generated from pavel.muhortov/template-bash
improved execution logic
This commit is contained in:
parent
f5800dcc7e
commit
4e6d369329
|
|
@ -44,7 +44,7 @@ addtologs() {
|
|||
#######################################
|
||||
execquite() {
|
||||
addtologs "execution time is $(($(date +%s)-time)) seconds, exit"
|
||||
exit
|
||||
exit "${1}"
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -56,7 +56,7 @@ execquite() {
|
|||
#######################################
|
||||
execerror() {
|
||||
addtologs "error: $1"
|
||||
execquite
|
||||
execquite 1
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -115,8 +115,14 @@ checkroot() {
|
|||
# None
|
||||
#######################################
|
||||
createuser() {
|
||||
useradd "${clientname}" --shell /sbin/nologin
|
||||
if ! id -u "${clientname}" >/dev/null 2>&1; then
|
||||
useradd "${clientname}" --shell /sbin/nologin
|
||||
addtologs "created Linux user '${clientname}'"
|
||||
else
|
||||
addtologs "${clientname} Linux user exists, create skipped"
|
||||
fi
|
||||
printf "%s\n" "${clientname}:${clientpass}" | chpasswd
|
||||
addtologs "changed '${clientname}' user password"
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -133,11 +139,18 @@ createuser() {
|
|||
#######################################
|
||||
# shellcheck disable=SC2016
|
||||
createcert() {
|
||||
cd "${easyrsadir}" || execerror ""
|
||||
sed -i -e '$aset_var EASYRSA_REQ_CN '"${clientname}"'' "${easyrsavar}"
|
||||
# ${easyrsaexe} --passout=pass:"${clientpass}" --passin=pass:${easyrsacap} build-client-full "${clientname}"
|
||||
${easyrsaexe} --passin=pass:"${easyrsacap}" build-client-full "${clientname}" nopass
|
||||
sed -i '/EASYRSA_REQ_CN/d' "${easyrsavar}"
|
||||
if ! grep -w "${clientname}" ${easyrsaidx} | grep "^V" > /dev/null 2>&1; then
|
||||
(
|
||||
cd "${easyrsadir}" || execerror ""
|
||||
sed -i -e '$aset_var EASYRSA_REQ_CN '"${clientname}"'' "${easyrsavar}"
|
||||
# ${easyrsaexe} --passout=pass:"${clientpass}" --passin=pass:${easyrsacap} build-client-full "${clientname}"
|
||||
${easyrsaexe} --passin=pass:"${easyrsacap}" build-client-full "${clientname}" nopass
|
||||
sed -i '/EASYRSA_REQ_CN/d' "${easyrsavar}"
|
||||
) > /dev/null 2>&1
|
||||
addtologs "created ${clientname} easyrsa certificate"
|
||||
else
|
||||
addtologs "${clientname} certificate exists, create skipped"
|
||||
fi
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -159,6 +172,7 @@ createovpn() {
|
|||
printf "%s\n" "<key>" "$(cat "${easyrsadir}/pki/private/${clientname}.key")" "</key>"
|
||||
printf "%s\n" "<tls-auth>" "$(cat "${easyrsadir}/pki/private/ta.key")" "</tls-auth>"
|
||||
} >> "${ovpncfgdir}/${clientname}.ovpn"
|
||||
addtologs "created ${clientname} ovpn config file"
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -179,6 +193,7 @@ createtars() {
|
|||
} >> "${ovpncfgdir}/vpn.txt"
|
||||
cd "${ovpncfgdir}" || execerror ""
|
||||
tar cf "${clientname}.tar" --remove-files vpn.cnf vpn.txt
|
||||
addtologs "created ${clientname} tar with config file"
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -194,7 +209,6 @@ createtars() {
|
|||
createinfo() {
|
||||
cd "${easyrsadir}" || execerror ""
|
||||
validuntil=$(${easyrsaexe} show-cert "${clientname}" | grep "Not After" | cut -d: -f2-)
|
||||
|
||||
faqprofile=$(printf "%s\n" \
|
||||
"OpenVPN Connect client:" \
|
||||
"https://openvpn.net/client/" \
|
||||
|
|
@ -207,8 +221,8 @@ createinfo() {
|
|||
"User Password: \`${clientpass}\`" \
|
||||
"Time Expired: ${validuntil}"
|
||||
)
|
||||
|
||||
printf "%s\n" "${faqprofile}" > "${ovpncfgdir}/${clientname}.info"
|
||||
addtologs "created ${clientname} info file"
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -237,9 +251,8 @@ startsendmail() {
|
|||
--stls "True" \
|
||||
--subj "${subj}" \
|
||||
--text "$(printf "%s\n" "${faqprofile}" | sed 's|`||g')" \
|
||||
--file "${ovpncfgdir}/${clientname}.ovpn,${ovpncfgdir}/${clientname}.tar" \
|
||||
>> /dev/null 2>&1 &
|
||||
)
|
||||
--file "${ovpncfgdir}/${clientname}.ovpn,${ovpncfgdir}/${clientname}.tar"
|
||||
) > /dev/null 2>&1
|
||||
addtologs "sent mail with subject '${subj}' to ${dest}"
|
||||
}
|
||||
|
||||
|
|
@ -268,12 +281,11 @@ startsendtlgm() {
|
|||
API_URL="${API_URL}&message_thread_id=${THRD_ID}"
|
||||
fi
|
||||
|
||||
curl -s -o /dev/null \
|
||||
curl "${API_URL}" \
|
||||
-F "media=[{\"type\": \"document\", \"media\": \"attach://ovpn\", \"caption\": \"${faqprofile}\", \"parse_mode\": \"Markdown\"}, {\"type\": \"document\", \"media\": \"attach://tars\" }]" \
|
||||
-F "ovpn=@${ovpncfgdir}/${clientname}.ovpn" \
|
||||
-F "tars=@${ovpncfgdir}/${clientname}.tar" \
|
||||
"${API_URL}"
|
||||
)
|
||||
-F "tars=@${ovpncfgdir}/${clientname}.tar"
|
||||
) > /dev/null 2>&1
|
||||
addtologs "sent telegram media with ${clientname}.ovpn client profile to ${CHAT_ID}"
|
||||
}
|
||||
|
||||
|
|
@ -285,7 +297,14 @@ startsendtlgm() {
|
|||
# None
|
||||
#######################################
|
||||
deleteuser() {
|
||||
userdel -f -r "${clientname}"
|
||||
if id -u "${clientname}" > /dev/null 2>&1; then
|
||||
(
|
||||
userdel -f -r "${clientname}"
|
||||
) > /dev/null 2>&1
|
||||
addtologs "deleted Linux user '${clientname}'"
|
||||
else
|
||||
addtologs "${clientname} Linux user does not exist, delete skipped"
|
||||
fi
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -300,9 +319,16 @@ deleteuser() {
|
|||
# None
|
||||
#######################################
|
||||
deletecert() {
|
||||
cd "${easyrsadir}" || execerror
|
||||
${easyrsaexe} --batch --passin=pass:"${easyrsacap}" revoke "${clientname}"
|
||||
${easyrsaexe} --batch --passin=pass:"${easyrsacap}" gen-crl
|
||||
if grep -w "${clientname}" ${easyrsaidx} > /dev/null 2>&1; then
|
||||
(
|
||||
cd "${easyrsadir}" || execerror
|
||||
${easyrsaexe} --batch --passin=pass:"${easyrsacap}" revoke "${clientname}"
|
||||
${easyrsaexe} --batch --passin=pass:"${easyrsacap}" gen-crl
|
||||
) > /dev/null 2>&1
|
||||
addtologs "revoked ${clientname} easyrsa certificate"
|
||||
else
|
||||
addtologs "${clientname} certificate does not exist, revoke skipped"
|
||||
fi
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -314,7 +340,12 @@ deletecert() {
|
|||
# None
|
||||
#######################################
|
||||
deleteovpn() {
|
||||
if [ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then
|
||||
rm -f "${ovpncfgdir}/${clientname}.ovpn"
|
||||
addtologs "deleted ${clientname} ovpn config file"
|
||||
else
|
||||
addtologs "${clientname} ovpn config does not exist, delete skipped"
|
||||
fi
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -326,7 +357,12 @@ deleteovpn() {
|
|||
# None
|
||||
#######################################
|
||||
deletetars() {
|
||||
rm -f "${ovpncfgdir}/${clientname}.tar"
|
||||
if [ -e "${ovpncfgdir}/${clientname}.tar" ]; then
|
||||
rm -f "${ovpncfgdir}/${clientname}.tar"
|
||||
addtologs "deleted ${clientname} tar with config"
|
||||
else
|
||||
addtologs "${clientname} tar does not exist, delete skipped"
|
||||
fi
|
||||
}
|
||||
|
||||
#######################################
|
||||
|
|
@ -338,7 +374,12 @@ deletetars() {
|
|||
# None
|
||||
#######################################
|
||||
deleteinfo() {
|
||||
rm -f "${ovpncfgdir}/${clientname}.info"
|
||||
if [ -e "${ovpncfgdir}/${clientname}.info" ]; then
|
||||
rm -f "${ovpncfgdir}/${clientname}.info"
|
||||
addtologs "deleted ${clientname} info file"
|
||||
else
|
||||
addtologs "${clientname} info file does not exist, delete skipped"
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
|
|
@ -373,35 +414,23 @@ if checkroot; then
|
|||
if [ "${clienttodo}" == "add" ] && \
|
||||
[ -n "${clientname}" ] && \
|
||||
[ "${#clientpass}" -ge 8 ]; then
|
||||
if id -u "${clientname}" >/dev/null 2>&1 || \
|
||||
grep -w "${clientname}" ${easyrsaidx} || \
|
||||
[ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then
|
||||
execerror "linux user or certificate or ovpn config exist, exit"
|
||||
else
|
||||
createuser && addtologs "created Linux user '${clientname}'"
|
||||
createcert && addtologs "created certificate for ${clientname}"
|
||||
createovpn && addtologs "created ovpn config file for ${clientname}"
|
||||
createtars && addtologs "created tar with config file for ${clientname}"
|
||||
createinfo && addtologs "created info file for ${clientname}"
|
||||
startsendmail
|
||||
startsendtlgm
|
||||
fi
|
||||
elif [ "${clienttodo}" == "del" ] && [ -n "${clientname}" ]; then
|
||||
if id -u "${clientname}" >/dev/null 2>&1 || \
|
||||
grep -w "${clientname}" ${easyrsaidx} || \
|
||||
[ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then
|
||||
deleteuser
|
||||
addtologs "deleted Linux user '${clientname}'"
|
||||
deletecert && addtologs "deleted certificate for ${clientname}"
|
||||
deleteovpn && addtologs "deleted ovpn config file for ${clientname}"
|
||||
deletetars && addtologs "deleted tar with config file for ${clientname}"
|
||||
deleteinfo && addtologs "deleted info file for ${clientname}"
|
||||
if [ "${resetforce}" -eq 1 ];then
|
||||
addtologs "restarting openvpn@server..."
|
||||
systemctl restart openvpn@server
|
||||
fi
|
||||
else
|
||||
execerror "linux user and certificate and ovpn config not exist, exit"
|
||||
createuser
|
||||
createcert
|
||||
createovpn
|
||||
createtars
|
||||
createinfo
|
||||
startsendmail
|
||||
startsendtlgm
|
||||
elif [ "${clienttodo}" == "del" ] && \
|
||||
[ -n "${clientname}" ]; then
|
||||
deleteuser
|
||||
deletecert
|
||||
deleteovpn
|
||||
deletetars
|
||||
deleteinfo
|
||||
if [ "${resetforce}" -eq 1 ];then
|
||||
addtologs "restarting openvpn@server..."
|
||||
systemctl restart openvpn@server
|
||||
fi
|
||||
else
|
||||
printf "%s\n" "Usage example: $0 'add' 'username(surname)' 'password(not less 8 symbols)'"
|
||||
|
|
@ -412,4 +441,4 @@ if checkroot; then
|
|||
else
|
||||
execerror "Restart this as root!"
|
||||
fi
|
||||
execquite
|
||||
execquite 0
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user