From a41d0ece6b646dcbbe4a2be54265a93ab423298b Mon Sep 17 00:00:00 2001
From: David Schroeder <david@schroedercity.com>
Date: Sat, 11 Nov 2023 11:24:18 -0600
Subject: [PATCH] update

---
 defaults.inc     | 11 +++++-
 inc/services.inc |  2 +-
 inc/sites.inc    | 92 ++++++++++++------------------------------------
 inc/status.inc   |  9 +++--
 4 files changed, 38 insertions(+), 76 deletions(-)

diff --git a/defaults.inc b/defaults.inc
index 7a49be2a..e9caae86 100755
--- a/defaults.inc
+++ b/defaults.inc
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # VERS='4.12.120-11102023'
-VERS='4.12.125-KYLEUPGRADEv2'
+VERS='4.12.126-KYLEUPGRADEv3'
 
 noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns backup-offsitepfsense gui nightlyreview update '
 CERT_DAEMON='/snap/bin/certbot'
@@ -213,6 +213,15 @@ CERT-CHECK(){
 	fi
 }
 
+GET_AUTHELIA_IP(){
+	for NTYPE in "${NM_NODE_TYPES[@]}"; do
+		if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then
+			echo ${NM_SINGLESRVR_IP[${NTYPE}]}
+			break
+		fi
+	done
+}
+
 SENDNOTICE(){
 	[ "${PUSHOVER_USER_TOKEN}" != "" ] && PUSH_TO_MOBILE "${2}
 
diff --git a/inc/services.inc b/inc/services.inc
index 34414f3d..bb107fa6 100755
--- a/inc/services.inc
+++ b/inc/services.inc
@@ -309,7 +309,7 @@ SERVICE(){
 					
 							NOGOCHK=true;
 							if [ "${1}" == "gitea" ]; then
-								if [[ $($NCMD ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]]; then
+								if [[ $($NCMD ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1) != *$(GET_AUTHELIA_IP)* ]]; then
 									NOGOCHK=false;
 								fi
 							elif [ "${1}" == "headscale" ]; then
diff --git a/inc/sites.inc b/inc/sites.inc
index 9021071f..6c5f1b07 100755
--- a/inc/sites.inc
+++ b/inc/sites.inc
@@ -49,48 +49,14 @@ DELSITE(){
 		echo
 		if [ "${DEL_SSL}" == "yes" ]; then
 			DEL-SSL ${DEL_SITE}
+			NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
 			echo
 		fi
 		
-		ssh root@${NM_SINGLESRVR_IP['WEB']} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
+		[ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
 		
-		# echo -en "${idsCL[LightCyan]}Reloading NGINX ... ${idsCL[Default]}"
 		SERVICE nginx restart
-		# echo -e "${idsCL[Green]}Done${idsCL[Default]}"
-		
-		# nid=1
-		# for nip in "${NM_HOSTS['WEB'][@]}"; do
-		# 	if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) == *"${nip}"* ]]; then
-		# 		nip='localhost '
-		# 		NCMD=''
-		# 	else
-		# 		NCMD="ssh root@${nip}"
-		# 	fi
-		# 	echo -en "Removing from Webserver-Node${nid} ($nip)... ${idsCL[Default]}"
-		# 	if [ "${NCMD}" != "" ]; then
-		# 		checkhost=$(CHECK_HOST ${nip})
-		# 	fi
-		# 	if [ "${checkhost}" != "false" ]; then
-		# 		#if [ -f ${NM_NGINXPATH}/sites-available/${DEL_SITE} ]; then
-		# 			${NCMD} rm -f ${NM_NGINXPATH}/sites-available/${DEL_SITE}*
-		# 			${NCMD} rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}*
-		# 			#fi
-		# 		#if [ -d /var/www/${DEL_SITE} ]; then
-		# 			${NCMD} rm -rf /var/www/${DEL_SITE}
-		# 			#fi
-		# 		if [ "${DEL_SSL}" = "yes" ]; then
-		# 			${NCMD} rm -rf ${NM_CERTPATH}/archive/${DEL_SITE}
-		# 			${NCMD} rm -rf ${NM_CERTPATH}/live/${DEL_SITE}
-		# 			${NCMD} rm -f ${NM_CERTPATH}/renewal/${DEL_SITE}.conf
-		# 		fi
-		# 		echo -e "${idsCL[Green]}OK${idsCL[Default]}"
-		# 	else
-		# 		echo -e "${idsCL[Red]}Node is down${idsCL[Default]}"
-		# 	fi
-		# 	nid=`expr $nid + 1`
-		# done
-		# echo 
-		# SERVICE nginx reload ns
+
 		echo -e "${idsCL[LightRed]}Site has been deleted.${idsCL[Default]}\n"
 	else
 		echo "Missing arguments"
@@ -245,8 +211,6 @@ NEWSITE(){
 		showdivide=yes
 		if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then
 			CREATE_SSL=yes
-			# echo -en "${idsCL[LightCyan]}Add additonal domain names to the SSL cert (comma seperated)? : ${idsCL[Default]}"
-			# read ssladd
 		else
 			CREATE_SSL=no
 		fi
@@ -325,6 +289,7 @@ NEWSITE(){
 				read MFA
 				showdivide=yes
 				([[ ${MFA} =~ ^[Yy]$ ]] || [ "${MFA}" = "" ]) && SECURE="2FA" || SECURE="1FA"
+				NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
 			else
 				SECURE=no
 			fi
@@ -362,6 +327,22 @@ NEWSITE(){
 		fi
 		nginxconfig=${NM_NGINXPATH}/sites-enabled/${MAIN_SITE}.conf
 		
+		if [ -f ${nginxconfig} ]; then
+			echo -en "${idsCL[LightRed]}This site already exists, overwrite it? (y/N): ${idsCL[Default]}"
+			read EXPLOITS
+			showdivide=yes
+			echo
+			if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then
+				exit 0
+			elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then
+				rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
+				ssh root@${NM_AUTHELIA_IP} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
+			else
+				exit 0
+			fi
+		fi
+		
+		
 		if [ "${SITE_TYPE}" = "proxy" ]; then
 			if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi
 			else GO=true
@@ -375,12 +356,7 @@ NEWSITE(){
 			[ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS=""
 			if [[ "${SECURE}" = *"FA"* ]] && [ "${NM_DOCKER_COMPOSE_LOC['authelia']}" != "" ]; then
 				echo -e "${idsCL[LightGreen]}Configuring Authelia SSO for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}"
-				for NTYPE in "${NM_NODE_TYPES[@]}"; do
-					if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then
-						NM_AUTHELIA_IP=${NM_SINGLESRVR_IP[${NTYPE}]}
-						break
-					fi
-				done
+
 				if [ "${SECURE}" == "2FA" ]; then
 					ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~     - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
 				else
@@ -438,28 +414,8 @@ NEWSITE(){
 				fi
 				echo -e "}" >> ${nginxconfig}
 				
-
 				sudo -u www-data mkdir -p /var/www/${MAIN_SITE}/{public_html,nginx_logs}
-				# echo -en "${idsCL[LightYellow]}Waiting for folder replication across the webserver nodes... ${idsCL[Default]}"
-				# for nip in "${NM_HOSTS['WEB'][@]}"; do
-				# 	checkhost=$(CHECK_HOST ${nip})
-				# 	if [ "${checkhost}" != "false" ]; then
-				# 		if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then
-				# 			checked=false
-				# 			until [ "${checked}" = "" ]; do
-				# 				checked=`ssh root@${nip} "[ ! -d /var/www/${MAIN_SITE} ] && echo does not exist"`
-				# 			done
-				# 		fi
-				# 	fi
-				# done
-				# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
-				#
-				# echo -en "${idsCL[LightYellow]}Setting folder permissions... ${idsCL[Default]}"
-				# SET-PERMISSIONS ${MAIN_SITE}
-				# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
 				
-				
-							
 			######################################### PROXY
 			else
 				
@@ -477,10 +433,8 @@ NEWSITE(){
 			fi
 			
 			if [ "${CREATE_SSL}" = "yes" ]; then
-				[ "${ssladd}" != "" ] && NEWCERT ${NEW_SITE},${ssladd} newsite ${CERTTEST} || NEWCERT ${NEW_SITE} newsite ${CERTTEST}
-				# if [ "${SITE_TYPE}" == "proxy" ]; then
-				# 	sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig}
-				# fi
+				[ -f ${NM_NGINXPATH}/sites-enabled/default* ] && SERVICE nginx restart >/dev/null 2>&1
+				NEWCERT ${NEW_SITE} newsite ${CERTTEST}
 			fi
 			
 			rm -f  ${NM_LOGFOLDER}/new-site.lastrun
diff --git a/inc/status.inc b/inc/status.inc
index 5cf2d458..160dff36 100755
--- a/inc/status.inc
+++ b/inc/status.inc
@@ -187,8 +187,9 @@ STATUS(){
 							srvcstotest="$(join_by " " ${!srvcs})"
 							[ "${NTYPE}" != "OFW" ] && srvctst=(`${NCMD} "systemctl is-active ${srvcstotest}"`)
 							sr=0
+							[ "${NM_AUTHELIA_IP}" == "" ] && NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
 							for srvc in "${!srvcs}"; do
-								[ "${srvc}" == "gitea" ] && [ "${NTYPE}" == "WEB" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]] && NOGOCHK=false || NOGOCHK=true
+								[ "${srvc}" == "gitea" ] && [ "${NTYPE}" == "WEB" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_AUTHELIA_IP}* ]] && NOGOCHK=false || NOGOCHK=true
 								[ "${srvc}" == "headscale" ] && [ "${NTYPE}" == "HS" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['HS']}* ]] && NOGOCHK=false
 								[ "${srvc}" == "keepalived" ] && ([ "${nip}" == "10.2.1.2" ] || [ "${nip}" == "10.2.1.51" ]) && NOGOCHK=false
 								if [ ${NOGOCHK} == true ]; then
@@ -350,12 +351,10 @@ STATUS(){
 								echo -e "${idsCL[Yellow]} Docker Service(s) Status${idsCL[Default]}"
 								echo -e "${idsCL[Yellow]}----------------------------------------------------${idsCL[Default]}"
 							fi
-						
+							[ "${NM_AUTHELIA_IP}" != "" ] && NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
 							for docker in "${!dockers}"; do
 								if [ "${NTYPE}" == "WEB" ]; then
-									([ "${docker}" == "vaultwarden" ] || [ "${docker}" == "heimdall" ] || [ "${docker}" == "authelia" ]) && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]] && NOGOCHK=false || NOGOCHK=true
-								elif [ "${NTYPE}" == "LPD" ]; then
-									[ "${docker}" == "uptime-kuma" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *10.2.1.2* ]] && NOGOCHK=false || NOGOCHK=true
+									([ "${docker}" == "vaultwarden" ] || [ "${docker}" == "heimdall" ] || [ "${docker}" == "authelia" ]) && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_AUTHELIA_IP}* ]] && NOGOCHK=false || NOGOCHK=true
 								else
 									NOGOCHK=true
 								fi