├── LICENSE
├── Makefile
├── README.md
├── gen_readme.sh
└── synoadm.sh


/LICENSE:
--------------------------------------------------------------------------------
 1 | BSD 3-Clause License
 2 | 
 3 | Copyright (c) 2022, Laurent Ghigonis
 4 | All rights reserved.
 5 | 
 6 | Redistribution and use in source and binary forms, with or without
 7 | modification, are permitted provided that the following conditions are met:
 8 | 
 9 | 1. Redistributions of source code must retain the above copyright notice, this
10 |    list of conditions and the following disclaimer.
11 | 
12 | 2. Redistributions in binary form must reproduce the above copyright notice,
13 |    this list of conditions and the following disclaimer in the documentation
14 |    and/or other materials provided with the distribution.
15 | 
16 | 3. Neither the name of the copyright holder nor the names of its
17 |    contributors may be used to endorse or promote products derived from
18 |    this software without specific prior written permission.
19 | 
20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | PREFIX=/usr/local
2 | BINDIR=$(PREFIX)/bin
3 | 
4 | all:
5 | 	@echo "Run \"sudo make install\" to install"
6 | 
7 | install:
8 | 	install -m 0755 synoadm.sh $(BINDIR)/synoadm
9 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## synoadm - customize Synology DSM devices
 2 | 
 3 | tested on DSM 7.0
 4 | 
 5 | 2022, Laurent Ghigonis <ooookiwi@gmail.com>
 6 | 
 7 | ### Usage
 8 | 
 9 | ```bash
10 | $ synoadm
11 | usage: ./synoadm <synology_ip> <action>
12 | actions
13 |    push_ssl_cert <domain.fullchain.pem> <domain.key>
14 |    set_htaccess <htpasswd_file> <message>
15 | environment variables
16 |    SSH=ssh
17 | ```
18 | 
19 | ### Note when upgrading your Synology device
20 | 
21 | If you are using `synoadm set_htaccess`, before upgrading your Synology device you have to disable the htaccess and re-enable it afterwards.
22 | 
23 | Disabling htaccess can be done before or after reboot with the following command:
24 | ```
25 | mv /etc/nginx/conf.d/alias.htaccess.conf /root
26 | /usr/syno/bin/synosystemctl reload nginx
27 | ```
28 | After you first log-in and check everything is running fine, re-enable htaccess:
29 | ```
30 | mv /root/alias.htaccess.conf /etc/nginx/conf.d/
31 | /usr/syno/bin/synosystemctl reload nginx
32 | ```
33 | 
34 | ### Example usage for push_ssl_cert
35 | 
36 | `synoadm push_ssl_cert` will set custom SSL certificates for the web interface managed by nginx. It has not been tested with other Synology services.
37 | 
38 | ```bash
39 | laptop $ synoadm 192.168.1.5 push_ssl_cert /tmp/domain.fullchain.pem /tmp/domain.key 
40 | 
41 | $ openssl x509 -in /tmp/domain.fullchain.pem -text
42 | $ openssl rsa -in /tmp/domain.key -text
43 | writing RSA key
44 | $ ssh root@192.168.1.5 uname -ap
45 | $ ssh root@192.168.1.5 cat > /usr/syno/etc/certificate/_archive/yoUheE/fullchain.pem
46 | $ ssh root@192.168.1.5 cat > /usr/syno/etc/certificate/_archive/yoUheE/privkey.pem
47 | $ ssh root@192.168.1.5 chmod 600 /usr/syno/etc/certificate/_archive/yoUheE/privkey.pem
48 | $ ssh root@192.168.1.5 /usr/syno/bin/synosystemctl restart nginx
49 | [nginx] restarted.
50 | [*] done, 192.168.1.5 now uses new SSL certificates
51 | ```
52 | 
53 | ### Prerequisite: have root access to your Synology device
54 | 
55 | 1. Get ssh access to your device
56 | 
57 | see https://kb.synology.com/en-id/DSM/tutorial/How_to_login_to_DSM_with_root_permission_via_SSH_Telnet
58 | 
59 | 2. Allow 'root' user to log-in
60 | 
61 | put your public key in /root/.ssh/authorized_keys
62 | 
63 | ### Installation
64 | 
65 | ```bash
66 | $ sudo make install
67 | ```
68 | 
69 | ### Related projects
70 | 
71 | Synology NAS file management from command-line
72 | * https://github.com/looran/synocli
73 | 


--------------------------------------------------------------------------------
/gen_readme.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | D="$(dirname $0)"
 4 | README="$(dirname $0)/README.md"
 5 | 
 6 | cat > $README <<-_EOF
 7 | ## $(egrep "^# " $D/synoadm.sh |sed 's/# /\n/g' |tail -n +2)
 8 | 
 9 | ### Usage
10 | 
11 | \`\`\`bash
12 | $ synoadm
13 | $($D/synoadm.sh |sed s/synoadm.sh/synoadm/)
14 | \`\`\`
15 | 
16 | ### Example usage for push_ssl_cert
17 | 
18 | \`\`\`bash
19 | laptop $ synoadm 192.168.1.5 push_ssl_cert /tmp/domain.fullchain.pem /tmp/domain.key 
20 | 
21 | $ openssl x509 -in /tmp/domain.fullchain.pem -text
22 | $ openssl rsa -in /tmp/domain.key -text
23 | writing RSA key
24 | $ ssh root@192.168.1.5 uname -ap
25 | $ ssh root@192.168.1.5 cat > /usr/syno/etc/certificate/_archive/yoUheE/fullchain.pem
26 | $ ssh root@192.168.1.5 cat > /usr/syno/etc/certificate/_archive/yoUheE/privkey.pem
27 | $ ssh root@192.168.1.5 chmod 600 /usr/syno/etc/certificate/_archive/yoUheE/privkey.pem
28 | $ ssh root@192.168.1.5 /usr/syno/bin/synosystemctl restart nginx
29 | [nginx] restarted.
30 | [*] done, 192.168.1.5 now uses new SSL certificates
31 | \`\`\`
32 | 
33 | ### Installation
34 | 
35 | \`\`\`bash
36 | $ sudo make install
37 | \`\`\`
38 | _EOF
39 | 
40 | echo "[*] DONE, generated $README"
41 | 


--------------------------------------------------------------------------------
/synoadm.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # synoadm - customize Synology DSM devices
 4 | # tested on DSM 7.0
 5 | # 2022, Laurent Ghigonis <ooookiwi@gmail.com>
 6 | 
 7 | usageexit() {
 8 | 	cat <<-_EOF
 9 | usage: $0 <synology_ip> <action>
10 | actions
11 |    push_ssl_cert <domain.fullchain.pem> <domain.key>
12 |    set_htaccess <htpasswd_file> <message>
13 | environment variables
14 |    SSH=$SSH
15 | _EOF
16 | 	exit 1
17 | }
18 | trace() { echo "$ $*" >&2; "$@"; }
19 | err() { echo -e "error: $@"; exit 1; }
20 | 
21 | check_ssh_connectivity() {
22 | 	trace ssh root@$ip uname -ap \
23 | 		|| err "you must have SSH connectivity to $ip as root\nsee https://kb.synology.com/en-uk/DSM/tutorial/How_to_log_in_to_DSM_with_key_pairs_as_admin_or_root_permission_via_SSH_on_computers"
24 | }
25 | 
26 | set -e
27 | 
28 | SSH=${SSH:-"ssh"}
29 | 
30 | [ $# -lt 2 ] && usageexit
31 | 
32 | ip=$1
33 | action=$2
34 | shift 2
35 | case $action in
36 | push_ssl_cert)
37 | 	[ $# -ne 2 ] && usageexit
38 | 	fullchain=$1
39 | 	key=$2
40 | 	trace openssl x509 -in $fullchain -text >/dev/null || err "invalid x509 certificate: $fullchain"
41 | 	trace openssl rsa -in $key -text >/dev/null || err "invalid key: $key"
42 | 	check_ssh_connectivity
43 | 	certname=$($SSH root@$ip "cat /usr/syno/etc/certificate/_archive/DEFAULT")
44 | 	cat $fullchain |trace $SSH root@$ip "cat > /usr/syno/etc/certificate/_archive/$certname/fullchain.pem"
45 | 	cat $key |trace $SSH root@$ip "cat > /usr/syno/etc/certificate/_archive/$certname/privkey.pem"
46 | 	trace $SSH root@$ip "chmod 600 /usr/syno/etc/certificate/_archive/$certname/privkey.pem"
47 | 	trace $SSH root@$ip "/usr/syno/bin/synosystemctl restart nginx"
48 | 	echo "[*] done, $ip now uses new SSL certificates"
49 | 	;;
50 | set_htaccess)
51 | 	[ $# -ne 2 ] && usageexit
52 | 	htaccess=$1
53 | 	message=$2
54 | 	[ ! -e $htaccess ] && err "cert or key does not exist locally"
55 | 	check_ssh_connectivity
56 | 	cat $htaccess |trace $SSH root@$ip "cat > /etc/nginx/htpasswd"
57 | 	cat <<-_EOF |trace $SSH root@$ip "cat > /etc/nginx/conf.d/alias.htaccess.conf"
58 | auth_basic "$message";
59 | auth_basic_user_file /etc/nginx/htpasswd;
60 | _EOF
61 | 	trace $SSH root@$ip "/usr/syno/bin/synosystemctl reload nginx"
62 | 	echo "[*] done, $ip now has htaccess in place on all web services"
63 | 	;;
64 | *)
65 | 	usageexit
66 | 	;;
67 | esac
68 | 
69 | 


--------------------------------------------------------------------------------