From ebb3fe5bbf9765770df291450922b65f7b794b81 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Fri, 20 Aug 2021 10:38:18 +0200 Subject: allow existing user to use deSEC (#2088) --- addons/desec.sh | 119 +++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 93 insertions(+), 26 deletions(-) (limited to 'addons/desec.sh') diff --git a/addons/desec.sh b/addons/desec.sh index 3a2654bb..84e2ccb6 100644 --- a/addons/desec.sh +++ b/addons/desec.sh @@ -8,6 +8,8 @@ SCRIPT_EXPLAINER="This script will automatically register a domain of your likin # shellcheck source=lib.sh source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) + +prompt_dedyn_subdomain(){ # Enter the subdomain msg_box "Please enter the subdomain (*example*.dedyn.io) that you want to use" while : @@ -23,38 +25,43 @@ The only allowed characters for the subdomain are: msg_box "Allowed characters for the subdomain are:\na-z', 'A-Z', and '0-9'\n\nPlease try again." else DEDYNDOMAIN="$SUBDEDYN.dedyn.io" - # Check for SOA record - if host -t SOA "$DEDYNDOMAIN" >/dev/null 2>&1 - then - if ! yesno_box_yes "Sorry, but it seems like $DEDYNDOMAIN is taken. Do you want to try again?" - then - exit - fi - else - break - fi + break fi done +} +new_domain_email_info_1(){ ### TODO, is it possible to check if the email address already exists with deSEC? In that case we could skip this whole info and replace it with a function instead. # Email address msg_box "You will now be prompted to enter an email address. It's very important that the email address you enter it a 100% valid one! deSEC will verify your email address by sending you a verification link. -Every 6 months you will get an email asking you to confirm your domain. If you don't react within a few weeks, your domain will be destroyed!" +Every 6 months you will get an email asking you to confirm your domain. If you don't react within a few weeks, your domain will be destroyed! -msg_box "Please note: If you already created an account with deSEC you can't use the same email address in this script as you won't get an email with a captcha. In that case, please use your already existing account to set up your domain at the deSEC website. +PLEASE NOTE: The email address you enter here, can not already be registered as a valid account with deSEC." +} -Another option is to use another email address in this setup, and then email the deSEC support that you want to merge your two accounts together, or delete the first one. +existing_account() { +if yesno_box_no "Do you already have an account with deSEC and are able to login?" +then + msg_box "OK, please login to your account and add a new auth token here: https://desec.io/tokens (https://imgur.com/a/anOpe5t). -In other words, the email address used in this script has to be uniqe, and can not be registred with deSEC since before." +When done, please copy that token and add it in the next screen after you hit 'OK'." +else + return 1 +fi +} -VALIDEMAIL=$(input_box_flow "Please enter a valid email address. NOT a fake or a temporary one.") +prompt_email_address(){ +VALIDEMAIL=$(input_box_flow "Please enter the email address that you would like to use for your deSEC account.") +} +new_domain_email_info_2(){ msg_box "If you later want to log into your deSEC account, you need to set a login password here: https://desec.io/reset-password You don't need to do this now." +} -# Register the domain +register_the_domain(){ curl -X POST https://desec.io/api/v1/auth/ \ --header "Content-Type: application/json" --data @- < Server Configuration --> deSEC + msg_box "OK, please try again later. -Please also email support@desec.io for further support, maybe the subdomain is already in use?" - exit 1 +Please also email support@desec.io for further support. You can refer to the use of this script." + aborted_exit_message else if ! yesno_box_yes "Great! Did you copy the token you received?" then msg_box "OK, please copy the token and enter it in the next box after you hit 'OK'" fi fi +} +prompt_security_token(){ # Check if DEDYNAUTH is valid while : do @@ -93,15 +102,17 @@ do then if ! yesno_box_yes "Sorry, but it seems like the auth token (update password) is incorrect. Do you want to try again?" then - exit + aborted_exit_message fi else - msg_box "$DEDYNDOMAIN was successfully set up with deSEC! Now please continue with the DDNS and TLS setup for the domain." + msg_box "$DEDYNDOMAIN was successfully set up with deSEC! Now please continue with the DDNS and TLS setup for the subdomain." break fi done +} -# Ask user if DynDNS should be added to the domain +prompt_dyndns(){ +# Ask user if DynDNS should be added to the subdomain if yesno_box_yes "Do you want to add automatic updates of your WAN IP using ddclient? Please note: this will reset any configuration that might be already in place with ddclient." then @@ -109,7 +120,9 @@ then export DEDYNAUTHTOKEN run_script NETWORK ddclient-configuration fi +} +prompt_tls(){ # Ask if the user wants to add TLS (use script) if yesno_box_yes "Do you want to set this domain as your Nextcoud domain \ and activate TLS for your Nextcloud using Let's Encrypt?" @@ -122,14 +135,68 @@ then curl_to_dir "https://raw.githubusercontent.com/desec-io/desec-certbot-hook/master" ".dedynauth" "$SCRIPTS"/deSEC check_command sed -i "s|DEDYN_TOKEN=.*|DEDYN_TOKEN=$DEDYNAUTHTOKEN|g" "$SCRIPTS"/deSEC/.dedynauth check_command sed -i "s|DEDYN_NAME=.*|DEDYN_NAME=$DEDYNDOMAIN|g" "$SCRIPTS"/deSEC/.dedynauth - msg_box "DNS updates for deSEC are now set. This means you don't have to open any ports (80|443) since deSEC TLS renewals will be run with a built in hook. \ + msg_box "DNS updates for deSEC are now set. This means you don't have to open any ports (80|443) for the renewal process since deSEC TLS renewals will be run with a built in hook. \ The hook files will end up in $SCRIPTS/deSEC, please don't touch that folder unless you know what you're doing. \ -You can read more about it here: https://github.com/desec-io/desec-certbot-hook" +You can read more about it here: https://github.com/desec-io/desec-certbot-hook + +Please remember that you still need to open the port you choose to make your server publicly available. +You can read more about that here: https://goo.gl/iUGE2U" # Run the TLS script run_script LETS_ENC activate-tls fi +} + +aborted_exit_message(){ + msg_box "You can run this script again at a later time by using: + +sudo bash $SCRIPTS/menu.sh --> Server Configuration --> deSEC" + exit 1 +} + +# The magic starts here: +while : +do + prompt_dedyn_subdomain + # Check for SOA record + if host -t SOA "$DEDYNDOMAIN" >/dev/null 2>&1 + then + # Domain is taken + msg_box "Sorry, but it seems like $DEDYNDOMAIN is taken." + if existing_account + then + # Register the domain in the existing account --> prompt_for_security_token + break + else + # The user doesn't have an existing account, ask to try another domain + if ! yesno_box_yes "Would you like to try another subdomain? Answering 'No' will exit the deSEC/DynDNS/TLS setup." + then + aborted_exit_message + fi + fi + else + # Domain is free and available to register + if ! existing_account + then + # Ask for new account details + new_domain_email_info_1 + prompt_email_address + new_domain_email_info_2 + register_the_domain + received_registration_email_check + break + else + # Register the domain in the existing account --> prompt_for_security_token + break + fi + fi +done + +prompt_security_token +prompt_dyndns +prompt_tls + # Make sure they are gone unset DEDYNDOMAIN unset DEDYNAUTHTOKEN -- cgit v1.2.3