Skip to content

Commit

Permalink
feat: set ownership and perms for files, directories, binaries etc. #53
Browse files Browse the repository at this point in the history
… (#70)
  • Loading branch information
jchiarulli authored Nov 10, 2024
1 parent 47b43bc commit 2e223bf
Show file tree
Hide file tree
Showing 37 changed files with 320 additions and 118 deletions.
77 changes: 40 additions & 37 deletions cmd/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,10 @@ var installCmd = &cobra.Command{
// Step 3: Configure the intrusion detection system
network.ConfigureIntrusionDetection()

// Setp 4: Create relay user
// Step 4: Configure Nginx
network.ConfigureNginx()

// Setp 5: Create relay user
spinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Checking if '%s' user exists...", relays.User))
if !users.UserExists(relays.User) {
spinner.UpdateText(fmt.Sprintf("Creating '%s' user...", relays.User))
Expand All @@ -105,118 +108,118 @@ var installCmd = &cobra.Command{
}

if selectedRelayOption == khatru_pyramid.RelayName {
// Step 5: Configure Nginx for HTTP
// Step 6: Configure Nginx for HTTP
khatru_pyramid.ConfigureNginxHttp(relayDomain)

// Step 6: Get SSL/TLS certificates
// Step 7: Get SSL/TLS certificates
httpsEnabled := network.GetCertificates(relayDomain)
if httpsEnabled {
// Step 7: Configure Nginx for HTTPS
// Step 8: Configure Nginx for HTTPS
khatru_pyramid.ConfigureNginxHttps(relayDomain)
}

// Step 8: Download and install the relay binary
// Step 9: Download and install the relay binary
khatru_pyramid.InstallRelayBinary(pubKey)

// Step 9: Set up the relay service
// Step 10: Set up the relay service
khatru_pyramid.SetupRelayService(relayDomain, pubKey, relayContact)

// Step 10: Show success messages
// Step 11: Show success messages
khatru_pyramid.SuccessMessages(relayDomain, httpsEnabled)
} else if selectedRelayOption == nostr_rs_relay.RelayName {
// Step 5: Configure Nginx for HTTP
// Step 6: Configure Nginx for HTTP
nostr_rs_relay.ConfigureNginxHttp(relayDomain)

// Step 6: Get SSL/TLS certificates
// Step 7: Get SSL/TLS certificates
httpsEnabled := network.GetCertificates(relayDomain)
if httpsEnabled {
// Step 7: Configure Nginx for HTTPS
// Step 8: Configure Nginx for HTTPS
nostr_rs_relay.ConfigureNginxHttps(relayDomain)
}

// Step 8: Download and install the relay binary
// Step 9: Download and install the relay binary
nostr_rs_relay.InstallRelayBinary()

// Step 9: Set up the relay service
// Step 10: Set up the relay service
nostr_rs_relay.SetupRelayService(relayDomain, pubKey, relayContact, httpsEnabled)

// Step 10: Show success messages
// Step 11: Show success messages
nostr_rs_relay.SuccessMessages(relayDomain, httpsEnabled)
} else if selectedRelayOption == strfry.RelayName {
// Step 5: Configure Nginx for HTTP
// Step 6: Configure Nginx for HTTP
strfry.ConfigureNginxHttp(relayDomain)

// Step 6: Get SSL/TLS certificates
// Step 7: Get SSL/TLS certificates
httpsEnabled := network.GetCertificates(relayDomain)
if httpsEnabled {
// Step 7: Configure Nginx for HTTPS
// Step 8: Configure Nginx for HTTPS
strfry.ConfigureNginxHttps(relayDomain)
}

// Step 8: Download and install the relay binary
// Step 9: Download and install the relay binary
strfry.InstallRelayBinary()

// Step 9: Set up the relay service
// Step 10: Set up the relay service
strfry.SetupRelayService(relayDomain, relayContact)

// Step 10: Show success messages
// Step 11: Show success messages
strfry.SuccessMessages(relayDomain, httpsEnabled)
} else if selectedRelayOption == wot_relay.RelayName {
// Step 5: Configure Nginx for HTTP
// Step 6: Configure Nginx for HTTP
wot_relay.ConfigureNginxHttp(relayDomain)

// Step 6: Get SSL/TLS certificates
// Step 7: Get SSL/TLS certificates
httpsEnabled := network.GetCertificates(relayDomain)
if httpsEnabled {
// Step 7: Configure Nginx for HTTPS
// Step 8: Configure Nginx for HTTPS
wot_relay.ConfigureNginxHttps(relayDomain)
}

// Step 8: Download and install the relay binary
// Step 9: Download and install the relay binary
wot_relay.InstallRelayBinary(pubKey)

// Step 9: Set up the relay service
// Step 10: Set up the relay service
wot_relay.SetupRelayService(relayDomain, pubKey, relayContact, httpsEnabled)

// Step 10: Show success messages
// Step 11: Show success messages
wot_relay.SuccessMessages(relayDomain, httpsEnabled)
} else if selectedRelayOption == khatru29.RelayName {
// Step 5: Configure Nginx for HTTP
// Step 6: Configure Nginx for HTTP
khatru29.ConfigureNginxHttp(relayDomain)

// Step 6: Get SSL/TLS certificates
// Step 7: Get SSL/TLS certificates
httpsEnabled := network.GetCertificates(relayDomain)
if httpsEnabled {
// Step 7: Configure Nginx for HTTPS
// Step 8: Configure Nginx for HTTPS
khatru29.ConfigureNginxHttps(relayDomain)
}

// Step 8: Download and install the relay binary
// Step 9: Download and install the relay binary
khatru29.InstallRelayBinary()

// Step 9: Set up the relay service
// Step 10: Set up the relay service
khatru29.SetupRelayService(relayDomain, privKey, relayContact)

// Step 10: Show success messages
// Step 11: Show success messages
khatru29.SuccessMessages(relayDomain, httpsEnabled)
} else if selectedRelayOption == strfry29.RelayName {
// Step 5: Configure Nginx for HTTP
// Step 6: Configure Nginx for HTTP
strfry29.ConfigureNginxHttp(relayDomain)

// Step 6: Get SSL/TLS certificates
// Step 7: Get SSL/TLS certificates
httpsEnabled := network.GetCertificates(relayDomain)
if httpsEnabled {
// Step 7: Configure Nginx for HTTPS
// Step 8: Configure Nginx for HTTPS
strfry29.ConfigureNginxHttps(relayDomain)
}

// Step 8: Download and install the relay binary
// Step 9: Download and install the relay binary
strfry29.InstallRelayBinary()

// Step 9: Set up the relay service
// Step 10: Set up the relay service
strfry29.SetupRelayService(relayDomain, privKey, relayContact)

// Step 10: Show success messages
// Step 11: Show success messages
strfry29.SuccessMessages(relayDomain, httpsEnabled)
}

Expand Down
8 changes: 5 additions & 3 deletions pkg/manager/apt.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@ package manager

import (
"fmt"
"os"
"os/exec"

"github.com/nodetec/rwz/pkg/relays/nostr_rs_relay"
"github.com/nodetec/rwz/pkg/relays/strfry"
"github.com/nodetec/rwz/pkg/relays/strfry29"
"github.com/nodetec/rwz/pkg/relays/wot_relay"
"github.com/pterm/pterm"
"os"
"os/exec"
)

// Function to check if a package is installed
Expand Down Expand Up @@ -46,7 +48,7 @@ func AptInstallPackages(selectedRelayOption string) {

packages := []string{"nginx", "certbot", "python3-certbot-nginx", "ufw", "fail2ban"}

if selectedRelayOption == nostr_rs_relay.RelayName || selectedRelayOption == strfry.RelayName || selectedRelayOption == strfry29.RelayName {
if selectedRelayOption == nostr_rs_relay.RelayName || selectedRelayOption == strfry.RelayName || selectedRelayOption == wot_relay.RelayName || selectedRelayOption == strfry29.RelayName {
packages = append(packages, "git")
}

Expand Down
53 changes: 51 additions & 2 deletions pkg/network/certbot.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,54 @@ package network

import (
"fmt"
"github.com/nodetec/rwz/pkg/utils/files"
"github.com/pterm/pterm"
"os"
"os/exec"
"strings"

"github.com/nodetec/rwz/pkg/utils/directories"
"github.com/nodetec/rwz/pkg/utils/files"
"github.com/pterm/pterm"
)

func setDomainCertDirPerms(domainName string) {
DomainCertificateDirPath := fmt.Sprintf("%s/%s", CertificateDirPath, domainName)

if directories.DirExists(DomainCertificateDirPath) {
directories.SetPermissions(DomainCertificateDirPath, 0700)
}
}

func setDomainCertArchiveDirPerms(domainName string) {
DomainCertificateArchiveDirPath := fmt.Sprintf("%s/%s", CertificateArchiveDirPath, domainName)

if directories.DirExists(DomainCertificateArchiveDirPath) {
directories.SetPermissions(DomainCertificateArchiveDirPath, 0700)
}
}

func setDomainCertArchiveFilePerms(domainName string) {
FullchainArchiveFilePath := fmt.Sprintf("%s/%s/%s", CertificateArchiveDirPath, domainName, FullchainArchiveFile)
PrivkeyArchiveFilePath := fmt.Sprintf("%s/%s/%s", CertificateArchiveDirPath, domainName, PrivkeyArchiveFile)
ChainArchiveFilePath := fmt.Sprintf("%s/%s/%s", CertificateArchiveDirPath, domainName, ChainArchiveFile)
CertArchiveFilePath := fmt.Sprintf("%s/%s/%s", CertificateArchiveDirPath, domainName, CertArchiveFile)

if files.FileExists(FullchainArchiveFilePath) {
files.SetPermissions(FullchainArchiveFilePath, 0600)
}

if files.FileExists(PrivkeyArchiveFilePath) {
files.SetPermissions(PrivkeyArchiveFilePath, 0600)
}

if files.FileExists(ChainArchiveFilePath) {
files.SetPermissions(ChainArchiveFilePath, 0600)
}

if files.FileExists(CertArchiveFilePath) {
files.SetPermissions(CertArchiveFilePath, 0600)
}
}

// Function to get SSL/TLS certificates using Certbot
func GetCertificates(domainName string) bool {
ThemeDefault := pterm.ThemeDefault
Expand Down Expand Up @@ -112,6 +153,10 @@ func GetCertificates(domainName string) bool {
if files.FileExists(fmt.Sprintf("%s/%s/%s", CertificateDirPath, domainName, FullchainFile)) &&
files.FileExists(fmt.Sprintf("%s/%s/%s", CertificateDirPath, domainName, PrivkeyFile)) &&
files.FileExists(fmt.Sprintf("%s/%s/%s", CertificateDirPath, domainName, ChainFile)) {
setDomainCertDirPerms(domainName)
setDomainCertArchiveDirPerms(domainName)
setDomainCertArchiveFilePerms(domainName)

certificateSpinner.Info("SSL/TLS certificates already exist.")
pterm.Println()
return true
Expand All @@ -134,6 +179,10 @@ func GetCertificates(domainName string) bool {
}
}

setDomainCertDirPerms(domainName)
setDomainCertArchiveDirPerms(domainName)
setDomainCertArchiveFilePerms(domainName)

certificateSpinner.Success("SSL/TLS certificates obtained successfully.")
return true
}
6 changes: 6 additions & 0 deletions pkg/network/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,11 @@ const CertificateDirPath = "/etc/letsencrypt/live"
const FullchainFile = "fullchain.pem"
const PrivkeyFile = "privkey.pem"
const ChainFile = "chain.pem"
const CertificateArchiveDirPath = "/etc/letsencrypt/archive"
const FullchainArchiveFile = "fullchain1.pem"
const PrivkeyArchiveFile = "privkey1.pem"
const ChainArchiveFile = "chain1.pem"
const CertArchiveFile = "cert1.pem"
const NginxConfDirPath = "/etc/nginx/conf.d"
const WWWDirPath = "/var/www"
const AcmeChallengeDirPath = ".well-known/acme-challenge"
19 changes: 19 additions & 0 deletions pkg/network/nginx.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
package network

import (
"github.com/nodetec/rwz/pkg/relays"
"github.com/nodetec/rwz/pkg/utils/directories"
)

// Function to configure Nginx
func ConfigureNginx() {
if directories.DirExists(NginxConfDirPath) {
directories.SetPermissions(NginxConfDirPath, 0755)
directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfDirPath)
}

if directories.DirExists(WWWDirPath) {
directories.SetPermissions(WWWDirPath, 0755)
directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, WWWDirPath)
}
}
1 change: 1 addition & 0 deletions pkg/relays/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ package relays
const BinaryDestDir = "/usr/local/bin"
const TmpDirPath = "/tmp"
const User = "nostr"
const NginxUser = "www-data"
7 changes: 4 additions & 3 deletions pkg/relays/khatru29/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,20 @@ const BinaryName = "khatru29"
const BinaryFilePath = "/usr/local/bin/khatru29"
const NginxConfigFilePath = "/etc/nginx/conf.d/khatru29.conf"
const DataDirPath = "/var/lib/khatru29"
const ConfigDirPath = "/etc/khatru29"
const ServiceName = "khatru29"
const EnvFilePath = "/etc/systemd/system/khatru29.env"
const EnvFilePath = "/etc/khatru29/khatru29.env"
const EnvFileTemplate = `PORT="5577"
DOMAIN="{{.Domain}}"
RELAY_NAME="Khatru29"
RELAY_PRIVKEY="{{.PrivKey}}"
RELAY_DESCRIPTION="Khatru29 Nostr Relay"
RELAY_DESCRIPTION="Khatru29 Relay"
RELAY_CONTACT="{{.RelayContact}}"
DATABASE_PATH="/var/lib/khatru29/db"
`
const ServiceFilePath = "/etc/systemd/system/khatru29.service"
const ServiceFileTemplate = `[Unit]
Description=Khatru29 Nostr Relay Service
Description=Khatru29 Relay Service
After=network.target
[Service]
Expand Down
4 changes: 4 additions & 0 deletions pkg/relays/khatru29/nginx_http.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package khatru29
import (
"fmt"
"github.com/nodetec/rwz/pkg/network"
"github.com/nodetec/rwz/pkg/relays"
"github.com/nodetec/rwz/pkg/utils/directories"
"github.com/nodetec/rwz/pkg/utils/files"
"github.com/nodetec/rwz/pkg/utils/systemd"
Expand All @@ -15,7 +16,9 @@ func ConfigureNginxHttp(domainName string) {

files.RemoveFile(NginxConfigFilePath)

directories.CreateDirectory(fmt.Sprintf("%s/%s", network.WWWDirPath, domainName), 0755)
directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755)
directories.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, fmt.Sprintf("%s/%s", network.WWWDirPath, domainName))

configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade {
default upgrade;
Expand Down Expand Up @@ -84,6 +87,7 @@ server {
`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName)

files.WriteFile(NginxConfigFilePath, configContent, 0644)
files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)

systemd.RestartService("nginx")

Expand Down
2 changes: 2 additions & 0 deletions pkg/relays/khatru29/nginx_https.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package khatru29
import (
"fmt"
"github.com/nodetec/rwz/pkg/network"
"github.com/nodetec/rwz/pkg/relays"
"github.com/nodetec/rwz/pkg/utils/files"
"github.com/nodetec/rwz/pkg/utils/systemd"
"github.com/pterm/pterm"
Expand Down Expand Up @@ -122,6 +123,7 @@ server {
`, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName)

files.WriteFile(NginxConfigFilePath, configContent, 0644)
files.SetOwnerAndGroup(relays.NginxUser, relays.NginxUser, NginxConfigFilePath)

systemd.ReloadService("nginx")

Expand Down
Loading

0 comments on commit 2e223bf

Please sign in to comment.