 'ipfs config --json Addresses.Gateway '"/ip6/::/tcp/8080"'' ipfs REV_IP="[$EXT_V6]" fi msg " ----------------------------------------------------------------------------------------------- >>> Generating /etc/caddy/Caddyfile ----------------------------------------------------------------------------------------------- " xsudo tee /etc/caddy/Caddyfile <>> Installing Pyrewall firewall + downloading base config into /etc/pyrewall/rules.pyre ----------------------------------------------------------------------------------------------- " msg " >>> Installing pyrewall package from pip ..." (( EUID )) && xsudo -H pip3 install -U pyrewall || pip3 install -U pyrewall msg " >>> Auto-created /etc/pyrewall folder + downloading rules.pyre file..." xsudo mkdir -pv /etc/pyrewall if ! [[ -f /etc/pyrewall/rules.pyre ]]; then xdownload https://cdn.privex.io/extras/configs/rules.pyre | xsudo tee /etc/pyrewall/rules.pyre fi msg " >>> Installing pyrewall.service" xsudo pyre install_service msg " >>> Enabling pyrewall.service" xsudo systemctl enable pyrewall msg " >>> Restarting pyrewall.service" xsudo systemctl restart pyrewall msg " >>> Installing .pyre syntax highlighting for Vim (${HOME}/.vim)" mkdir -p "${HOME}/.vim/syntax" cd "${HOME}/.vim/syntax" xdownload https://raw.githubusercontent.com/Privex/pyrewall-syntax-highlighters/master/Vim/pyrewall.vim pyrewall.vim if ! grep -q 'pyrewall' "${HOME}/.vimrc"; then echo "autocmd BufNewFile,BufRead *.pyre set syntax=pyrewall" >> "${HOME}/.vimrc" fi msg " >>> Installing .pyre syntax highlighting for Vim (/etc/vim)" xsudo mkdir -p /etc/vim/syntax cd /etc/vim/syntax xdownload https://raw.githubusercontent.com/Privex/pyrewall-syntax-highlighters/master/Vim/pyrewall.vim | xsudo tee pyrewall.vim if ! grep -q 'pyrewall' "/etc/vim/vimrc.local"; then echo "autocmd BufNewFile,BufRead *.pyre set syntax=pyrewall" | xsudo tee -a "/etc/vim/vimrc.local" fi msg " ----------------------------------------------------------------------------------------------- >>> Adding ipfs-gw to /etc/hosts + configuring Squid caching proxy server ----------------------------------------------------------------------------------------------- " if [[ -z "$EXT_V6" ]]; then echo "127.0.0.1 ipfs-gw" | xsudo tee -a /etc/hosts else echo "$EXT_V6 ipfs-gw" | xsudo tee -a /etc/hosts fi xdownload https://cdn.privex.io/extras/configs/squid-ipfs.conf | xsudo tee /etc/squid/conf.d/privex.conf msg " >>> Enabling + restarting squid service ..." xsudo systemctl enable squid xsudo systemctl restart squid msg "\n +++ FINISHED. +++\n" msg " Check Caddy, Squid, and IPFS's status: systemctl status caddy systemctl status ipfs systemctl status squid Test your Caddy + Squid setup by requesting a domain: curl -k -H 'Host: ipcdn.privex.io' https://${REV_IP} "