Bring the remaining deferred subsystems under the scoped sudoers, and drop
the one that's redundant.
Backup engines + app configs -> root-owned helpers (same pattern as
ownership/dns/ssh/socket/svc):
- scripts/system/libreportal-bininstall: install <restic|kopia> — does the
whole pkg-manager/signed-download install itself for a fixed, validated
engine name (no blanket sudo apt-get/install). restic_install/kopia_install
call it.
- scripts/system/libreportal-appcfg: {adguard-auth <user> <bcrypt>|
crowdsec-priority|owncloud-config <public> <host> <ip> <public_ip>} —
faithful ports of the AdGuard yaml / CrowdSec bouncer / ownCloud config.php
rewrites, fixed paths + validated args. adguard_auth/crowdsec_fix_priority/
owncloud_setup_config call it.
- run_privileged: runBinInstall / runAppCfg; init.sh installs + allowlists both.
Retire standalone (host-level) WireGuard — it's a duplicate of the
containerized containers/wireguard app (+ headscale mesh), its slirp4netns
speed rationale is largely moot with a better rootless net backend / typical
WAN-bound throughput, and it was the heaviest host-root subsystem (apt +
sysctl + iptables + /etc/wireguard), the worst fit for the rootless/
least-privilege direction:
- moved scripts/wireguard/ + manage_wireguard.sh + check_wireguard.sh to
scripts/unused/; dropped the install-path call, the Tools menu 'w' entry,
and the requirement check; removed the half-built libreportal-wg helper.
- generate_arrays.sh now also skips system/ (root-owned helpers, never
sourced); arrays regenerated (files_wireguard.sh pruned).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
191 lines
4.3 KiB
Bash
Executable File
191 lines
4.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
mainMenu()
|
|
{
|
|
createSuccessfulRunFile;
|
|
|
|
# We will not show the menu if we are installing LibrePortal via the CLI install command
|
|
if [ "$install_via_cli" != "true" ]; then
|
|
|
|
# Enable input
|
|
stty echo
|
|
|
|
# Auto-fire the Setup Wizard on first entry so the menu never shows
|
|
# against a half-configured install.
|
|
if ! isSetupWizardComplete; then
|
|
setupWizardTerminal
|
|
fi
|
|
|
|
while true; do
|
|
isHeader "Install Menu"
|
|
isOption "i. Install Apps"
|
|
isOption "u. Uninstall Apps"
|
|
isOption "g. Generate App"
|
|
isHeader "Backup/Restore/Migrate"
|
|
isOption "b. Backup"
|
|
isOption "r. Restore"
|
|
isOption "m. Migrate"
|
|
isHeader "Tools/Other"
|
|
isOption "c. Configs"
|
|
isOption "d. Database"
|
|
isOption "s. Setup Wizard (re-run)"
|
|
status=$(dockerCheckAppInstalled "ufw" "linux")
|
|
if [ "$status" == "installed" ]; then
|
|
isOption "f. Firewall"
|
|
fi
|
|
isOption "h. Headscale"
|
|
isOption "l. Logs"
|
|
isOption "t. Tools"
|
|
isOption "y. YML Editor"
|
|
echo ""
|
|
isOption "x. Exit"
|
|
echo ""
|
|
isQuestion "What is your choice: "
|
|
read -rp "" choice
|
|
|
|
case $choice in
|
|
i)
|
|
appInstallMenu;
|
|
|
|
;;
|
|
u)
|
|
appUninstallMenu;
|
|
|
|
;;
|
|
g)
|
|
appGenerate;
|
|
|
|
;;
|
|
s)
|
|
setupWizardReset;
|
|
setupWizardTerminal;
|
|
|
|
;;
|
|
b)
|
|
isHeader "Backup"
|
|
isOptionMenu "Single App Backup - Docker Container Folder (y/n): "
|
|
read -rp "" backupsingle
|
|
|
|
startOther;
|
|
|
|
;;
|
|
r)
|
|
isHeader "Restore"
|
|
echo "Please select 'l' for local restore."
|
|
echo "Please select 'r' for remote restore."
|
|
echo ""
|
|
isOptionMenu "Restore - App (l/r): "
|
|
read -rp "" restoresingle
|
|
|
|
startOther;
|
|
|
|
;;
|
|
m)
|
|
isHeader "Migrate"
|
|
echo "Migration is now handled by the restic engine."
|
|
echo "Available commands:"
|
|
echo " libreportal restore migrate discover [repo]"
|
|
echo " libreportal restore migrate app <app_name> <source_host> [repo]"
|
|
echo " libreportal restore migrate system <source_host> [repo]"
|
|
echo ""
|
|
|
|
;;
|
|
|
|
c)
|
|
|
|
viewConfigs;
|
|
|
|
;;
|
|
d)
|
|
isHeader "Database"
|
|
|
|
isOptionMenu "View Database Tables & Data? (y/n): "
|
|
read -rp "" toollistalltables
|
|
isOptionMenu "List all apps database? (y/n): "
|
|
read -rp "" toollistallapps
|
|
isOptionMenu "List all installed apps? (y/n): "
|
|
read -rp "" toollistinstalledapps
|
|
isOptionMenu "Update database with installed apps? (y/n): "
|
|
read -rp "" toolupdatedb
|
|
isOptionMenu "Empty a Database Tables? (y/n): "
|
|
read -rp "" toolemptytable
|
|
isOptionMenu "Delete database file? (y/n): "
|
|
read -rp "" tooldeletedb
|
|
|
|
startOther;
|
|
|
|
;;
|
|
h)
|
|
isHeader "Headscale"
|
|
|
|
isOptionMenu "Setup Tailscale Client for Localhost? (y/n): "
|
|
read -rp "" headscaleclientlocal
|
|
isOptionMenu "Setup Tailscale Client for a Specific App? (y/n): "
|
|
read -rp "" headscaleclientapp
|
|
isOptionMenu "Create User $CFG_INSTALL_NAME? (y/n): "
|
|
read -rp "" headscaleusercreate
|
|
isOptionMenu "Create API Key for $CFG_INSTALL_NAME? (y/n): "
|
|
read -rp "" headscaleapikeyscreate
|
|
isOptionMenu "List all API Keys? (y/n): "
|
|
read -rp "" headscaleapikeyslist
|
|
isOptionMenu "List all Nodes? (y/n): "
|
|
read -rp "" headscalenodeslist
|
|
isOptionMenu "List all Users? (y/n): "
|
|
read -rp "" headscaleuserlist
|
|
isOptionMenu "View Headscale Version? (y/n): "
|
|
read -rp "" headscaleversion
|
|
isOptionMenu "View/Edit Headscale Config File? (y/n): "
|
|
read -rp "" headscaleconfigfile
|
|
|
|
startOther;
|
|
|
|
;;
|
|
|
|
f)
|
|
isHeader "Firewall"
|
|
|
|
isOptionMenu "Allow specific port through the firewall? (y/n): "
|
|
read -rp "" firewallallowport
|
|
isOptionMenu "Block specific port through the firewall? (y/n): "
|
|
read -rp "" firewallblockport
|
|
isOptionMenu "Block port 22 (SSH)? (y/n): "
|
|
read -rp "" firewallblock22
|
|
isOptionMenu "Allow port 22 (SSH)? (y/n): "
|
|
read -rp "" firewallallow22
|
|
isOptionMenu "Update logging type for UFW based on Config? (y/n): "
|
|
read -rp "" firewallchangelogging
|
|
|
|
startOther;
|
|
|
|
;;
|
|
l)
|
|
viewLogs;
|
|
|
|
;;
|
|
t)
|
|
toolsMenu;
|
|
|
|
;;
|
|
y)
|
|
|
|
viewComposeFiles;
|
|
|
|
;;
|
|
i)
|
|
endStart;
|
|
|
|
;;
|
|
x)
|
|
exitScript;
|
|
|
|
;;
|
|
*)
|
|
isNotice "Invalid choice. Please select a valid option."
|
|
;;
|
|
esac
|
|
done
|
|
else
|
|
isSuccessful "LibrePortal successfully ran."
|
|
fi
|
|
}
|