improved execution logic

ovpn-client-management.sh

@@ -44,7 +44,7 @@ addtologs() {
 #######################################
 execquite() {
   addtologs "execution time is $(($(date +%s)-time)) seconds, exit"
-  exit
+  exit "${1}"
 }
 
 #######################################
@@ -56,7 +56,7 @@ execquite() {
 #######################################
 execerror() {
   addtologs "error: $1"
-  execquite
+  execquite 1
 }
 
 #######################################
@@ -115,8 +115,14 @@ checkroot() {
 #   None
 #######################################
 createuser() {
+  if ! id -u "${clientname}" >/dev/null 2>&1; then
     useradd "${clientname}" --shell /sbin/nologin
+    addtologs "created Linux user '${clientname}'"
+  else
+    addtologs "${clientname} Linux user exists, create skipped"
+  fi
   printf "%s\n" "${clientname}:${clientpass}" | chpasswd
+  addtologs "changed '${clientname}' user password"
 }
 
 #######################################
@@ -133,11 +139,18 @@ createuser() {
 #######################################
 # shellcheck disable=SC2016
 createcert() {
+  if ! grep -w "${clientname}" ${easyrsaidx} | grep "^V" > /dev/null 2>&1; then
+    (
       cd "${easyrsadir}" || execerror ""
       sed -i -e '$aset_var EASYRSA_REQ_CN         '"${clientname}"'' "${easyrsavar}"
       # ${easyrsaexe} --passout=pass:"${clientpass}" --passin=pass:${easyrsacap} build-client-full "${clientname}"
       ${easyrsaexe} --passin=pass:"${easyrsacap}" build-client-full "${clientname}" nopass
       sed -i '/EASYRSA_REQ_CN/d' "${easyrsavar}"
+    ) > /dev/null 2>&1
+    addtologs "created ${clientname} easyrsa certificate"
+  else
+    addtologs "${clientname} certificate exists, create skipped"
+  fi
 }
 
 #######################################
@@ -159,6 +172,7 @@ createovpn() {
     printf "%s\n" "<key>" "$(cat "${easyrsadir}/pki/private/${clientname}.key")" "</key>"
     printf "%s\n" "<tls-auth>" "$(cat "${easyrsadir}/pki/private/ta.key")" "</tls-auth>"
   } >> "${ovpncfgdir}/${clientname}.ovpn"
+  addtologs "created ${clientname} ovpn config file"
 }
 
 #######################################
@@ -179,6 +193,7 @@ createtars() {
   } >> "${ovpncfgdir}/vpn.txt"
   cd "${ovpncfgdir}" || execerror ""
   tar cf "${clientname}.tar" --remove-files vpn.cnf vpn.txt
+  addtologs "created ${clientname} tar with config file"
 }
 
 #######################################
@@ -194,7 +209,6 @@ createtars() {
 createinfo() {
   cd "${easyrsadir}" || execerror ""
   validuntil=$(${easyrsaexe} show-cert "${clientname}" | grep "Not After" | cut -d: -f2-)
-
   faqprofile=$(printf "%s\n" \
     "OpenVPN Connect client:" \
     "https://openvpn.net/client/" \
@@ -207,8 +221,8 @@ createinfo() {
     "User Password: \`${clientpass}\`" \
     "Time Expired: ${validuntil}"
   )
-
   printf "%s\n" "${faqprofile}" > "${ovpncfgdir}/${clientname}.info"
+  addtologs "created ${clientname} info file"
 }
 
 #######################################
@@ -237,9 +251,8 @@ startsendmail() {
     --stls "True" \
     --subj "${subj}" \
     --text "$(printf "%s\n" "${faqprofile}" | sed 's|`||g')" \
-    --file "${ovpncfgdir}/${clientname}.ovpn,${ovpncfgdir}/${clientname}.tar" \
+    --file "${ovpncfgdir}/${clientname}.ovpn,${ovpncfgdir}/${clientname}.tar"
-    >> /dev/null 2>&1 &
+  ) > /dev/null 2>&1
-  )
   addtologs "sent mail with subject '${subj}' to ${dest}"
 }
 
@@ -268,12 +281,11 @@ startsendtlgm() {
       API_URL="${API_URL}&message_thread_id=${THRD_ID}"
     fi
 
-    curl -s -o /dev/null \
+    curl "${API_URL}" \
          -F "media=[{\"type\": \"document\", \"media\": \"attach://ovpn\", \"caption\": \"${faqprofile}\", \"parse_mode\": \"Markdown\"}, {\"type\": \"document\", \"media\": \"attach://tars\" }]" \
          -F "ovpn=@${ovpncfgdir}/${clientname}.ovpn" \
-         -F "tars=@${ovpncfgdir}/${clientname}.tar" \
+         -F "tars=@${ovpncfgdir}/${clientname}.tar"
-        "${API_URL}"
+  ) > /dev/null 2>&1
-  )
   addtologs "sent telegram media with ${clientname}.ovpn client profile to ${CHAT_ID}"
 }
 
@@ -285,7 +297,14 @@ startsendtlgm() {
 #   None
 #######################################
 deleteuser() {
+  if id -u "${clientname}" > /dev/null 2>&1; then
+    (
       userdel -f -r "${clientname}"
+    ) > /dev/null 2>&1
+    addtologs "deleted Linux user '${clientname}'"
+  else
+    addtologs "${clientname} Linux user does not exist, delete skipped"
+  fi
 }
 
 #######################################
@@ -300,9 +319,16 @@ deleteuser() {
 #   None
 #######################################
 deletecert() {
+  if grep -w "${clientname}" ${easyrsaidx} > /dev/null 2>&1; then
+    (
       cd "${easyrsadir}" || execerror
       ${easyrsaexe} --batch --passin=pass:"${easyrsacap}" revoke "${clientname}"
       ${easyrsaexe} --batch --passin=pass:"${easyrsacap}" gen-crl
+    ) > /dev/null 2>&1
+    addtologs "revoked ${clientname} easyrsa certificate"
+  else
+    addtologs "${clientname} certificate does not exist, revoke skipped"
+  fi
 }
 
 #######################################
@@ -314,7 +340,12 @@ deletecert() {
 #   None
 #######################################
 deleteovpn() {
+  if [ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then
     rm -f "${ovpncfgdir}/${clientname}.ovpn"
+    addtologs "deleted ${clientname} ovpn config file"
+  else
+    addtologs "${clientname} ovpn config does not exist, delete skipped"
+  fi
 }
 
 #######################################
@@ -326,7 +357,12 @@ deleteovpn() {
 #   None
 #######################################
 deletetars() {
+  if [ -e "${ovpncfgdir}/${clientname}.tar" ]; then
     rm -f "${ovpncfgdir}/${clientname}.tar"
+    addtologs "deleted ${clientname} tar with config"
+  else
+    addtologs "${clientname} tar does not exist, delete skipped"
+  fi
 }
 
 #######################################
@@ -338,7 +374,12 @@ deletetars() {
 #   None
 #######################################
 deleteinfo() {
+  if [ -e "${ovpncfgdir}/${clientname}.info" ]; then
     rm -f "${ovpncfgdir}/${clientname}.info"
+    addtologs "deleted ${clientname} info file"
+  else
+    addtologs "${clientname} info file does not exist, delete skipped"
+  fi
 }
 
 #
@@ -373,36 +414,24 @@ if checkroot; then
   if [ "${clienttodo}" == "add" ] && \
      [ -n "${clientname}" ] && \
      [ "${#clientpass}" -ge 8 ]; then
-    if id -u "${clientname}" >/dev/null 2>&1 || \
+    createuser
-       grep -w "${clientname}" ${easyrsaidx} || \
+    createcert
-       [ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then
+    createovpn
-      execerror "linux user or certificate or ovpn config exist, exit"
+    createtars
-    else
+    createinfo
-      createuser && addtologs "created Linux user '${clientname}'"
-      createcert && addtologs "created certificate for ${clientname}"
-      createovpn && addtologs "created ovpn config file for ${clientname}"
-      createtars && addtologs "created tar with config file for ${clientname}"
-      createinfo && addtologs "created info file for ${clientname}"
     startsendmail
     startsendtlgm
-    fi
+  elif [ "${clienttodo}" == "del" ] && \
-  elif [ "${clienttodo}" == "del" ] && [ -n "${clientname}" ]; then
+       [ -n "${clientname}" ]; then
-    if id -u "${clientname}" >/dev/null 2>&1 || \
-       grep -w "${clientname}" ${easyrsaidx} || \
-       [ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then
     deleteuser
-      addtologs "deleted Linux user '${clientname}'"
+    deletecert
-      deletecert && addtologs "deleted certificate for ${clientname}"
+    deleteovpn
-      deleteovpn && addtologs "deleted ovpn config file for ${clientname}"
+    deletetars
-      deletetars && addtologs "deleted tar with config file for ${clientname}"
+    deleteinfo
-      deleteinfo && addtologs "deleted info file for ${clientname}"
     if [ "${resetforce}" -eq 1 ];then
       addtologs "restarting openvpn@server..."
       systemctl restart openvpn@server
     fi
-    else
-      execerror "linux user and certificate and ovpn config not exist, exit"
-    fi
   else
     printf "%s\n" "Usage example: $0 'add' 'username(surname)' 'password(not less 8 symbols)'"
     printf "%s\n" "Usage example: $0 'add' 'username(surname)' 'password(not less 8 symbols)' 'additional client description'"
@@ -412,4 +441,4 @@ if checkroot; then
 else
   execerror "Restart this as root!"
 fi
-execquite
+execquite 0