From b6482df91f1efbb0929829ff7594e9add04b35eb Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Sat, 27 Jul 2024 15:05:37 -0700
Subject: [PATCH] Support non ip pinning setups

Signed-off-by: Tommy <contact@tommytran.io>
---
 setup.sh | 36 +++++++++++++++++++++++++++++++-----
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/setup.sh b/setup.sh
index dd214a1..32a8144 100644
--- a/setup.sh
+++ b/setup.sh
@@ -24,6 +24,25 @@ unpriv(){
     sudo -u nobody "$@"
 }
 
+ip_pinning_prompt(){
+    output 'Do you intend to pin IP addresses in your NGINX config?'
+    output 
+    output '1) No'
+    output '2) Yes'
+    output 'Insert the number of your selection:'
+    read -r choice
+    case $choice in
+        1 ) ip_pinning=0
+            ;;
+        2 ) ip_pinning=1
+            ;;
+        * ) output 'You did not enter a valid selection.'
+            ip_pinning_prompt
+    esac
+}
+
+ip_pinning_prompt
+
 # Allow reverse proxy
 sudo setsebool -P httpd_can_network_connect 1
 
@@ -36,11 +55,13 @@ sudo firewall-cmd --permanent --add-service=https
 sudo firewall-cmd --permanent --add-port=443/udp
 sudo firewall-cmd --reload
 
-# Add 99-nonlocal-bind.conf
-# This fixes a long standing bug where network-online.target is reached before IPv6 is obtained, which breaks IPv6 pinning.
-# Also, if you are using floating IPs for NGINX stream like I do, you need it anyways
-unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/sysctl.d/99-nonlocal-bind.conf | sudo tee /etc/sysctl.d/99-nonlocal-bind.conf > /dev/null
-sudo chmod 644 /etc/sysctl.d/99-nonlocal-bind.conf
+if [ "${ip_pinning}" = '1' ]; then
+    # Add 99-nonlocal-bind.conf
+    # This fixes a long standing bug where network-online.target is reached before IPv6 is obtained, which breaks IPv6 pinning.
+    # Also, if you are using floating IPs for NGINX stream like I do, you need it anyways
+    unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/sysctl.d/99-nonlocal-bind.conf | sudo tee /etc/sysctl.d/99-nonlocal-bind.conf > /dev/null
+    sudo chmod 644 /etc/sysctl.d/99-nonlocal-bind.conf
+fi
 
 # Setup webroot for NGINX
 ## Explicitly using /var/srv here because SELinux does not follow symlinks
@@ -102,3 +123,8 @@ unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main
 unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/security.conf | sudo tee /etc/nginx/snippets/security.conf > /dev/null
 unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/cross-origin-security.conf | sudo tee /etc/nginx/snippets/cross-origin-security.conf > /dev/null
 unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/universal_paths.conf | sudo tee /etc/nginx/snippets/universal_paths.conf > /dev/null
+
+if [ "${ip_pinning}" = '0' ]; then
+    sed -i 's/ipv4_1://g' /etc/nginx/conf.d/sites_default.conf
+    sed -i 's/ipv6_1/::/g' /etc/nginx/conf.d/sites_default.conf
+fi
\ No newline at end of file