Merge pull request #505 from lorki97/fix/hw-install

fix: Hardware installation - thanks so much @lorki97 🙏

back/update_vendors.sh

@@ -1,4 +1,5 @@
-#!/bin/sh
+#!/usr/bin/env bash
+
 # ------------------------------------------------------------------------------
 #  Pi.Alert
 #  Open Source Network Guard / WIFI & LAN intrusion detector 
@@ -20,15 +21,15 @@ echo "---------------------------------------------------------"
 
 # ----------------------------------------------------------------------
 echo Updating... /usr/share/ieee-data/
-cd /usr/share/ieee-data/
+cd /usr/share/ieee-data/ || { echo "could not enter /usr/share/ieee-data directory"; exit 1; }
 
 sudo mkdir -p 2_backup
-sudo cp *.txt 2_backup
-sudo cp *.csv 2_backup
+sudo cp -- *.txt 2_backup
+sudo cp -- *.csv 2_backup
 echo ""
 echo Download Start
 echo ""
-sudo curl $1  -LO https://standards-oui.ieee.org/iab/iab.csv \
+sudo curl "$1"  -LO https://standards-oui.ieee.org/iab/iab.csv \
               -LO https://standards-oui.ieee.org/iab/iab.txt \
               -LO https://standards-oui.ieee.org/oui28/mam.csv \
               -LO https://standards-oui.ieee.org/iab/iab.txt \
@@ -44,10 +45,10 @@ echo Download Finished
 # ----------------------------------------------------------------------
 echo ""
 echo Updating... /usr/share/arp-scan/
-cd /usr/share/arp-scan
+cd /usr/share/arp-scan || { echo "could not enter /usr/share/arp-scan directory"; exit 1; }
 
 sudo mkdir -p 2_backup
-sudo cp *.txt 2_backup
+sudo cp -- *.txt 2_backup
 
 # Update from /usb/lib/ieee-data
 sudo get-iab -v

dockerfiles/start.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 echo "---------------------------------------------------------"
 echo "[INSTALL]                                    Run start.sh"
@@ -7,6 +7,12 @@ echo "---------------------------------------------------------"
 
 INSTALL_DIR=/home/pi  # Specify the installation directory here
 
+# DO NOT CHANGE ANYTHING BELOW THIS LINE!
+WEB_UI_DIR=/var/www/html/pialert
+NGINX_CONFIG_FILE=/etc/nginx/conf.d/pialert.conf
+OUI_FILE="/usr/share/arp-scan/ieee-oui.txt" # Define the path to ieee-oui.txt and ieee-iab.txt
+# DO NOT CHANGE ANYTHING ABOVE THIS LINE!
+
 # if custom variables not set we do not need to do anything
 if [ -n "${TZ}" ]; then    
   FILECONF=$INSTALL_DIR/pialert/config/pialert.conf 
@@ -29,38 +35,50 @@ echo "[INSTALL] Run setup scripts"
 "$INSTALL_DIR/pialert/dockerfiles/user-mapping.sh"
 "$INSTALL_DIR/pialert/install/install_dependencies.sh" # if modifying this file transfer the chanegs into the root Dockerfile as well!
 
-# Change port number if set
-if [ -n "${PORT}" ]; then  
-  sed -ie 's/listen 20211/listen '${PORT}'/g' /etc/nginx/sites-available/default
-fi 
-
 echo "[INSTALL] Setup NGINX"
 
-# Remove /html folder if exists
-sudo rm -R /var/www/html 
+# Remove default NGINX site if it is symlinked, or backup it otherwise
+if [ -L /etc/nginx/sites-enabled/default ] ; then
+  echo "Disabling default NGINX site, removing sym-link in /etc/nginx/sites-enabled"
+  sudo rm /etc/nginx/sites-enabled/default
+elif [ -f /etc/nginx/sites-enabled/default ]; then
+  echo "Disabling default NGINX site, moving config to /etc/nginx/sites-available"
+  sudo mv /etc/nginx/sites-enabled/default /etc/nginx/sites-available/default.bkp_pialert
+fi
+
+# Clear existing directories and files
+if [ -d $WEB_UI_DIR ]; then
+  echo "Removing existing PiAlert web-UI"
+  sudo rm -R $WEB_UI_DIR
+fi
+
+if [ -f $NGINX_CONFIG_FILE ]; then
+  echo "Removing existing PiAlert NGINX config"
+  sudo rm $NGINX_CONFIG_FILE
+fi
 
 # create symbolic link to the pialert install directory
-ln -s $INSTALL_DIR/pialert/front /var/www/html 
-# remove dfault NGINX site
-sudo rm /etc/nginx/sites-available/default
+ln -s $INSTALL_DIR/pialert/front $WEB_UI_DIR
 # create symbolic link to NGINX configuaration coming with PiAlert
-sudo ln -s "$INSTALL_DIR/pialert/install/default" /etc/nginx/sites-available/default
-# use user-supplied port
-sudo sed -i 's/listen 80/listen '"$PORT"'/g' /etc/nginx/sites-available/default
+sudo ln -s "$INSTALL_DIR/pialert/install/pialert.conf" /etc/nginx/conf.d/pialert.conf
+
+# Use user-supplied port if set
+if [ -n "${PORT}" ]; then
+  echo "Setting webserver to user-supplied port ($PORT)"
+  sudo sed -i 's/listen 20211/listen '"$PORT"'/g' /etc/nginx/conf.d/pialert.conf
+fi
 
 # Change web interface address if set
-if [ -n "${LISTEN_ADDR}" ]; then  
-  sed -ie 's/listen /listen '${LISTEN_ADDR}:'/g' /etc/nginx/sites-available/default
+if [ -n "${LISTEN_ADDR}" ]; then
+  echo "Setting webserver to user-supplied address ($LISTEN_ADDR)"
+  sed -ie 's/listen /listen '"${LISTEN_ADDR}":'/g' /etc/nginx/conf.d/pialert.conf
 fi
 
 # Run the hardware vendors update at least once
 echo "[INSTALL] Run the hardware vendors update"
 
-# Define the path to ieee-oui.txt and ieee-iab.txt
-oui_file="/usr/share/arp-scan/ieee-oui.txt"
-
 # Check if ieee-oui.txt or ieee-iab.txt exist
-if [ -f "$oui_file" ]; then
+if [ -f "$OUI_FILE" ]; then
   echo "The file ieee-oui.txt exists. Skipping update_vendors.sh..."
 else
   echo "The file ieee-oui.txt does not exist. Running update_vendors..."
@@ -77,7 +95,7 @@ fi
 echo "[INSTALL] Fixing file permissions"
 
 
-chmod -R a+rwx /var/www/html
+chmod -R a+rwx $WEB_UI_DIR
 chmod -R a+rw $INSTALL_DIR/pialert/front/log
 chmod -R a+rwx $INSTALL_DIR
 

dockerfiles/user-mapping.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 echo "---------------------------------------------------------"
 echo "[INSTALL]                             Run user-mapping.sh"
@@ -9,7 +9,7 @@ if [ -z "${USER}" ]; then
 fi
 
 # if both not set we do not need to do anything
-if [ -z "${HOST_USER_ID}" -a -z "${HOST_USER_GID}" ]; then
+if [ -z "${HOST_USER_ID}" ] && [ -z "${HOST_USER_GID}" ]; then
     echo "Nothing to do here." ; exit 0
 fi
 
@@ -20,20 +20,20 @@ USER_GID=${HOST_USER_GID:=$USER_GID}
 
 LINE=$(grep -F "${USER}" /etc/passwd)
 # replace all ':' with a space and create array
-array=( ${LINE//:/ } )
+array=( "${LINE//:/ }" )
 
 # home is 5th element
 USER_HOME=${array[4]}
 
 # print debug output
-echo  USER_ID  : ${USER_ID};
-echo  USER_GID : ${USER_GID};
-echo  USER_HOME: ${USER_HOME};
-echo  TZ       : ${TZ};
+echo  USER_ID"  ": "${USER_ID}";
+echo  USER_GID : "${USER_GID}";
+echo  USER_HOME: "${USER_HOME}";
+echo  TZ"       ": "${TZ}";
 
 sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:[0-9]*/${USER}:\1:${USER_ID}:${USER_GID}/"  /etc/passwd
 sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/"  /etc/group
 
-chown -R ${USER_ID}:${USER_GID} ${USER_HOME}
+chown -R "${USER_ID}:${USER_GID} ${USER_HOME}"
 
-exec su - "${USER}"
+exec su - "${USER}"

docs/HW_INSTALL.md

@@ -1,12 +1,37 @@
 # How to install PiAlert on the server hardware
 
-To download and install PiAlert on the hardware/server directly use `curl` or `wget` commands. 
+To download and install PiAlert on the hardware/server directly use `curl` or `wget` commands.
 
-> [!NOTE] 
-> This is an Experimental feature 🧪 and it relies on community support. 
+> [!NOTE]
+> This is an Experimental feature 🧪 and it relies on community support.
+>
+> There is no guarantee that the install script or any other script will gracefully handle other installed software.
+> Data loss is a possibility, **it is recommended to install PiAlert using the supplied Docker image**.
+
+A warning to the installation method below: Piping to bash is [controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash) and may
+be dangerous, as you cannot see the code that's about to be executed on your system.
+
+Alternatively you can download the installation script `install/install.sh` from the repository and check the code yourself (beware other scripts are
+downloaded too - only from this repo).
 
 PiAlert will be installed in `home/pi/pialert/` and run on port number `20211`.
 
+Some facts about what and where something will be changed/installed by the HW install setup (may not contain everything!):
+
+- `/home/pi/pialert` directory will be deleted and newly created
+- `/home/pi/pialert` will contain the whole repository (downloaded by `install/install.sh`)
+- The default NGINX site `/etc/nginx/sites-enabled/default` will be disabled (sym-link deleted or backed up to `sites-available`)
+- `/var/www/html/pialert` directory will be deleted and newly created
+- `/etc/nginx/conf.d/pialert.conf` will be sym-linked to `/home/pi/pialert/install/pialert.conf`
+- Some files (IEEE device vendors info, ...) will be created in the directory where the installation script is executed
+
+## Limitations
+
+- No system service is provided. PiAlert must be started using `/home/pi/pialert/dockerfiles/start.sh`.
+- No checks for other running software is done.
+- Only tested to work on Debian Bookworm (Debian 12).
+- **EXPERIMENTAL** and not recommended way to install PiAlert.
+
 ## CURL
 
 ```bash
@@ -15,11 +40,10 @@ curl -o install.sh https://raw.githubusercontent.com/jokob-sk/Pi.Alert/main/inst
 
 ## WGET
 
-
 ```bash
 wget https://raw.githubusercontent.com/jokob-sk/Pi.Alert/main/install/install.sh -O install.sh && sudo chmod +x install.sh && sudo ./install.sh
 ```
 
 These commands will download the `install.sh` script from the GitHub repository, make it executable with `chmod`, and then run it using `./install.sh`.
 
-Make sure you have the necessary permissions to execute the script.
+Make sure you have the necessary permissions to execute the script.

install/install.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 echo "---------------------------------------------------------"
 echo "[INSTALL]                                  Run install.sh"
@@ -26,6 +26,10 @@ rm -R $INSTALL_DIR/pialert
 # Clone the application repository
 git clone https://github.com/jokob-sk/Pi.Alert "$INSTALL_DIR/pialert"
 
+# Check for buildtimestamp.txt existence, otherwise create it
+if [ ! -f $INSTALL_DIR/pialert/front/buildtimestamp.txt ]; then
+  date +%s > $INSTALL_DIR/pialert/front/buildtimestamp.txt
+fi
 
 # Start PiAlert
 "$INSTALL_DIR/pialert/dockerfiles/start.sh"

install/install_dependencies.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 echo "---------------------------------------------------------"
 echo "[INSTALL]                     Run install_dependencies.sh"

install/pialert.conf

@@ -1,6 +1,6 @@
 server {
-    listen 80 default_server;
-    root /var/www/html;
+    listen 20211 default_server;
+    root /var/www/html/pialert;
     index index.php;
     #rewrite /pialert/(.*) / permanent;
     add_header X-Forwarded-Prefix "/pialert" always;
@@ -15,4 +15,4 @@ server {
           fastcgi_send_timeout 600;
           fastcgi_read_timeout 600;
   }
-}
+}