Skip to content

Add shared library: lib/ with modular bash helpers#237

Open
jash90 wants to merge 1 commit into
unkn0w:mainfrom
jash90:main
Open

Add shared library: lib/ with modular bash helpers#237
jash90 wants to merge 1 commit into
unkn0w:mainfrom
jash90:main

Conversation

@jash90
Copy link
Copy Markdown

@jash90 jash90 commented Apr 17, 2026
edited
Loading

What is this?

lib/ is a shared helper library for scripts in this repository. Instead of copy-pasting the same boilerplate (root check, package installation, service management, colored output) into every script — just source it once.

How to use

Add at the top of your script:

#!/bin/bash
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/../lib/noobs_lib.sh" || exit 1

require_root  # exits if not running as root

msg_info "Installing packages..."
pkg_install nginx php8.1-fpm
msg_ok "Done!"

What's inside

Module Functions
messages.sh msg_info, msg_ok, msg_error, msg_warn, msg_debug — colored output
permissions.sh require_root, check_root, command_exists, is_port_free, user_exists
packages.sh pkg_install, pkg_remove, pkg_update, pkg_is_installed, detect_package_manager
services.sh service_start/stop/restart/reload/enable/disable, service_exists, service_is_active
repos.sh import_gpg_key, add_ppa_repo, add_repository_with_key
users.sh create_web_user, create_system_user, set_web_permissions
config.sh config_set_value, config_append_if_missing, config_remove_line
mysql.sh mysql_query, mysql_create_db_user, mysql_drop_db_user
php.sh php_install_packages, php_configure, php_fpm_create_pool
apache.sh apache_create_vhost, apache_create_alias, webserver_enable/disable_site
nginx.sh nginx_create_server_block (generic / drupal / moodle / wordpress)
systemd.sh create_systemd_service, create_systemd_timer, delete_systemd_service
errors.sh die, run_or_die, trap_error, show_help_template
files.sh backup_file, create_temp_dir, cleanup_temp
ui.sh ask_input, ask_password, ask_yes_no, show_progress
utils.sh generate_password, get_ip_address, url_encode

Before and after

Before (without library):

#!/bin/bash
[[ $EUID != 0 ]] && { echo "Run as root"; exit 1; }

echo "Installing nginx..."
apt install -y nginx
if [[ $? -ne 0 ]]; then
    echo "Installation failed!"
    exit 1
fi
echo "Done"

systemctl enable --now nginx
if [[ $? -ne 0 ]]; then
    echo "Failed to start nginx"
    exit 1
fi

After (with library):

#!/bin/bash
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/../lib/noobs_lib.sh" || exit 1

require_root
pkg_install nginx
service_enable_now nginx

Scripts that can be improved

Every script in scripts/ that repeats the patterns above can be simplified using this library:

Script What can be replaced
chce_LAMP.sh require_root, apt package install, Apache/PHP-FPM setup → pkg_install, apache_create_vhost, php_fpm_create_pool
chce_LEMP.sh require_root, nginx + php install, vhost creation → pkg_install, nginx_create_server_block
chce_wordpress.sh database user creation, nginx/apache config → mysql_create_db_user, nginx_create_server_block
chce_drupal.sh PHP + Apache + MySQL install, database setup → php_install_packages, mysql_create_db_user, apache_create_vhost
chce_moodle.sh PHP config, Apache setup, database creation → php_configure, mysql_create_db_user
chce_fail2ban.sh require_root, package install, config editing → pkg_install, config_set_value
chce_dockera.sh require_root, GPG repo import, package install → import_gpg_key, add_repository_with_key, pkg_install
chce_mariadb_binary.sh system user creation, systemd service → create_system_user, create_systemd_service
chce_postgresql.sh repo setup, install, user creation → add_repository_with_key, pkg_install
chce_wireguard.sh / chce_openvpn.sh require_root, is_port_free, service_enable_now
chce_hardening.sh editing sshd/sysctl config files → config_set_value, config_append_if_missing
chce_backup.sh systemd service/timer creation → create_systemd_service, create_systemd_timer
chce_ftp.sh user creation with SSH chroot → create_web_user (with chroot_ssh=true)

Security

All modules were reviewed and hardened against common shell scripting vulnerabilities:

  • no evalrun_or_die uses argv array instead
  • MySQL passwords passed via a temporary --defaults-file, never via -p (not visible in ps)
  • sed metacharacters properly escaped when editing config files
  • nginx and systemd filenames validated before writing to system directories
  • sudo tee used instead of direct writes to /etc/ from unprivileged context
  • is_port_free returns an error when neither ss nor netstat is available, instead of a false positive

🤖 Generated with Claude Code

@jash90 jash90 changed the title Improve scripts: Docker, Fail2ban, MariaDB, Tailscale, N8N Add shared library: lib/ with modular bash helpers Apr 17, 2026
@jash90 @claude
Add shared library: lib/ with modular bash helpers
db94113 
Introduces lib/noobs_lib.sh as the main entry point and 16 focused
modules (each under 200 lines) covering: messages, permissions,
packages, repos, services, ui, utils, files, config, users, errors,
mysql, php, apache, nginx, systemd.

Security fixes applied (from code review):
- escape sed metacharacters in config/php helpers
- use --defaults-file temp file instead of -p for mysql passwords
- validate nginx block_name against path traversal
- fix is_port_free false positive when ss/netstat missing
- propagate module load failures with || exit 1
- replace eval with argv-based run_or_die
- use sudo tee for writes to system directories
- anchor grep patterns in sshd_config helpers

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jash90