generated from pavel.muhortov/template-bash
	improved execution logic
This commit is contained in:
		
							parent
							
								
									f5800dcc7e
								
							
						
					
					
						commit
						4e6d369329
					
				|  | @ -44,7 +44,7 @@ addtologs() { | ||||||
| ####################################### | ####################################### | ||||||
| execquite() { | execquite() { | ||||||
|   addtologs "execution time is $(($(date +%s)-time)) seconds, exit" |   addtologs "execution time is $(($(date +%s)-time)) seconds, exit" | ||||||
|   exit |   exit "${1}" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -56,7 +56,7 @@ execquite() { | ||||||
| ####################################### | ####################################### | ||||||
| execerror() { | execerror() { | ||||||
|   addtologs "error: $1" |   addtologs "error: $1" | ||||||
|   execquite |   execquite 1 | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -115,8 +115,14 @@ checkroot() { | ||||||
| #   None | #   None | ||||||
| ####################################### | ####################################### | ||||||
| createuser() { | createuser() { | ||||||
|   useradd "${clientname}" --shell /sbin/nologin |   if ! id -u "${clientname}" >/dev/null 2>&1; then | ||||||
|  |     useradd "${clientname}" --shell /sbin/nologin | ||||||
|  |     addtologs "created Linux user '${clientname}'" | ||||||
|  |   else | ||||||
|  |     addtologs "${clientname} Linux user exists, create skipped" | ||||||
|  |   fi | ||||||
|   printf "%s\n" "${clientname}:${clientpass}" | chpasswd |   printf "%s\n" "${clientname}:${clientpass}" | chpasswd | ||||||
|  |   addtologs "changed '${clientname}' user password" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -133,11 +139,18 @@ createuser() { | ||||||
| ####################################### | ####################################### | ||||||
| # shellcheck disable=SC2016 | # shellcheck disable=SC2016 | ||||||
| createcert() { | createcert() { | ||||||
|     cd "${easyrsadir}" || execerror "" |   if ! grep -w "${clientname}" ${easyrsaidx} | grep "^V" > /dev/null 2>&1; then | ||||||
|     sed -i -e '$aset_var EASYRSA_REQ_CN         '"${clientname}"'' "${easyrsavar}" |     ( | ||||||
|     # ${easyrsaexe} --passout=pass:"${clientpass}" --passin=pass:${easyrsacap} build-client-full "${clientname}" |       cd "${easyrsadir}" || execerror "" | ||||||
|     ${easyrsaexe} --passin=pass:"${easyrsacap}" build-client-full "${clientname}" nopass |       sed -i -e '$aset_var EASYRSA_REQ_CN         '"${clientname}"'' "${easyrsavar}" | ||||||
|     sed -i '/EASYRSA_REQ_CN/d' "${easyrsavar}" |       # ${easyrsaexe} --passout=pass:"${clientpass}" --passin=pass:${easyrsacap} build-client-full "${clientname}" | ||||||
|  |       ${easyrsaexe} --passin=pass:"${easyrsacap}" build-client-full "${clientname}" nopass | ||||||
|  |       sed -i '/EASYRSA_REQ_CN/d' "${easyrsavar}" | ||||||
|  |     ) > /dev/null 2>&1 | ||||||
|  |     addtologs "created ${clientname} easyrsa certificate" | ||||||
|  |   else | ||||||
|  |     addtologs "${clientname} certificate exists, create skipped" | ||||||
|  |   fi | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -159,6 +172,7 @@ createovpn() { | ||||||
|     printf "%s\n" "<key>" "$(cat "${easyrsadir}/pki/private/${clientname}.key")" "</key>" |     printf "%s\n" "<key>" "$(cat "${easyrsadir}/pki/private/${clientname}.key")" "</key>" | ||||||
|     printf "%s\n" "<tls-auth>" "$(cat "${easyrsadir}/pki/private/ta.key")" "</tls-auth>" |     printf "%s\n" "<tls-auth>" "$(cat "${easyrsadir}/pki/private/ta.key")" "</tls-auth>" | ||||||
|   } >> "${ovpncfgdir}/${clientname}.ovpn" |   } >> "${ovpncfgdir}/${clientname}.ovpn" | ||||||
|  |   addtologs "created ${clientname} ovpn config file" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -179,6 +193,7 @@ createtars() { | ||||||
|   } >> "${ovpncfgdir}/vpn.txt" |   } >> "${ovpncfgdir}/vpn.txt" | ||||||
|   cd "${ovpncfgdir}" || execerror "" |   cd "${ovpncfgdir}" || execerror "" | ||||||
|   tar cf "${clientname}.tar" --remove-files vpn.cnf vpn.txt |   tar cf "${clientname}.tar" --remove-files vpn.cnf vpn.txt | ||||||
|  |   addtologs "created ${clientname} tar with config file" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -194,7 +209,6 @@ createtars() { | ||||||
| createinfo() { | createinfo() { | ||||||
|   cd "${easyrsadir}" || execerror "" |   cd "${easyrsadir}" || execerror "" | ||||||
|   validuntil=$(${easyrsaexe} show-cert "${clientname}" | grep "Not After" | cut -d: -f2-) |   validuntil=$(${easyrsaexe} show-cert "${clientname}" | grep "Not After" | cut -d: -f2-) | ||||||
| 
 |  | ||||||
|   faqprofile=$(printf "%s\n" \ |   faqprofile=$(printf "%s\n" \ | ||||||
|     "OpenVPN Connect client:" \ |     "OpenVPN Connect client:" \ | ||||||
|     "https://openvpn.net/client/" \ |     "https://openvpn.net/client/" \ | ||||||
|  | @ -207,8 +221,8 @@ createinfo() { | ||||||
|     "User Password: \`${clientpass}\`" \ |     "User Password: \`${clientpass}\`" \ | ||||||
|     "Time Expired: ${validuntil}" |     "Time Expired: ${validuntil}" | ||||||
|   ) |   ) | ||||||
| 
 |  | ||||||
|   printf "%s\n" "${faqprofile}" > "${ovpncfgdir}/${clientname}.info" |   printf "%s\n" "${faqprofile}" > "${ovpncfgdir}/${clientname}.info" | ||||||
|  |   addtologs "created ${clientname} info file" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -237,9 +251,8 @@ startsendmail() { | ||||||
|     --stls "True" \ |     --stls "True" \ | ||||||
|     --subj "${subj}" \ |     --subj "${subj}" \ | ||||||
|     --text "$(printf "%s\n" "${faqprofile}" | sed 's|`||g')" \ |     --text "$(printf "%s\n" "${faqprofile}" | sed 's|`||g')" \ | ||||||
|     --file "${ovpncfgdir}/${clientname}.ovpn,${ovpncfgdir}/${clientname}.tar" \ |     --file "${ovpncfgdir}/${clientname}.ovpn,${ovpncfgdir}/${clientname}.tar" | ||||||
|     >> /dev/null 2>&1 & |   ) > /dev/null 2>&1 | ||||||
|   ) |  | ||||||
|   addtologs "sent mail with subject '${subj}' to ${dest}" |   addtologs "sent mail with subject '${subj}' to ${dest}" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | @ -268,12 +281,11 @@ startsendtlgm() { | ||||||
|       API_URL="${API_URL}&message_thread_id=${THRD_ID}" |       API_URL="${API_URL}&message_thread_id=${THRD_ID}" | ||||||
|     fi |     fi | ||||||
| 
 | 
 | ||||||
|     curl -s -o /dev/null \ |     curl "${API_URL}" \ | ||||||
|          -F "media=[{\"type\": \"document\", \"media\": \"attach://ovpn\", \"caption\": \"${faqprofile}\", \"parse_mode\": \"Markdown\"}, {\"type\": \"document\", \"media\": \"attach://tars\" }]" \ |          -F "media=[{\"type\": \"document\", \"media\": \"attach://ovpn\", \"caption\": \"${faqprofile}\", \"parse_mode\": \"Markdown\"}, {\"type\": \"document\", \"media\": \"attach://tars\" }]" \ | ||||||
|          -F "ovpn=@${ovpncfgdir}/${clientname}.ovpn" \ |          -F "ovpn=@${ovpncfgdir}/${clientname}.ovpn" \ | ||||||
|          -F "tars=@${ovpncfgdir}/${clientname}.tar" \ |          -F "tars=@${ovpncfgdir}/${clientname}.tar" | ||||||
|         "${API_URL}" |   ) > /dev/null 2>&1 | ||||||
|   ) |  | ||||||
|   addtologs "sent telegram media with ${clientname}.ovpn client profile to ${CHAT_ID}" |   addtologs "sent telegram media with ${clientname}.ovpn client profile to ${CHAT_ID}" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | @ -285,7 +297,14 @@ startsendtlgm() { | ||||||
| #   None | #   None | ||||||
| ####################################### | ####################################### | ||||||
| deleteuser() { | deleteuser() { | ||||||
|   userdel -f -r "${clientname}" |   if id -u "${clientname}" > /dev/null 2>&1; then | ||||||
|  |     ( | ||||||
|  |       userdel -f -r "${clientname}" | ||||||
|  |     ) > /dev/null 2>&1 | ||||||
|  |     addtologs "deleted Linux user '${clientname}'" | ||||||
|  |   else | ||||||
|  |     addtologs "${clientname} Linux user does not exist, delete skipped" | ||||||
|  |   fi | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -300,9 +319,16 @@ deleteuser() { | ||||||
| #   None | #   None | ||||||
| ####################################### | ####################################### | ||||||
| deletecert() { | deletecert() { | ||||||
|     cd "${easyrsadir}" || execerror |   if grep -w "${clientname}" ${easyrsaidx} > /dev/null 2>&1; then | ||||||
|     ${easyrsaexe} --batch --passin=pass:"${easyrsacap}" revoke "${clientname}" |     ( | ||||||
|     ${easyrsaexe} --batch --passin=pass:"${easyrsacap}" gen-crl |       cd "${easyrsadir}" || execerror | ||||||
|  |       ${easyrsaexe} --batch --passin=pass:"${easyrsacap}" revoke "${clientname}" | ||||||
|  |       ${easyrsaexe} --batch --passin=pass:"${easyrsacap}" gen-crl | ||||||
|  |     ) > /dev/null 2>&1 | ||||||
|  |     addtologs "revoked ${clientname} easyrsa certificate" | ||||||
|  |   else | ||||||
|  |     addtologs "${clientname} certificate does not exist, revoke skipped" | ||||||
|  |   fi | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -314,7 +340,12 @@ deletecert() { | ||||||
| #   None | #   None | ||||||
| ####################################### | ####################################### | ||||||
| deleteovpn() { | deleteovpn() { | ||||||
|  |   if [ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then | ||||||
|     rm -f "${ovpncfgdir}/${clientname}.ovpn" |     rm -f "${ovpncfgdir}/${clientname}.ovpn" | ||||||
|  |     addtologs "deleted ${clientname} ovpn config file" | ||||||
|  |   else | ||||||
|  |     addtologs "${clientname} ovpn config does not exist, delete skipped" | ||||||
|  |   fi | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -326,7 +357,12 @@ deleteovpn() { | ||||||
| #   None | #   None | ||||||
| ####################################### | ####################################### | ||||||
| deletetars() { | deletetars() { | ||||||
|   rm -f "${ovpncfgdir}/${clientname}.tar" |   if [ -e "${ovpncfgdir}/${clientname}.tar" ]; then | ||||||
|  |     rm -f "${ovpncfgdir}/${clientname}.tar" | ||||||
|  |     addtologs "deleted ${clientname} tar with config" | ||||||
|  |   else | ||||||
|  |     addtologs "${clientname} tar does not exist, delete skipped" | ||||||
|  |   fi | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ####################################### | ####################################### | ||||||
|  | @ -338,7 +374,12 @@ deletetars() { | ||||||
| #   None | #   None | ||||||
| ####################################### | ####################################### | ||||||
| deleteinfo() { | deleteinfo() { | ||||||
|   rm -f "${ovpncfgdir}/${clientname}.info" |   if [ -e "${ovpncfgdir}/${clientname}.info" ]; then | ||||||
|  |     rm -f "${ovpncfgdir}/${clientname}.info" | ||||||
|  |     addtologs "deleted ${clientname} info file" | ||||||
|  |   else | ||||||
|  |     addtologs "${clientname} info file does not exist, delete skipped" | ||||||
|  |   fi | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # | # | ||||||
|  | @ -373,35 +414,23 @@ if checkroot; then | ||||||
|   if [ "${clienttodo}" == "add" ] && \ |   if [ "${clienttodo}" == "add" ] && \ | ||||||
|      [ -n "${clientname}" ] && \ |      [ -n "${clientname}" ] && \ | ||||||
|      [ "${#clientpass}" -ge 8 ]; then |      [ "${#clientpass}" -ge 8 ]; then | ||||||
|     if id -u "${clientname}" >/dev/null 2>&1 || \ |     createuser | ||||||
|        grep -w "${clientname}" ${easyrsaidx} || \ |     createcert | ||||||
|        [ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then |     createovpn | ||||||
|       execerror "linux user or certificate or ovpn config exist, exit" |     createtars | ||||||
|     else |     createinfo | ||||||
|       createuser && addtologs "created Linux user '${clientname}'" |     startsendmail | ||||||
|       createcert && addtologs "created certificate for ${clientname}" |     startsendtlgm | ||||||
|       createovpn && addtologs "created ovpn config file for ${clientname}" |   elif [ "${clienttodo}" == "del" ] && \ | ||||||
|       createtars && addtologs "created tar with config file for ${clientname}" |        [ -n "${clientname}" ]; then | ||||||
|       createinfo && addtologs "created info file for ${clientname}" |     deleteuser | ||||||
|       startsendmail |     deletecert | ||||||
|       startsendtlgm |     deleteovpn | ||||||
|     fi |     deletetars | ||||||
|   elif [ "${clienttodo}" == "del" ] && [ -n "${clientname}" ]; then |     deleteinfo | ||||||
|     if id -u "${clientname}" >/dev/null 2>&1 || \ |     if [ "${resetforce}" -eq 1 ];then | ||||||
|        grep -w "${clientname}" ${easyrsaidx} || \ |       addtologs "restarting openvpn@server..." | ||||||
|        [ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then |       systemctl restart openvpn@server | ||||||
|       deleteuser |  | ||||||
|       addtologs "deleted Linux user '${clientname}'" |  | ||||||
|       deletecert && addtologs "deleted certificate for ${clientname}" |  | ||||||
|       deleteovpn && addtologs "deleted ovpn config file for ${clientname}" |  | ||||||
|       deletetars && addtologs "deleted tar with config file for ${clientname}" |  | ||||||
|       deleteinfo && addtologs "deleted info file for ${clientname}" |  | ||||||
|       if [ "${resetforce}" -eq 1 ];then |  | ||||||
|         addtologs "restarting openvpn@server..." |  | ||||||
|         systemctl restart openvpn@server |  | ||||||
|       fi |  | ||||||
|     else |  | ||||||
|       execerror "linux user and certificate and ovpn config not exist, exit" |  | ||||||
|     fi |     fi | ||||||
|   else |   else | ||||||
|     printf "%s\n" "Usage example: $0 'add' 'username(surname)' 'password(not less 8 symbols)'" |     printf "%s\n" "Usage example: $0 'add' 'username(surname)' 'password(not less 8 symbols)'" | ||||||
|  | @ -412,4 +441,4 @@ if checkroot; then | ||||||
| else | else | ||||||
|   execerror "Restart this as root!" |   execerror "Restart this as root!" | ||||||
| fi | fi | ||||||
| execquite | execquite 0 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user