diff --git a/api/tacticalrmm/accounts/views.py b/api/tacticalrmm/accounts/views.py index d083ae73..6ff02c99 100644 --- a/api/tacticalrmm/accounts/views.py +++ b/api/tacticalrmm/accounts/views.py @@ -60,7 +60,7 @@ class LoginView(KnoxLoginView): if settings.DEBUG and token == "sekret": valid = True - elif totp.verify(token, valid_window=1): + elif totp.verify(token, valid_window=10): valid = True if valid: @@ -197,4 +197,4 @@ class UserUI(APIView): user.show_community_scripts = request.data["show_community_scripts"] user.save(update_fields=["show_community_scripts"]) - return Response("ok") \ No newline at end of file + return Response("ok") diff --git a/install.sh b/install.sh index 56eabb22..b7c9ea95 100644 --- a/install.sh +++ b/install.sh @@ -23,10 +23,28 @@ fi rm -f $TMP_FILE -UBU20=$(grep 20.04 "/etc/"*"release") -if ! [[ $UBU20 ]]; then - echo -ne "\033[0;31mThis script will only work on Ubuntu 20.04\e[0m\n" - exit 1 +osname=$(lsb_release -si); osname=${osname^} +osname=$(echo "$osname" | tr '[A-Z]' '[a-z]') +fullrel=$(lsb_release -sd) +codename=$(lsb_release -sc) +relno=$(lsb_release -sr | cut -d. -f1) +fullrelno=$(lsb_release -sr) + +# Fallback if lsb_release -si returns anything else than Ubuntu, Debian or Raspbian +if [ ! "$osname" = "ubuntu" ] && [ ! "$osname" = "debian" ]; then + osname=$(grep -oP '(?<=^ID=).+' /etc/os-release | tr -d '"') + osname=${osname^} +fi + + +# determine system +if ([ "$osname" = "ubuntu" ] && [ $relno -ge 20 ]) || ([ "$osname" = "debian" ] && [ $relno -ge 10 ]); then + echo $fullrel +else + echo $fullrel + echo "Only Ubuntu release 20.04 and later and Debian 10 and later, are supported" + echo "Your system does not appear to be supported" + exit fi if [ $EUID -eq 0 ]; then @@ -42,6 +60,16 @@ if [[ "$LANG" != *".UTF-8" ]]; then exit 1 fi +if ([ "$osname" = "ubuntu" ]); then + mongodb_repo="deb [arch=amd64] https://repo.mongodb.org/apt/$osname $codename/mongodb-org/4.4 multiverse" +else + mongodb_repo="deb [arch=amd64] https://repo.mongodb.org/apt/$osname $codename/mongodb-org/4.4 main" + +fi + +postgresql_repo="deb [arch=amd64] https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" + + # prevents logging issues with some VPS providers like Vultr if this is a freshly provisioned instance that hasn't been rebooted yet sudo systemctl restart systemd-journald.service @@ -93,7 +121,7 @@ echo -ne "${YELLOW}Enter a valid email address for django and meshcentral${NC}: read letsemail done -# if server is behind NAT we need to add the 3 subdomains to the host file +# if server is behind NAT we need to add the 3 subdomains to the host file # so that nginx can properly route between the frontend, backend and meshcentral # EDIT 8-29-2020 # running this even if server is __not__ behind NAT just to make DNS resolving faster @@ -114,7 +142,7 @@ if ! [[ $CHECK_HOSTS ]]; then else echo "127.0.1.1 ${rmmdomain} $frontenddomain $meshdomain" | sudo tee --append /etc/hosts > /dev/null fi - else + else if [[ $HAS_11 ]]; then echo -ne "${GREEN}Please manually edit your /etc/hosts file to match the line below and re-run this script.${NC}\n" sed "/127.0.1.1/s/$/ ${rmmdomain} $frontenddomain $meshdomain/" /etc/hosts | grep 127.0.1.1 @@ -130,7 +158,7 @@ fi BEHIND_NAT=false IPV4=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1) if echo "$IPV4" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then - BEHIND_NAT=true + BEHIND_NAT=true fi echo -ne "${YELLOW}Create a username for meshcentral${NC}: " @@ -142,10 +170,10 @@ sudo apt install -y certbot openssl print_green 'Getting wildcard cert' -sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email +sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email --test-cert while [[ $? -ne 0 ]] do -sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email +sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email --test-cert done CERT_PRIV_KEY=/etc/letsencrypt/live/${rootdomain}/privkey.pem @@ -198,8 +226,8 @@ sudo apt install -y nodejs print_green 'Installing MongoDB' -wget -qO - https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add - -echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list +wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - +echo "$mongodb_repo" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list sudo apt update sudo apt install -y mongodb-org sudo systemctl enable mongod @@ -210,11 +238,12 @@ sudo systemctl restart mongod print_green 'Installing python, redis and git' sudo apt update -sudo apt install -y python3.8-venv python3.8-dev python3-pip python3-cherrypy3 python3-setuptools python3-wheel ca-certificates redis git +sudo apt install -y python3-venv python3-dev python3-pip python3-cherrypy3 python3-setuptools python3-wheel ca-certificates redis git print_green 'Installing postgresql' -sudo sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' +echo "$postgresql_repo" | sudo tee /etc/apt/sources.list.d/pgdg.list + wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - sudo apt update sudo apt install -y postgresql-13 @@ -543,9 +572,8 @@ sudo ln -s /etc/nginx/sites-available/rmm.conf /etc/nginx/sites-enabled/rmm.conf sudo ln -s /etc/nginx/sites-available/meshcentral.conf /etc/nginx/sites-enabled/meshcentral.conf print_green 'Installing Salt Master' - -wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add - -echo 'deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main' | sudo tee /etc/apt/sources.list.d/saltstack.list +wget -O - 'https://repo.saltstack.com/py3/'$osname'/'$fullrelno'/amd64/latest/SALTSTACK-GPG-KEY.pub' | sudo apt-key add - +echo 'deb http://repo.saltstack.com/py3/'$osname'/'$fullrelno'/amd64/latest '$codename' main' | sudo tee /etc/apt/sources.list.d/saltstack.list sudo apt update sudo apt install -y salt-master @@ -873,7 +901,7 @@ printf >&2 "${YELLOW}Django admin url: ${GREEN}https://${rmmdomain}/${ADMINURL}$ printf >&2 "${YELLOW}MeshCentral password: ${GREEN}${MESHPASSWD}${NC}\n\n" if [ "$BEHIND_NAT" = true ]; then - echo -ne "${YELLOW}Read below if your router does NOT support Hairpin NAT${NC}\n\n" + echo -ne "${YELLOW}Read below if your router does NOT support Hairpin NAT${NC}\n\n" echo -ne "${GREEN}If you will be accessing the web interface of the RMM from the same LAN as this server,${NC}\n" echo -ne "${GREEN}you'll need to make sure your 3 subdomains resolve to ${IPV4}${NC}\n" echo -ne "${GREEN}This also applies to any agents that will be on the same local network as the rmm.${NC}\n"