|
|
|
|
@ -71,15 +71,12 @@ provider_info() {
|
|
|
|
|
|
|
|
|
|
dnscrypt_wrapper_compat() {
|
|
|
|
|
if [ ! -d "$LEGACY_KEYS_DIR" ]; then
|
|
|
|
|
exit 1
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
echo "Legacy [$LEGACY_KEYS_DIR] directory found."
|
|
|
|
|
if [ -d "$KEYS_DIR" ]; then
|
|
|
|
|
echo "Both [${LEGACY_KEYS_DIR}] and [${KEYS_DIR}] are present - This is not expected" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
echo "We'll just symlink it to [${KEYS_DIR}] internally"
|
|
|
|
|
ln -s "$LEGACY_KEYS_DIR" "$KEYS_DIR"
|
|
|
|
|
echo "Legacy [$LEGACY_KEYS_DIR] directory found" >&2
|
|
|
|
|
if [ -d "${KEYS_DIR}/provider_name" ]; then
|
|
|
|
|
echo "Both [${LEGACY_KEYS_DIR}] and [${KEYS_DIR}] are present and not empty - This is not expected" >&2
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
if [ ! -f "${LEGACY_KEYS_DIR}/secret.key" ]; then
|
|
|
|
|
echo "No secret key in [${LEGACY_KEYS_DIR}/secret.key], this is not expected." >&2
|
|
|
|
|
@ -88,21 +85,35 @@ dnscrypt_wrapper_compat() {
|
|
|
|
|
echo "If you are setting up a brand new server, maybe you've been following" >&2
|
|
|
|
|
echo "an outdated tutorial." >&2
|
|
|
|
|
echo "The key directory should be mounted as [${KEYS_DIR}] and not [$LEGACY_KEYS_DIR]." >&2
|
|
|
|
|
exit 1
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
echo
|
|
|
|
|
echo "...and this is fine! You can keep using it, no need to change anything to your Docker volumes."
|
|
|
|
|
echo
|
|
|
|
|
echo "...and this is fine! You can keep using it, no need to change anything to your Docker volumes." >&2
|
|
|
|
|
echo "We'll just copy a few things to [${KEYS_DIR}] internally" >&2
|
|
|
|
|
find "$KEYS_DIR" -type f -print -exec cp -afv {} "$LEGACY_KEYS_DIR/" \;
|
|
|
|
|
chmod 700 "$LEGACY_KEYS_DIR"
|
|
|
|
|
chown _encrypted-dns:_encrypted-dns "$LEGACY_KEYS_DIR"
|
|
|
|
|
echo "...and update the configuration file" >&2
|
|
|
|
|
sed -e "s#${KEYS_DIR}#${LEGACY_KEYS_DIR}#g" <"$CONFIG_FILE_TEMPLATE" >"${CONFIG_FILE_TEMPLATE}.tmp" &&
|
|
|
|
|
mv -f "${CONFIG_FILE_TEMPLATE}.tmp" "$CONFIG_FILE_TEMPLATE" || exit 1
|
|
|
|
|
provider_name=$(cat "${LEGACY_KEYS_DIR}/provider_name")
|
|
|
|
|
ext_address="0.0.0.0:443"
|
|
|
|
|
sed \
|
|
|
|
|
-e "s/@PROVIDER_NAME@/${provider_name}/" \
|
|
|
|
|
-e "s/@EXTERNAL_IPV4@/${ext_address}/" \
|
|
|
|
|
"$CONFIG_FILE_TEMPLATE" >"$CONFIG_FILE"
|
|
|
|
|
echo "...and check that everything's fine..." >&2
|
|
|
|
|
/opt/encrypted-dns/sbin/encrypted-dns \
|
|
|
|
|
--config "$CONFIG_FILE" \
|
|
|
|
|
--import-from-dnscrypt-wrapper "${LEGACY_KEYS_DIR}/secret.key" \
|
|
|
|
|
--dry-run >/dev/null
|
|
|
|
|
--dry-run >/dev/null || exit 1
|
|
|
|
|
echo "Done!" >&2
|
|
|
|
|
echo >&2
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
is_initialized() {
|
|
|
|
|
if [ ! -f "${KEYS_DIR}/encrypted-dns.state" ] && [ ! -f "${KEYS_DIR}/provider-info.txt" ] && [ ! -f "${KEYS_DIR}/provider_name" ]; then
|
|
|
|
|
if [ ! -f "${KEYS_DIR}/encrypted-dns.state" ] || [ ! -f "${KEYS_DIR}/provider-info.txt" ] || [ ! -f "${KEYS_DIR}/provider_name" ]; then
|
|
|
|
|
if dnscrypt_wrapper_compat; then
|
|
|
|
|
if [ ! -f "${KEYS_DIR}/encrypted-dns.state" ] && [ ! -f "${KEYS_DIR}/provider-info.txt" ] && [ ! -f "${KEYS_DIR}/provider_name" ]; then
|
|
|
|
|
if [ ! -f "${LEGACY_KEYS_DIR}/encrypted-dns.state" ] || [ ! -f "${LEGACY_KEYS_DIR}/provider-info.txt" ] || [ ! -f "${LEGACY_KEYS_DIR}/provider_name" ]; then
|
|
|
|
|
echo no
|
|
|
|
|
else
|
|
|
|
|
echo yes
|
|
|
|
|
@ -117,7 +128,9 @@ is_initialized() {
|
|
|
|
|
|
|
|
|
|
ensure_initialized() {
|
|
|
|
|
if [ "$(is_initialized)" = no ]; then
|
|
|
|
|
echo "Please provide an initial configuration (init -N <provider_name> -E <external IP>)" >&2
|
|
|
|
|
if [ -d "$LEGACY_KEYS_DIR" ]; then
|
|
|
|
|
echo "Please provide an initial configuration (init -N <provider_name> -E <external IP>)" >&2
|
|
|
|
|
fi
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
Frank Denis
5 years ago