#!/bin/bash # # Stegasoo First Boot Wizard # Runs on first SSH login to configure the pre-installed Stegasoo image # # This script is triggered by /etc/profile.d/stegasoo-wizard.sh # After completion, it removes itself to prevent re-running # # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' CYAN='\033[0;36m' GRAY='\033[0;90m' BOLD='\033[1m' NC='\033[0m' # Configuration INSTALL_DIR="$HOME/stegasoo" FLAG_FILE="/etc/stegasoo-first-boot" PROFILE_HOOK="/etc/profile.d/stegasoo-wizard.sh" # Check if this is first boot if [ ! -f "$FLAG_FILE" ]; then exit 0 fi clear echo "" echo -e "${GRAY} . · . · . · . · . · . · . · . · . · . · . · . · . · . · . · . · .${NC}" echo -e "${GRAY} · . · . · . · . · . · . · . · . · . · . · . · . · . · . · . · . ·${NC}" echo -e "${GRAY} . · . · . · . · . · . ${CYAN}/\\\\${GRAY} · . · ${CYAN}/\\\\${GRAY} · . · ${CYAN}/\\\\${GRAY} · . · ${CYAN}/\\\\${GRAY} · . · . · . .${NC}" echo -e "${GRAY} · . · . · . · . · . · ${CYAN}\\\\/${GRAY} · . · ${CYAN}\\\\/${GRAY} · . · ${CYAN}\\\\/${GRAY} · . · ${CYAN}\\\\/${GRAY} · . · . · . ·${NC}" echo -e "${GRAY} . · . · . · . · . · . · . · . · . · . · . · . · . · . · . · . · .${NC}" echo -e "${GRAY} · . ${CYAN} ___ _____ ___ ___ _ ___ ___ ___ ${GRAY} . · . ·${NC}" echo -e "${GRAY} . · ${CYAN}/ __||_ _|| __| / __| /_\\\\ / __| / _ \\\\ / _ \\\\${GRAY} · . · ·${NC}" echo -e "${GRAY} · . ${CYAN}/ __||_ _|| __| / __| /_\\\\ / __| / _ \\\\ / _ \\\\${GRAY} . · . ·${NC}" echo -e "${GRAY} . · ${CYAN}\\\\__ \\\\ | | | _| | (_ | / _ \\\\ \\\\__ \\\\ | (_) || (_) |${GRAY} · . · ·${NC}" echo -e "${GRAY} · . ${CYAN}\\\\__ \\\\ | | | _| | (_ | / _ \\\\ \\\\__ \\\\ | (_) || (_) |${GRAY} . · . ·${NC}" echo -e "${GRAY} . · ${CYAN}|___/ |_| |___| \\\\___|/_/ \\\\_\\\\|___/ \\\\___/ \\\\___/${GRAY} · . · ·${NC}" echo -e "${GRAY} · . ${CYAN}|___/ |_| |___| \\\\___|/_/ \\\\_\\\\|___/ \\\\___/ \\\\___/${GRAY} . · . ·${NC}" echo -e "${GRAY} · . · . · . · . · . · . · . · . · . · . · . · . · . · . · . · . ·${NC}" echo -e "${GRAY} . · . · . · . · . · . · . · . · . · . · . · . · . · . · . · . · .${NC}" echo -e "${GRAY} · . · ${CYAN}~~~~${NC} ${GRAY}· . · . · .${NC} ${CYAN}First Boot Wizard${NC} ${GRAY}· . · . · ${CYAN}~~~~${NC} ${GRAY}· . · . ·${NC}" echo -e "${GRAY} . · . ${CYAN}~~~~${NC} ${GRAY}· . · . · . · . · . · . · . · . · . · . ${CYAN}~~~~${NC} ${GRAY}· . · . .${NC}" echo -e "${GRAY} · . · . · . · . · . · . · . · . · . · . · . · . · . · . · . · . ·${NC}" echo "" echo -e "${BOLD}Welcome to Stegasoo!${NC}" echo "" echo "This wizard will help you configure your Stegasoo server." echo "You can reconfigure later by editing /etc/systemd/system/stegasoo.service" echo "" echo -e "${YELLOW}Press Enter to begin setup...${NC}" read # ============================================================================= # Configuration Variables # ============================================================================= ENABLE_HTTPS="false" USE_PORT_443="false" CHANNEL_KEY="" # ============================================================================= # Step 1: HTTPS Configuration # ============================================================================= clear echo -e "${BOLD}Step 1 of 3: HTTPS Configuration${NC}" echo -e "${BLUE}-------------------------------------------------------${NC}" echo "" echo "HTTPS encrypts all traffic between your browser and this server" echo "using a self-signed certificate." echo "" echo -e "${YELLOW}Note:${NC} Your browser will show a security warning because the" echo "certificate is self-signed. This is normal for home networks." echo "" echo " [Y] Enable HTTPS (recommended for home network security)" echo " [n] Use HTTP only (unencrypted, not recommended)" echo "" read -p "Enable HTTPS? [Y/n] " -n 1 -r echo if [[ ! $REPLY =~ ^[Nn]$ ]]; then ENABLE_HTTPS="true" echo "" echo -e " ${GREEN}✓${NC} HTTPS will be enabled" sleep 1 fi # ============================================================================= # Step 2: Port Configuration (only if HTTPS) # ============================================================================= if [ "$ENABLE_HTTPS" = "true" ]; then clear echo -e "${BOLD}Step 2 of 3: Port Configuration${NC}" echo -e "${BLUE}-------------------------------------------------------${NC}" echo "" echo "The standard HTTPS port is 443, which means you can access" echo "Stegasoo without specifying a port in the URL." echo "" echo " Port 443: https://stegasoo.local" echo " Port 5000: https://stegasoo.local:5000" echo "" echo -e "${YELLOW}Note:${NC} Port 443 requires an iptables redirect rule." echo "" echo " [Y] Use port 443 (cleaner URLs)" echo " [n] Use port 5000 (default, no extra config)" echo "" read -p "Use standard port 443? [Y/n] " -n 1 -r echo if [[ ! $REPLY =~ ^[Nn]$ ]]; then USE_PORT_443="true" echo "" echo -e " ${GREEN}✓${NC} Port 443 will be configured" sleep 1 fi fi # ============================================================================= # Step 3: Channel Key Configuration # ============================================================================= clear echo -e "${BOLD}Step 3 of 3: Channel Key Configuration${NC}" echo -e "${BLUE}-------------------------------------------------------${NC}" echo "" echo "A channel key creates a private encoding channel." echo "" echo -e " ${BOLD}Without a key:${NC} Anyone with Stegasoo can decode your images" echo -e " ${BOLD}With a key:${NC} Only people with YOUR key can decode your images" echo "" echo "This is useful if you want to share encoded images only with" echo "specific people (family, team, etc)." echo "" echo " [y] Generate a private channel key" echo " [N] Use public mode (anyone can decode)" echo "" read -p "Generate a private channel key? [y/N] " -n 1 -r echo if [[ $REPLY =~ ^[Yy]$ ]]; then echo "" echo "Generating channel key..." # Source the venv and generate key source "$INSTALL_DIR/venv/bin/activate" 2>/dev/null CHANNEL_KEY=$(python -c "from stegasoo.channel import generate_channel_key; print(generate_channel_key())" 2>/dev/null) if [ -n "$CHANNEL_KEY" ]; then echo "" echo -e " ${GREEN}✓${NC} Channel key generated!" echo "" echo -e " ${BOLD}${YELLOW}$CHANNEL_KEY${NC}" echo "" echo -e " ${RED}*** IMPORTANT: Write down or copy this key NOW! ***${NC}" echo -e " ${RED}You'll need to share it with anyone who should decode${NC}" echo -e " ${RED}your images. This key won't be shown again.${NC}" echo "" read -p "Press Enter when you've saved the key..." else echo -e " ${RED}✗${NC} Failed to generate key. Using public mode." CHANNEL_KEY="" fi else echo "" echo -e " ${YELLOW}→${NC} Using public mode" sleep 1 fi # ============================================================================= # Apply Configuration # ============================================================================= clear echo -e "${BOLD}Applying Configuration...${NC}" echo -e "${BLUE}-------------------------------------------------------${NC}" echo "" # Find the stegasoo user (whoever owns the install dir) STEGASOO_USER=$(stat -c '%U' "$INSTALL_DIR" 2>/dev/null || echo "pi") echo " Updating systemd service..." sudo tee /etc/systemd/system/stegasoo.service >/dev/null </dev/null; then sudo apt-get install -y iptables >/dev/null 2>&1 fi # Add redirect rule (check if it already exists) if ! sudo iptables -t nat -C PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5000 2>/dev/null; then sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5000 fi sudo sh -c 'iptables-save > /etc/iptables.rules' # Create/update persistence service sudo tee /etc/systemd/system/iptables-restore.service >/dev/null </dev/null 2>&1 echo -e " ${GREEN}✓${NC} Port 443 redirect configured" fi echo " Reloading systemd..." sudo systemctl daemon-reload echo -e " ${GREEN}✓${NC} Systemd reloaded" echo " Starting Stegasoo..." sudo systemctl restart stegasoo sleep 2 if systemctl is-active --quiet stegasoo; then echo -e " ${GREEN}✓${NC} Stegasoo started successfully" else echo -e " ${RED}✗${NC} Failed to start (check: journalctl -u stegasoo)" fi # Remove first-boot flag and profile hook echo " Cleaning up first-boot wizard..." sudo rm -f "$FLAG_FILE" sudo rm -f "$PROFILE_HOOK" echo -e " ${GREEN}✓${NC} Wizard complete" # ============================================================================= # Final Summary # ============================================================================= clear PI_IP=$(hostname -I | awk '{print $1}') HOSTNAME=$(hostname) echo -e "${GREEN}" cat <<'BANNER' _____ _ / ____| | | (___ | |_ ___ __ _ __ _ ___ ___ ___ \___ \| __/ _ \/ _` |/ _` / __|/ _ \ / _ \ ____) | || __/ (_| | (_| \__ \ (_) | (_) | |_____/ \__\___|\__, |\__,_|___/\___/ \___/ __/ | |___/ Setup Complete! BANNER echo -e "${NC}" echo -e "${BOLD}Your Stegasoo server is ready!${NC}" echo "" echo -e "${GREEN}Access URL:${NC}" if [ "$ENABLE_HTTPS" = "true" ]; then if [ "$USE_PORT_443" = "true" ]; then echo -e " ${BOLD}${YELLOW}https://$PI_IP${NC}" echo -e " ${BOLD}${YELLOW}https://$HOSTNAME.local${NC} (if mDNS works)" else echo -e " ${BOLD}${YELLOW}https://$PI_IP:5000${NC}" echo -e " ${BOLD}${YELLOW}https://$HOSTNAME.local:5000${NC} (if mDNS works)" fi else echo -e " ${BOLD}${YELLOW}http://$PI_IP:5000${NC}" fi echo "" if [ -n "$CHANNEL_KEY" ]; then echo -e "${GREEN}Channel Key:${NC}" echo -e " ${YELLOW}$CHANNEL_KEY${NC}" echo "" fi echo -e "${GREEN}First Steps:${NC}" echo " 1. Open the URL above in your browser" echo " 2. Accept the security warning (self-signed cert)" echo " 3. Create your admin account" echo " 4. Start encoding secret messages!" echo "" echo -e "${GREEN}Useful Commands:${NC}" echo " sudo systemctl status stegasoo # Check status" echo " sudo systemctl restart stegasoo # Restart" echo " journalctl -u stegasoo -f # View logs" echo "" echo -e "${CYAN}Enjoy Stegasoo!${NC}" echo ""