2026-03-05 09:14:17 +00:00
|
|
|
import os
|
|
|
|
|
import re
|
2026-03-06 12:26:33 +00:00
|
|
|
import time
|
|
|
|
|
from datetime import datetime
|
2026-03-05 09:14:17 +00:00
|
|
|
from subprocess import run
|
|
|
|
|
import json
|
|
|
|
|
|
2026-03-06 15:58:08 +00:00
|
|
|
CHANGES_REQUIRING_RESTART = ['wifi_password', 'ssid', 'enable_access_point', 'enable_chat', 'enable_deltachat', 'butterbox_hostname', 'ssh_access_settings', 'root_account_settings']
|
2026-03-05 09:14:17 +00:00
|
|
|
|
|
|
|
|
def lock_root_account():
|
2026-03-07 14:53:48 +00:00
|
|
|
check_usr = run(["sudo", "passwd", "-S", "root"], capture_output = True, text = True)
|
|
|
|
|
if ' L ' in check_usr.stdout:
|
|
|
|
|
print(f"Root account already locked")
|
2026-03-05 09:14:17 +00:00
|
|
|
return False
|
2026-03-07 14:53:48 +00:00
|
|
|
print(f"Root account not locked, trying to lock it.")
|
|
|
|
|
if not load_setting('root_password'):
|
|
|
|
|
print(f"Root account has no password, setting one before locking it.")
|
|
|
|
|
# password must be empty so we set it to be 'root' before locking the account
|
|
|
|
|
result_set_dummy_password = run(["sudo", "passwd", "-s", "root"], capture_output = True, text = True, input="root")
|
|
|
|
|
print(result_set_dummy_password)
|
|
|
|
|
if result_set_dummy_password.returncode !=0:
|
|
|
|
|
print(f"Issue setting dummy pass for root account")
|
|
|
|
|
print(result_set_dummy_password)
|
|
|
|
|
return False
|
|
|
|
|
else:
|
|
|
|
|
print(f"running the lock command now")
|
|
|
|
|
result_lock = run(["sudo", "passwd", "-l", "root"], capture_output = True, text = True)
|
|
|
|
|
if result_lock.returncode != 0:
|
|
|
|
|
print(f"Issue locking root account")
|
|
|
|
|
print(result_lock)
|
|
|
|
|
return False
|
|
|
|
|
print(f"Root account now locked.")
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
def set_root_password(new_pass):
|
|
|
|
|
check_usr = run(["sudo", "passwd", "-S", "root"], capture_output = True, text = True)
|
|
|
|
|
if ' L ' in check_usr.stdout:
|
|
|
|
|
print(f"Root account locked, unlocking...")
|
|
|
|
|
unlock_result = run(["sudo", "passwd", "-u", "root"], capture_output = True, text = True)
|
|
|
|
|
if unlock_result.returncode != 0:
|
|
|
|
|
print(f"Issue unlocking root account")
|
|
|
|
|
print(unlock_result)
|
|
|
|
|
return False
|
2026-03-10 12:03:07 +00:00
|
|
|
else:
|
|
|
|
|
result = run(["passwd", "-s", "root"],capture_output = True, text = True, input=new_pass)
|
|
|
|
|
if result.returncode != 0:
|
|
|
|
|
print(f"Issue setting password for root account")
|
|
|
|
|
print(result)
|
|
|
|
|
return False
|
2026-03-07 14:53:48 +00:00
|
|
|
else:
|
|
|
|
|
print(f"Root account password set successfully.")
|
|
|
|
|
return True
|
2026-03-05 09:14:17 +00:00
|
|
|
|
|
|
|
|
def enable_service(service: str):
|
|
|
|
|
is_enabled = run(["sudo", "systemctl", "is-enabled", service], capture_output = True, text = True)
|
2026-03-06 15:58:08 +00:00
|
|
|
if 'found' in is_enabled.stdout:
|
|
|
|
|
print(f"Service {service} not found")
|
2026-03-06 12:26:33 +00:00
|
|
|
return False
|
2026-03-05 09:14:17 +00:00
|
|
|
if 'disabled' in is_enabled.stdout:
|
|
|
|
|
enable = run(["sudo", "systemctl", "enable", service], capture_output = True, text = True)
|
2026-03-06 15:58:08 +00:00
|
|
|
if enable.returncode != 0:
|
|
|
|
|
print(f"Issue enabling service {service}:")
|
|
|
|
|
print(enable)
|
|
|
|
|
return False
|
|
|
|
|
else:
|
|
|
|
|
print(f"Service {service} already enabled")
|
2026-03-07 14:53:48 +00:00
|
|
|
return False
|
|
|
|
|
print(f"Service {service} has been enabled.")
|
2026-03-05 09:14:17 +00:00
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
def disable_service(service: str):
|
|
|
|
|
is_enabled = run(["sudo", "systemctl", "is-enabled", service], capture_output = True, text = True)
|
2026-03-06 15:58:08 +00:00
|
|
|
if 'found' in is_enabled.stdout:
|
|
|
|
|
print(f"Service {service} not found")
|
2026-03-06 12:26:33 +00:00
|
|
|
return False
|
2026-03-05 09:14:17 +00:00
|
|
|
if 'enabled' in is_enabled.stdout:
|
2026-03-06 15:58:08 +00:00
|
|
|
enable = run(["sudo", "systemctl", "disable", service])
|
2026-03-07 14:53:48 +00:00
|
|
|
print(enable)
|
2026-03-06 15:58:08 +00:00
|
|
|
if enable.returncode != 0:
|
|
|
|
|
print(f"issue disabling service {service}:")
|
|
|
|
|
print(enable)
|
|
|
|
|
return False
|
|
|
|
|
else:
|
2026-03-07 14:53:48 +00:00
|
|
|
print(f"Service {service} already disabled")
|
|
|
|
|
return False
|
2026-03-05 09:14:17 +00:00
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
def load_setting(setting):
|
2026-03-06 15:58:08 +00:00
|
|
|
with open("./settings.txt", "r") as f:
|
2026-03-05 09:14:17 +00:00
|
|
|
settings = json.load(f)
|
2026-03-07 14:53:48 +00:00
|
|
|
try:
|
|
|
|
|
return settings[setting]
|
|
|
|
|
except:
|
|
|
|
|
return None
|
2026-03-05 09:14:17 +00:00
|
|
|
|
|
|
|
|
def change_service_status(setting, service):
|
|
|
|
|
if load_setting(setting) == "true":
|
2026-03-06 15:58:08 +00:00
|
|
|
return(enable_service(service))
|
2026-03-05 09:14:17 +00:00
|
|
|
else:
|
2026-03-06 15:58:08 +00:00
|
|
|
return(disable_service(service))
|
2026-03-05 09:14:17 +00:00
|
|
|
|
|
|
|
|
def change_line_in_file(target_file: str, regex: str, replacement: str):
|
|
|
|
|
regex = re.compile(regex)
|
|
|
|
|
if not os.path.isfile(target_file):
|
|
|
|
|
raise FileNotFoundError(f"File {target_file} does not exist")
|
|
|
|
|
else:
|
2026-03-07 14:53:48 +00:00
|
|
|
changed = False
|
2026-03-05 09:14:17 +00:00
|
|
|
with open(target_file, "r") as f:
|
|
|
|
|
lines = f.readlines()
|
2026-03-07 14:53:48 +00:00
|
|
|
if not lines:
|
|
|
|
|
print(f"File {target_file} empty")
|
|
|
|
|
return False
|
2026-03-05 09:14:17 +00:00
|
|
|
for i, line in enumerate(lines):
|
|
|
|
|
match = re.fullmatch(replacement, line)
|
|
|
|
|
if match:
|
2026-03-06 15:58:08 +00:00
|
|
|
print(f"Line already exists, not changing.")
|
|
|
|
|
return False
|
2026-03-05 09:14:17 +00:00
|
|
|
for i, line in enumerate(lines):
|
|
|
|
|
match = re.fullmatch(regex, line)
|
|
|
|
|
if match:
|
2026-03-07 14:53:48 +00:00
|
|
|
lines[i] = replacement
|
|
|
|
|
changed = True
|
2026-03-05 09:14:17 +00:00
|
|
|
new_lines = "".join(lines)
|
2026-03-07 14:53:48 +00:00
|
|
|
if not changed:
|
|
|
|
|
print(f"Can't match line: {regex}, adding it to the end of target file {target_file}!")
|
|
|
|
|
new_lines += replacement
|
2026-03-05 09:14:17 +00:00
|
|
|
with open(target_file, "w") as f:
|
2026-03-06 15:58:08 +00:00
|
|
|
print(f"Writing changed line to file {target_file}.")
|
2026-03-05 09:14:17 +00:00
|
|
|
f.write(new_lines)
|
2026-03-06 15:58:08 +00:00
|
|
|
return True
|
2026-03-05 09:14:17 +00:00
|
|
|
|
|
|
|
|
|
2026-03-06 12:26:33 +00:00
|
|
|
def check_settings(raspap_installed: bool):
|
|
|
|
|
if not os.path.exists("./settings.txt"):
|
|
|
|
|
return
|
|
|
|
|
last_modified = os.path.getmtime('./settings.txt')
|
|
|
|
|
diff_in_minutes = (datetime.now().timestamp() - last_modified)/60
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = False
|
|
|
|
|
if diff_in_minutes < 1:
|
2026-03-05 09:14:17 +00:00
|
|
|
for s in CHANGES_REQUIRING_RESTART:
|
2026-03-06 15:58:08 +00:00
|
|
|
print(f"Now at setting: {s}")
|
2026-03-06 12:26:33 +00:00
|
|
|
if s == "wifi_password" and raspap_installed:
|
2026-03-05 09:14:17 +00:00
|
|
|
regex_wpa_method = "wpa=.*?\n"
|
|
|
|
|
if load_setting("wifi_password") == "":
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = change_line_in_file("/etc/hostapd/hostapd.conf", regex_wpa_method, f"wpa=none\n") or needs_restart
|
2026-03-05 09:14:17 +00:00
|
|
|
else:
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = change_line_in_file("/etc/hostapd/hostapd.conf", regex_wpa_method, f"wpa=3\n") or needs_restart
|
2026-03-05 09:14:17 +00:00
|
|
|
regex_pass = "wpa_passphrase=.*?\n"
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = change_line_in_file("/etc/hostapd/hostapd.conf", regex_pass,
|
|
|
|
|
f"wpa_passphrase={load_setting("wifi_password")}\n") or needs_restart
|
2026-03-05 09:14:17 +00:00
|
|
|
|
2026-03-06 12:26:33 +00:00
|
|
|
if s == "ssid" and raspap_installed:
|
2026-03-05 09:14:17 +00:00
|
|
|
regex_ssid = "ssid=.*?\n"
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = change_line_in_file("/etc/hostapd/hostapd.conf", regex_ssid, f"ssid={load_setting("ssid")}\n") or needs_restart
|
2026-03-05 09:14:17 +00:00
|
|
|
if s == "enable_chat":
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = change_service_status("enable_chat", "dendrite") or needs_restart
|
2026-03-06 12:26:33 +00:00
|
|
|
if s == "enable_access_point" and raspap_installed:
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = change_service_status("enable_access_point", "raspapd") or needs_restart
|
2026-03-06 15:58:08 +00:00
|
|
|
if s == "enable_deltachat":
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = change_service_status("enable_deltachat", "madmail") or needs_restart
|
2026-03-05 09:14:17 +00:00
|
|
|
if s == "butterbox_hostname":
|
2026-03-10 12:03:07 +00:00
|
|
|
# change in /etc/hostname
|
2026-03-07 14:53:48 +00:00
|
|
|
print("Writing new hostname to /etc/hostname")
|
|
|
|
|
with open("/etc/hostname", 'w') as f:
|
|
|
|
|
f.write(load_setting('butterbox_hostname'))
|
|
|
|
|
f.write("\n")
|
|
|
|
|
# change in nginx.conf
|
|
|
|
|
regex_nginx_server = " server_name.*?.local;\n"
|
|
|
|
|
replacement = f" server_name {load_setting('butterbox_hostname')}.local;\n"
|
|
|
|
|
|
|
|
|
|
result_nginx = change_line_in_file("/etc/nginx/sites-available/default", regex_nginx_server, replacement)
|
|
|
|
|
needs_restart = needs_restart or result_nginx
|
|
|
|
|
|
2026-03-05 09:14:17 +00:00
|
|
|
# change in butterbox-dnsmasq.conf
|
2026-03-06 12:26:33 +00:00
|
|
|
if raspap_installed:
|
|
|
|
|
regex_dns = "address=/.*?.local/10.3.141.1\n"
|
2026-03-06 15:58:08 +00:00
|
|
|
result = change_line_in_file("/etc/dnsmasq.d/butterbox-dnsmasq.conf", regex_dns,
|
2026-03-06 12:26:33 +00:00
|
|
|
f"address=/{load_setting("butterbox_hostname")}.local/10.3.141.1\n")
|
2026-03-06 15:58:08 +00:00
|
|
|
print(f"Changing dnsmasq config: {result}")
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = needs_restart or result
|
2026-03-05 09:14:17 +00:00
|
|
|
if s == "ssh_access_settings":
|
2026-03-07 14:53:48 +00:00
|
|
|
if load_setting("ssh_access_settings") == "disable_ssh":
|
|
|
|
|
needs_restart = disable_service('ssh') or needs_restart
|
|
|
|
|
if load_setting("ssh_access_settings") == "enable_ssh_with_root_password":
|
|
|
|
|
print("looking at the service")
|
|
|
|
|
needs_restart = enable_service('ssh') or needs_restart
|
|
|
|
|
print("now looking at the password line")
|
2026-03-05 09:14:17 +00:00
|
|
|
regex_password_auth = "PasswordAuthentication.*?\n"
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = change_line_in_file("/etc/ssh/sshd_config", regex_password_auth,
|
|
|
|
|
f"PasswordAuthentication yes\n") or needs_restart
|
|
|
|
|
print("now looking at the permit login line")
|
2026-03-05 09:14:17 +00:00
|
|
|
regex_root_login = "PermitRootLogin.*?\n"
|
2026-03-07 14:53:48 +00:00
|
|
|
needs_restart = change_line_in_file("/etc/ssh/sshd_config", regex_root_login,
|
|
|
|
|
f"PermitRootLogin yes\n") or needs_restart
|
|
|
|
|
# elif load_setting("ssh_access_settings") == "enable_ssh_with_public_key":
|
|
|
|
|
# needs_restart = needs_restart or enable_service('ssh')
|
|
|
|
|
# regex_password_auth = "PasswordAuthentication.*?\n"
|
|
|
|
|
# needs_restart = needs_restart or change_line_in_file("/etc/ssh/sshd_config", regex_password_auth,
|
|
|
|
|
# f"PasswordAuthentication no\n")
|
|
|
|
|
# regex_root_login = "PermitRootLogin.*?\n"
|
|
|
|
|
# needs_restart = needs_restart or change_line_in_file("/etc/ssh/sshd_config", regex_root_login,
|
|
|
|
|
# f"PermitRootLogin prohibit-password\n")
|
|
|
|
|
# if load_setting('ssh_key'):
|
|
|
|
|
# regex_key = f"{load_setting('ssh_key')}\n"
|
|
|
|
|
# needs_restart = needs_restart or change_line_in_file("/home/root/.ssh/authorized_keys", regex_key,
|
|
|
|
|
# regex_key)
|
2026-03-05 09:14:17 +00:00
|
|
|
# append here new key!!!
|
|
|
|
|
if s == "root_account_settings":
|
2026-03-07 14:53:48 +00:00
|
|
|
setting = load_setting("root_account_settings")
|
|
|
|
|
print(setting)
|
|
|
|
|
if setting == "lock_root_account":
|
|
|
|
|
needs_restart = lock_root_account() or needs_restart
|
|
|
|
|
elif setting == "set_root_password":
|
|
|
|
|
if load_setting('root_password'):
|
|
|
|
|
print("will set root password...")
|
|
|
|
|
needs_restart = set_root_password(load_setting('root_password')) or needs_restart
|
|
|
|
|
if needs_restart:
|
|
|
|
|
print("I am restarting here")
|
|
|
|
|
run(["sudo", "reboot"])
|
2026-03-05 09:14:17 +00:00
|
|
|
|
2026-03-06 12:26:33 +00:00
|
|
|
if __name__ == "__main__":
|
2026-03-12 10:55:02 +00:00
|
|
|
raspap_installed = os.path.exists("/var/www/html/raspap")
|
2026-03-06 12:26:33 +00:00
|
|
|
while True:
|
2026-03-07 14:53:48 +00:00
|
|
|
print("Sleep 10 sec")
|
2026-03-06 12:26:33 +00:00
|
|
|
check_settings(raspap_installed)
|
2026-03-06 15:58:08 +00:00
|
|
|
time.sleep(10)
|
2026-03-06 12:26:33 +00:00
|
|
|
|
