LibrePortal/scripts/menu/menu_main.sh
librelad cd4fd55a6d feat(desudo): helper-ize backup-engine + app-config installs; retire standalone WireGuard
Bring the remaining deferred subsystems under the scoped sudoers, and drop
the one that's redundant.

Backup engines + app configs -> root-owned helpers (same pattern as
ownership/dns/ssh/socket/svc):
- scripts/system/libreportal-bininstall: install <restic|kopia> — does the
  whole pkg-manager/signed-download install itself for a fixed, validated
  engine name (no blanket sudo apt-get/install). restic_install/kopia_install
  call it.
- scripts/system/libreportal-appcfg: {adguard-auth <user> <bcrypt>|
  crowdsec-priority|owncloud-config <public> <host> <ip> <public_ip>} —
  faithful ports of the AdGuard yaml / CrowdSec bouncer / ownCloud config.php
  rewrites, fixed paths + validated args. adguard_auth/crowdsec_fix_priority/
  owncloud_setup_config call it.
- run_privileged: runBinInstall / runAppCfg; init.sh installs + allowlists both.

Retire standalone (host-level) WireGuard — it's a duplicate of the
containerized containers/wireguard app (+ headscale mesh), its slirp4netns
speed rationale is largely moot with a better rootless net backend / typical
WAN-bound throughput, and it was the heaviest host-root subsystem (apt +
sysctl + iptables + /etc/wireguard), the worst fit for the rootless/
least-privilege direction:
- moved scripts/wireguard/ + manage_wireguard.sh + check_wireguard.sh to
  scripts/unused/; dropped the install-path call, the Tools menu 'w' entry,
  and the requirement check; removed the half-built libreportal-wg helper.
- generate_arrays.sh now also skips system/ (root-owned helpers, never
  sourced); arrays regenerated (files_wireguard.sh pruned).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 19:22:22 +01:00

191 lines
4.3 KiB
Bash
Executable File

#!/bin/bash
mainMenu()
{
createSuccessfulRunFile;
# We will not show the menu if we are installing LibrePortal via the CLI install command
if [ "$install_via_cli" != "true" ]; then
# Enable input
stty echo
# Auto-fire the Setup Wizard on first entry so the menu never shows
# against a half-configured install.
if ! isSetupWizardComplete; then
setupWizardTerminal
fi
while true; do
isHeader "Install Menu"
isOption "i. Install Apps"
isOption "u. Uninstall Apps"
isOption "g. Generate App"
isHeader "Backup/Restore/Migrate"
isOption "b. Backup"
isOption "r. Restore"
isOption "m. Migrate"
isHeader "Tools/Other"
isOption "c. Configs"
isOption "d. Database"
isOption "s. Setup Wizard (re-run)"
status=$(dockerCheckAppInstalled "ufw" "linux")
if [ "$status" == "installed" ]; then
isOption "f. Firewall"
fi
isOption "h. Headscale"
isOption "l. Logs"
isOption "t. Tools"
isOption "y. YML Editor"
echo ""
isOption "x. Exit"
echo ""
isQuestion "What is your choice: "
read -rp "" choice
case $choice in
i)
appInstallMenu;
;;
u)
appUninstallMenu;
;;
g)
appGenerate;
;;
s)
setupWizardReset;
setupWizardTerminal;
;;
b)
isHeader "Backup"
isOptionMenu "Single App Backup - Docker Container Folder (y/n): "
read -rp "" backupsingle
startOther;
;;
r)
isHeader "Restore"
echo "Please select 'l' for local restore."
echo "Please select 'r' for remote restore."
echo ""
isOptionMenu "Restore - App (l/r): "
read -rp "" restoresingle
startOther;
;;
m)
isHeader "Migrate"
echo "Migration is now handled by the restic engine."
echo "Available commands:"
echo " libreportal restore migrate discover [repo]"
echo " libreportal restore migrate app <app_name> <source_host> [repo]"
echo " libreportal restore migrate system <source_host> [repo]"
echo ""
;;
c)
viewConfigs;
;;
d)
isHeader "Database"
isOptionMenu "View Database Tables & Data? (y/n): "
read -rp "" toollistalltables
isOptionMenu "List all apps database? (y/n): "
read -rp "" toollistallapps
isOptionMenu "List all installed apps? (y/n): "
read -rp "" toollistinstalledapps
isOptionMenu "Update database with installed apps? (y/n): "
read -rp "" toolupdatedb
isOptionMenu "Empty a Database Tables? (y/n): "
read -rp "" toolemptytable
isOptionMenu "Delete database file? (y/n): "
read -rp "" tooldeletedb
startOther;
;;
h)
isHeader "Headscale"
isOptionMenu "Setup Tailscale Client for Localhost? (y/n): "
read -rp "" headscaleclientlocal
isOptionMenu "Setup Tailscale Client for a Specific App? (y/n): "
read -rp "" headscaleclientapp
isOptionMenu "Create User $CFG_INSTALL_NAME? (y/n): "
read -rp "" headscaleusercreate
isOptionMenu "Create API Key for $CFG_INSTALL_NAME? (y/n): "
read -rp "" headscaleapikeyscreate
isOptionMenu "List all API Keys? (y/n): "
read -rp "" headscaleapikeyslist
isOptionMenu "List all Nodes? (y/n): "
read -rp "" headscalenodeslist
isOptionMenu "List all Users? (y/n): "
read -rp "" headscaleuserlist
isOptionMenu "View Headscale Version? (y/n): "
read -rp "" headscaleversion
isOptionMenu "View/Edit Headscale Config File? (y/n): "
read -rp "" headscaleconfigfile
startOther;
;;
f)
isHeader "Firewall"
isOptionMenu "Allow specific port through the firewall? (y/n): "
read -rp "" firewallallowport
isOptionMenu "Block specific port through the firewall? (y/n): "
read -rp "" firewallblockport
isOptionMenu "Block port 22 (SSH)? (y/n): "
read -rp "" firewallblock22
isOptionMenu "Allow port 22 (SSH)? (y/n): "
read -rp "" firewallallow22
isOptionMenu "Update logging type for UFW based on Config? (y/n): "
read -rp "" firewallchangelogging
startOther;
;;
l)
viewLogs;
;;
t)
toolsMenu;
;;
y)
viewComposeFiles;
;;
i)
endStart;
;;
x)
exitScript;
;;
*)
isNotice "Invalid choice. Please select a valid option."
;;
esac
done
else
isSuccessful "LibrePortal successfully ran."
fi
}