search

scidsg / hushline

Hush Line connects whistleblowers with organizations and people who can help.
https://hushline.app
GNU Affero General Public License v3.0
70 stars 21 forks source link

Tidy installer script #284

Closed brassy-endomorph closed 7 months ago

brassy-endomorph commented 7 months ago

We likely don't want this as the main installer, but for now tidying is better than replacing.

glenn-sorrentino commented 7 months ago

shellcheck generated:

shellcheck install.sh 

In install.sh line 78:
ONION_ADDRESS=$(cat /var/lib/tor/$DOMAIN/hostname)
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
ONION_ADDRESS=$(cat /var/lib/tor/"$DOMAIN"/hostname)

In install.sh line 79:
SAUTEED_ONION_ADDRESS=$(echo $ONION_ADDRESS | tr -d '.')
                             ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
SAUTEED_ONION_ADDRESS=$(echo "$ONION_ADDRESS" | tr -d '.')

In install.sh line 82:
cat > /etc/nginx/sites-available/$DOMAIN.nginx << EOL
                                 ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cat > /etc/nginx/sites-available/"$DOMAIN".nginx << EOL

In install.sh line 195:
ln -sf /etc/nginx/sites-available/$DOMAIN.nginx /etc/nginx/sites-enabled/
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
ln -sf /etc/nginx/sites-available/"$DOMAIN".nginx /etc/nginx/sites-enabled/

In install.sh line 201:
ln -sf /etc/nginx/sites-available/$DOMAIN.nginx /etc/nginx/sites-enabled/
                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
ln -sf /etc/nginx/sites-available/"$DOMAIN".nginx /etc/nginx/sites-enabled/

In install.sh line 202:
nginx -t && systemctl restart nginx || error_exit
         ^-- SC2015 (info): Note that A && B || C is not if-then-else. C may run when A is true.

In install.sh line 204:
cd /var/www/html
^--------------^ SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.

Did you mean: 
cd /var/www/html || exit

In install.sh line 205:
git clone $GIT
          ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
git clone "$GIT"

In install.sh line 206:
REPO_NAME=$(basename $GIT .git)
                     ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
REPO_NAME=$(basename "$GIT" .git)

In install.sh line 207:
mv $REPO_NAME $DOMAIN
   ^--------^ SC2086 (info): Double quote to prevent globbing and word splitting.
              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
mv "$REPO_NAME" "$DOMAIN"

In install.sh line 211:
whiptail --msgbox --title "Instructions" "\nPlease ensure that your DNS records are correctly set up before proceeding:\n\nAdd an A record with the name: @ and content: $SERVER_IP\n* Add a CNAME record with the name $SAUTEED_ONION_ADDRESS.$DOMAIN and content: $DOMAIN\n* Add a CAA record with the name: @ and content: 0 issue \"letsencrypt.org\"\n" 14 $WIDTH
                                                                                                                                                                                                                                                                                                                                                                ^----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
whiptail --msgbox --title "Instructions" "\nPlease ensure that your DNS records are correctly set up before proceeding:\n\nAdd an A record with the name: @ and content: $SERVER_IP\n* Add a CNAME record with the name $SAUTEED_ONION_ADDRESS.$DOMAIN and content: $DOMAIN\n* Add a CAA record with the name: @ and content: 0 issue \"letsencrypt.org\"\n" 14 "$WIDTH"

In install.sh line 215:
certbot --nginx -d $DOMAIN,$SAUTEED_ONION_ADDRESS.$DOMAIN --agree-tos --non-interactive --no-eff-email --email ${EMAIL}
                   ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                           ^--------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                  ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.
                                                                                                               ^------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
certbot --nginx -d "$DOMAIN","$SAUTEED_ONION_ADDRESS"."$DOMAIN" --agree-tos --non-interactive --no-eff-email --email "${EMAIL}"

In install.sh line 224:
sed -i '/listen 80;/a \    listen [::]:80;' $NGINX_CONF
                                            ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
sed -i '/listen 80;/a \    listen [::]:80;' "$NGINX_CONF"

In install.sh line 225:
sed -i '/listen 443 ssl;/a \    listen [::]:443 ssl;' $NGINX_CONF
                                                      ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
sed -i '/listen 443 ssl;/a \    listen [::]:443 ssl;' "$NGINX_CONF"

In install.sh line 229:
sed -i "/listen \[::\]:443 ssl;/a \    ssl_stapling on;\n    ssl_stapling_verify on;\n    ssl_trusted_certificate /etc/letsencrypt/live/$DOMAIN/chain.pem;\n    resolver 9.9.9.9 1.1.1.1 valid=300s;\n    resolver_timeout 5s;\n    ssl_session_cache shared:SSL:10m;" $NGINX_CONF
                                                                                                                                                                                                                                                                       ^---------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
sed -i "/listen \[::\]:443 ssl;/a \    ssl_stapling on;\n    ssl_stapling_verify on;\n    ssl_trusted_certificate /etc/letsencrypt/live/$DOMAIN/chain.pem;\n    resolver 9.9.9.9 1.1.1.1 valid=300s;\n    resolver_timeout 5s;\n    ssl_session_cache shared:SSL:10m;" "$NGINX_CONF"

In install.sh line 238:
cd $DOMAIN
^--------^ SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
   ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cd "$DOMAIN" || exit

In install.sh line 246:
cat > /var/www/html/$DOMAIN/.well-known/security.txt << EOL
                    ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cat > /var/www/html/"$DOMAIN"/.well-known/security.txt << EOL

In install.sh line 267:
echo "DB_NAME=$DB_NAME" >> .env  
^-----------------------------^ SC2129 (style): Consider using { cmd1; cmd2; } >> file instead of individual redirects.

In install.sh line 305:
sudo cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem /etc/mariadb/ssl/
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
sudo cp /etc/letsencrypt/live/"$DOMAIN"/fullchain.pem /etc/mariadb/ssl/

In install.sh line 306:
sudo cp /etc/letsencrypt/live/$DOMAIN/privkey.pem /etc/mariadb/ssl/
                              ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
sudo cp /etc/letsencrypt/live/"$DOMAIN"/privkey.pem /etc/mariadb/ssl/

In install.sh line 345:
mysql -u root -p'$DB_PASS' -e "REVOKE FILE ON *.* FROM '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
                ^--------^ SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.

For more information:
  https://www.shellcheck.net/wiki/SC2164 -- Use 'cd ... || exit' or 'cd ... |...
  https://www.shellcheck.net/wiki/SC2015 -- Note that A && B || C is not if-t...
  https://www.shellcheck.net/wiki/SC2016 -- Expressions don't expand in singl...