Add zerotier-setup.sh

2024-12-02 14:51:08 +05:30 · 2024-12-02 14:51:08 +05:30 · 21b2f1d916
commit 21b2f1d916
parent f58698789f
1 changed files with 161 additions and 0 deletions
--- a/zerotier-setup.sh
+++ b/zerotier-setup.sh
@ -0,0 +1,161 @@
+#!/bin/bash
+
+# Check if script is run as root
+if [ "$EUID" -ne 0 ]; then 
+    echo "Please run as root"
+    exit 1
+fi
+
+# Variables
+CLOUDPANEL_PORT="8443"
+SSH_PORT="22"
+SFTP_PORT="22"
+DB_PATH="/home/clp/htdocs/app/data/db.sq3"
+NGINX_CONF="/home/clp/services/nginx/sites-enabled/cloudpanel.conf"
+MAX_TRIES=12
+
+# Prompt for ZeroTier Network ID
+echo -n "Please enter your ZeroTier Network ID: "
+read ZEROTIER_NETWORK_ID
+
+# Validate Network ID format (16 character hex)
+if ! [[ $ZEROTIER_NETWORK_ID =~ ^[0-9a-fA-F]{16}$ ]]; then
+    echo "Error: Invalid ZeroTier Network ID format. It should be a 16-character hexadecimal string."
+    echo "Example: a1b2c3d4e5f67890"
+    exit 1
+fi
+
+echo "Using ZeroTier Network ID: $ZEROTIER_NETWORK_ID"
+
+# Install ZeroTier if not already installed
+if ! command -v zerotier-cli &> /dev/null; then
+    echo "Installing ZeroTier..."
+    curl -s https://install.zerotier.com | bash
+fi
+
+# Join ZeroTier network if not already joined
+if ! zerotier-cli listnetworks | grep -q "$ZEROTIER_NETWORK_ID"; then
+    echo "Joining ZeroTier network..."
+    zerotier-cli join $ZEROTIER_NETWORK_ID
+fi
+
+# Function to get ZeroTier IP - using multiple methods
+get_zerotier_ip() {
+    # Method 1: Direct interface check
+    local ip1=$(ip addr show zt0 2>/dev/null | grep -Po 'inet \K[\d.]+')
+    
+    # Method 2: ZeroTier CLI check
+    local ip2=$(zerotier-cli listnetworks | grep $ZEROTIER_NETWORK_ID | grep -Po '\s\K[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
+    
+    # Return the first successful result
+    if [ ! -z "$ip1" ]; then
+        echo "$ip1"
+    elif [ ! -z "$ip2" ]; then
+        echo "$ip2"
+    else
+        echo ""
+    fi
+}
+
+# Debug information
+echo "Current ZeroTier Status:"
+zerotier-cli status
+echo -e "\nNetwork Information:"
+zerotier-cli listnetworks
+echo -e "\nInterface Information:"
+ip addr show zt0
+echo -e "\nWaiting for ZeroTier IP assignment..."
+
+# Wait for network connection and IP assignment
+ZEROTIER_IP=""
+COUNTER=0
+
+while [ -z "$ZEROTIER_IP" ] && [ $COUNTER -lt $MAX_TRIES ]; do
+    ZEROTIER_IP=$(get_zerotier_ip)
+    if [ -z "$ZEROTIER_IP" ]; then
+        echo "Attempt $((COUNTER+1))/$MAX_TRIES: Waiting for IP assignment..."
+        echo "Please make sure to authorize this node in your ZeroTier Central dashboard!"
+        sleep 10
+        COUNTER=$((COUNTER+1))
+    else
+        echo "Found ZeroTier IP: $ZEROTIER_IP"
+    fi
+done
+
+if [ -z "$ZEROTIER_IP" ]; then
+    echo "Failed to get ZeroTier IP after $MAX_TRIES attempts."
+    echo "Current network status:"
+    zerotier-cli listnetworks
+    echo -e "\nPlease verify:"
+    echo "1. Network ID is correct: $ZEROTIER_NETWORK_ID"
+    echo "2. Node is authorized in ZeroTier Central"
+    echo "3. Network interface exists:"
+    ip link show zt0
+    exit 1
+fi
+
+# Confirm with user before proceeding
+echo -e "\nFound ZeroTier IP: $ZEROTIER_IP"
+echo "Would you like to proceed with the firewall and nginx configuration? (y/n)"
+read -r response
+
+if [[ ! $response =~ ^[Yy]$ ]]; then
+    echo "Setup cancelled by user"
+    exit 0
+fi
+
+# Backup original files
+echo "Creating backups..."
+cp "$NGINX_CONF" "${NGINX_CONF}.backup.$(date +%Y%m%d%H%M%S)"
+sqlite3 "$DB_PATH" ".backup '${DB_PATH}.backup.$(date +%Y%m%d%H%M%S)'"
+
+# Update CloudPanel nginx configuration
+echo "Updating nginx configuration..."
+sed -i.bak "s/listen 8443 ssl;/listen $ZEROTIER_IP:8443 ssl;/" "$NGINX_CONF"
+
+# Update firewall rules in SQLite database
+echo "Updating firewall rules..."
+sqlite3 "$DB_PATH" << EOF
+BEGIN TRANSACTION;
+
+-- Remove existing rules for these ports
+DELETE FROM firewall_rule WHERE port_range IN ('22', '80', '443', '8443');
+
+-- Add new rules for SSH (ZeroTier only)
+INSERT INTO firewall_rule (created_at, updated_at, port_range, source, description) 
+VALUES 
+(datetime('now'), datetime('now'), '22', '${ZEROTIER_IP}/32', 'SSH via ZeroTier');
+
+-- Add new rules for HTTP/HTTPS (open to all)
+INSERT INTO firewall_rule (created_at, updated_at, port_range, source, description) 
+VALUES 
+(datetime('now'), datetime('now'), '80', '0.0.0.0/0', 'HTTP open to all'),
+(datetime('now'), datetime('now'), '443', '0.0.0.0/0', 'HTTPS open to all');
+
+-- Add new rule for CloudPanel UI (ZeroTier only)
+INSERT INTO firewall_rule (created_at, updated_at, port_range, source, description) 
+VALUES 
+(datetime('now'), datetime('now'), '8443', '${ZEROTIER_IP}/32', 'CloudPanel UI via ZeroTier');
+
+COMMIT;
+EOF
+
+# Restart services
+echo "Restarting services..."
+systemctl restart nginx
+systemctl restart ufw
+
+# Final status check
+echo -e "\nFinal ZeroTier Status:"
+zerotier-cli status
+echo -e "\nNetwork Status:"
+zerotier-cli listnetworks
+
+echo -e "\nSetup complete! Please verify the following:"
+echo "1. SSH access via ZeroTier IP: ${ZEROTIER_IP}"
+echo "2. CloudPanel UI access: https://${ZEROTIER_IP}:8443"
+echo "3. HTTP/HTTPS (80/443) are open to all IPs"
+echo ""
+echo "Backup files created:"
+echo "- Nginx config: ${NGINX_CONF}.backup.*"
+echo "- Database: ${DB_PATH}.backup.*"