~fkooman/vpn-maint-scripts: bin/vpn-maint-reset-system - sourcehut git


                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/sh

if ! [ "root" = "$(id -u -n)" ]; then
    echo "ERROR: ${0} must be run as root!"; exit 1
fi

echo "**********************************************************"
echo "*                                                        *"
echo "*    Are you sure you want to RESET your VPN server?     *"
echo "*                                                        *"
echo "*    ALL DATA AND LOCALLY ADDED USERS WILL BE LOST!      *"
echo "*                                                        *"
echo "*            ALL CONFIGURATION WILL BE KEPT!             *"
echo "*                                                        *"
echo "*               THIS CAN *NOT* BE UNDONE!                *"
echo "*                                                        *"
echo "**********************************************************"
echo
printf "Continue? (y/n) [n]: "; read -r CONFIRM
if ! [ "${CONFIRM}" = "y" ] && ! [ "${CONFIRM}" = "Y" ]; then
    exit 1
fi

for CONFIG_NAME in $(systemctl list-units "openvpn-server@*" --no-legend | awk '{print $1}')
do
    systemctl disable --now "${CONFIG_NAME}"
done

for CONFIG_NAME in $(systemctl list-units "wg-quick@*" --no-legend | awk '{print $1}')
do
    systemctl disable --now "${CONFIG_NAME}"
done

rm -rf /etc/openvpn/server/*
rm -rf /etc/wireguard/*

if [ -f /etc/redhat-release ]; then
    # Fedora
    systemctl stop httpd
    systemctl stop php-fpm
    rm -rf /var/lib/vpn-user-portal/*
    rm -rf /etc/vpn-user-portal/keys
    rm -rf /etc/vpn-server-node/keys
    rm -rf /var/lib/php/session/*
    /usr/libexec/vpn-user-portal/generate-secrets
    /usr/libexec/vpn-server-node/generate-secrets
    cp /etc/vpn-user-portal/keys/node.0.key /etc/vpn-server-node/keys/node.key
    systemctl start php-fpm
    systemctl start httpd
    /usr/libexec/vpn-server-node/server-config
elif [ -f /etc/debian_version ]; then
    # Debian, Ubuntu
    PHP_VERSION=$(/usr/sbin/phpquery -V)
    systemctl stop apache2
    systemctl stop "php${PHP_VERSION}-fpm"
    rm -rf /var/lib/vpn-user-portal/*
    rm -rf /etc/vpn-user-portal/keys
    rm -rf /etc/vpn-server-node/keys
    rm -rf /var/lib/php/sessions/*
    /usr/libexec/vpn-user-portal/generate-secrets
    /usr/libexec/vpn-server-node/generate-secrets
    cp /etc/vpn-user-portal/keys/node.0.key /etc/vpn-server-node/keys/node.key
    systemctl start "php${PHP_VERSION}-fpm"
    systemctl start apache2
    /usr/libexec/vpn-server-node/server-config
else
    echo "ERROR: OS not supported!"
    exit 1
fi

# Enable & Start OpenVPN
for F in /etc/openvpn/server/*
do
    case ${F} in
        *.conf)
            CONFIG_NAME=$(basename "${F}" .conf)
            systemctl enable --now "openvpn-server@${CONFIG_NAME}"
        ;;
    esac
done

# Enable & Start WireGuard
for F in /etc/wireguard/*
do
    case ${F} in
        *.conf)
            CONFIG_NAME=$(basename "${F}" .conf)
            systemctl enable --now "wg-quick@${CONFIG_NAME}"
        ;;
    esac
done