Merge claude/1

This commit is contained in:
librelad 2026-05-23 23:46:58 +01:00
commit 1d6e838349
5 changed files with 46 additions and 46 deletions

View File

@ -16,8 +16,8 @@ dockerSwitcherSetSocketPermissions()
if [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
if [[ $docker_rootless_exist == "false" ]]; then
# if File exists
if sudo test -e "$docker_rootless_socket"; then
local result=$(sudo chmod o-r "$docker_rootless_socket")
if runSystem test -e "$docker_rootless_socket"; then
local result=$(runSystem chmod o-r "$docker_rootless_socket")
checkSuccess "Removing read permissions from Rootless docker socket."
docker_rootless_found="true"
else
@ -27,8 +27,8 @@ dockerSwitcherSetSocketPermissions()
fi
# if File exists
if sudo test -e "$docker_rooted_socket"; then
local result=$(sudo chmod +r "$docker_rooted_socket")
if runSystem test -e "$docker_rooted_socket"; then
local result=$(runSystem chmod +r "$docker_rooted_socket")
checkSuccess "Adding read permissions to Rooted docker socket."
docker_rooted_found="true"
else
@ -39,8 +39,8 @@ dockerSwitcherSetSocketPermissions()
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
# if File exists
if sudo test -e "$docker_rooted_socket"; then
local result=$(sudo chmod o-r "$docker_rooted_socket")
if runSystem test -e "$docker_rooted_socket"; then
local result=$(runSystem chmod o-r "$docker_rooted_socket")
checkSuccess "Removing read permissions from Rooted docker socket."
docker_rooted_found="true"
else
@ -49,8 +49,8 @@ dockerSwitcherSetSocketPermissions()
fi
# if File exists
if sudo test -e "$docker_rootless_socket"; then
local result=$(sudo chmod +r "$docker_rootless_socket")
if runSystem test -e "$docker_rootless_socket"; then
local result=$(runSystem chmod +r "$docker_rootless_socket")
checkSuccess "Adding read permissions to Rootless docker socket."
docker_rootless_found="true"
else

View File

@ -15,7 +15,7 @@ firewallInitialSetup()
break
fi
if [[ "$firewallallowport_port" =~ ^[0-9]+$ && $firewallallowport_port -ge 1 && $firewallallowport_port -le 65535 ]]; then
local result=$(sudo ufw allow "$firewallallowport_port")
local result=$(runSystem ufw allow "$firewallallowport_port")
checkSuccess "Opening port $firewallallowport_port in the UFW Firewall"
break
fi
@ -36,7 +36,7 @@ firewallInitialSetup()
break
fi
if [[ "$firewallblockport_port" =~ ^[0-9]+$ && $firewallblockport_port -ge 1 && $firewallblockport_port -le 65535 ]]; then
local result=$(sudo ufw deny "$firewallblockport_port")
local result=$(runSystem ufw deny "$firewallblockport_port")
checkSuccess "Blocking port $firewallblockport_port in the UFW Firewall"
break
fi
@ -49,9 +49,9 @@ firewallInitialSetup()
echo ""
echo "---- Block port 22 (SSH) :"
echo ""
local result=$(sudo ufw deny 22)
local result=$(runSystem ufw deny 22)
checkSuccess "Disabling Port 22 through the firewall"
local result=$(sudo ufw deny ssh)
local result=$(runSystem ufw deny ssh)
checkSuccess "Disabling SSH through the firewall"
fi
@ -60,9 +60,9 @@ firewallInitialSetup()
echo ""
echo "---- Allow port 22 (SSH) :"
echo ""
local result=$(sudo ufw allow 22)
local result=$(runSystem ufw allow 22)
checkSuccess "Allowing Port 22 through the firewall"
local result=$(sudo ufw allow ssh)
local result=$(runSystem ufw allow ssh)
checkSuccess "Allowing SSH through the firewall"
fi
@ -75,7 +75,7 @@ firewallInitialSetup()
case "$CFG_UFW_LOGGING" in
on|off|low|medium|high|full)
# Valid logging type
local result=$(yes | sudo ufw logging $CFG_UFW_LOGGING)
local result=$(yes | runSystem ufw logging $CFG_UFW_LOGGING)
checkSuccess "Updating UFW Firewall Logging to $CFG_UFW_LOGGING"
;;
*)

View File

@ -6,7 +6,7 @@ firewallClearLibrePortalRules()
local total_cleared=0
if [[ $EUID -eq 0 ]] && command -v ufw-docker &> /dev/null; then
local libreportal_rules=$(sudo ufw-docker list 2>/dev/null | grep -E "(allow|deny)" || echo "")
local libreportal_rules=$(runSystem ufw-docker list 2>/dev/null | grep -E "(allow|deny)" || echo "")
if [[ -n "$libreportal_rules" ]]; then
echo "$libreportal_rules" | while read -r rule_line; do
if [[ $rule_line =~ (allow|deny)\ ([^[:space:]]+)\ ([^[:space:]]+) ]]; then
@ -16,7 +16,7 @@ firewallClearLibrePortalRules()
# Only clear LibrePortal app rules (not system rules)
if [[ -d "$containers_dir/$container" ]]; then
local result=$(sudo ufw-docker delete "$action" "$container" "$port_spec" 2>&1)
local result=$(runSystem ufw-docker delete "$action" "$container" "$port_spec" 2>&1)
if [[ $? -eq 0 ]]; then
((total_cleared++))
isSuccessful "Cleared: $action $container $port_spec"
@ -31,7 +31,7 @@ firewallClearLibrePortalRules()
fi
elif command -v ufw &> /dev/null; then
local libreportal_rules=$(sudo ufw status numbered 2>/dev/null | grep -E "ALLOW.*LibrePortal" || echo "")
local libreportal_rules=$(runSystem ufw status numbered 2>/dev/null | grep -E "ALLOW.*LibrePortal" || echo "")
if [[ -n "$libreportal_rules" ]]; then
echo "$libreportal_rules" | while read -r rule_line; do
@ -40,7 +40,7 @@ firewallClearLibrePortalRules()
local action="${BASH_REMATCH[2]}"
local port_spec="${BASH_REMATCH[3]}"
local result=$(sudo ufw --force delete "$rule_num" 2>&1)
local result=$(runSystem ufw --force delete "$rule_num" 2>&1)
if [[ $? -eq 0 ]]; then
((total_cleared++))
isNotice "Cleared rule #$rule_num: $action $port_spec"

View File

@ -37,26 +37,26 @@ hostSshEnsureDir()
u=$(hostSshUser)
sshdir="$(hostSshHome)/.ssh"
akf=$(hostSshAuthKeysFile)
sudo mkdir -p "$sshdir"
sudo touch "$akf"
sudo chmod 700 "$sshdir"
sudo chmod 600 "$akf"
sudo chown -R "$u":"$u" "$sshdir"
runSystem mkdir -p "$sshdir"
runSystem touch "$akf"
runSystem chmod 700 "$sshdir"
runSystem chmod 600 "$akf"
runSystem chown -R "$u":"$u" "$sshdir"
}
# Count valid authorized public keys.
hostSshKeyCount()
{
local akf; akf=$(hostSshAuthKeysFile)
sudo test -f "$akf" || { echo 0; return; }
sudo grep -cvE '^[[:space:]]*($|#)' "$akf" 2>/dev/null || echo 0
runSystem test -f "$akf" || { echo 0; return; }
runSystem grep -cvE '^[[:space:]]*($|#)' "$akf" 2>/dev/null || echo 0
}
# True when sshd currently allows password authentication.
hostSshPasswordAuthEnabled()
{
local v
v=$(sudo sshd -T 2>/dev/null | awk '/^passwordauthentication/ {print $2}')
v=$(runSystem sshd -T 2>/dev/null | awk '/^passwordauthentication/ {print $2}')
[[ -z "$v" ]] && v=$(grep -iE '^[[:space:]]*PasswordAuthentication' "$sshd_config" 2>/dev/null | tail -1 | awk '{print tolower($2)}')
[[ "$v" == "no" ]] && return 1
return 0 # default-on when unspecified
@ -81,14 +81,14 @@ hostSshKeyAdd()
local akf body
akf=$(hostSshAuthKeysFile)
body=$(awk '{print $2}' <<< "$pub")
if sudo grep -qF "$body" "$akf" 2>/dev/null; then
if runSystem grep -qF "$body" "$akf" 2>/dev/null; then
isNotice "That key is already authorized."
else
printf '%s\n' "$pub" | sudo tee -a "$akf" >/dev/null
printf '%s\n' "$pub" | runSystem tee -a "$akf" >/dev/null
isSuccessful "SSH key authorized for $(hostSshUser)"
fi
sudo chown "$(hostSshUser)":"$(hostSshUser)" "$akf"
sudo chmod 600 "$akf"
runSystem chown "$(hostSshUser)":"$(hostSshUser)" "$akf"
runSystem chmod 600 "$akf"
hostSshRefreshUi
}
@ -99,7 +99,7 @@ hostSshKeyRemove()
local fp="$1"
[[ -z "$fp" ]] && { isError "hostSshKeyRemove requires <fingerprint>"; return 1; }
local akf; akf=$(hostSshAuthKeysFile)
sudo test -f "$akf" || { isError "No authorized_keys file"; return 1; }
runSystem test -f "$akf" || { isError "No authorized_keys file"; return 1; }
if ! hostSshPasswordAuthEnabled && [[ "$(hostSshKeyCount)" -le 1 ]]; then
isError "Refusing to remove the last key while password login is disabled — you'd be locked out. Re-enable password login first."
@ -117,12 +117,12 @@ hostSshKeyRemove()
removed=1; continue
fi
printf '%s\n' "$line" >> "$tmp"
done < <(sudo cat "$akf")
done < <(runSystem cat "$akf")
if [[ "$removed" -eq 1 ]]; then
sudo cp "$tmp" "$akf"
sudo chown "$(hostSshUser)":"$(hostSshUser)" "$akf"
sudo chmod 600 "$akf"
runSystem cp "$tmp" "$akf"
runSystem chown "$(hostSshUser)":"$(hostSshUser)" "$akf"
runSystem chmod 600 "$akf"
isSuccessful "Removed SSH key $fp"
else
isNotice "No key matched fingerprint $fp"
@ -148,16 +148,16 @@ hostSshSetPasswordAuth()
local value="yes"; [[ "$want" == "off" ]] && value="no"
local backup="${sshd_config}.libreportal.$(date +%s)"
sudo cp "$sshd_config" "$backup"
sudo sed -i '/^[[:space:]]*#\?[[:space:]]*PasswordAuthentication\b/d' "$sshd_config"
echo "PasswordAuthentication $value" | sudo tee -a "$sshd_config" >/dev/null
runSystem cp "$sshd_config" "$backup"
runSystem sed -i '/^[[:space:]]*#\?[[:space:]]*PasswordAuthentication\b/d' "$sshd_config"
echo "PasswordAuthentication $value" | runSystem tee -a "$sshd_config" >/dev/null
if ! sudo sshd -t 2>/dev/null; then
if ! runSystem sshd -t 2>/dev/null; then
isError "sshd config test failed — restoring backup, no change made."
sudo cp "$backup" "$sshd_config"
runSystem cp "$backup" "$sshd_config"
return 1
fi
sudo systemctl reload ssh 2>/dev/null || sudo systemctl reload sshd 2>/dev/null
runSystem systemctl reload ssh 2>/dev/null || runSystem systemctl reload sshd 2>/dev/null
isSuccessful "Password login ${want} (sshd reloaded; backup at $backup)"
hostSshRefreshUi
}

View File

@ -33,7 +33,7 @@ Environment=XDG_RUNTIME_DIR=/run/user/${libreportal_uid}"
fi
# Create systemd service file
sudo tee "$service_file" > /dev/null <<EOF
runSystem tee "$service_file" > /dev/null <<EOF
[Unit]
Description=LibrePortal Task Processor
After=network.target
@ -64,9 +64,9 @@ EOF
fi
# Reload systemd and enable service
sudo systemctl daemon-reload
sudo systemctl enable libreportal.service >/dev/null 2>&1
sudo systemctl start libreportal.service
runSystem systemctl daemon-reload
runSystem systemctl enable libreportal.service >/dev/null 2>&1
runSystem systemctl start libreportal.service
isSuccessful "LibrePortal task processor service setup."
fi