From 0224e0027a88cc94d244b26a2fcd33eae6be9032 Mon Sep 17 00:00:00 2001
From: Martin Winkler <efelon@winklerfamilie.eu>
Date: Wed, 23 Nov 2022 12:19:36 +0100
Subject: [PATCH] coturn - configurable domain for nslookup (fixed domain bug)

Add ufw step to allow upnp port
---
 seqs/coturn.cfg.example |   3 +
 seqs/coturn.sh          | 136 ++++++++++++++++++++++++----------------
 2 files changed, 86 insertions(+), 53 deletions(-)
 create mode 100644 seqs/coturn.cfg.example

diff --git a/seqs/coturn.cfg.example b/seqs/coturn.cfg.example
new file mode 100644
index 0000000..bb8b28e
--- /dev/null
+++ b/seqs/coturn.cfg.example
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+sc_turnDomain="mydomain.com"
diff --git a/seqs/coturn.sh b/seqs/coturn.sh
index 559d9ec..def9cb9 100755
--- a/seqs/coturn.sh
+++ b/seqs/coturn.sh
@@ -1,36 +1,22 @@
 #!/bin/bash
 
-toolName=coturn
-toolDeps="coturn miniupnpc"
-toolConf="/etc/turnserver.conf"
-toolServiceName="coturn.service"
-publicIpRetry=20
-
-# Get script working directory
-# (when called from a different directory)
-WDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >>/dev/null 2>&1 && pwd)"
-APTOPT=
-CONFIG=0
-SCRIPT_FILE=$(basename -- $0)
-SCRIPT_NAME=${SCRIPT_FILE%%.*}
-CONFIG_FILE_NAME="${SCRIPT_NAME}.cfg"
-CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
+readonly toolName="coturn"
+readonly toolDeps="coturn miniupnpc"
+readonly toolConf="/etc/turnserver.conf"
+readonly toolServiceName="coturn.service"
+readonly publicIpRetry=20
 
 seq_config() {
-  #echo "Called once before executing steps."
-  ## e.g. to source a config file manually:
-  #. "$CONFIG_FILE"
-  ## or to use sequencer api with global config file:
-  #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
-  ## or to use sequencer api with profile config file support:
-  #initSeqConfig -p "$SCRIPT_NAME" "$CONFIG_FILE_TEMPLATE"
-  #if [ $? -eq 0 ] ; then
-  #  CONFIG=1
-  #else
-  #  # End if no configuration file exists
-  #  dry || return -1
-  #fi
-  quiet && APTOPT="-y"
+  if initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?}" ; then
+    sq_config=1
+  else
+    # End if no configuration file exists
+    dry || return 1
+  fi
+
+  # Apt cmdline option to suppress user interaction
+  interactive || sq_aptOpt="-y"
+
   return 0
 }
 
@@ -38,7 +24,7 @@ step_1_info() { echo "Install $toolName"; }
 step_1_alias() { echo "install"; }
 step_1() {
   exe apt update
-  exe apt install $toolDeps $APTOPT
+  exe apt install $toolDeps ${sq_aptOpt:-}
 }
 
 step_10_info() {
@@ -53,56 +39,98 @@ step_10() {
     error "$toolName already running"
     return 1
   fi
+
   shift
+
   local retryCount=$publicIpRetry
   local ipUpdater
   local ipRegex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$'
   local dnsUrl="46.182.19.48" #digitalcourage.de/support/zensurfreier-dns-server
   local dnsFallbackUrl="194.150.168.168" #dns.as250.net; Berlin/Frankfurt
-  local lecho="info"
+  
+  local lLevelSave=${LOG_LEVEL:?}
+  local lTimeSave=${LOG_TIME:-}
+  local retval=0
+
+  # Force a visible output level for this step
   if [ "${1:-}" == "-l" ]; then
-    lecho="echo"
-    shift
+    LOG_LEVEL=3
+    LOG_TIME=1
   fi
 
   local pubIp
 
   while [ $retryCount -gt 0 ]; do
-    pubIp=`"$(command -v upnpc)" -s | grep ^ExternalIPAddress | cut -c21-`
-    [ $? -eq 0 ] && ipUpdater="upnpc" && break || "$lecho" "[$(date)] [W] Upnpc failed"
-    pubIp=$(dig @$dnsUrl +short +timeout=1 cloud.imoff.de 2>>/dev/null)
-    [ $? -eq 0 ] && ipUpdater="DNS" && break || "$lecho" "[$(date) [W] DNS lookup to $dnsUrl failed"
-    pubIp=$(dig @$dnsFallbackUrl +short +timeout=1 cloud.imoff.de 2>>/dev/null)
-    [ $? -eq 0 ] && ipUpdater="DNS Fallback" && break || "$lecho" "[$(date)] [W] DNS lookup to $dnsFallbackUrl failed"
+    pubIp=$("$(command -v upnpc)" -s | grep ^ExternalIPAddress | cut -c21-)
+    [ $? -eq 0 ] && ipUpdater="upnpc" && break || error "Upnpc failed"
+    pubIp=$(dig @$dnsUrl +short +timeout=1 ${sc_turnDomain:?} 2>>/dev/null)
+    [ $? -eq 0 ] && ipUpdater="DNS" && break || error "DNS lookup to $dnsUrl failed"
+    pubIp=$(dig @$dnsFallbackUrl +short +timeout=1 ${sc_turnDomain:?} 2>>/dev/null)
+    [ $? -eq 0 ] && ipUpdater="DNS Fallback" && break || error "DNS lookup to $dnsFallbackUrl failed"
     ((retryCount--))
   done
 
   if [[ ! $pubIp =~ $ipRegex ]]; then
-    "$lecho" "[$(date)] [E] Couldn't aquire public IP. Giving up."
-    return 1
+    warning "Couldn't aquire public IP for ${sc_turnDomain}. Giving up."
+    retval=1
+
+  else 
+    local confIp=`cat "$toolConf" | grep "^external-ip" | cut -d'=' -f2`
+
+    if [ "$pubIp" != "$confIp" ]; then
+      info "Update required (via $ipUpdater). New public ip: $pubIp"
+      exe sed -i "s/^external-ip[[:space:]]*=.*/external-ip=${pubIp}/" "$toolConf"
+      exe sleep 1
+      info "Restarting $toolName"
+      exe /bin/systemctl restart $toolServiceName
+    else
+      info "No update required for ${sc_turnDomain} (via $ipUpdater). Current ip: $confIp"
+    fi
   fi
 
-  local confIp=`cat "$toolConf" | grep "^external-ip" | cut -d'=' -f2`
-
-  if [ "$pubIp" != "$confIp" ]; then
-    $lecho "[$(date)] [I] Update required (via $ipUpdater). New public ip: $pubIp"
-    exe sed -i "s/^external-ip[[:space:]]*=.*/external-ip=${pubIp}/" "$toolConf"
-    exe sleep 1
-    $lecho "[$(date)] [I] Restarting $toolName"
-    exe /bin/systemctl restart $toolServiceName
-  else
-    info "[$(date)] [I] No update required (via $ipUpdater). Current ip: $confIp"
+  # Reset temporary log level change
+  if [ "${1:-}" == "-l" ]; then
+    LOG_LEVEL=${lLevelSave:?}
+    LOG_TIME=${lTimeSave:-0}
   fi
+
+  return ${retval}
 }
 
 step_12_info() { echo "Setup public ip update cron job every 5 minutes"; }
 step_12_alias() { echo "cronip"; }
 step_12() {
+  local ipCronLoc="/etc/cron.d/update_public_ip"
+  local ipCron="*/5 * * * * root $(escpath ${seq_self:?}) -qq updateip"
+
   info "Setup $ipCronLoc"
   addConf -s "$ipCron" "$ipCronLoc"
 } 
-ipCronLoc="/etc/cron.d/update_public_ip"
-ipCron="*/5 * * * * root $WDIR/$SCRIPT_FILE -qq updateip"
+
+step_14_info() {
+  echoinfoArgs "[SOURCE_IP]"
+  echo "Setup ufw rules to allow upnp, optionally from a sepcific SOURCE_IP"
+}
+step_14_alias() { echo "ufw"; }
+step_14() {
+  shift
+
+  local rex4='^[0-9\.]+[/0-9]*$'
+  local rex6='^[0-9A-Fa-f\:]+[/0-9]*$'
+  local remoteIp=
+  local lPort=1900
+
+  # Check if string is a ipv4 or ipv6 address
+  if [[ "${1:-}" =~ $rex4 ]] || [[ "${1:-}" =~ $rex6 ]] ; then
+    remoteIp=${1}
+  fi
+
+  if [[ -z ${remoteIp:-} ]] ; then
+    exe ufw allow ${lPort:?}/udp comment "Allow upnp"
+  else
+    exe ufw allow from ${remoteIp:?} port ${lPort:?} proto udp comment "Allow upnp"
+  fi
+}
 
 step_100_info() { echo "Installation notes"; }
 step_100_alias() { echo "notes"; }
@@ -133,5 +161,7 @@ chmod g+r /etc/letsencrypt/archive/\$LOC_DOMAIN/privkey*
 COTURN_EOF
 }
 
+# shellcheck disable=SC2034 # Appears unused
 readonly sqr_minVersion=16
+# shellcheck disable=SC1091 # Don't follow this source
 . /usr/local/bin/sequencer.sh