2015-01-16 20:46:15 +01:00
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# This install script is intended for use with Debian Jessie
#
# License
# =======
#
2016-01-02 22:58:27 +01:00
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
2015-01-16 20:46:15 +01:00
#
# This program is free software: you can redistribute it and/or modify
2016-02-13 23:09:27 +01:00
# it under the terms of the GNU Affero General Public License as published by
2015-01-16 20:46:15 +01:00
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
2016-02-13 23:09:27 +01:00
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
2015-01-16 20:46:15 +01:00
#
2016-02-13 23:09:27 +01:00
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
2015-01-16 20:46:15 +01:00
2015-01-16 22:05:12 +01:00
NO_OF_ARGS=$#
2015-11-27 12:42:16 +01:00
PROJECT_NAME='freedombone'
export TEXTDOMAIN=$PROJECT_NAME
export TEXTDOMAINDIR="/usr/share/locale"
2015-12-02 21:25:48 +01:00
DEFAULT_LANGUAGE=$(echo $LANG)
2015-12-02 15:33:56 +01:00
2015-11-29 15:54:30 +01:00
# username created by default within a debian image
GENERIC_IMAGE_USERNAME='fbone'
2015-01-20 22:18:24 +01:00
# Web site
2016-01-25 18:16:51 +01:00
PROJECT_WEBSITE="http://${PROJECT_NAME}.uk.to"
2015-01-20 22:18:24 +01:00
2015-11-26 10:46:20 +01:00
# Repo
2016-01-25 18:16:51 +01:00
PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}"
2015-11-26 10:46:20 +01:00
2015-01-20 22:18:24 +01:00
# Contact details
2016-01-25 18:16:51 +01:00
PROJECT_BITMESSAGE="BM-2cWuhmBvVdfrHhLoZTdspCkKeiTorUesSL"
2015-01-20 22:18:24 +01:00
2015-01-16 20:46:15 +01:00
# Are we installing on a Beaglebone Black (BBB) or some other system?
INSTALLING_ON_BBB="no"
# Version number of this script
2015-07-09 19:59:43 +02:00
VERSION="1.01"
2015-01-16 20:46:15 +01:00
2015-11-30 15:25:09 +01:00
# if yes then this minimises the number of descisions presented during install
MINIMAL_INSTALL="yes"
2015-12-30 19:54:31 +01:00
# Whether web sites will be .onion addresses only
ONION_ONLY="no"
2015-01-16 20:46:15 +01:00
# Different system variants which may be specified within
# the SYSTEM_TYPE option
2015-01-18 12:18:03 +01:00
VARIANT_FULL="full"
2015-01-16 20:46:15 +01:00
VARIANT_WRITER="writer"
VARIANT_CLOUD="cloud"
VARIANT_CHAT="chat"
VARIANT_MAILBOX="mailbox"
VARIANT_NONMAILBOX="nonmailbox"
VARIANT_SOCIAL="social"
VARIANT_MEDIA="media"
2015-03-17 21:30:20 +01:00
VARIANT_DEVELOPER="developer"
2015-07-19 13:06:17 +02:00
VARIANT_MESH="mesh"
2015-01-16 20:46:15 +01:00
2015-02-03 21:52:38 +01:00
DEFAULT_DOMAIN_NAME=
2015-02-15 15:49:32 +01:00
DEFAULT_DOMAIN_CODE=
2015-01-26 21:55:06 +01:00
MY_USERNAME=
SYSTEM_TYPE=$VARIANT_FULL
2015-02-01 22:18:25 +01:00
# whether the system is being installed from a pre-created configuration file
INSTALLING_FROM_CONFIGURATION_FILE="no"
2015-01-16 20:46:15 +01:00
# An optional configuration file which overrides some of these variables
2015-12-29 16:18:08 +01:00
CONFIGURATION_FILE="${PROJECT_NAME}.cfg"
2015-01-16 20:46:15 +01:00
SSH_PORT=2222
2015-08-09 15:05:24 +02:00
IRC_PORT=6697
2016-02-13 17:45:14 +01:00
IRC_ONION_PORT=8093
2015-01-16 20:46:15 +01:00
2016-02-01 11:05:29 +01:00
# password used for accessing your repo mirrors
MY_MIRRORS_PASSWORD=
# friend's repo mirrors
FRIENDS_MIRRORS_PASSWORD=
FRIENDS_MIRRORS_SERVER=
FRIENDS_MIRRORS_SSH_PORT=2222
# This isn't used here, but is included for mirrors creation purposes
2016-01-26 17:50:43 +01:00
LETSENCRYPT_REPO="https://github.com/letsencrypt/letsencrypt"
2015-12-09 15:26:28 +01:00
# An optional password to log into IRC. This applies to all users
IRC_PASSWORD=
2015-11-24 12:05:35 +01:00
# If this file exists it contains a global password used with
# disk image installs. This simplifies password management for
# deployment at scale
IMAGE_PASSWORD_FILE=/root/login.txt
2015-01-16 20:46:15 +01:00
# parameters used when adding a new domain
2015-01-18 22:47:43 +01:00
DDNS_PROVIDER="default@freedns.afraid.org"
2015-01-16 20:46:15 +01:00
DDNS_USERNAME=
DDNS_PASSWORD=
CURRENT_DDNS_DOMAIN=
2016-01-26 16:26:17 +01:00
EXIM_ONION_REPO="https://github.com/petterreinholdtsen/exim4-smtorp"
2016-01-02 11:15:43 +01:00
2015-12-01 18:27:01 +01:00
NGINX_ENSITE_REPO="https://github.com/perusio/nginx_ensite"
NGINX_ENSITE_COMMIT='fa4d72ce1c0a490442c8474e9c8dc21ed52c93d0'
2015-12-01 18:11:55 +01:00
CLEANUP_MAILDIR_REPO="https://github.com/bashrc/cleanup-maildir"
CLEANUP_MAILDIR_COMMIT='33241d2e3861f901ba17f5c77ada007e1ec06a86'
2015-11-29 18:15:02 +01:00
INADYN_REPO="https://github.com/bashrc/inadyn"
INADYN_COMMIT='fadbe17f520d337dfb8d69ee4bf1fcaa23fce0d6'
2015-11-29 17:38:28 +01:00
2015-01-18 16:36:34 +01:00
# Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=10
2015-01-16 20:46:15 +01:00
# number of CPU cores
CPU_CORES=1
2015-06-28 22:26:42 +02:00
# If the system is on an IPv6 network
IPV6_NETWORK='2001:470:26:307'
2015-01-16 20:46:15 +01:00
# The static IP address of the system within the local network
2015-11-29 16:28:12 +01:00
# By default the IP address is dynamic within your LAN
LOCAL_NETWORK_STATIC_IP_ADDRESS=
2015-01-16 20:46:15 +01:00
# IP address of the router (gateway)
ROUTER_IP_ADDRESS="192.168.1.254"
2015-01-31 12:19:24 +01:00
# DNS
NAMESERVER1='213.73.91.35'
NAMESERVER2='85.214.20.141'
2015-01-16 20:46:15 +01:00
# whether to route outgoing traffic through Tor
ROUTE_THROUGH_TOR="no"
# Why use Google as a time source?
# The thinking here is that it's likely to be reliable and fast.
# The ping doesn't reveal any information other than that the server
# is running, and if anyone maliciously alters the time on Google's
# servers then that would certainly be newsworthy and they'd be
# likely to do something about it quickly.
# If you have better time sources then change them here.
TLS_TIME_SOURCE1="google.com"
TLS_TIME_SOURCE2="www.ptb.de"
2015-06-13 13:00:11 +02:00
# The type of hardware random number generator being used
# This can be empty, "beaglebone" or "onerng"
HWRNG_TYPE=
2015-01-16 20:46:15 +01:00
2015-06-13 13:50:52 +02:00
# Download location for OneRNG driver
2015-06-22 21:53:41 +02:00
ONERNG_PACKAGE="onerng_3.4-1_all.deb"
2015-06-14 20:28:30 +02:00
ONERNG_PACKAGE_DOWNLOAD="https://github.com/OneRNG/onerng.github.io/blob/master/sw/$ONERNG_PACKAGE?raw=true"
2015-06-13 13:50:52 +02:00
# Hash for OneRNG driver
2015-06-22 21:53:41 +02:00
ONERNG_PACKAGE_HASH='78f1c2f52ae573e3b398a695ece7ab9f41868252657ea269f0d5cf0bd4f2eb59'
2015-06-13 13:50:52 +02:00
2015-06-27 11:07:48 +02:00
# device name for OneRNG
ONERNG_DEVICE='ttyACM0'
2015-01-16 20:46:15 +01:00
# Whether this system is being installed within a docker container
INSTALLED_WITHIN_DOCKER="no"
# If you want to run a public mailing list specify its name here.
# There should be no spaces in the name
PUBLIC_MAILING_LIST=
# Optional different domain name for the public mailing list
PUBLIC_MAILING_LIST_DOMAIN_NAME=
# Directory where the public mailing list data is stored
PUBLIC_MAILING_LIST_DIRECTORY="/var/spool/mlmmj"
# If you want to run an encrypted mailing list specify its name here.
# There should be no spaces in the name
PRIVATE_MAILING_LIST=
2015-01-20 12:58:25 +01:00
# Domain name for mediagoblin installation
2015-01-16 20:46:15 +01:00
MEDIAGOBLIN_DOMAIN_NAME=
2015-03-25 21:15:33 +01:00
MEDIAGOBLIN_CODE=
2015-03-25 09:32:39 +01:00
MEDIAGOBLIN_REPO="https://gitorious.org/mediagoblin/mediagoblin.git"
2015-01-16 20:46:15 +01:00
MEDIAGOBLIN_ADMIN_PASSWORD=
2015-01-20 12:58:25 +01:00
# Domain name for microblog installation
2015-01-16 20:46:15 +01:00
MICROBLOG_DOMAIN_NAME=
2015-02-15 13:47:10 +01:00
MICROBLOG_CODE=
2015-12-29 17:24:44 +01:00
MICROBLOG_ONION_PORT=8087
2016-01-08 22:38:19 +01:00
MICROBLOG_REPO="https://git.gnu.io/gnu/gnu-social.git"
2016-02-12 10:49:46 +01:00
MICROBLOG_COMMIT='f10625f8bc59e3ae52da07fdba910329fad540a3'
2015-01-16 20:46:15 +01:00
MICROBLOG_ADMIN_PASSWORD=
2016-02-03 18:57:11 +01:00
MICROBLOG_THEME_REPO="https://git.gnu.io/h2p/Qvitter.git"
2016-02-12 10:49:46 +01:00
MICROBLOG_THEME_COMMIT='2816507545bb7e3da5b0a290692576b8d2ee335f'
2016-02-04 10:52:51 +01:00
MICROBLOG_WELCOME_MESSAGE=$'<h1>Welcome to $MICROBLOG_DOMAIN_NAME –
2016-02-04 16:54:46 +01:00
MICROBLOG_BACKGROUND_IMAGE_URL=
2016-02-11 15:15:13 +01:00
MICROBLOG_MARKDOWN_REPO="https://github.com/chimo/gs-markdown"
MICROBLOG_MARKDOWN_COMMIT='184801fba1418548045242f4a55d55c29f6a06da'
2015-01-16 20:46:15 +01:00
2015-09-06 23:24:56 +02:00
# Domain name for hubzilla installation
HUBZILLA_DOMAIN_NAME=
HUBZILLA_CODE=
2015-12-29 15:53:03 +01:00
HUBZILLA_ONION_PORT=8085
2015-09-06 23:24:56 +02:00
HUBZILLA_REPO="https://github.com/redmatrix/hubzilla.git"
2016-01-26 16:26:17 +01:00
HUBZILLA_THEMES_REPO="https://github.com/DeadSuperHero/redmatrix-themes"
2015-09-06 23:24:56 +02:00
HUBZILLA_ADDONS_REPO="https://github.com/redmatrix/hubzilla-addons.git"
HUBZILLA_ADMIN_PASSWORD=
2016-01-08 16:03:39 +01:00
HUBZILLA_COMMIT='761afd029d97703f2f7609d546b7b5f3d257c601'
2016-01-08 16:20:44 +01:00
HUBZILLA_ADDONS_COMMIT='e32f98d65850a8681e8242f3db8b6484abb35c67'
2015-09-06 23:24:56 +02:00
2015-03-17 22:22:44 +01:00
# Domain name for git hosting installation
GIT_DOMAIN_NAME=
GIT_CODE=
2015-12-29 18:34:11 +01:00
GIT_ONION_PORT=8090
2016-01-27 16:37:47 +01:00
GIT_DOMAIN_REPO="https://github.com/gogits/gogs"
2015-03-18 19:38:35 +01:00
GIT_ADMIN_PASSWORD=
2015-12-16 13:22:49 +01:00
GOGS_COMMIT='efea642d6cf419c9587d44b95ff2bc04e89f7bfe'
2016-01-27 15:53:58 +01:00
GO_PACKAGE_MANAGER_REPO="https://github.com/gpmgo/gopm"
2015-03-17 22:22:44 +01:00
2015-01-20 12:58:25 +01:00
# Domain name for Owncloud installation
2015-01-16 20:46:15 +01:00
OWNCLOUD_DOMAIN_NAME=
2015-02-15 13:47:10 +01:00
OWNCLOUD_CODE=
2015-12-29 17:37:21 +01:00
OWNCLOUD_ONION_PORT=8088
2015-01-16 20:46:15 +01:00
OWNCLOUD_ADMIN_PASSWORD=
2015-11-26 10:46:20 +01:00
OWNCLOUD_MUSIC_APP_REPO="https://github.com/owncloud/music"
OWNCLOUD_MUSIC_APP_COMMIT='7f79afb4ae9a6ecd8f530d87106f960306c0a15a'
2015-01-16 20:46:15 +01:00
2015-01-20 12:58:25 +01:00
# Domain name for your wiki
2015-01-16 20:46:15 +01:00
WIKI_DOMAIN_NAME=
WIKI_ADMIN_PASSWORD=
2015-12-29 17:42:35 +01:00
WIKI_TITLE="${PROJECT_NAME} Wiki"
2015-02-15 13:47:10 +01:00
WIKI_CODE=
2015-12-29 18:02:07 +01:00
WIKI_ONION_PORT=8089
2015-01-16 20:46:15 +01:00
2015-01-20 12:58:25 +01:00
# Domain name for your blog
2015-01-16 20:46:15 +01:00
FULLBLOG_DOMAIN_NAME=
2015-02-15 13:47:10 +01:00
FULLBLOG_CODE=
2015-12-29 16:15:59 +01:00
FULLBLOG_ONION_PORT=8086
2015-11-25 17:59:48 +01:00
FULLBLOG_REPO="https://github.com/danpros/htmly"
FULLBLOG_COMMIT='5f271a2370cc1bfde15f2a0d5ed6928cc74b0efa'
2015-01-16 20:46:15 +01:00
MY_BLOG_TITLE="My Blog"
2015-12-29 17:42:35 +01:00
MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog"
2015-01-16 20:46:15 +01:00
GPG_KEYSERVER="hkp://keys.gnupg.net"
# whether to encrypt all incoming email with your public key
GPG_ENCRYPT_STORED_EMAIL="yes"
# gets set to yes if gpg keys are imported from usb
GPG_KEYS_IMPORTED="no"
# optionally you can provide your exported GPG key pair here
# Note that the private key file will be deleted after use
# If these are unspecified then a new GPG key will be created
MY_GPG_PUBLIC_KEY=
MY_GPG_PRIVATE_KEY=
# optionally specify your public key ID
MY_GPG_PUBLIC_KEY_ID=
# If you have existing mail within a Maildir
# you can specify the directory here and the files
# will be imported
IMPORT_MAILDIR=
# The Debian package repository to use.
DEBIAN_REPO="ftp.us.debian.org"
DEBIAN_VERSION="jessie"
# Directory where source code is downloaded and compiled
INSTALL_DIR=$HOME/build
# device name for an attached usb drive
USB_DRIVE=/dev/sda1
# Location where the USB drive is mounted to
USB_MOUNT=/mnt/usb
# name of a script used to upgrade the system
2015-12-08 17:22:48 +01:00
UPGRADE_SCRIPT_NAME="${PROJECT_NAME}-upgrade"
2015-01-16 20:46:15 +01:00
# name of a script which keeps running processes going even if they crash
WATCHDOG_SCRIPT_NAME="keepon"
2015-11-04 18:25:39 +01:00
# Number of days to keep backups for
BACKUP_MAX_DAYS=30
2015-01-16 20:46:15 +01:00
# memory limit for php in MB
MAX_PHP_MEMORY=64
# default MariaDB password
MARIADB_PASSWORD=
# Directory where XMPP settings are stored
XMPP_DIRECTORY="/var/lib/prosody"
# file containing a list of remote locations to backup to
# Format: [username@friendsdomain//home/username] [ssh_password]
# With the only space character being between the server and the password
FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
# list of encryption protocols
SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2"
# list of ciphers to use. See bettercrypto.org recommendations
2016-01-08 10:10:11 +01:00
SSL_CIPHERS="EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"
2015-01-16 20:46:15 +01:00
2015-01-24 19:32:32 +01:00
# ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
SSH_CIPHERS="chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr"
SSH_MACS="hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com"
SSH_KEX="curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256"
SSH_HOST_KEY_ALGORITHMS="ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-ed25519,ssh-rsa"
2015-01-16 20:46:15 +01:00
# xmpp ciphers and curve
XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"'
XMPP_ECC_CURVE='"secp384r1"'
# the default email address
2015-02-03 21:52:38 +01:00
MY_EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
2015-01-16 20:46:15 +01:00
# optionally specify your name to appear on the blog
2015-02-03 21:52:38 +01:00
MY_NAME=$DEFAULT_DOMAIN_NAME
2015-01-16 20:46:15 +01:00
export DEBIAN_FRONTEND=noninteractive
# logging level for Nginx
2015-11-16 13:05:07 +01:00
WEBSERVER_LOG_LEVEL='warn'
2015-01-16 20:46:15 +01:00
# used to limit CPU usage
CPULIMIT='/usr/bin/cpulimit -l 20 -e'
# command to create a git repository
CREATE_GIT_PROJECT_COMMAND='create-project'
# File which keeps track of what has already been installed
2015-12-08 17:22:48 +01:00
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
2015-01-16 20:46:15 +01:00
# Used to indicate whether the backup contains MariaDB databases or not
BACKUP_INCLUDES_DATABASES="no"
# contains the mysql root password which
# is used for backups and repair
DATABASE_PASSWORD_FILE=/root/dbpass
# log file where details of remote backups are stored
REMOTE_BACKUPS_LOG=/var/log/remotebackups.log
# message if something fails to install
CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
2015-01-20 00:02:30 +01:00
# web site used to obtain the external IP address of the system
GET_IP_ADDRESS_URL="checkip.two-dns.de"
2015-01-25 15:46:46 +01:00
# Password used for VoIP server
VOIP_SERVER_PASSWORD=
# Port on which VoIP server listens
VOIP_PORT=64738
2015-11-01 23:02:44 +01:00
SIP_SERVER_PASSWORD=
SIP_PORT=5060
2015-01-25 15:46:46 +01:00
2015-01-27 20:54:10 +01:00
# Location of VoIP database and configuration
VOIP_DATABASE="mumble-server.sqlite"
VOIP_CONFIG_FILE="mumble-server.ini"
2015-01-21 20:38:48 +01:00
# other possible services to obtain the external IP address
EXTERNAL_IP_SERVICES=( \
2015-12-30 19:14:32 +01:00
'https://check.torproject.org/' \
'https://www.whatsmydns.net/whats-my-ip-address.html' \
'https://www.privateinternetaccess.com/pages/whats-my-ip/' \
'http://checkip.two-dns.de' \
'http://ip.dnsexit.com' \
'http://ifconfig.me/ip' \
'http://ipecho.net/plain' \
'http://checkip.dyndns.org/plain' \
'http://ipogre.com/linux.php' \
'http://whatismyipaddress.com/' \
'http://ip.my-proxy.com/' \
'http://websiteipaddress.com/WhatIsMyIp' \
'http://getmyipaddress.org/' \
'http://www.my-ip-address.net/' \
'http://myexternalip.com/raw' \
'http://www.canyouseeme.org/' \
'http://www.trackip.net/' \
'http://icanhazip.com/' \
'http://www.iplocation.net/' \
'http://www.howtofindmyipaddress.com/' \
'http://www.ipchicken.com/' \
'http://whatsmyip.net/' \
'http://www.ip-adress.com/' \
'http://checkmyip.com/' \
'http://www.tracemyip.org/' \
'http://checkmyip.net/' \
'http://www.lawrencegoetz.com/programs/ipinfo/' \
'http://www.findmyip.co/' \
'http://ip-lookup.net/' \
'http://www.dslreports.com/whois' \
'http://www.mon-ip.com/en/my-ip/' \
'http://www.myip.ru' \
'http://ipgoat.com/' \
'http://www.myipnumber.com/my-ip-address.asp' \
'http://www.whatsmyipaddress.net/' \
'http://formyip.com/' \
'http://www.displaymyip.com/' \
'http://www.bobborst.com/tools/whatsmyip/' \
'http://www.geoiptool.com/' \
'http://checkip.dyndns.com/' \
'http://myexternalip.com/' \
'http://www.ip-adress.eu/' \
'http://www.infosniper.net/' \
'http://wtfismyip.com/' \
'http://ipinfo.io/' \
'http://httpbin.org/ip')
2015-01-21 20:38:48 +01:00
2015-07-26 14:38:18 +02:00
WIFI_CHANNEL=2
2015-08-09 15:39:22 +02:00
WIFI_INTERFACE=wlan0
2015-07-26 14:38:18 +02:00
2015-01-16 20:46:15 +01:00
# cjdns settings
ENABLE_CJDNS="no"
CJDNS_PRIVATE_KEY=
CJDNS_PUBLIC_KEY=
CJDNS_IPV6=
CJDNS_PASSWORD=
CJDNS_PORT=
2015-11-25 20:28:18 +01:00
CJDNS_REPO="https://github.com/cjdelisle/cjdns.git"
CJDNS_COMMIT='13189fde111d0500427a7a0ce06a970753527bca'
2016-01-27 15:53:58 +01:00
CJDCMD_REPO="https://github.com/inhies/cjdcmd"
CJDCMD_COMMIT='973cca6ed0eecf9041c3403a40193c0b1291b808'
2015-01-16 20:46:15 +01:00
2015-06-28 16:20:54 +02:00
# B.A.T.M.A.N settings
ENABLE_BATMAN="no"
2015-08-18 13:02:50 +02:00
BATMAN_CELLID='any'
2015-07-26 14:38:18 +02:00
ESSID='mesh'
2015-06-28 16:20:54 +02:00
2015-07-21 23:50:17 +02:00
# Babel mesh
ENABLE_BABEL="no"
2015-07-22 20:13:36 +02:00
BABEL_PORT=6696
2015-07-21 23:50:17 +02:00
2015-07-01 14:16:07 +02:00
# social key management
ENABLE_SOCIAL_KEY_MANAGEMENT="no"
2015-07-11 11:31:18 +02:00
TOX_PORT=33445
2016-01-26 16:26:17 +01:00
TOX_REPO="git://github.com/irungentoo/toxcore.git"
TOXID_REPO="https://github.com/bashrc/toxid"
2015-11-25 23:12:47 +01:00
TOX_COMMIT='73b2144edcfd1ca617e9054479b66ab0c0361a14'
2015-08-26 19:41:58 +02:00
TOX_BOOTSTRAP_ID_FILE=/var/lib/tox-bootstrapd/pubkey.txt
2015-07-11 11:31:18 +02:00
# These are some default nodes, but you can replace them with trusted nodes
# as you prefer. See https://wiki.tox.im/Nodes
2016-01-15 15:41:59 +01:00
TOX_NODES=
2015-07-11 11:31:18 +02:00
#TOX_NODES=(
# '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
# '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
#)
2015-11-25 23:12:47 +01:00
TOXIC_REPO="https://github.com/Tox/toxic"
TOXIC_COMMIT='88270827a96b2082e254677f35585ed24581a42c'
2015-07-11 11:31:18 +02:00
2015-08-29 16:14:19 +02:00
#ZERONET_REPO='https://github.com/HelloZeroNet/ZeroNet.git'
2016-01-26 16:26:17 +01:00
ZERONET_REPO="https://github.com/HelloZeroNet/ZeroNet.git"
2015-11-29 18:44:31 +01:00
ZERONET_COMMIT='675bd462556c541d65e2d95f91f899146a373aad'
2016-01-26 16:26:17 +01:00
ZERONET_BLOG_REPO="https://github.com/HelloZeroNet/ZeroBlog"
2015-12-01 18:46:06 +01:00
ZERONET_BLOG_COMMIT='bbb0d6c36465fed2e6df71f1aab45fcc9c6ad609'
2016-01-26 16:26:17 +01:00
ZERONET_MAIL_REPO="https://github.com/HelloZeroNet/ZeroMail"
2015-12-11 18:15:52 +01:00
ZERONET_MAIL_COMMIT='955af09d643c72b02e4983d71eca5c0c93a6c131'
2016-01-26 16:26:17 +01:00
ZERONET_FORUM_REPO="https://github.com/HelloZeroNet/ZeroTalk"
2015-12-01 18:46:06 +01:00
ZERONET_FORUM_COMMIT='e2d2c9cb1cfbfef91b244935efb5c14c2ad95faa'
2015-09-04 13:27:33 +02:00
ZERONET_URL=http://127.0.0.1:43110
2015-08-24 09:14:13 +02:00
ZERONET_PORT=15441
2015-08-29 23:44:13 +02:00
TRACKER_PORT=6969
2015-09-04 13:27:33 +02:00
ZERONET_DEFAULT_BLOG_TAGLINE="Blogging on the Mesh"
ZERONET_DEFAULT_FORUM_TAGLINE="A decentralized discussion group"
2015-12-11 18:15:52 +01:00
ZERONET_DEFAULT_MAIL_TAGLINE="Mail for the Mesh"
2015-08-15 10:01:45 +02:00
2015-11-25 23:34:26 +01:00
# https://github.com/ipfs/go-ipfs
2016-01-27 15:39:29 +01:00
IPFS_GO_REPO="https://github.com/ipfs/go-ipfs"
2015-11-25 23:34:26 +01:00
IPFS_COMMIT='20b06a4cbce8884f5b194da6e98cb11f2c77f166'
2015-09-30 11:20:47 +02:00
IPFS_PORT=4001
2015-11-25 23:45:42 +01:00
GPGIT_REPO="https://github.com/mikecardwell/gpgit"
GPGIT_COMMIT='583dc76119f19420f8a33f606744faa7c8922738'
2015-08-15 10:30:51 +02:00
# Default diffie-hellman key length in bits
2015-10-27 15:38:05 +01:00
DH_KEYLENGTH=2048
2015-08-15 10:30:51 +02:00
2015-08-21 18:18:19 +02:00
# repo for atheros AR9271 wifi driver
2016-01-26 16:26:17 +01:00
ATHEROS_WIFI_REPO="https://github.com/qca/open-ath9k-htc-firmware.git"
2015-08-21 18:18:19 +02:00
2015-12-21 12:38:06 +01:00
# Whether Let's Encrypt is enabled for all sites
2015-11-17 23:21:40 +01:00
LETSENCRYPT_ENABLED="no"
LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
2016-02-07 20:14:40 +01:00
RSS_READER_REPO="https://tt-rss.org/git/tt-rss.git tt-rss"
RSS_READER_COMMIT='50bda3fefbff31e5a5503d6fd1a927412fe29026'
RSS_READER_ADMIN_PASSWORD=
2016-02-07 21:26:07 +01:00
RSS_READER_ONION_PORT=8092
2016-02-07 20:14:40 +01:00
RSS_READER_DOMAIN_NAME=ttrss
2016-02-08 15:20:09 +01:00
RSS_MOBILE_READER_REPO="https://github.com/g2ttrss/g2ttrss-mobile"
RSS_MOBILE_READER_COMMIT='c5af46ebf64076e4c62c978551fa749af268710b'
2016-02-07 20:14:40 +01:00
2015-01-16 20:46:15 +01:00
function show_help {
2015-12-30 19:14:32 +01:00
echo ''
echo $"${PROJECT_NAME} -c [configuration file]"
echo ''
echo $' -h --help Show help'
echo $' menuconfig Easy interactive installation'
2015-12-31 14:21:46 +01:00
echo $' menuconfig-full Full interactive installation'
echo $' menuconfig-onion Interactive installation for onion-only sites'
2015-12-30 19:14:32 +01:00
echo $' -c --config Installing from a configuration file'
echo $' --bbb Installing on Beaglebone Black'
echo $' -u --user User to install the system as'
echo $' -d --domain Default domain name'
echo $' -s --system System type'
echo $' --ip Static LAN IP address of the system'
echo $' --iprouter LAN IP address of the internet router'
echo $' --ddns Dynamic DNS provider domain'
echo $' --ddnsuser Dynamic DNS provider username'
echo $' --ddnspass Dynamic DNS provider password'
echo ''
echo $' --microblogdomain Microblog domain name'
echo $' --wikidomain Wiki domain name'
echo $' --blogdomain Blog domain name'
echo $' --ownclouddomain Owncloud domain name'
echo $' --hubzilladomain Hubzilla domain name'
echo $' --gitdomain Git hosting domain name'
echo $' -t --time Domain used as a TLS time source'
echo $' --ssh ssh port number'
echo $' --list Public mailing list name'
echo $' --cores Number of CPU cores'
echo $' --name Your name'
echo $' --email Your email address'
echo $' --usb Path for the USB drive (eg. /dev/sdb1)'
echo $' --cjdns Enable CJDNS'
echo $' --vpass VoIP server password'
echo $' --vport VoIP server port'
echo $' --ns1 First DNS nameserver'
echo $' --ns2 Second DNS nameserver'
echo $' --repo Debian repository'
echo ''
echo $'system types'
echo '------------'
echo $'This can either be blank if you wish to install the full system,'
echo $"or for more specialised variants you can specify '$VARIANT_MAILBOX', '$VARIANT_CLOUD',"
echo $"'$VARIANT_CHAT', '$VARIANT_SOCIAL', '$VARIANT_MEDIA', '$VARIANT_WRITER', '$VARIANT_DEVELOPER'"
echo $"or '$VARIANT_MESH'."
echo ''
echo $"If you wish to install everything except email then use the '$VARIANT_NONMAILBOX' variaint."
echo ''
exit 0
2015-01-16 20:46:15 +01:00
}
2016-01-26 17:20:06 +01:00
function git_clone {
repo_url="$1"
destination_dir="$2"
if [[ "$repo_url" == "ssh:"* ]]; then
2016-02-01 11:05:29 +01:00
if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir"
2016-01-26 17:20:06 +01:00
return
fi
fi
fi
fi
fi
git clone "$repo_url" "$destination_dir"
}
2016-01-27 10:29:47 +01:00
function git_pull {
2016-01-27 11:53:03 +01:00
if [ ! $1 ]; then
echo $'git_pull no repo specified'
fi
2016-01-27 10:29:47 +01:00
git stash
2016-01-27 11:53:03 +01:00
git remote set-url origin $1
2016-01-27 10:38:44 +01:00
git checkout master
2016-02-01 11:05:29 +01:00
if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git pull
2016-01-27 11:53:03 +01:00
if [ $2 ]; then
git checkout $2 -b $2
2016-01-27 10:38:44 +01:00
fi
2016-01-27 10:29:47 +01:00
return
fi
fi
fi
fi
git pull
2016-01-27 10:38:44 +01:00
2016-01-27 11:53:03 +01:00
if [ $2 ]; then
git checkout $2 -b $2
2016-01-27 10:38:44 +01:00
fi
2016-01-27 10:29:47 +01:00
}
2016-01-21 10:35:50 +01:00
function create_database {
app_name="$1"
app_admin_password="$2"
2016-02-03 20:12:38 +01:00
app_admin_username=$3
2016-01-21 10:35:50 +01:00
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
fi
2016-02-03 20:12:38 +01:00
if [ ! $app_admin_username ]; then
app_admin_username=${app_name}admin
fi
2016-01-21 10:35:50 +01:00
echo "create database ${app_name};
2016-02-03 20:12:38 +01:00
CREATE USER '$app_admin_username@localhost' IDENTIFIED BY '${app_admin_password}';
GRANT ALL PRIVILEGES ON ${app_name}.* TO '$app_admin_username@localhost';
2016-01-21 10:35:50 +01:00
quit" > $INSTALL_DIR/batch.sql
chmod 600 $INSTALL_DIR/batch.sql
mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
shred -zu $INSTALL_DIR/batch.sql
}
2015-12-02 15:33:56 +01:00
function locale_setup {
2015-12-30 19:14:32 +01:00
if grep -Fxq "locale_setup" $COMPLETION_FILE; then
return
fi
2015-12-02 15:33:56 +01:00
2015-12-30 19:14:32 +01:00
apt-get -y install locales locales-all debconf
2015-12-02 21:25:48 +01:00
2015-12-30 19:14:32 +01:00
if [ ! "$DEFAULT_LANGUAGE" ]; then
DEFAULT_LANGUAGE='en_GB.UTF-8'
fi
if [ ${#DEFAULT_LANGUAGE} -lt 2 ]; then
DEFAULT_LANGUAGE='en_GB.UTF-8'
fi
2015-12-02 21:25:48 +01:00
2015-12-30 19:14:32 +01:00
update-locale LANG=${DEFAULT_LANGUAGE}
update-locale LANGUAGE=${DEFAULT_LANGUAGE}
update-locale LC_MESSAGES=${DEFAULT_LANGUAGE}
update-locale LC_ALL=${DEFAULT_LANGUAGE}
update-locale LC_CTYPE=${DEFAULT_LANGUAGE}
2015-12-02 15:33:56 +01:00
2015-12-30 19:14:32 +01:00
echo 'locale_setup' >> $COMPLETION_FILE
2015-12-02 15:33:56 +01:00
}
2015-01-18 13:39:14 +01:00
2015-01-18 11:57:52 +01:00
function interactive_configuration_remote_backups {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! -f /usr/local/bin/${PROJECT_NAME}-remote ]; then
if [ ! -f /usr/bin/${PROJECT_NAME}-remote ]; then
echo $"The command ${PROJECT_NAME}-remote was not found"
exit 87354
fi
fi
${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes
if [ ! "$?" = "0" ]; then
echo $'Command failed:'
echo ''
echo $" ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes"
echo ''
exit 65892
fi
2015-01-18 11:57:52 +01:00
}
2015-01-25 21:39:00 +01:00
# test a domain name to see if it's valid
function validate_domain_name {
2015-12-30 19:14:32 +01:00
# count the number of dots in the domain name
dots=${TEST_DOMAIN_NAME//[^.]}
no_of_dots=${#dots}
if (( $no_of_dots > 3 )); then
TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has too many subdomains. It should be of the type w.x.y.z, x.y.z or y.z"
fi
if (( $no_of_dots == 0 )); then
TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has no top level domain. It should be of the type w.x.y.z, x.y.z or y.z"
fi
2015-01-25 21:39:00 +01:00
}
2015-01-17 23:03:17 +01:00
function interactive_configuration {
2015-12-30 19:14:32 +01:00
if [ ! -f /usr/local/bin/${PROJECT_NAME}-config ]; then
if [ ! -f /usr/bin/${PROJECT_NAME}-config ]; then
echo $"The command ${PROJECT_NAME}-config was not found"
exit 63935
fi
fi
if [ -f /tmp/meshuserdevice ]; then
rm -f /tmp/meshuserdevice
fi
2016-01-04 12:01:45 +01:00
if [[ $ONION_ONLY == "no" ]]; then
if [[ $MINIMAL_INSTALL == "no" ]]; then
${PROJECT_NAME}-config \
-f $CONFIGURATION_FILE \
2016-01-25 18:16:51 +01:00
-w $PROJECT_WEBSITE \
-b $PROJECT_BITMESSAGE \
2016-01-04 12:01:45 +01:00
-m $MINIMUM_PASSWORD_LENGTH
else
${PROJECT_NAME}-config \
-f $CONFIGURATION_FILE \
2016-01-25 18:16:51 +01:00
-w $PROJECT_WEBSITE \
-b $PROJECT_BITMESSAGE \
2016-01-04 12:01:45 +01:00
-m $MINIMUM_PASSWORD_LENGTH \
--minimal "yes"
fi
2015-12-30 19:14:32 +01:00
else
${PROJECT_NAME}-config \
-f $CONFIGURATION_FILE \
2016-01-25 18:16:51 +01:00
-w $PROJECT_WEBSITE \
-b $PROJECT_BITMESSAGE \
2015-12-30 19:14:32 +01:00
-m $MINIMUM_PASSWORD_LENGTH \
2016-01-04 12:01:45 +01:00
--onion "yes"
2015-12-30 19:14:32 +01:00
fi
if [ -f /tmp/meshuserdevice ]; then
# mesh network user device installation
rm -f /tmp/meshuserdevice
exit 0
fi
if [ ! "$?" = "0" ]; then
echo $'Command failed:'
echo ''
2016-01-25 18:16:51 +01:00
echo $" ${PROJECT_NAME}-config -u $MY_USERNAME -f $CONFIGURATION_FILE -w $PROJECT_WEBSITE -b $PROJECT_BITMESSAGE -m $MINIMUM_PASSWORD_LENGTH --minimal [yes|no]"
2015-12-30 19:14:32 +01:00
echo ''
exit 73594
fi
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
dialog --title $"Encrypted backup to other servers" \
--backtitle $"${PROJECT_NAME} Configuration" \
--defaultno \
--yesno $"\nDo you wish to configure some remote backup locations?" 7 60
sel=$?
case $sel in
0) interactive_configuration_remote_backups;;
esac
fi
2015-01-17 23:03:17 +01:00
}
2015-11-30 15:25:09 +01:00
command_options=$1
2015-12-31 14:21:46 +01:00
if [[ $command_options == "menuconfig-full" ]]; then
2015-12-30 19:14:32 +01:00
MINIMAL_INSTALL="no"
command_options="menuconfig"
2015-11-30 15:25:09 +01:00
fi
2015-12-31 14:21:46 +01:00
if [[ $command_options == "menuconfig-onion" ]]; then
MINIMAL_INSTALL="yes"
ONION_ONLY="yes"
command_options="menuconfig"
fi
2015-11-30 15:25:09 +01:00
if [[ $command_options == "menuconfig" ]]; then
2015-12-30 19:14:32 +01:00
interactive_configuration
2015-01-17 23:03:17 +01:00
else
2015-12-30 19:14:32 +01:00
while [[ $# > 1 ]]
do
key="$1"
case $key in
-h|--help)
show_help
;;
# load a configuration file
-c|--config)
shift
CONFIGURATION_FILE="$1"
INSTALLING_FROM_CONFIGURATION_FILE="yes"
break
;;
# username within /home
-u|--user)
shift
MY_USERNAME="$1"
;;
# microblog domain name
--microblogdomain)
shift
MICROBLOG_DOMAIN_NAME="$1"
;;
# wiki domain name
--wikidomain)
shift
WIKI_DOMAIN_NAME="$1"
;;
# blog domain name
--blogdomain)
shift
FULLBLOG_DOMAIN_NAME="$1"
;;
# owncloud domain name
--ownclouddomain)
shift
OWNCLOUD_DOMAIN_NAME="$1"
;;
# hubzilla domain name
--hubzilladomain)
shift
HUBZILLA_DOMAIN_NAME="$1"
;;
# git hosting domain name
--gitdomain)
shift
GIT_DOMAIN_NAME="$1"
;;
# default domain name
-d|--domain)
shift
DEFAULT_DOMAIN_NAME="$1"
;;
# The type of system
-s|--system)
shift
SYSTEM_TYPE="$1"
;;
# The dynamic DNS provider
--ddns)
shift
DDNS_PROVIDER="$1"
;;
# Username for the synamic DNS provider
--ddnsuser)
shift
DDNS_USERNAME="$1"
;;
# Password for the synamic DNS provider
--ddnspass)
shift
DDNS_PASSWORD="$1"
;;
# Whether this installation is on a Beaglebone Black
--bbb)
INSTALLING_ON_BBB="yes"
;;
# Domain name to use as a TLS time source
-t|--time)
shift
TLS_TIME_SOURCE1="$1"
;;
# Static IP address for the system
--ip)
shift
LOCAL_NETWORK_STATIC_IP_ADDRESS=$1
;;
# IP address for the internet router
--iprouter)
shift
ROUTER_IP_ADDRESS=$1
;;
# ssh port
--ssh)
shift
SSH_PORT=$1
;;
# public mailing list name
--list)
shift
PUBLIC_MAILING_LIST="$1"
;;
# Number of CPU cores
--cores)
shift
CPU_CORES=$1
;;
# my name
--name)
shift
MY_NAME="$1"
;;
# my email address
--email)
shift
MY_EMAIL_ADDRESS="$1"
;;
# USB drive
--usb)
shift
USB_DRIVE=$1
;;
# Enable CJDNS
--cjdns)
shift
ENABLE_CJDNS="yes"
;;
# Enable B.A.T.M.A.N
--batman)
shift
ENABLE_BATMAN="yes"
;;
# Enable Babel
--babel)
shift
ENABLE_BABEL="yes"
;;
# VoIP server password
--vpass)
shift
VOIP_SERVER_PASSWORD=$1
;;
# VoIP server port
--vport)
shift
VOIP_PORT=$1
;;
# DNS Nameserver 1
--ns1)
shift
NAMESERVER1=$1
;;
# DNS Nameserver 2
--ns2)
shift
NAMESERVER2=$1
;;
# Debian repository
--repo)
shift
DEBIAN_REPO=$1
;;
# minimal install
--minimal)
shift
MINIMAL_INSTALL=$1
;;
*)
# unknown option
;;
esac
shift
done
2015-01-17 23:03:17 +01:00
fi
2015-01-16 22:05:12 +01:00
2015-01-16 20:46:15 +01:00
function parse_args {
2015-12-30 19:14:32 +01:00
if [[ $NO_OF_ARGS == 0 ]]; then
echo 'no_of_args = 0'
show_help
exit 0
fi
if [ ! -d /home/$MY_USERNAME ]; then
echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
exit 1
fi
if [ ! "$DEFAULT_DOMAIN_NAME" ]; then
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
echo 'No default domain specified'
show_help
exit 2
fi
fi
if [ ! $MY_USERNAME ]; then
echo 'No username specified'
show_help
exit 3
fi
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
2016-01-04 12:55:48 +01:00
if [[ $ONION_ONLY == "no" ]]; then
if [ ! $DDNS_USERNAME ]; then
echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
exit 7823
fi
if [ ! $DDNS_PASSWORD ]; then
echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option'
exit 6382
fi
2015-12-30 19:14:32 +01:00
fi
fi
if [ ! $SYSTEM_TYPE ]; then
SYSTEM_TYPE=$VARIANT_FULL
fi
if [[ $SYSTEM_TYPE != $VARIANT_WRITER && $SYSTEM_TYPE != $VARIANT_CLOUD && $SYSTEM_TYPE != $VARIANT_CHAT && $SYSTEM_TYPE != $VARIANT_MAILBOX && $SYSTEM_TYPE != $VARIANT_NONMAILBOX && $SYSTEM_TYPE != $VARIANT_SOCIAL && $SYSTEM_TYPE != $VARIANT_MEDIA && $SYSTEM_TYPE != $VARIANT_DEVELOPER && $SYSTEM_TYPE != $VARIANT_MESH && $SYSTEM_TYPE != $VARIANT_FULL ]]; then
echo $"'$SYSTEM_TYPE' is an unrecognised ${PROJECT_NAME} variant."
exit 30
fi
2015-01-16 20:46:15 +01:00
}
2016-01-26 16:57:47 +01:00
function read_repo_servers {
2016-01-27 11:06:39 +01:00
if [ -f $CONFIGURATION_FILE ]; then
2016-02-01 11:05:29 +01:00
if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
2016-01-27 11:06:39 +01:00
fi
2016-02-01 11:05:29 +01:00
if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
2016-01-27 11:06:39 +01:00
fi
2016-02-01 11:05:29 +01:00
if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
2016-01-27 11:06:39 +01:00
fi
2016-02-01 11:05:29 +01:00
if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
2016-01-27 11:06:39 +01:00
fi
2016-01-26 16:57:47 +01:00
fi
2016-02-01 11:05:29 +01:00
if [ ! $FRIENDS_MIRRORS_SERVER ]; then
2016-01-26 16:57:47 +01:00
return
fi
2016-02-01 11:05:29 +01:00
if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
2016-01-26 16:57:47 +01:00
return
fi
MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
if [ ! -f $MAIN_COMMAND ]; then
MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
fi
REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
for line in "${REPOS[@]}"
do
repo_name=$(echo "$line" | awk -F '=' '{print $1}')
2016-02-01 11:05:29 +01:00
mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
2016-01-26 16:57:47 +01:00
${repo_name}="${friends_repo_url}"
done
}
2015-01-16 20:46:15 +01:00
function read_configuration {
2015-12-30 19:14:32 +01:00
# if not installing on a Beaglebone then use sdb as the USB drive by default
if [ ! $INSTALLING_ON_BBB ]; then
if [[ $USB_DRIVE == /dev/sda1 ]]; then
USB_DRIVE=/dev/sdb1
fi
fi
if [[ $INSTALLING_FROM_CONFIGURATION_FILE == "yes" ]]; then
if [ ! -f $CONFIGURATION_FILE ]; then
echo $"The configuration file $CONFIGURATION_FILE was not found"
exit 8935
fi
fi
if [ -f $CONFIGURATION_FILE ]; then
2016-01-26 16:57:47 +01:00
read_repo_servers
2015-12-30 19:14:32 +01:00
# Ensure that a copy of the config exists for upgrade purposes
if [[ $CONFIGURATION_FILE != "/root/${PROJECT_NAME}.cfg" ]]; then
cp $CONFIGURATION_FILE /root/${PROJECT_NAME}.cfg
fi
2016-02-07 20:14:40 +01:00
if grep -q "RSS_READER_REPO" $CONFIGURATION_FILE; then
RSS_READER_REPO=$(grep "RSS_READER_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2016-02-08 12:14:02 +01:00
if grep -q "RSS_MOBILE_READER_REPO" $CONFIGURATION_FILE; then
RSS_MOBILE_READER_REPO=$(grep "RSS_MOBILE_READER_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2016-02-07 20:14:40 +01:00
if grep -q "RSS_READER_COMMIT" $CONFIGURATION_FILE; then
RSS_READER_COMMIT=$(grep "RSS_READER_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2016-02-08 12:14:02 +01:00
if grep -q "RSS_MOBILE_READER_COMMIT" $CONFIGURATION_FILE; then
RSS_MOBILE_READER_COMMIT=$(grep "RSS_MOBILE_READER_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2016-02-07 20:14:40 +01:00
if grep -q "RSS_READER_ADMIN_PASSWORD" $CONFIGURATION_FILE; then
RSS_READER_ADMIN_PASSWORD=$(grep "RSS_READER_ADMIN_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "RSS_READER_DOMAIN_NAME" $CONFIGURATION_FILE; then
RSS_READER_DOMAIN_NAME=$(grep "RSS_READER_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2016-02-04 16:54:46 +01:00
if grep -q "MICROBLOG_BACKGROUND_IMAGE_URL" $CONFIGURATION_FILE; then
MICROBLOG_BACKGROUND_IMAGE_URL=$(grep "MICROBLOG_BACKGROUND_IMAGE_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2016-02-04 10:46:06 +01:00
if grep -q "MICROBLOG_WELCOME_MESSAGE" $CONFIGURATION_FILE; then
MICROBLOG_WELCOME_MESSAGE=$(grep "MICROBLOG_WELCOME_MESSAGE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2016-01-25 18:18:58 +01:00
if grep -q "PROJECT_WEBSITE" $CONFIGURATION_FILE; then
PROJECT_WEBSITE=$(grep "PROJECT_WEBSITE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "PROJECT_REPO" $CONFIGURATION_FILE; then
PROJECT_REPO=$(grep "PROJECT_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2015-12-30 19:54:31 +01:00
if grep -q "ONION_ONLY" $CONFIGURATION_FILE; then
ONION_ONLY=$(grep "ONION_ONLY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2015-12-30 19:14:32 +01:00
if grep -q "IRC_PASSWORD" $CONFIGURATION_FILE; then
IRC_PASSWORD=$(grep "IRC_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DEFAULT_LANGUAGE" $CONFIGURATION_FILE; then
DEFAULT_LANGUAGE=$(grep "DEFAULT_LANGUAGE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MINIMAL_INSTALL" $CONFIGURATION_FILE; then
MINIMAL_INSTALL=$(grep "MINIMAL_INSTALL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "LETSENCRYPT_SERVER" $CONFIGURATION_FILE; then
LETSENCRYPT_SERVER=$(grep "LETSENCRYPT_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "FULLBLOG_REPO" $CONFIGURATION_FILE; then
FULLBLOG_REPO=$(grep "FULLBLOG_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "FULLBLOG_COMMIT" $CONFIGURATION_FILE; then
FULLBLOG_COMMIT=$(grep "FULLBLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GOGS_COMMIT" $CONFIGURATION_FILE; then
GOGS_COMMIT=$(grep "GOGS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "TOX_COMMIT" $CONFIGURATION_FILE; then
TOX_COMMIT=$(grep "TOX_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "TOXIC_COMMIT" $CONFIGURATION_FILE; then
TOXIC_COMMIT=$(grep "TOXIC_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GPGIT_REPO" $CONFIGURATION_FILE; then
GPGIT_REPO=$(grep "GPGIT_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GPGIT_COMMIT" $CONFIGURATION_FILE; then
GPGIT_COMMIT=$(grep "GPGIT_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "OWNCLOUD_MUSIC_APP_COMMIT" $CONFIGURATION_FILE; then
OWNCLOUD_MUSIC_APP_COMMIT=$(grep "OWNCLOUD_MUSIC_APP_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2016-01-26 16:40:56 +01:00
if grep -q "HUBZILLA_REPO" $CONFIGURATION_FILE; then
HUBZILLA_REPO=$(grep "HUBZILLA_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2015-12-30 19:14:32 +01:00
if grep -q "HUBZILLA_COMMIT" $CONFIGURATION_FILE; then
HUBZILLA_COMMIT=$(grep "HUBZILLA_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "IPFS_COMMIT" $CONFIGURATION_FILE; then
IPFS_COMMIT=$(grep "IPFS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ZERONET_BLOG_COMMIT" $CONFIGURATION_FILE; then
ZERONET_BLOG_COMMIT=$(grep "ZERONET_BLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ZERONET_MAIL_COMMIT" $CONFIGURATION_FILE; then
ZERONET_MAIL_COMMIT=$(grep "ZERONET_MAIL_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ZERONET_FORUM_COMMIT" $CONFIGURATION_FILE; then
ZERONET_FORUM_COMMIT=$(grep "ZERONET_FORUM_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
2016-02-04 11:38:07 +01:00
if grep -q "MICROBLOG_COMMIT" $CONFIGURATION_FILE; then
MICROBLOG_COMMIT=$(grep "MICROBLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
2015-12-30 19:14:32 +01:00
fi
if grep -q "NGINX_ENSITE_REPO" $CONFIGURATION_FILE; then
NGINX_ENSITE_REPO=$(grep "NGINX_ENSITE_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "NGINX_ENSITE_COMMIT" $CONFIGURATION_FILE; then
NGINX_ENSITE_COMMIT=$(grep "NGINX_ENSITE_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CLEANUP_MAILDIR_COMMIT" $CONFIGURATION_FILE; then
CLEANUP_MAILDIR_COMMIT=$(grep "CLEANUP_MAILDIR_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CLEANUP_MAILDIR_REPO" $CONFIGURATION_FILE; then
CLEANUP_MAILDIR_REPO=$(grep "CLEANUP_MAILDIR_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ZERONET_COMMIT" $CONFIGURATION_FILE; then
ZERONET_COMMIT=$(grep "ZERONET_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "INADYN_REPO" $CONFIGURATION_FILE; then
INADYN_REPO=$(grep "INADYN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "INADYN_COMMIT" $CONFIGURATION_FILE; then
INADYN_COMMIT=$(grep "INADYN_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GPG_KEYSERVER" $CONFIGURATION_FILE; then
GPG_KEYSERVER=$(grep "GPG_KEYSERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "IPFS_PORT" $CONFIGURATION_FILE; then
IPFS_PORT=$(grep "IPFS_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "TRACKER_PORT" $CONFIGURATION_FILE; then
TRACKER_PORT=$(grep "TRACKER_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ZERONET_PORT" $CONFIGURATION_FILE; then
ZERONET_PORT=$(grep "ZERONET_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DH_KEYLENGTH" $CONFIGURATION_FILE; then
DH_KEYLENGTH=$(grep "DH_KEYLENGTH" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "WIFI_INTERFACE" $CONFIGURATION_FILE; then
WIFI_INTERFACE=$(grep "WIFI_INTERFACE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "IRC_PORT" $CONFIGURATION_FILE; then
IRC_PORT=$(grep "IRC_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "WIFI_CHANNEL" $CONFIGURATION_FILE; then
WIFI_CHANNEL=$(grep "WIFI_CHANNEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "BATMAN_CELLID" $CONFIGURATION_FILE; then
BATMAN_CELLID=$(grep "BATMAN_CELLID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ESSID" $CONFIGURATION_FILE; then
ESSID=$(grep "ESSID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "TOX_PORT" $CONFIGURATION_FILE; then
TOX_PORT=$(grep "TOX_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "TOX_NODES" $CONFIGURATION_FILE; then
TOX_NODES=$(grep "TOX_NODES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "TOX_REPO" $CONFIGURATION_FILE; then
TOX_REPO=$(grep "TOX_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ENABLE_SOCIAL_KEY_MANAGEMENT" $CONFIGURATION_FILE; then
ENABLE_SOCIAL_KEY_MANAGEMENT=$(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "IPV6_NETWORK" $CONFIGURATION_FILE; then
IPV6_NETWORK=$(grep "IPV6_NETWORK" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "HWRNG_TYPE" $CONFIGURATION_FILE; then
HWRNG_TYPE=$(grep "HWRNG_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MEDIAGOBLIN_DOMAIN_NAME" $CONFIGURATION_FILE; then
MEDIAGOBLIN_DOMAIN_NAME=$(grep "MEDIAGOBLIN_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MEDIAGOBLIN_CODE" $CONFIGURATION_FILE; then
MEDIAGOBLIN_CODE=$(grep "MEDIAGOBLIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GIT_ADMIN_PASSWORD" $CONFIGURATION_FILE; then
GIT_ADMIN_PASSWORD=$(grep "GIT_ADMIN_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GIT_DOMAIN_NAME" $CONFIGURATION_FILE; then
GIT_DOMAIN_NAME=$(grep "GIT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GIT_CODE" $CONFIGURATION_FILE; then
GIT_CODE=$(grep "GIT_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SYSTEM_TYPE" $CONFIGURATION_FILE; then
SYSTEM_TYPE=$(grep "SYSTEM_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSL_PROTOCOLS" $CONFIGURATION_FILE; then
SSL_PROTOCOLS=$(grep "SSL_PROTOCOLS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSL_CIPHERS" $CONFIGURATION_FILE; then
SSL_CIPHERS=$(grep "SSL_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_CIPHERS" $CONFIGURATION_FILE; then
SSH_CIPHERS=$(grep "SSH_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_MACS" $CONFIGURATION_FILE; then
SSH_MACS=$(grep "SSH_MACS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_KEX" $CONFIGURATION_FILE; then
SSH_KEX=$(grep "SSH_KEX" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE; then
SSH_HOST_KEY_ALGORITHMS=$(grep "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_PASSWORDS" $CONFIGURATION_FILE; then
SSH_PASSWORDS=$(grep "SSH_PASSWORDS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "XMPP_CIPHERS" $CONFIGURATION_FILE; then
XMPP_CIPHERS=$(grep "XMPP_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "XMPP_ECC_CURVE" $CONFIGURATION_FILE; then
XMPP_ECC_CURVE=$(grep "XMPP_ECC_CURVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then
MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DOMAIN_NAME" $CONFIGURATION_FILE; then
# for backwards compatability
DEFAULT_DOMAIN_NAME=$(grep "DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
DEFAULT_DOMAIN_NAME=$(grep "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE; then
DEFAULT_DOMAIN_CODE=$(grep "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "NAMESERVER1" $CONFIGURATION_FILE; then
NAMESERVER1=$(grep "NAMESERVER1" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "NAMESERVER2" $CONFIGURATION_FILE; then
NAMESERVER2=$(grep "NAMESERVER2" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DEBIAN_REPO" $CONFIGURATION_FILE; then
DEBIAN_REPO=$(grep "DEBIAN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
CHECK_MESSAGE=$"Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
fi
if grep -q "VOIP_PORT" $CONFIGURATION_FILE; then
VOIP_PORT=$(grep "VOIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then
VOIP_SERVER_PASSWORD=$(grep "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SIP_PORT" $CONFIGURATION_FILE; then
SIP_PORT=$(grep "SIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then
SIP_SERVER_PASSWORD=$(grep "SIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE; then
GET_IP_ADDRESS_URL=$(grep "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DDNS_PROVIDER" $CONFIGURATION_FILE; then
DDNS_PROVIDER=$(grep "DDNS_PROVIDER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DDNS_USERNAME" $CONFIGURATION_FILE; then
DDNS_USERNAME=$(grep "DDNS_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DDNS_PASSWORD" $CONFIGURATION_FILE; then
DDNS_PASSWORD=$(grep "DDNS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE; then
LOCAL_NETWORK_STATIC_IP_ADDRESS=$(grep "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ENABLE_BABEL" $CONFIGURATION_FILE; then
ENABLE_BABEL=$(grep "ENABLE_BABEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ENABLE_BATMAN" $CONFIGURATION_FILE; then
ENABLE_BATMAN=$(grep "ENABLE_BATMAN" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ENABLE_CJDNS" $CONFIGURATION_FILE; then
ENABLE_CJDNS=$(grep "ENABLE_CJDNS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CJDNS_COMMIT" $CONFIGURATION_FILE; then
CJDNS_COMMIT=$(grep "CJDNS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CJDNS_IPV6" $CONFIGURATION_FILE; then
CJDNS_IPV6=$(grep "CJDNS_IPV6" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE; then
CJDNS_PUBLIC_KEY=$(grep "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE; then
CJDNS_PRIVATE_KEY=$(grep "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE; then
ROUTER_IP_ADDRESS=$(grep "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CPU_CORES" $CONFIGURATION_FILE; then
CPU_CORES=$(grep "CPU_CORES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE; then
WEBSERVER_LOG_LEVEL=$(grep "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE; then
ROUTE_THROUGH_TOR=$(grep "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "WIKI_TITLE" $CONFIGURATION_FILE; then
WIKI_TITLE=$(grep "WIKI_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_NAME" $CONFIGURATION_FILE; then
MY_NAME=$(grep "MY_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE; then
MY_EMAIL_ADDRESS=$(grep "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "INSTALLING_ON_BBB" $CONFIGURATION_FILE; then
INSTALLING_ON_BBB=$(grep "INSTALLING_ON_BBB" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_PORT" $CONFIGURATION_FILE; then
SSH_PORT=$(grep "SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE; then
INSTALLED_WITHIN_DOCKER=$(grep "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE; then
PUBLIC_MAILING_LIST=$(grep "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
MICROBLOG_DOMAIN_NAME=$(grep "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MICROBLOG_CODE" $CONFIGURATION_FILE; then
MICROBLOG_CODE=$(grep "MICROBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "HUBZILLA_DOMAIN_NAME" $CONFIGURATION_FILE; then
HUBZILLA_DOMAIN_NAME=$(grep "HUBZILLA_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "HUBZILLA_CODE" $CONFIGURATION_FILE; then
HUBZILLA_CODE=$(grep "HUBZILLA_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE; then
OWNCLOUD_DOMAIN_NAME=$(grep "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "OWNCLOUD_CODE" $CONFIGURATION_FILE; then
OWNCLOUD_CODE=$(grep "OWNCLOUD_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE; then
WIKI_DOMAIN_NAME=$(grep "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "WIKI_CODE" $CONFIGURATION_FILE; then
WIKI_CODE=$(grep "WIKI_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
FULLBLOG_DOMAIN_NAME=$(grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "FULLBLOG_CODE" $CONFIGURATION_FILE; then
FULLBLOG_CODE=$(grep "FULLBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_BLOG_TITLE" $CONFIGURATION_FILE; then
MY_BLOG_TITLE=$(grep "MY_BLOG_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE; then
MY_BLOG_SUBTITLE=$(grep "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE; then
GPG_ENCRYPT_STORED_EMAIL=$(grep "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE; then
MY_GPG_PUBLIC_KEY=$(grep "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE; then
MY_GPG_PRIVATE_KEY=$(grep "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE; then
MY_GPG_PUBLIC_KEY_ID=$(grep "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "USB_DRIVE" $CONFIGURATION_FILE; then
USB_DRIVE=$(grep "USB_DRIVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MAX_PHP_MEMORY" $CONFIGURATION_FILE; then
MAX_PHP_MEMORY=$(grep "MAX_PHP_MEMORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "TLS_TIME_SOURCE1" $CONFIGURATION_FILE; then
TLS_TIME_SOURCE1=$(grep "TLS_TIME_SOURCE1" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "TLS_TIME_SOURCE2" $CONFIGURATION_FILE; then
TLS_TIME_SOURCE2=$(grep "TLS_TIME_SOURCE2" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
fi
2016-01-15 15:41:59 +01:00
echo "System type: $SYSTEM_TYPE"
2015-01-16 20:46:15 +01:00
}
2015-12-30 20:04:10 +01:00
function set_default_onion_domains {
# If sites are only visible via Tor then for installation
# purposes assign them some default domain names
if [[ $ONION_ONLY == "no" ]]; then
return
fi
if [ $OWNCLOUD_DOMAIN_NAME ]; then
2015-12-31 14:02:44 +01:00
OWNCLOUD_DOMAIN_NAME='owncloud.local'
2015-12-30 20:04:10 +01:00
fi
if [ $MICROBLOG_DOMAIN_NAME ]; then
2015-12-31 14:02:44 +01:00
MICROBLOG_DOMAIN_NAME='microblog.local'
2015-12-30 20:04:10 +01:00
fi
if [ $FULLBLOG_DOMAIN_NAME ]; then
2015-12-31 14:02:44 +01:00
FULLBLOG_DOMAIN_NAME='blog.local'
2015-12-30 20:04:10 +01:00
fi
if [ $GIT_DOMAIN_NAME ]; then
2015-12-31 14:02:44 +01:00
GIT_DOMAIN_NAME='git.local'
2015-12-30 20:04:10 +01:00
fi
if [ $WIKI_DOMAIN_NAME ]; then
2015-12-31 14:02:44 +01:00
WIKI_DOMAIN_NAME='wiki.local'
2015-12-30 20:04:10 +01:00
fi
if [ $DEFAULT_DOMAIN_NAME ]; then
2015-12-31 13:00:55 +01:00
DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
2015-12-30 20:04:10 +01:00
fi
}
2016-01-07 10:40:00 +01:00
function wait_for_onion_service {
onion_service_name="$1"
2016-01-07 10:53:38 +01:00
2016-01-07 10:40:00 +01:00
sleep_ctr=0
while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
sleep 1
sleep_ctr=$((sleep_ctr + 1))
2016-01-07 10:53:38 +01:00
if [ $sleep_ctr -gt 10 ]; then
2016-01-07 10:40:00 +01:00
break
fi
done
2016-01-07 10:53:38 +01:00
if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
# restart and try a second time
systemctl restart tor
sleep_ctr=0
while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
sleep 1
sleep_ctr=$((sleep_ctr + 1))
if [ $sleep_ctr -gt 10 ]; then
break
fi
done
fi
2016-01-07 10:40:00 +01:00
}
2016-01-06 10:29:07 +01:00
function add_onion_service {
onion_service_name="$1"
onion_service_port_from=$2
onion_service_port_to=$3
2016-01-09 19:56:12 +01:00
if [ -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
return
fi
2016-01-06 10:29:07 +01:00
if [ ! -d /var/lib/tor ]; then
echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured."
exit 877367
fi
if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc
echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
fi
systemctl restart tor
2016-01-07 10:40:00 +01:00
wait_for_onion_service ${onion_service_name}
2016-01-06 10:29:07 +01:00
if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
echo $"${onion_service_name} onion site hostname not found"
exit 76362
fi
echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
}
2015-12-31 14:02:44 +01:00
function create_avahi_onion_domains {
2015-12-31 14:04:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
2016-01-02 12:02:06 +01:00
if [ ! -d /etc/avahi/services ]; then
return
fi
2015-12-31 14:02:44 +01:00
if [ $OWNCLOUD_DOMAIN_NAME ]; then
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/owncloud.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/owncloud.service
echo '<service-group>' >> /etc/avahi/services/owncloud.service
echo ' <name replace-wildcards="yes">%h HTTP</name>' >> /etc/avahi/services/owncloud.service
echo ' <service>' >> /etc/avahi/services/owncloud.service
echo ' <type>_http._tcp</type>' >> /etc/avahi/services/owncloud.service
echo " <port>$OWNCLOUD_ONION_PORT</port>" >> /etc/avahi/services/owncloud.service
echo ' </service>' >> /etc/avahi/services/owncloud.service
echo '</service-group>' >> /etc/avahi/services/owncloud.service
fi
if [ $MICROBLOG_DOMAIN_NAME ]; then
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/microblog.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/microblog.service
echo '<service-group>' >> /etc/avahi/services/microblog.service
echo ' <name replace-wildcards="yes">%h HTTP</name>' >> /etc/avahi/services/microblog.service
echo ' <service>' >> /etc/avahi/services/microblog.service
echo ' <type>_http._tcp</type>' >> /etc/avahi/services/microblog.service
echo " <port>$MICROBLOG_ONION_PORT</port>" >> /etc/avahi/services/microblog.service
echo ' </service>' >> /etc/avahi/services/microblog.service
echo '</service-group>' >> /etc/avahi/services/microblog.service
fi
if [ $FULLBLOG_DOMAIN_NAME ]; then
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/blog.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/blog.service
echo '<service-group>' >> /etc/avahi/services/blog.service
echo ' <name replace-wildcards="yes">%h HTTP</name>' >> /etc/avahi/services/blog.service
echo ' <service>' >> /etc/avahi/services/blog.service
echo ' <type>_http._tcp</type>' >> /etc/avahi/services/blog.service
echo " <port>$BLOG_ONION_PORT</port>" >> /etc/avahi/services/blog.service
echo ' </service>' >> /etc/avahi/services/blog.service
echo '</service-group>' >> /etc/avahi/services/blog.service
fi
if [ $GIT_DOMAIN_NAME ]; then
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/git.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/git.service
echo '<service-group>' >> /etc/avahi/services/git.service
echo ' <name replace-wildcards="yes">%h HTTP</name>' >> /etc/avahi/services/git.service
echo ' <service>' >> /etc/avahi/services/git.service
echo ' <type>_http._tcp</type>' >> /etc/avahi/services/git.service
echo " <port>$GIT_ONION_PORT</port>" >> /etc/avahi/services/git.service
echo ' </service>' >> /etc/avahi/services/git.service
echo '</service-group>' >> /etc/avahi/services/git.service
fi
if [ $WIKI_DOMAIN_NAME ]; then
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/wiki.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/wiki.service
echo '<service-group>' >> /etc/avahi/services/wiki.service
echo ' <name replace-wildcards="yes">%h HTTP</name>' >> /etc/avahi/services/wiki.service
echo ' <service>' >> /etc/avahi/services/wiki.service
echo ' <type>_http._tcp</type>' >> /etc/avahi/services/wiki.service
echo " <port>$WIKI_ONION_PORT</port>" >> /etc/avahi/services/wiki.service
echo ' </service>' >> /etc/avahi/services/wiki.service
echo '</service-group>' >> /etc/avahi/services/wiki.service
fi
}
2015-01-29 15:39:15 +01:00
# check an individual domain name
function test_domain_name {
2015-12-30 19:14:32 +01:00
if [ $1 ]; then
TEST_DOMAIN_NAME=$1
validate_domain_name
if [[ $TEST_DOMAIN_NAME != $1 ]]; then
echo $TEST_DOMAIN_NAME
exit 8528
fi
fi
2015-01-29 15:39:15 +01:00
}
# check that domain names are sensible
function check_domains {
2015-12-30 19:14:32 +01:00
if [ $WIKI_DOMAIN_NAME ]; then
test_domain_name "$WIKI_DOMAIN_NAME"
if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
echo $'Wiki domain name is the same as Owncloud domain name. They must be different'
exit 73863
fi
if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
echo $'Wiki domain name is the same as blog domain name. They must be different'
exit 97326
fi
if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
echo $'Wiki domain name is the same as microblog domain name. They must be different'
exit 36827
fi
if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
echo $'Wiki domain name is the same as hubzilla domain name. They must be different'
exit 65848
fi
if [ $GIT_DOMAIN_NAME ]; then
if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
echo $'Wiki domain name is the same as Gogs domain name. They must be different'
exit 73529
fi
fi
fi
if [ $OWNCLOUD_DOMAIN_NAME ]; then
test_domain_name "$OWNCLOUD_DOMAIN_NAME"
if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
echo $'Owncloud domain name is the same as wiki domain name. They must be different'
exit 37994
fi
if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
echo $'Owncloud domain name is the same as blog domain name. They must be different'
exit 37936
fi
if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
echo $'Owncloud domain name is the same as microblog domain name. They must be different'
exit 36896
fi
if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
echo $'Owncloud domain name is the same as hubzilla domain name. They must be different'
exit 68365
fi
if [ $GIT_DOMAIN_NAME ]; then
if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
echo $'Owncloud domain name is the same as Gogs domain name. They must be different'
exit 27692
fi
fi
fi
if [ $FULLBLOG_DOMAIN_NAME ]; then
test_domain_name "$FULLBLOG_DOMAIN_NAME"
if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
echo $'Blog domain name is the same as wiki domain name. They must be different'
exit 62348
fi
if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
echo $'Blog domain name is the same as Owncloud domain name. They must be different'
exit 84682
fi
if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
echo $'Blog domain name is the same as microblog domain name. They must be different'
exit 38236
fi
if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
echo $'Blog domain name is the same as hubzilla domain name. They must be different'
exit 35483
fi
if [ $GIT_DOMAIN_NAME ]; then
if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
echo $'Blog domain name is the same as Gogs domain name. They must be different'
exit 84695
fi
fi
fi
if [ $MICROBLOG_DOMAIN_NAME ]; then
test_domain_name "$MICROBLOG_DOMAIN_NAME"
if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
echo $'Microblog domain name is the same as wiki domain name. They must be different'
exit 73924
fi
if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
echo $'Microblog domain name is the same as Owncloud domain name. They must be different'
exit 73683
fi
if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
echo $'Microblog domain name is the same as blog domain name. They must be different'
exit 26832
fi
if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
echo $'Microblog domain name is the same as hubzilla domain name. They must be different'
exit 678382
fi
if [ $GIT_DOMAIN_NAME ]; then
if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
echo $'Microblog domain name is the same as Gogs domain name. They must be different'
exit 684325
fi
fi
fi
if [ $HUBZILLA_DOMAIN_NAME ]; then
test_domain_name "$HUBZILLA_DOMAIN_NAME"
if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
echo $'Hubzilla domain name is the same as wiki domain name. They must be different'
exit 83682
fi
if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
echo $'Hubzilla domain name is the same as Owncloud domain name. They must be different'
exit 65192
fi
if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
echo $'Hubzilla domain name is the same as blog domain name. They must be different'
exit 74817
fi
if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
echo $'Hubzilla domain name is the same as microblog domain name. They must be different'
exit 83683
fi
if [ $GIT_DOMAIN_NAME ]; then
if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
echo $'Hubzilla domain name is the same as Gogs domain name. They must be different'
exit 135523
fi
fi
fi
if [ $GIT_DOMAIN_NAME ]; then
test_domain_name "$GIT_DOMAIN_NAME"
if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
echo $'Hubzilla domain name is the same as wiki domain name. They must be different'
exit 83682
fi
if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
echo $'Hubzilla domain name is the same as Owncloud domain name. They must be different'
exit 65192
fi
if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
echo $'Hubzilla domain name is the same as blog domain name. They must be different'
exit 74817
fi
if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
echo $'Hubzilla domain name is the same as microblog domain name. They must be different'
exit 83683
fi
if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
echo $'Microblog domain name is the same as hubzilla domain name. They must be different'
exit 678382
fi
fi
2015-01-29 15:39:15 +01:00
}
2015-01-27 21:11:41 +01:00
# Checks whether certificates were generated for the given hostname
function check_certificates {
2015-12-30 19:14:32 +01:00
if [ ! $1 ]; then
return
fi
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
if [ ! -f /etc/ssl/private/$1.key ]; then
echo $"Private certificate for $CHECK_HOSTNAME was not created"
exit 63959
fi
if [ ! -f /etc/ssl/certs/$1.crt ]; then
echo $"Public certificate for $CHECK_HOSTNAME was not created"
exit 7679
fi
else
if [ ! -f /etc/letsencrypt/live/${1}/privkey.pem ]; then
echo $"Private certificate for $CHECK_HOSTNAME was not created"
exit 6282
fi
if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ]; then
echo $"Public certificate for $CHECK_HOSTNAME was not created"
exit 5328
fi
fi
if [ ! -f /etc/ssl/certs/$1.dhparam ]; then
echo $"Diffie–
exit 5989
fi
2015-01-27 21:11:41 +01:00
}
2015-01-16 20:46:15 +01:00
function install_not_on_BBB {
2015-12-30 19:14:32 +01:00
if grep -Fxq "install_not_on_BBB" $COMPLETION_FILE; then
return
fi
if [[ INSTALLING_ON_BBB == "yes" ]]; then
return
fi
if [ ! $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
return
fi
echo '# The loopback network interface' > /etc/network/interfaces
echo 'auto lo' >> /etc/network/interfaces
echo 'iface lo inet loopback' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The primary network interface' >> /etc/network/interfaces
echo 'auto eth0' >> /etc/network/interfaces
echo 'iface eth0 inet static' >> /etc/network/interfaces
echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces
echo ' netmask 255.255.255.0' >> /etc/network/interfaces
echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces
echo " dns-nameservers $NAMESERVER1 $NAMESERVER2" >> /etc/network/interfaces
echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces
echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The secondary network interface' >> /etc/network/interfaces
echo '#auto eth1' >> /etc/network/interfaces
echo '#iface eth1 inet dhcp' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# WiFi Example' >> /etc/network/interfaces
echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces
echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces
echo '# wpa-ssid "essid"' >> /etc/network/interfaces
echo '# wpa-psk "password"' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces
echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces
echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces
echo '#iface usb0 inet static' >> /etc/network/interfaces
echo '# address 192.168.7.2' >> /etc/network/interfaces
echo '# netmask 255.255.255.0' >> /etc/network/interfaces
echo '# network 192.168.7.0' >> /etc/network/interfaces
echo '# gateway 192.168.7.1' >> /etc/network/interfaces
echo 'install_not_on_BBB' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-10-26 15:50:16 +01:00
function mark_admin_user_account {
2015-12-30 19:14:32 +01:00
if ! grep -q "Admin user:" $COMPLETION_FILE; then
echo "Admin user:$MY_USERNAME" >> $COMPLETION_FILE
fi
2015-10-26 15:50:16 +01:00
}
2015-10-27 11:50:41 +01:00
function mark_blog_domain {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if ! grep -q "Blog domain:" $COMPLETION_FILE; then
echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
fi
2015-10-27 11:50:41 +01:00
}
2015-03-10 19:59:26 +01:00
function randomize_cron {
2015-12-30 19:14:32 +01:00
# The predictable default timing of Debian cron jobs might
# be exploitable knowledge. Avoid too much predictability
# by randomizing the times when cron jobs run
if grep -Fxq "randomize_cron" $COMPLETION_FILE; then
return
fi
2015-03-10 19:59:26 +01:00
2015-12-30 19:14:32 +01:00
# randomize the day on which the weekly cron job runs
randdow=$(($RANDOM%6+1))
sed -i "s|\* \* 7|* * $randdow|g" /etc/crontab
2015-03-10 19:59:26 +01:00
2015-12-30 19:14:32 +01:00
# randomize the time when the weekly cron job runs
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%3+1))
sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
2015-03-10 19:59:26 +01:00
2015-12-30 19:14:32 +01:00
# randomize the time when the daily cron job runs
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%3+4))
sed -i "s|25 6\t\* \* \*|$randmin $randhr\t* * *|g" /etc/crontab
2015-03-10 19:59:26 +01:00
2015-12-30 19:14:32 +01:00
# randomize the time when the hourly cron job runs
randmin=$(($RANDOM%60))
sed -i "s|17 \*\t|$randmin *\t|g" /etc/crontab
2015-03-10 19:59:26 +01:00
2015-12-30 19:14:32 +01:00
# randomize monthly cron job time and day
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%22+1))
randdom=$(($RANDOM%27+1))
sed -i "s|52 6\t|$randmin $randhr\t|g" /etc/crontab
sed -i "s|\t1 \* \*|\t$randdom * *|g" /etc/crontab
2015-03-10 20:26:08 +01:00
2016-01-05 09:46:31 +01:00
systemctl restart cron
2015-03-10 20:26:08 +01:00
2015-12-30 19:14:32 +01:00
echo 'randomize_cron' >> $COMPLETION_FILE
2015-03-10 19:59:26 +01:00
}
2015-01-16 20:46:15 +01:00
function get_cjdns_public_key {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PUBLIC_KEY ]; then
CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
2015-01-16 20:46:15 +01:00
}
function get_cjdns_private_key {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PRIVATE_KEY ]; then
CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
2015-01-16 20:46:15 +01:00
}
function get_cjdns_ipv6_address {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_IPV6 ]; then
CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
2015-01-16 20:46:15 +01:00
}
function get_cjdns_port {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns port" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PORT ]; then
CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
2015-01-16 20:46:15 +01:00
}
function get_cjdns_password {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns password" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PASSWORD ]; then
CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
2015-01-16 20:46:15 +01:00
}
2015-12-12 12:32:15 +01:00
# script to automatically renew any Let's Encrypt certificates
function letsencrypt_renewals {
2016-01-02 16:21:56 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
renewals_script=/etc/cron.monthly/letsencrypt
2016-01-02 11:57:04 +01:00
renewals_retry_script=/etc/cron.daily/letsencrypt
2015-12-30 19:14:32 +01:00
renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed'
renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal'
2016-01-02 11:57:04 +01:00
# the main script tries to renew once per month
2015-12-30 19:14:32 +01:00
echo '#!/bin/bash' > $renewals_script
echo '' >> $renewals_script
echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_script
echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script
echo '' >> $renewals_script
echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script
2016-01-02 11:57:04 +01:00
echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_script
echo ' rm ~/letsencrypt_failed' >> $renewals_script
echo ' fi' >> $renewals_script
2015-12-30 19:14:32 +01:00
echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script
echo -n "awk -F ':' '{print " >> $renewals_script
echo -n '$2' >> $renewals_script
echo "}')" >> $renewals_script
echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_script
echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_script
echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_script
echo -n "awk -F '/' '{print " >> $renewals_script
echo -n '$5' >> $renewals_script
echo "}')" >> $renewals_script
echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_script
echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_script
echo ' if [ ! "$?" = "0" ]; then' >> $renewals_script
2016-01-02 12:47:11 +01:00
echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_script
echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_script
echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_script
2016-01-02 11:35:00 +01:00
echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_script
2015-12-30 19:14:32 +01:00
echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script
2016-01-02 12:16:39 +01:00
echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_script
echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_script
echo ' touch ~/letsencrypt_failed' >> $renewals_script
echo ' fi' >> $renewals_script
2015-12-30 19:14:32 +01:00
echo ' fi' >> $renewals_script
echo ' fi' >> $renewals_script
echo ' done' >> $renewals_script
echo 'fi' >> $renewals_script
chmod +x $renewals_script
2016-01-02 11:57:04 +01:00
# a secondary script keeps trying to renew after a failure
echo '#!/bin/bash' > $renewals_retry_script
echo '' >> $renewals_retry_script
echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_retry_script
echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_retry_script
echo '' >> $renewals_retry_script
echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_retry_script
echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
echo ' rm ~/letsencrypt_failed' >> $renewals_retry_script
echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_retry_script
echo -n "awk -F ':' '{print " >> $renewals_retry_script
echo -n '$2' >> $renewals_retry_script
echo "}')" >> $renewals_retry_script
echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_retry_script
echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_retry_script
echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_retry_script
echo -n "awk -F '/' '{print " >> $renewals_retry_script
echo -n '$5' >> $renewals_retry_script
echo "}')" >> $renewals_retry_script
echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_retry_script
echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_retry_script
echo ' if [ ! "$?" = "0" ]; then' >> $renewals_retry_script
2016-01-02 12:47:11 +01:00
echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_retry_script
echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
2016-01-02 11:57:04 +01:00
echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_retry_script
echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_retry_script
2016-01-02 12:16:39 +01:00
echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
echo ' touch ~/letsencrypt_failed' >> $renewals_retry_script
echo ' fi' >> $renewals_retry_script
2016-01-02 11:57:04 +01:00
echo ' fi' >> $renewals_retry_script
echo ' fi' >> $renewals_retry_script
echo ' done' >> $renewals_retry_script
echo ' fi' >> $renewals_retry_script
echo 'fi' >> $renewals_retry_script
chmod +x $renewals_retry_script
2015-12-12 12:32:15 +01:00
}
2015-08-23 23:37:23 +02:00
function save_firewall_settings {
2015-12-30 19:14:32 +01:00
iptables-save > /etc/firewall.conf
ip6tables-save > /etc/firewall6.conf
printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables
2015-08-23 23:37:23 +02:00
}
2015-06-28 22:26:42 +02:00
function enable_ipv6 {
2015-12-30 19:14:32 +01:00
# endure that ipv6 is enabled and can route
sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf
#sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf
#sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf
sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
2015-06-28 22:26:42 +02:00
}
2015-06-28 11:04:11 +02:00
function mesh_cjdns {
2015-12-30 19:14:32 +01:00
if [[ $ENABLE_CJDNS != "yes" ]]; then
return
fi
# update to the next commit
if [ -d /etc/cjdns ]; then
if grep -q "cjdns commit" $COMPLETION_FILE; then
CURRENT_CJDNS_COMMIT=$(grep "cjdns commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_CJDNS_COMMIT" != "$CJDNS_COMMIT" ]]; then
cd /etc/cjdns
2016-01-27 11:53:03 +01:00
git_pull $CJDNS_REPO $CJDNS_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
./do
fi
fi
fi
if grep -Fxq "mesh_cjdns" $COMPLETION_FILE; then
return
fi
apt-get -y install nodejs git build-essential nmap
# if a README exists then obtain the cjdns parameters
get_cjdns_ipv6_address
get_cjdns_public_key
get_cjdns_private_key
get_cjdns_port
get_cjdns_password
# special compile settings for running ./do on the Beaglebone Black
if [[ $INSTALLING_ON_BBB == "yes" ]]; then
CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
export LDFLAGS="$CFLAGS"
fi
if [ ! -d /etc/cjdns ]; then
2016-01-26 17:20:06 +01:00
git_clone $CJDNS_REPO /etc/cjdns
2015-12-30 19:14:32 +01:00
cd /etc/cjdns
git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
if ! grep -q "cjdns commit" $COMPLETION_FILE; then
echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
fi
./do
if [ ! "$?" = "0" ]; then
exit 7439
fi
# create a configuration
if [ ! -f /etc/cjdns/cjdroute.conf ]; then
./cjdroute --genconf > /etc/cjdns/cjdroute.conf
if [ ! "$?" = "0" ]; then
exit 5922
fi
fi
# create a user to run as
useradd cjdns
else
cd /etc/cjdns
2016-01-27 11:53:03 +01:00
git_pull $CJDNS_REPO
2015-12-30 19:14:32 +01:00
./do
if [ ! "$?" = "0" ]; then
exit 9926
fi
fi
# set permissions
chown -R cjdns:cjdns /etc/cjdns
chmod 600 /etc/cjdns/cjdroute.conf
/sbin/ip tuntap add mode tun user cjdns dev cjdroute0
# insert values into the configuration file
if [ $CJDNS_PRIVATE_KEY ]; then
sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_PUBLIC_KEY ]; then
sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_IPV6 ]; then
sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_PASSWORD ]; then
sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_PORT ]; then
sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
fi
enable_ipv6
echo '#!/bin/sh -e' > /etc/init.d/cjdns
echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
echo '# Provides: cjdroute' >> /etc/init.d/cjdns
echo '# Required-Start: $remote_fs $network' >> /etc/init.d/cjdns
echo '# Required-Stop: $remote_fs $network' >> /etc/init.d/cjdns
echo '# Default-Start: 2 3 4 5' >> /etc/init.d/cjdns
echo '# Default-Stop: 0 1 6' >> /etc/init.d/cjdns
echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
echo '# Description: A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
echo '# cjdns git repo: https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
echo '### END INIT INFO' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'start() {' >> /etc/init.d/cjdns
echo ' # Start it up with the user cjdns' >> /etc/init.d/cjdns
echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
echo ' then' >> /etc/init.d/cjdns
echo ' echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
echo ' else' >> /etc/init.d/cjdns
echo ' echo " * Starting cjdroute"' >> /etc/init.d/cjdns
echo ' su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
echo ' /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
echo ' /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
echo ' /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
echo ' /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
echo ' fi' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'stop() {' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo ' if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
echo ' then' >> /etc/init.d/cjdns
echo ' echo "cjdns isnt running."' >> /etc/init.d/cjdns
echo ' else' >> /etc/init.d/cjdns
echo ' echo "Killing cjdroute"' >> /etc/init.d/cjdns
echo ' killall cjdroute' >> /etc/init.d/cjdns
echo ' fi' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'status() {' >> /etc/init.d/cjdns
echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
echo ' then' >> /etc/init.d/cjdns
echo ' echo "Cjdns is running"' >> /etc/init.d/cjdns
echo ' else' >> /etc/init.d/cjdns
echo ' echo "Cjdns is not running"' >> /etc/init.d/cjdns
echo ' fi' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo ' update() {' >> /etc/init.d/cjdns
echo ' cd $GIT_PATH' >> /etc/init.d/cjdns
echo ' echo "Updating..."' >> /etc/init.d/cjdns
echo ' git pull' >> /etc/init.d/cjdns
echo ' ./do' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
echo ' echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
echo ' exit 1' >> /etc/init.d/cjdns
echo 'fi' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'case $1 in' >> /etc/init.d/cjdns
echo ' start)' >> /etc/init.d/cjdns
echo ' start' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' stop)' >> /etc/init.d/cjdns
echo ' stop' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' reload|restart|force-reload)' >> /etc/init.d/cjdns
echo ' stop' >> /etc/init.d/cjdns
echo ' sleep 1' >> /etc/init.d/cjdns
echo ' start' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' status)' >> /etc/init.d/cjdns
echo ' status' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' update|upgrade)' >> /etc/init.d/cjdns
echo ' update' >> /etc/init.d/cjdns
echo ' stop' >> /etc/init.d/cjdns
echo ' sleep 2' >> /etc/init.d/cjdns
echo ' start' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' **)' >> /etc/init.d/cjdns
echo ' echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
echo ' exit 1' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo 'esac' >> /etc/init.d/cjdns
chmod +x /etc/init.d/cjdns
update-rc.d cjdns defaults
service cjdns start
if [ ! "$?" = "0" ]; then
systemctl status cjdns.service
exit 8260
fi
apt-get -y install radvd
echo 'interface eth0' > /etc/radvd.conf
echo '{' >> /etc/radvd.conf
echo ' AdvSendAdvert on;' >> /etc/radvd.conf
echo ' prefix fdfc::1/64' >> /etc/radvd.conf
echo ' {' >> /etc/radvd.conf
echo ' AdvRouterAddr on;' >> /etc/radvd.conf
echo ' };' >> /etc/radvd.conf
echo '};' >> /etc/radvd.conf
2016-01-05 09:46:31 +01:00
systemctl restart radvd
2015-12-30 19:14:32 +01:00
if [ ! "$?" = "0" ]; then
systemctl status radvd.service
exit 4395
fi
if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
echo '' >> /etc/network/interfaces
echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
echo 'iface eth0 inet6 static' >> /etc/network/interfaces
echo ' pre-up modprobe ipv6' >> /etc/network/interfaces
echo ' address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
echo ' netmask 64' >> /etc/network/interfaces
service network-manager restart
if [ ! "$?" = "0" ]; then
systemctl status networking.service
exit 6949
fi
fi
ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
save_firewall_settings
if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
echo '=======================' >> /home/$MY_USERNAME/README
echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
echo $'to you using your default password' >> /home/$MY_USERNAME/README
echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
echo $'each password is for.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
echo ' http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
echo ' http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'mesh_cjdns' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2016-02-01 11:05:29 +01:00
function create_mirrors {
2016-02-01 12:33:36 +01:00
if [ -d /home/trove ]; then
userdel -r trove
fi
2016-02-01 11:05:29 +01:00
if grep -Fxq "create_mirrors" $COMPLETION_FILE; then
2016-01-26 18:20:06 +01:00
return
fi
2016-02-01 11:05:29 +01:00
${PROJECT_NAME}-mirrors
echo 'create_mirrors' >> $COMPLETION_FILE
2016-01-26 18:20:06 +01:00
}
2015-06-28 11:04:11 +02:00
function mesh_cjdns_tools {
2015-12-30 19:14:32 +01:00
if grep -Fxq "mesh_cjdns_tools" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_CJDNS != "yes" ]]; then
return
fi
if [ ! -d /etc/cjdns ]; then
mesh_cjdns
fi
apt-get -y install golang mercurial
if [ ! -f ~/.bashrc ]; then
touch ~/.bashrc
fi
2016-01-27 16:21:21 +01:00
export GOPATH=/home/git/go
if [ ! -d /home/git ]; then
# add a gogs user account
adduser --disabled-login --gecos 'Gogs' git
# install Go
if ! grep -q "export GOPATH=/home/git/go" ~/.bashrc; then
echo 'export GOPATH=/home/git/go' >> ~/.bashrc
echo 'systemctl set-environment GOPATH=/home/git/go' >> ~/.bashrc
fi
if [ ! -d $GOPATH ]; then
mkdir -p $GOPATH
fi
fi
2015-12-30 19:14:32 +01:00
if ! grep -q "export GOPATH=" ~/.bashrc; then
2016-01-27 16:21:21 +01:00
echo "export GOPATH=$GOPATH" >> ~/.bashrc
2015-12-30 19:14:32 +01:00
fi
2016-01-27 16:21:21 +01:00
expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
if ! grep -q "$expected_go_path" ~/.bashrc; then
export PATH=$PATH:${GOPATH}/bin
echo "$expected_go_path" >> ~/.bashrc
2015-12-30 19:14:32 +01:00
fi
2016-01-27 16:21:21 +01:00
export PATH=$PATH:$GOPATH/bin
CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
2016-01-27 16:09:05 +01:00
go get $CJDCMD_REPO2
2016-01-27 16:21:21 +01:00
if [ ! -f $GOPATH/bin/cjdcmd ]; then
2015-12-30 19:14:32 +01:00
echo $'cjdcmd was not compiled. Check your golang installation'
exit 7439
fi
2016-01-27 16:21:21 +01:00
cp $GOPATH/bin/cjdcmd /usr/bin
2015-12-30 19:14:32 +01:00
# initialise from the cjdns config
/usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
echo 'mesh_cjdns_tools' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-09-02 23:10:12 +02:00
function install_zeronet_blog {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
if [ -d /opt/zeronet/ZeroBlog ]; then
if grep -q "ZeroNet Blog commit" $COMPLETION_FILE; then
CURRENT_ZERONET_BLOG_COMMIT=$(grep "ZeroNet Blog commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_ZERONET_BLOG_COMMIT" != "$ZERONET_BLOG_COMMIT" ]]; then
cd /opt/zeronet/ZeroBlog
2016-01-27 11:53:03 +01:00
git_pull $ZERONET_BLOG_REPO $ZERONET_BLOG_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/ZeroNet Blog commit.*/ZeroNet Blog commit:$ZERONET_BLOG_COMMIT/g" $COMPLETION_FILE
fi
else
echo "ZeroNet Blog commit:$ZERONET_BLOG_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_zeronet_blog" $COMPLETION_FILE; then
return
fi
if [ ! -f /home/$MY_USERNAME/README ]; then
touch /home/$MY_USERNAME/README
fi
if grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then
return
fi
if [ ! -d /etc/avahi ]; then
echo $'Avahi is not installed'
exit 736
fi
ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog"
cd /opt/zeronet
python zeronet.py --batch siteCreate 2> /opt/zeronet/blog.txt
if [ ! -f /opt/zeronet/blog.txt ]; then
echo $'Unable to create blog'
exit 479
fi
blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}')
blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}')
ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/}
ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/}
if [ ${#ZERONET_BLOG_ADDRESS} -lt 20 ]; then
echo $"Address: $ZERONET_BLOG_ADDRESS"
echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY"
echo $'Unable to create zeronet blog address'
exit 7358
fi
if [ ${#ZERONET_BLOG_PRIVATE_KEY} -lt 20 ]; then
echo $"Address: $ZERONET_BLOG_ADDRESS"
echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY"
echo $'Unable to create zeronet blog private key'
exit 1639
fi
if [ ! -d "/opt/zeronet/data/$ZERONET_BLOG_ADDRESS" ]; then
echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_BLOG_ADDRESS"
exit 7638
fi
2016-01-26 17:20:06 +01:00
git_clone $ZERONET_BLOG_REPO ZeroBlog
2015-12-30 19:14:32 +01:00
if [ ! -d /opt/zeronet/ZeroBlog ]; then
echo $'ZeroBlog repo could not be cloned'
exit 6739
fi
cd /opt/zeronet/ZeroBlog
git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
if ! grep -q "ZeroNet Blog commit" $COMPLETION_FILE; then
echo "ZeroNet Blog commit:$ZERONET_BLOG_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/ZeroNet Blog commit.*/ZeroNet Blog commit:$ZERONET_BLOG_COMMIT/g" $COMPLETION_FILE
fi
echo $"ZeroNet Blog address: $ZERONET_BLOG_ADDRESS"
echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY"
cp -r /opt/zeronet/ZeroBlog/* /opt/zeronet/data/$ZERONET_BLOG_ADDRESS
if [ ! -d /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then
mkdir /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data
fi
cp /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data
sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
sed -i "s/Blogging platform Demo/Blogging platform/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json
python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY
# Add an avahi service
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /tmp/zeronet-blog.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /tmp/zeronet-blog.service
echo '<service-group>' >> /tmp/zeronet-blog.service
echo ' <name replace-wildcards="yes">%h ZeroNet Blog</name>' >> /tmp/zeronet-blog.service
echo ' <service>' >> /tmp/zeronet-blog.service
echo ' <type>_zeronet._udp</type>' >> /tmp/zeronet-blog.service
echo " <port>$ZERONET_PORT</port>" >> /tmp/zeronet-blog.service
echo " <txt-record>$ZERONET_URL/$ZERONET_BLOG_ADDRESS</txt-record>" >> /tmp/zeronet-blog.service
echo ' </service>' >> /tmp/zeronet-blog.service
echo '</service-group>' >> /tmp/zeronet-blog.service
cp /tmp/zeronet-blog.service /etc/avahi/services/zeronet-blog.service
if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
mkdir -p /home/$MY_USERNAME/.config/zeronet
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
fi
echo "$ZERONET_URL/$ZERONET_BLOG_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/myblog
if ! grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo "ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" >> /home/$MY_USERNAME/README
echo "ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" >> /home/$MY_USERNAME/README
fi
echo 'install_zeronet_blog' >> $COMPLETION_FILE
2015-09-02 23:10:12 +02:00
}
2015-12-11 18:15:52 +01:00
function install_zeronet_mail {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
if [ -d /opt/zeronet/ZeroMail ]; then
if grep -q "ZeroNet Mail commit" $COMPLETION_FILE; then
CURRENT_ZERONET_MAIL_COMMIT=$(grep "ZeroNet Mail commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_ZERONET_MAIL_COMMIT" != "$ZERONET_MAIL_COMMIT" ]]; then
cd /opt/zeronet/ZeroMail
2016-01-27 11:53:03 +01:00
git_pull $ZERONET_MAIL_REPO $ZERONET_MAIL_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/ZeroNet Mail commit.*/ZeroNet Mail commit:$ZERONET_MAIL_COMMIT/g" $COMPLETION_FILE
fi
else
echo "ZeroNet Mail commit:$ZERONET_MAIL_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_zeronet_mail" $COMPLETION_FILE; then
return
fi
if [ ! -f /home/$MY_USERNAME/README ]; then
touch /home/$MY_USERNAME/README
fi
if grep -q "ZeroNet Mail address" /home/$MY_USERNAME/README; then
return
fi
if [ ! -d /etc/avahi ]; then
echo 'Avahi is not installed'
exit 736
fi
ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail"
cd /opt/zeronet
python zeronet.py --batch siteCreate 2> /opt/zeronet/mail.txt
if [ ! -f /opt/zeronet/mail.txt ]; then
echo $'Unable to create mail'
exit 479
fi
mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}')
mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}')
ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/}
ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/}
if [ ${#ZERONET_MAIL_ADDRESS} -lt 20 ]; then
echo $"Address: $ZERONET_MAIL_ADDRESS"
echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY"
echo $'Unable to create zeronet mail address'
exit 7358
fi
if [ ${#ZERONET_MAIL_PRIVATE_KEY} -lt 20 ]; then
echo $"Address: $ZERONET_MAIL_ADDRESS"
echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY"
echo $'Unable to create zeronet mail private key'
exit 1639
fi
if [ ! -d "/opt/zeronet/data/$ZERONET_MAIL_ADDRESS" ]; then
echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_MAIL_ADDRESS"
exit 7638
fi
2016-01-26 17:20:06 +01:00
git_clone $ZERONET_MAIL_REPO ZeroMail
2015-12-30 19:14:32 +01:00
if [ ! -d /opt/zeronet/ZeroMail ]; then
echo $'ZeroMail repo could not be cloned'
exit 6739
fi
cd /opt/zeronet/ZeroMail
git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
if ! grep -q "ZeroNet Mail commit" $COMPLETION_FILE; then
echo "ZeroNet Mail commit:$ZERONET_MAIL_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/ZeroNet Mail commit.*/ZeroNet Mail commit:$ZERONET_MAIL_COMMIT/g" $COMPLETION_FILE
fi
echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS"
echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY"
cp -r /opt/zeronet/ZeroMail/* /opt/zeronet/data/$ZERONET_MAIL_ADDRESS
if [ ! -d /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then
mkdir /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data
fi
cp /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data
sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
sed -i "s/Mailging platform Demo/Mailging platform/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json
python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY
# Add an avahi service
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /tmp/zeronet-mail.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /tmp/zeronet-mail.service
echo '<service-group>' >> /tmp/zeronet-mail.service
echo ' <name replace-wildcards="yes">%h ZeroNet Mail</name>' >> /tmp/zeronet-mail.service
echo ' <service>' >> /tmp/zeronet-mail.service
echo ' <type>_zeronet._udp</type>' >> /tmp/zeronet-mail.service
echo " <port>$ZERONET_PORT</port>" >> /tmp/zeronet-mail.service
echo " <txt-record>$ZERONET_URL/$ZERONET_MAIL_ADDRESS</txt-record>" >> /tmp/zeronet-mail.service
echo ' </service>' >> /tmp/zeronet-mail.service
echo '</service-group>' >> /tmp/zeronet-mail.service
cp /tmp/zeronet-mail.service /etc/avahi/services/zeronet-mail.service
if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
mkdir -p /home/$MY_USERNAME/.config/zeronet
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
fi
echo "$ZERONET_URL/$ZERONET_MAIL_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/mymail
if ! grep -q $"ZeroNet Mail address" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS" >> /home/$MY_USERNAME/README
echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY" >> /home/$MY_USERNAME/README
fi
echo 'install_zeronet_mail' >> $COMPLETION_FILE
2015-12-11 18:15:52 +01:00
}
2015-09-02 23:10:12 +02:00
function install_zeronet_forum {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
# update to the next commit
if [ -d /opt/zeronet/ZeroTalk ]; then
if grep -q "ZeroNet Forum commit" $COMPLETION_FILE; then
CURRENT_ZERONET_FORUM_COMMIT=$(grep "ZeroNet Forum commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_ZERONET_FORUM_COMMIT" != "$ZERONET_FORUM_COMMIT" ]]; then
cd /opt/zeronet/ZeroTalk
2016-01-27 11:53:03 +01:00
git_pull $ZERONET_FORUM_REPO $ZERONET_FORUM_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/ZeroNet Forum commit.*/ZeroNet Forum commit:$ZERONET_FORUM_COMMIT/g" $COMPLETION_FILE
fi
else
echo "ZeroNet Forum commit:$ZERONET_FORUM_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_zeronet_forum" $COMPLETION_FILE; then
return
fi
if [ ! -f /home/$MY_USERNAME/README ]; then
touch /home/$MY_USERNAME/README
fi
if grep -q "ZeroNet Forum address" /home/$MY_USERNAME/README; then
return
fi
if [ ! -d /etc/avahi ]; then
echo $'Avahi is not installed'
exit 736
fi
ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum"
cd /opt/zeronet
python zeronet.py --batch siteCreate 2> /opt/zeronet/forum.txt
if [ ! -f /opt/zeronet/forum.txt ]; then
echo $'Unable to create forum'
exit 479
fi
forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}')
forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}')
ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/}
ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/}
if [ ${#ZERONET_FORUM_ADDRESS} -lt 20 ]; then
echo $"Address: $ZERONET_FORUM_ADDRESS"
echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY"
echo $'Unable to create zeronet forum address'
exit 76352
fi
if [ ${#ZERONET_FORUM_PRIVATE_KEY} -lt 20 ]; then
echo $"Address: $ZERONET_FORUM_ADDRESS"
echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY"
echo $'Unable to create zeronet forum private key'
exit 87356
fi
if [ ! -d "/opt/zeronet/data/$ZERONET_FORUM_ADDRESS" ]; then
echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_FORUM_ADDRESS"
exit 7638
fi
2016-01-26 17:20:06 +01:00
git_clone $ZERONET_FORUM_REPO ZeroTalk
2015-12-30 19:14:32 +01:00
if [ ! -d /opt/zeronet/ZeroTalk ]; then
echo $'ZeroTalk repo could not be cloned'
exit 6739
fi
git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
if ! grep -q "ZeroNet Forum commit" $COMPLETION_FILE; then
echo "ZeroNet Forum commit:$ZERONET_FORUM_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/ZeroNet Forum commit.*/ZeroNet Forum commit:$ZERONET_FORUM_COMMIT/g" $COMPLETION_FILE
fi
echo $"Forum address: $ZERONET_FORUM_ADDRESS"
echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY"
cp -r /opt/zeronet/ZeroTalk/* /opt/zeronet/data/$ZERONET_FORUM_ADDRESS
sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
sed -i 's/Messaging Board Demo/Messaging Board/g' /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json
# Add an avahi service
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /tmp/zeronet-forum.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /tmp/zeronet-forum.service
echo '<service-group>' >> /tmp/zeronet-forum.service
echo ' <name replace-wildcards="yes">%h ZeroNet Forum</name>' >> /tmp/zeronet-forum.service
echo ' <service>' >> /tmp/zeronet-forum.service
echo ' <type>_zeronet._udp</type>' >> /tmp/zeronet-forum.service
echo " <port>$ZERONET_PORT</port>" >> /tmp/zeronet-forum.service
echo " <txt-record>$ZERONET_URL/$ZERONET_FORUM_ADDRESS</txt-record>" >> /tmp/zeronet-forum.service
echo ' </service>' >> /tmp/zeronet-forum.service
echo '</service-group>' >> /tmp/zeronet-forum.service
sudo cp /tmp/zeronet-forum.service /etc/avahi/services/zeronet-forum.service
if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
mkdir -p /home/$MY_USERNAME/.config/zeronet
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
fi
echo "$ZERONET_URL/$ZERONET_FORUM_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/myforum
if ! grep -q $"ZeroNet Forum address" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo $"ZeroNet Forum address: $ZERONET_FORUM_ADDRESS" >> /home/$MY_USERNAME/README
echo $"ZeroNet Forum private key: $ZERONET_FORUM_PRIVATE_KEY" >> /home/$MY_USERNAME/README
fi
echo 'install_zeronet_forum' >> $COMPLETION_FILE
2015-09-02 23:10:12 +02:00
}
2015-08-15 10:01:45 +02:00
function install_zeronet {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
# update to the next commit
if [ -d /opt/zeronet ]; then
if grep -q "ZeroNet commit" $COMPLETION_FILE; then
CURRENT_ZERONET_COMMIT=$(grep "ZeroNet commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_ZERONET_COMMIT" != "$ZERONET_COMMIT" ]]; then
cd /opt/zeronet
2016-01-27 11:53:03 +01:00
git_pull $ZERONET_REPO $ZERONET_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
systemctl restart zeronet.service
fi
else
echo "ZeroNet commit:$ZERONET_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_zeronet" $COMPLETION_FILE; then
return
fi
apt-get -y install python python-msgpack python-gevent
apt-get -y install python-pip bittornado
pip install msgpack-python --upgrade
useradd -d /opt/zeronet/ -s /bin/false zeronet
2016-01-26 17:20:06 +01:00
git_clone $ZERONET_REPO /opt/zeronet
2015-12-30 19:14:32 +01:00
if [ ! -d /opt/zeronet ]; then
exit 56823
fi
cd /opt/zeronet
git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
echo "ZeroNet commit:$ZERONET_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
fi
sudo chown -R zeronet:zeronet /opt/zeronet
#git checkout bashrc/bootstrap-file
# Hack to ensure that the file access port is opened
# This is because zeronet normally relies on an internet site
# to do this, but on a purely local mesh the internet isn't available
sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' /opt/zeronet/src/Site/Site.py
echo '[Unit]' > /etc/systemd/system/zeronet.service
echo 'Description=Zeronet Server' >> /etc/systemd/system/zeronet.service
echo 'After=syslog.target' >> /etc/systemd/system/zeronet.service
echo 'After=network.target' >> /etc/systemd/system/zeronet.service
echo '[Service]' >> /etc/systemd/system/zeronet.service
echo 'Type=simple' >> /etc/systemd/system/zeronet.service
echo 'User=zeronet' >> /etc/systemd/system/zeronet.service
echo 'Group=zeronet' >> /etc/systemd/system/zeronet.service
echo 'WorkingDirectory=/opt/zeronet' >> /etc/systemd/system/zeronet.service
echo "ExecStart=/usr/bin/python zeronet.py --ip_external ${DEFAULT_DOMAIN_NAME}.local --trackers_file /opt/zeronet/bootstrap" >> /etc/systemd/system/zeronet.service
echo '' >> /etc/systemd/system/zeronet.service
echo 'TimeoutSec=300' >> /etc/systemd/system/zeronet.service
echo '' >> /etc/systemd/system/zeronet.service
echo '[Install]' >> /etc/systemd/system/zeronet.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/zeronet.service
echo '[Unit]' > /etc/systemd/system/tracker.service
echo 'Description=Torrent Tracker' >> /etc/systemd/system/tracker.service
echo 'After=syslog.target' >> /etc/systemd/system/tracker.service
echo 'After=network.target' >> /etc/systemd/system/tracker.service
echo '[Service]' >> /etc/systemd/system/tracker.service
echo 'Type=simple' >> /etc/systemd/system/tracker.service
echo 'User=tracker' >> /etc/systemd/system/tracker.service
echo 'Group=tracker' >> /etc/systemd/system/tracker.service
echo 'WorkingDirectory=/opt/tracker' >> /etc/systemd/system/tracker.service
echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /opt/tracker/dstate --logfile /opt/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> /etc/systemd/system/tracker.service
echo '' >> /etc/systemd/system/tracker.service
echo 'TimeoutSec=300' >> /etc/systemd/system/tracker.service
echo '' >> /etc/systemd/system/tracker.service
echo '[Install]' >> /etc/systemd/system/tracker.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/tracker.service
useradd -d /opt/tracker/ -s /bin/false tracker
if [ ! -d /opt/tracker ]; then
mkdir /opt/tracker
fi
chown -R tracker:tracker /opt/tracker
# publish regularly
if ! grep -q "zeronetavahi" /etc/crontab; then
echo "* * * * * root zeronetavahi > /dev/null" >> /etc/crontab
fi
systemctl enable tracker.service
systemctl enable zeronet.service
systemctl daemon-reload
systemctl start tracker.service
systemctl start zeronet.service
echo 'mesh_zeronet' >> $COMPLETION_FILE
2015-08-15 10:01:45 +02:00
}
2015-07-24 09:39:28 +02:00
function install_vpn_tunnel {
2015-12-30 19:14:32 +01:00
if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then
echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list
gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C
if [ ! "$?" = "0" ]; then
exit 76272
fi
gpg -a --export 16EF3F64CB201D9C | sudo apt-key add -
apt-get update
apt-get -y install fastd
if [ ! "$?" = "0" ]; then
exit 52026
fi
fi
2015-07-24 09:39:28 +02:00
}
# ath9k_htc driver
function install_atheros_wifi {
2015-12-30 19:14:32 +01:00
if grep -Fxq "install_atheros_wifi" $COMPLETION_FILE; then
return
fi
if [ $INSTALLING_ON_BBB != "yes" ]; then
return
fi
if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then
return
fi
if [ -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
return
fi
# have drivers already been installed ?
if [ -f /lib/firmware/htc_9271.fw ]; then
return
fi
apt-get -y install build-essential cmake git m4 texinfo
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
fi
cd $INSTALL_DIR
if [ ! -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
2016-01-26 17:20:06 +01:00
git_clone $ATHEROS_WIFI_REPO $INSTALL_DIR/open-ath9k-htc-firmware
2015-12-30 19:14:32 +01:00
if [ ! "$?" = "0" ]; then
rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
exit 74283
fi
fi
cd $INSTALL_DIR/open-ath9k-htc-firmware
git checkout 1.4.0
make toolchain
if [ ! "$?" = "0" ]; then
rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
exit 24820
fi
make firmware
if [ ! "$?" = "0" ]; then
rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
exit 63412
fi
cp target_firmware/*.fw /lib/firmware/
if [ ! "$?" = "0" ]; then
exit 74681
fi
echo 'install_atheros_wifi' >> $COMPLETION_FILE
2015-07-24 09:39:28 +02:00
}
2015-07-25 14:30:46 +02:00
function configure_avahi {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_avahi" $COMPLETION_FILE; then
return
fi
# only enable avahi if we're doing mesh networking
if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then
return
fi
apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
if [ $DEFAULT_DOMAIN_NAME ]; then
sed -i "s|#host-name=.*|host-name=$DEFAULT_DOMAIN_NAME|g" /etc/avahi/avahi-daemon.conf
else
decarray=( 1 2 3 4 5 6 7 8 9 0 )
PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
fi
if [ ! -d /etc/avahi/services ]; then
mkdir -p /etc/avahi/services
fi
# remove an avahi service which isn't used
if [ -f /etc/avahi/services/udisks.service ]; then
rm /etc/avahi/services/udisks.service
fi
# Add an ssh service
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/ssh.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/ssh.service
echo '<service-group>' >> /etc/avahi/services/ssh.service
echo ' <name replace-wildcards="yes">%h SSH</name>' >> /etc/avahi/services/ssh.service
echo ' <service>' >> /etc/avahi/services/ssh.service
echo ' <type>_ssh._tcp</type>' >> /etc/avahi/services/ssh.service
echo " <port>$SSH_PORT</port>" >> /etc/avahi/services/ssh.service
echo ' </service>' >> /etc/avahi/services/ssh.service
echo '</service-group>' >> /etc/avahi/services/ssh.service
# keep the daemon running
echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo '# keep avahi daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'if [ ! $AVAHI_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' systemctl start avahi-daemon' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
systemctl restart avahi-daemon
echo 'configure_avahi' >> $COMPLETION_FILE
2015-07-25 14:30:46 +02:00
}
2015-07-21 23:50:17 +02:00
function mesh_babel {
2015-12-30 19:14:32 +01:00
if grep -Fxq "mesh_babel" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BABEL != "yes" ]]; then
return
fi
apt-get -y install babeld
babel_script=/var/lib/babel
echo '#!/bin/bash' > $babel_script
echo '' >> $babel_script
echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script
echo ' avahi-browse -atl' >> $babel_script
echo ' exit 0' >> $babel_script
echo 'fi' >> $babel_script
echo '' >> $babel_script
echo 'if [[ $1 == "start" ]]; then' >> $babel_script
echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $babel_script
echo ' systemctl restart avahi-daemon' >> $babel_script
echo 'fi' >> $babel_script
echo '' >> $babel_script
echo "IFACE=$WIFI_INTERFACE" >> $babel_script
echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
echo ' if grep -q "wlan1" /proc/net/dev; then' >> $babel_script
echo ' IFACE=wlan1' >> $babel_script
echo ' fi' >> $babel_script
echo 'fi' >> $babel_script
echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
echo ' if grep -q "wlan2" /proc/net/dev; then' >> $babel_script
echo ' IFACE=wlan2' >> $babel_script
echo ' fi' >> $babel_script
echo 'fi' >> $babel_script
echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
echo ' if grep -q "wlan3" /proc/net/dev; then' >> $babel_script
echo ' IFACE=wlan3' >> $babel_script
echo ' fi' >> $babel_script
echo 'fi' >> $babel_script
echo '' >> $babel_script
echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script
echo ' if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script
echo ' echo "Interface $IFACE was not found"' >> $babel_script
echo ' else' >> $babel_script
echo ' echo "Stopping"' >> $babel_script
echo ' fi' >> $babel_script
echo ' ifconfig $IFACE down' >> $babel_script
echo ' pkill babeld' >> $babel_script
echo ' systemctl restart network-manager' >> $babel_script
echo ' exit 1' >> $babel_script
echo 'fi' >> $babel_script
echo '' >> $babel_script
echo 'systemctl stop network-manager' >> $babel_script
echo 'ifconfig $IFACE down' >> $babel_script
echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script
echo "$WIFI_CHANNEL essid \"$ESSID\"" >> $babel_script
echo 'ifconfig $IFACE up' >> $babel_script
echo -n 'ifconfig $IFACE:avahi ' >> $babel_script
echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script
echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script
echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script
echo -n "$BABEL_PORT -d 5 " >> $babel_script
echo '$IFACE' >> $babel_script
echo 'exit 0' >> $babel_script
chmod +x $babel_script
echo '[Unit]' > /etc/systemd/system/babel.service
echo 'Description=Babel Mesh' >> /etc/systemd/system/babel.service
echo '' >> /etc/systemd/system/babel.service
echo '[Service]' >> /etc/systemd/system/babel.service
echo 'Type=oneshot' >> /etc/systemd/system/babel.service
echo "ExecStart=$babel_script start" >> /etc/systemd/system/babel.service
echo "ExecStop=$babel_script stop" >> /etc/systemd/system/babel.service
echo 'RemainAfterExit=yes' >> /etc/systemd/system/babel.service
echo '' >> /etc/systemd/system/babel.service
echo '# Allow time for the server to start/stop' >> /etc/systemd/system/babel.service
echo 'TimeoutSec=300' >> /etc/systemd/system/babel.service
echo '' >> /etc/systemd/system/babel.service
echo '[Install]' >> /etc/systemd/system/babel.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/babel.service
systemctl enable babel
echo 'mesh_babel' >> $COMPLETION_FILE
2015-07-21 23:50:17 +02:00
}
2015-07-19 19:50:05 +02:00
function mesh_batman_bridge {
2015-12-30 19:14:32 +01:00
# https://sudoroom.org/wiki/Mesh/Relay_setup
# also see http://www.netlore.co.uk/airmesh/
# https://www.youtube.com/watch?v=CLKHWfQlFqQ
# http://pastebin.com/4U9vdFFm
# http://pastebin.com/eeTmL5XL
if grep -Fxq "mesh_batman_bridge" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BATMAN != "yes" ]]; then
return
fi
apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
apt-get -y install python-dev libevent-dev ebtables python-pip git
apt-get -y install wireless-tools rfkill
#install_vpn_tunnel
modprobe batman-adv
[ $? -ne 0 ] && echo "B.A.T.M.A.N module not available" && exit 76482
if ! grep -q "batman_adv" /etc/modules; then
echo 'batman_adv' >> /etc/modules
fi
batman_script=/var/lib/batman
echo '#!/bin/bash' > $batman_script
echo '' >> $batman_script
echo 'if [[ $1 == "start" ]]; then' >> $batman_script
echo ' # install avahi' >> $batman_script
echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
echo ' sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $batman_script
echo 'fi' >> $batman_script
echo '' >> $batman_script
echo '# Mesh definition' >> $batman_script
echo "ESSID=$ESSID" >> $batman_script
echo "CELLID=$BATMAN_CELLID" >> $batman_script
echo "CHANNEL=$WIFI_CHANNEL" >> $batman_script
echo '' >> $batman_script
echo '# Ethernet bridge definition (bridged to bat0)' >> $batman_script
echo 'BRIDGE=br-mesh' >> $batman_script
echo "IFACE=$WIFI_INTERFACE" >> $batman_script
echo 'EIFACE=eth0' >> $batman_script
echo '' >> $batman_script
echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
echo ' if grep -q "wlan1" /proc/net/dev; then' >> $batman_script
echo ' IFACE=wlan1' >> $batman_script
echo ' fi' >> $batman_script
echo 'fi' >> $batman_script
echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
echo ' if grep -q "wlan2" /proc/net/dev; then' >> $batman_script
echo ' IFACE=wlan2' >> $batman_script
echo ' fi' >> $batman_script
echo 'fi' >> $batman_script
echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
echo ' if grep -q "wlan3" /proc/net/dev; then' >> $batman_script
echo ' IFACE=wlan3' >> $batman_script
echo ' fi' >> $batman_script
echo 'fi' >> $batman_script
echo '' >> $batman_script
echo 'if [ -e /etc/default/batctl ]; then' >> $batman_script
echo ' . /etc/default/batctl' >> $batman_script
echo 'fi' >> $batman_script
echo '' >> $batman_script
echo 'start() {' >> $batman_script
echo ' if [ -z "$IFACE" ] ; then' >> $batman_script
echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $batman_script
echo ' return' >> $batman_script
echo ' fi' >> $batman_script
echo ' echo "info: enabling batman-adv mesh network $ESSID on $IFACE"' >> $batman_script
echo ' systemctl stop network-manager' >> $batman_script
echo ' sleep 5' >> $batman_script
echo '' >> $batman_script
echo " # remove an avahi service which isn't used" >> $batman_script
echo ' if [ -f /etc/avahi/services/udisks.service ]; then' >> $batman_script
echo ' sudo rm /etc/avahi/services/udisks.service' >> $batman_script
echo ' fi' >> $batman_script
echo '' >> $batman_script
echo ' # Might have to re-enable wifi' >> $batman_script
echo ' rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true' >> $batman_script
echo '' >> $batman_script
echo ' ifconfig $IFACE down' >> $batman_script
echo ' ifconfig $IFACE mtu 1532' >> $batman_script
echo ' iwconfig $IFACE enc off' >> $batman_script
echo ' iwconfig $IFACE mode ad-hoc essid $ESSID channel $CHANNEL' >> $batman_script
echo ' sleep 1' >> $batman_script
echo ' iwconfig $IFACE ap $CELLID' >> $batman_script
echo '' >> $batman_script
echo ' modprobe batman-adv' >> $batman_script
echo ' batctl if add $IFACE' >> $batman_script
echo ' ifconfig $IFACE up' >> $batman_script
echo ' avahi-autoipd --force-bind --daemonize --wait $BRIDGE' >> $batman_script
echo ' avahi-autoipd --force-bind --daemonize --wait $IFACE' >> $batman_script
echo ' ifconfig bat0 up promisc' >> $batman_script
echo '' >> $batman_script
echo ' #Use persistent HWAddr' >> $batman_script
echo ' ether_new=$(ifconfig eth0 | grep HWaddr | sed -e "s/.*HWaddr //")' >> $batman_script
echo ' if [ ! -f /var/lib/mesh-node/bat0 ]; then' >> $batman_script
echo ' mkdir /var/lib/mesh-node' >> $batman_script
echo ' echo "${ether_new}" > /var/lib/mesh-node/bat0' >> $batman_script
echo ' else' >> $batman_script
echo ' ether=$(cat /var/lib/mesh-node/bat0)' >> $batman_script
echo ' ifconfig bat0 hw ether ${ether}' >> $batman_script
echo ' fi' >> $batman_script
echo '' >> $batman_script
echo ' if [ "$EIFACE" ] ; then' >> $batman_script
echo ' brctl addbr $BRIDGE' >> $batman_script
echo ' brctl addif $BRIDGE bat0' >> $batman_script
echo ' brctl addif $BRIDGE $EIFACE' >> $batman_script
echo ' ifconfig bat0 0.0.0.0' >> $batman_script
echo ' ifconfig $EIFACE 0.0.0.0' >> $batman_script
echo ' ifconfig $EIFACE up promisc' >> $batman_script
echo ' ifconfig $BRIDGE up' >> $batman_script
echo ' fi' >> $batman_script
echo '' >> $batman_script
echo ' iptables -A INPUT -p tcp --dport 548 -j ACCEPT' >> $batman_script
echo ' iptables -A INPUT -p udp --dport 548 -j ACCEPT' >> $batman_script
echo ' iptables -A INPUT -p tcp --dport 5353 -j ACCEPT' >> $batman_script
echo ' iptables -A INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script
echo ' iptables -A INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script
echo ' iptables -A INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script
echo " iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
echo " iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
echo " iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $batman_script
echo '' >> $batman_script
echo ' systemctl restart avahi-daemon' >> $batman_script
echo '}' >> $batman_script
echo '' >> $batman_script
echo 'stop() {' >> $batman_script
echo ' if [ -z "$IFACE" ]; then' >> $batman_script
echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $batman_script
echo ' return' >> $batman_script
echo ' fi' >> $batman_script
echo ' if [ "$EIFACE" ]; then' >> $batman_script
echo ' brctl delif $BRIDGE bat0' >> $batman_script
echo ' brctl delif $BRIDGE $EIFACE' >> $batman_script
echo ' ifconfig $BRIDGE down || true' >> $batman_script
echo ' brctl delbr $BRIDGE' >> $batman_script
echo ' ifconfig $EIFACE down -promisc' >> $batman_script
echo ' fi' >> $batman_script
echo '' >> $batman_script
echo ' avahi-autoipd -k $BRIDGE' >> $batman_script
echo ' avahi-autoipd -k $IFACE' >> $batman_script
echo ' ifconfig bat0 down -promisc' >> $batman_script
echo '' >> $batman_script
echo ' batctl if del $IFACE' >> $batman_script
echo ' rmmod batman-adv' >> $batman_script
echo ' ifconfig $IFACE mtu 1500' >> $batman_script
echo ' ifconfig $IFACE down' >> $batman_script
echo ' iwconfig $IFACE mode managed' >> $batman_script
echo '' >> $batman_script
echo ' iptables -D INPUT -p tcp --dport 548 -j ACCEPT' >> $batman_script
echo ' iptables -D INPUT -p udp --dport 548 -j ACCEPT' >> $batman_script
echo ' iptables -D INPUT -p tcp --dport 5353 -j ACCEPT' >> $batman_script
echo ' iptables -D INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script
echo ' iptables -D INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script
echo ' iptables -D INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script
echo " iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
echo " iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
echo " iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $batman_script
echo '' >> $batman_script
echo ' systemctl restart network-manager' >> $batman_script
echo '}' >> $batman_script
echo '' >> $batman_script
echo 'if ! grep -q "$IFACE" /proc/net/dev; then' >> $batman_script
echo ' echo "Interface $IFACE was not found"' >> $batman_script
echo ' stop' >> $batman_script
echo ' exit 1' >> $batman_script
echo 'fi' >> $batman_script
echo '' >> $batman_script
echo 'case "$1" in' >> $batman_script
echo ' start|stop)' >> $batman_script
echo ' $1' >> $batman_script
echo ' ;;' >> $batman_script
echo ' restart)' >> $batman_script
echo ' stop' >> $batman_script
echo ' sleep 10' >> $batman_script
echo ' start' >> $batman_script
echo ' ;;' >> $batman_script
echo ' status)' >> $batman_script
echo ' batctl o' >> $batman_script
echo ' ;;' >> $batman_script
echo ' ping)' >> $batman_script
echo ' batctl ping $2' >> $batman_script
echo ' ;;' >> $batman_script
echo ' ls|list)' >> $batman_script
echo ' avahi-browse -atl' >> $batman_script
echo ' ;;' >> $batman_script
echo ' *)' >> $batman_script
echo ' echo "error: invalid parameter $1"' >> $batman_script
echo ' echo "usage: $0 {start|stop|restart|status|ping|ls|list}"' >> $batman_script
echo ' exit 2' >> $batman_script
echo ' ;;' >> $batman_script
echo 'esac' >> $batman_script
echo 'exit 0' >> $batman_script
chmod +x $batman_script
echo '[Unit]' > /etc/systemd/system/batman.service
echo 'Description=B.A.T.M.A.N. Advanced' >> /etc/systemd/system/batman.service
echo '' >> /etc/systemd/system/batman.service
echo '[Service]' >> /etc/systemd/system/batman.service
echo 'Type=oneshot' >> /etc/systemd/system/batman.service
echo "ExecStart=$batman_script start" >> /etc/systemd/system/batman.service
echo "ExecStop=$batman_script stop" >> /etc/systemd/system/batman.service
echo 'RemainAfterExit=yes' >> /etc/systemd/system/batman.service
echo '' >> /etc/systemd/system/batman.service
echo '# Allow time for the server to start/stop' >> /etc/systemd/system/batman.service
echo 'TimeoutSec=300' >> /etc/systemd/system/batman.service
echo '' >> /etc/systemd/system/batman.service
echo '[Install]' >> /etc/systemd/system/batman.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/batman.service
systemctl enable batman
if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
echo '=============================' >> /home/$MY_USERNAME/README
echo "Mesh ESSID: $ESSID" >> /home/$MY_USERNAME/README
echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'mesh_batman_bridge' >> $COMPLETION_FILE
2015-06-28 16:20:54 +02:00
}
2015-02-14 18:18:38 +01:00
function remove_instructions_from_motd {
sed -i '/## /d' /etc/motd
}
2015-01-16 20:46:15 +01:00
function check_hwrng {
2015-12-30 19:14:32 +01:00
if [[ $HWRNG_TYPE == "beaglebone" ]]; then
# If hardware random number generation was enabled then make sure that the device exists.
# if /dev/hwrng is not found then any subsequent cryptographic key generation would
# suffer from low entropy and might be insecure
if [ ! -e /dev/hwrng ]; then
ls /dev/hw*
echo $'The hardware random number generator is enabled but could not be detected on'
echo $'/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.'
exit 75
fi
fi
# If a OneRNG device was installed then verify its firmware
#check_onerng_verification
2015-01-16 20:46:15 +01:00
}
function get_mariadb_password {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "MariaDB password" /home/$MY_USERNAME/README; then
if [ -f $DATABASE_PASSWORD_FILE ]; then
MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE)
else
MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
chmod 600 $DATABASE_PASSWORD_FILE
fi
fi
fi
2015-01-16 20:46:15 +01:00
}
function get_mariadb_gnusocial_admin_password {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "MariaDB gnusocial admin password" /home/$MY_USERNAME/README; then
MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
2016-02-03 17:17:45 +01:00
if grep -q "Microblog administrator password" /home/$MY_USERNAME/README; then
MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Microblog administrator password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
2015-12-30 19:14:32 +01:00
fi
2015-01-16 20:46:15 +01:00
}
2016-02-07 20:14:40 +01:00
function get_mariadb_rss_reader_admin_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "RSS reader admin password" /home/$MY_USERNAME/README; then
RSS_READER_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "RSS reader admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
}
2015-03-18 19:38:35 +01:00
function get_mariadb_git_admin_password {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Gogs admin user password" /home/$MY_USERNAME/README; then
GIT_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Gogs admin user password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
2015-03-18 19:38:35 +01:00
}
2015-09-06 23:24:56 +02:00
function get_mariadb_hubzilla_admin_password {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "MariaDB Hubzilla admin password" /home/$MY_USERNAME/README; then
HUBZILLA_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB Hubzilla admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
2015-09-06 23:24:56 +02:00
}
2015-01-16 20:46:15 +01:00
function get_mariadb_owncloud_admin_password {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Owncloud database password" /home/$MY_USERNAME/README; then
OWNCLOUD_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Owncloud database password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
2015-01-16 20:46:15 +01:00
}
2015-02-15 16:16:06 +01:00
function create_freedns_updater {
2015-12-30 20:04:10 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
# currently inadyn doesn't work as expected with freeDNS, so this is a workaround
if grep -Fxq "create_freedns_updater" $COMPLETION_FILE; then
return
fi
if [[ $DDNS_PROVIDER != "default@freedns.afraid.org" ]]; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
FREEDNS_WGET='wget -q --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
echo '#!/bin/bash' > /usr/bin/dynamicdns
echo 'cd /tmp' >> /usr/bin/dynamicdns
if [ $DEFAULT_DOMAIN_CODE ]; then
echo "# $DEFAULT_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$DEFAULT_DOMAIN_CODE=" >> /usr/bin/dynamicdns
fi
if [ $WIKI_CODE ]; then
if [[ $WIKI_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $WIKI_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$WIKI_CODE=" >> /usr/bin/dynamicdns
fi
fi
if [ $FULLBLOG_CODE ]; then
if [[ $FULLBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $FULLBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$FULLBLOG_CODE=" >> /usr/bin/dynamicdns
fi
fi
if [ $HUBZILLA_CODE ]; then
if [[ $HUBZILLA_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $HUBZILLA_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$HUBZILLA_CODE=" >> /usr/bin/dynamicdns
fi
fi
if [ $OWNCLOUD_CODE ]; then
if [[ $OWNCLOUD_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $OWNCLOUD_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$OWNCLOUD_CODE=" >> /usr/bin/dynamicdns
fi
fi
if [ $MICROBLOG_CODE ]; then
if [[ $MICROBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $MICROBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$MICROBLOG_CODE=" >> /usr/bin/dynamicdns
fi
fi
if [ $GIT_CODE ]; then
if [[ $GIT_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $GIT_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$GIT_CODE=" >> /usr/bin/dynamicdns
fi
fi
if [ $MEDIAGOBLIN_CODE ]; then
if [[ $MEDIAGOBLIN_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $MEDIAGOBLIN_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$MEDIAGOBLIN_CODE=" >> /usr/bin/dynamicdns
fi
fi
echo 'exit 0' >> /usr/bin/dynamicdns
chmod 600 /usr/bin/dynamicdns
chmod +x /usr/bin/dynamicdns
if ! grep -q "/usr/bin/dynamicdns" /etc/crontab; then
echo '*/3 * * * * root /usr/bin/dynamicdns' >> /etc/crontab
2016-01-05 09:46:31 +01:00
systemctl restart cron
2015-12-30 19:14:32 +01:00
fi
echo 'create_freedns_updater' >> $COMPLETION_FILE
2015-02-15 16:16:06 +01:00
}
2015-01-16 20:46:15 +01:00
function backup_to_friends_servers {
2015-12-30 19:14:32 +01:00
# update crontab
echo '#!/bin/bash' > /etc/cron.daily/backuptofriends
echo "if [ -f /usr/local/bin/${PROJECT_NAME}-backup-remote ]; then" >> /etc/cron.daily/backuptofriends
echo " /usr/local/bin/${PROJECT_NAME}-backup-remote" >> /etc/cron.daily/backuptofriends
echo 'else' >> /etc/cron.daily/backuptofriends
echo " /usr/bin/${PROJECT_NAME}-backup-remote" >> /etc/cron.daily/backuptofriends
echo 'fi' >> /etc/cron.daily/backuptofriends
chmod +x /etc/cron.daily/backuptofriends
2015-01-16 20:46:15 +01:00
}
function remove_default_user {
2015-12-30 19:14:32 +01:00
# make sure you don't use the default user account
if [[ $MY_USERNAME == "debian" ]]; then
echo 'Do not use the default debian user account. Create a different user with: adduser [username]'
exit 68
fi
# remove the default debian user to prevent it from becoming an attack vector
if [ -d /home/debian ]; then
userdel -r debian
echo 'Default debian user account removed'
fi
2015-01-16 20:46:15 +01:00
}
function enforce_good_passwords {
2015-12-30 19:14:32 +01:00
# because humans are generally bad at choosing passwords
if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
return
fi
apt-get -y install libpam-cracklib
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
echo 'enforce_good_passwords' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function change_login_message {
2015-12-30 19:14:32 +01:00
if grep -Fxq "change_login_message" $COMPLETION_FILE; then
return
fi
# remove automatic motd creator if it exists
if [ -f /etc/init.d/motd ]; then
rm -f /etc/init.d/motd
fi
echo '' > /etc/motd
echo ".---. . . " >> /etc/motd
echo "| | | " >> /etc/motd
echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd
echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd
echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
echo $' M A I L B O X E D I T I O N' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
echo $' S O C I A L E D I T I O N' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
echo $' C H A T E D I T I O N' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
echo $' C L O U D E D I T I O N' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then
echo $' W R I T E R E D I T I O N ' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
echo $' M E D I A E D I T I O N' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
echo $' D E V E L O P E R E D I T I O N' >> /etc/motd
fi
echo '' >> /etc/motd
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
echo $' Freedom in the Cloud' >> /etc/motd
else
echo $' Freedom in the Mesh' >> /etc/motd
fi
echo '' >> /etc/motd
echo 'change_login_message' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function search_for_attached_usb_drive {
2015-12-30 19:14:32 +01:00
# If a USB drive is attached then search for email,
# gpg, ssh keys and emacs configuration
if grep -Fxq "search_for_attached_usb_drive" $COMPLETION_FILE; then
return
fi
if [ -b $USB_DRIVE ]; then
if [ ! -d $USB_MOUNT ]; then
echo $'Mounting USB drive'
mkdir $USB_MOUNT
mount $USB_DRIVE $USB_MOUNT
fi
if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
if [ -d $USB_MOUNT/Maildir ]; then
echo $'Maildir found on USB drive'
IMPORT_MAILDIR=$USB_MOUNT/Maildir
fi
if [ -d $USB_MOUNT/.gnupg ]; then
echo $'Importing GPG keyring'
cp -r $USB_MOUNT/.gnupg /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
GPG_KEYS_IMPORTED="yes"
if [ ! -f /home/$MY_USERNAME/.gnupg/secring.gpg ]; then
echo $'GPG files did not copy'
exit 73529
fi
fi
if [ -f $USB_MOUNT/.procmailrc ]; then
echo $'Importing procmail settings'
cp $USB_MOUNT/.procmailrc /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
fi
if [ -f $USB_MOUNT/private_key.gpg ]; then
echo $'GPG private key found on USB drive'
MY_GPG_PRIVATE_KEY=$USB_MOUNT/private_key.gpg
fi
if [ -f $USB_MOUNT/public_key.gpg ]; then
echo $'GPG public key found on USB drive'
MY_GPG_PUBLIC_KEY=$USB_MOUNT/public_key.gpg
fi
fi
if [ -d $USB_MOUNT/prosody ]; then
if [ ! -d $XMPP_DIRECTORY ]; then
mkdir $XMPP_DIRECTORY
fi
cp -r $USB_MOUNT/prosody/* $XMPP_DIRECTORY
chown -R prosody:prosody $XMPP_DIRECTORY
fi
if [ -d $USB_MOUNT/.ssh ]; then
echo $'Importing ssh keys'
cp -r $USB_MOUNT/.ssh /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
# for security delete the ssh keys from the usb drive
if [ ! -f /home/$MY_USERNAME/.ssh/id_rsa ]; then
echo $'ssh files did not copy'
exit 8
fi
fi
if [ -f $USB_MOUNT/.emacs ]; then
echo $'Importing .emacs file'
cp -f $USB_MOUNT/.emacs /home/$MY_USERNAME/.emacs
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
fi
if [ -d $USB_MOUNT/.emacs.d ]; then
echo $'Importing .emacs.d directory'
cp -r $USB_MOUNT/.emacs.d /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs.d
fi
if [ -d $USB_MOUNT/ssl ]; then
echo $'Importing SSL certificates'
cp -r $USB_MOUNT/ssl/* /etc/ssl
chmod 640 /etc/ssl/certs/*
chmod 400 /etc/ssl/private/*
# change ownership of some certificates
if [ -d /etc/prosody ]; then
chown prosody:prosody /etc/ssl/private/xmpp.*
chown prosody:prosody /etc/ssl/certs/xmpp.*
fi
if [ -d /etc/dovecot ]; then
chown root:dovecot /etc/ssl/certs/dovecot.*
chown root:dovecot /etc/ssl/private/dovecot.*
fi
if [ -f /etc/ssl/private/exim.key ]; then
2016-01-01 12:42:37 +01:00
cp /etc/ssl/private/exim.key /etc/exim4
cp /etc/ssl/certs/exim.crt /etc/exim4
cp /etc/ssl/certs/exim.dhparam /etc/exim4
chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
2015-12-30 19:14:32 +01:00
fi
fi
if [ -d $USB_MOUNT/personal ]; then
echo $'Importing personal directory'
cp -r $USB_MOUNT/personal /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/personal
fi
else
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
fi
echo $'No USB drive attached'
fi
echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function remove_proprietary_repos {
2015-12-30 19:14:32 +01:00
if grep -Fxq "remove_proprietary_repos" $COMPLETION_FILE; then
return
fi
sed -i 's/ non-free//g' /etc/apt/sources.list
echo 'remove_proprietary_repos' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function change_debian_repos {
2015-12-30 19:14:32 +01:00
if grep -Fxq "change_debian_repos" $COMPLETION_FILE; then
return
fi
2016-01-11 18:06:59 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
rm -rf /var/lib/apt/lists/*
apt-get clean
sed -i "s/ftp.us.debian.org/$DEBIAN_REPO/g" /etc/apt/sources.list
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
# ensure that there is a security repo
if ! grep -q "security" /etc/apt/sources.list; then
echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib" >> /etc/apt/sources.list
echo "#deb-src http://security.debian.org/ $DEBIAN_VERSION/updates main contrib" >> /etc/apt/sources.list
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
apt-get update
apt-get -y install apt-transport-https
echo 'change_debian_repos' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function initial_setup {
2015-12-30 19:14:32 +01:00
if grep -Fxq "initial_setup" $COMPLETION_FILE; then
return
fi
2015-12-02 15:33:56 +01:00
2015-12-30 19:14:32 +01:00
apt-get -y remove --purge apache*
apt-get -y dist-upgrade
apt-get -y install ca-certificates emacs24 cpulimit
apt-get -y install cryptsetup libgfshare-bin obnam sshpass wget
2015-12-31 14:02:44 +01:00
apt-get -y install avahi-daemon avahi-utils avahi-discover
2016-01-07 17:20:04 +01:00
apt-get -y install connect-proxy
2015-01-16 20:46:15 +01:00
2016-01-04 16:01:04 +01:00
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
fi
2015-12-30 19:14:32 +01:00
echo 'initial_setup' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2016-01-07 17:20:04 +01:00
function allow_ssh_to_onion_address {
if [ ! -d /home/$MY_USERNAME/.ssh ]; then
mkdir /home/$MY_USERNAME/.ssh
fi
if [ ! -d /etc/tor ]; then
echo $'Tor not found when updating ssh'
exit 528257
fi
if ! grep -q "onion" /home/$MY_USERNAME/.ssh/config; then
echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
fi
}
2015-12-29 15:53:03 +01:00
function install_tor {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
2016-01-25 20:12:32 +01:00
if grep -Fxq "install_tor" $COMPLETION_FILE; then
return
fi
2016-01-04 15:25:07 +01:00
apt-get -y install tor
2016-01-25 20:12:32 +01:00
echo 'install_tor' >> $COMPLETION_FILE
2015-12-29 15:53:03 +01:00
}
2016-01-25 17:35:16 +01:00
function enable_ssh_via_onion {
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
2016-01-25 20:12:32 +01:00
if grep -Fxq "enable_ssh_via_onion" $COMPLETION_FILE; then
return
fi
2016-01-25 17:35:16 +01:00
apt-get -y install tor connect-proxy
if ! grep -q 'Host *.onion' /home/$MY_USERNAME/.ssh/config; then
2016-01-25 20:10:09 +01:00
if [ ! -d /home/$MY_USERNAME/.ssh ]; then
2016-01-25 17:35:16 +01:00
mkdir /home/$MY_USERNAME/.ssh
fi
echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
2016-01-27 11:40:43 +01:00
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh/config
2016-01-25 17:35:16 +01:00
fi
if ! grep -q 'Host *.onion' /root/.ssh/config; then
2016-01-25 20:10:09 +01:00
if [ ! -d /root/.ssh ]; then
2016-01-25 17:35:16 +01:00
mkdir /root/.ssh
fi
echo 'Host *.onion' >> /root/.ssh/config
echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /root/.ssh/config
fi
2016-01-25 20:12:32 +01:00
echo 'enable_ssh_via_onion' >> $COMPLETION_FILE
2016-01-25 17:35:16 +01:00
}
2015-01-16 20:46:15 +01:00
function install_editor {
2015-12-30 19:14:32 +01:00
if grep -Fxq "install_editor" $COMPLETION_FILE; then
return
fi
update-alternatives --set editor /usr/bin/emacs24
# A minimal emacs configuration
#echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
#echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
#echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs
echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
cp /home/$MY_USERNAME/.emacs /root/.emacs
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
echo 'install_editor' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function enable_backports {
2015-12-30 19:14:32 +01:00
if grep -Fxq "enable_backports" $COMPLETION_FILE; then
return
fi
if ! grep -Fxq "deb http://$DEBIAN_REPO/debian $DEBIAN_VERSION-backports main" /etc/apt/sources.list; then
echo "deb http://$DEBIAN_REPO/debian $DEBIAN_VERSION-backports main" >> /etc/apt/sources.list
fi
echo 'enable_backports' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function enable_zram {
2015-12-30 19:14:32 +01:00
if grep -Fxq "enable_zram" $COMPLETION_FILE; then
return
fi
2015-12-27 13:16:17 +01:00
2015-12-30 19:14:32 +01:00
if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
${PROJECT_NAME}-zram off
return
fi
2015-12-27 13:16:17 +01:00
2015-12-30 19:14:32 +01:00
${PROJECT_NAME}-zram on
2015-12-27 13:16:17 +01:00
2015-12-30 19:14:32 +01:00
echo 'enable_zram' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-06-13 15:20:07 +02:00
function check_onerng_verification {
2015-12-30 19:14:32 +01:00
if grep -Fxq "check_onerng_verification" $COMPLETION_FILE; then
return
fi
if [[ $HWRNG_TYPE != "onerng" ]]; then
return
fi
echo $'Checking OneRNG firmware verification'
last_onerng_validation=$(cat /var/log/syslog.1 | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
if [[ $last_onerng_validation != *"passed OK"* ]]; then
last_onerng_validation=$(cat /var/log/syslog | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
if [[ $last_onerng_validation != *"passed OK"* ]]; then
echo $last_onerng_validation
echo $'OneRNG firmware verification failed'
exit 735026
fi
fi
echo $'OneRNG firmware verification passed'
# if haveged was previously installed then remove it
apt-get -y remove haveged
echo 'check_onerng_verification' >> $COMPLETION_FILE
2015-06-13 15:20:07 +02:00
}
2015-06-13 13:00:11 +02:00
function install_onerng {
2015-12-30 19:14:32 +01:00
apt-get -y install rng-tools at python-gnupg
# Move to the installation directory
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
fi
cd $INSTALL_DIR
# Download the package
if [ ! -f $ONERNG_PACKAGE ]; then
wget $ONERNG_PACKAGE_DOWNLOAD
mv "$ONERNG_PACKAGE?raw=true" $ONERNG_PACKAGE
fi
if [ ! -f $ONERNG_PACKAGE ]; then
echo $"OneRNG package could not be downloaded"
exit 59249
fi
# Check the hash
hash=$(sha256sum $ONERNG_PACKAGE | awk -F ' ' '{print $1}')
if [[ $hash != $ONERNG_PACKAGE_HASH ]]; then
echo $"OneRNG package: $ONERNG_PACKAGE"
echo $"Hash does not match. This could indicate that the package has been tampered with."
echo $"OneRNG expected package hash: $ONERNG_PACKAGE_HASH"
echo $"OneRNG actual hash: $hash"
exit 25934
fi
# install the package
dpkg -i $ONERNG_PACKAGE
# Check that the install worked
if [ ! -f /etc/onerng.conf ]; then
echo $'OneRNG configuration file not found. The package may not have installed successfully.'
exit 42904
fi
dialog --title $"OneRNG Device" \
--msgbox $"Please plug in the OneRNG device" 6 40
# check rng-tools configuration
if ! grep -q "/dev/$ONERNG_DEVICE" /etc/default/rng-tools; then
echo "HRNGDEVICE=/dev/$ONERNG_DEVICE" >> /etc/default/rng-tools
fi
systemctl restart rng-tools
2015-06-13 13:00:11 +02:00
}
2015-01-16 20:46:15 +01:00
function random_number_generator {
2015-12-30 19:14:32 +01:00
if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# it is assumed that docker uses the random number
# generator of the host system
return
fi
# if the hrng type has not been set but /dev/hwrng is detected
if [[ $HWRNG_TYPE != "beaglebone" ]]; then
if [ -e /dev/hwrng ]; then
HWRNG_TYPE="beaglebone"
fi
fi
case $HWRNG_TYPE in
beaglebone)
apt-get -y install rng-tools
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
;;
onerng)
install_onerng
;;
*)
apt-get -y install haveged
;;
esac
echo 'random_number_generator' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_ssh {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_ssh" $COMPLETION_FILE; then
return
fi
sed -i "s/Port .*/Port $SSH_PORT/g" /etc/ssh/sshd_config
sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/X11Forwarding.*/X11Forwarding no/g' /etc/ssh/sshd_config
sed -i 's/ServerKeyBits.*/ServerKeyBits 4096/g' /etc/ssh/sshd_config
sed -i 's/TCPKeepAlive.*/TCPKeepAlive no/g' /etc/ssh/sshd_config
sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config
sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config
if ! grep -q 'DebianBanner' /etc/ssh/sshd_config; then
echo 'DebianBanner no' >> /etc/ssh/sshd_config
else
sed -i 's|DebianBanner.*|DebianBanner no|g' /etc/ssh/sshd_config
fi
if grep -q 'ClientAliveInterval' /etc/ssh/sshd_config; then
sed -i 's/ClientAliveInterval.*/ClientAliveInterval 60/g' /etc/ssh/sshd_config
else
echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config
fi
if grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config; then
sed -i 's/ClientAliveCountMax.*/ClientAliveCountMax 3/g' /etc/ssh/sshd_config
else
echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config
fi
if grep -q 'Ciphers' /etc/ssh/sshd_config; then
sed -i "s|Ciphers.*|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config
else
echo "Ciphers $SSH_CIPHERS" >> /etc/ssh/sshd_config
fi
if grep -q 'MACs' /etc/ssh/sshd_config; then
sed -i "s|MACs.*|MACs $SSH_MACS|g" /etc/ssh/sshd_config
else
echo "MACs $SSH_MACS" >> /etc/ssh/sshd_config
fi
if grep -q 'KexAlgorithms' /etc/ssh/sshd_config; then
sed -i "s|KexAlgorithms.*|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config
else
echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config
fi
apt-get -y install fail2ban
echo 'configure_ssh' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2016-01-04 11:18:46 +01:00
function configure_ssh_onion {
if grep -Fxq "configure_ssh_onion" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
2016-01-06 16:41:22 +01:00
SSH_ONION_HOSTNAME=$(add_onion_service ssh ${SSH_PORT} ${SSH_PORT})
2016-01-04 11:18:46 +01:00
if ! grep -q "ssh onion domain" $COMPLETION_FILE; then
echo "ssh onion domain:${SSH_ONION_HOSTNAME}" >> $COMPLETION_FILE
else
sed -i "s|ssh onion domain.*|ssh onion domain:${SSH_ONION_HOSTNAME}|g" $COMPLETION_FILE
fi
echo 'configure_ssh_onion' >> $COMPLETION_FILE
}
2015-01-24 19:32:32 +01:00
# see https://stribika.github.io/2015/01/04/secure-secure-shell.html
function ssh_remove_small_moduli {
2015-12-30 19:14:32 +01:00
awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
mv ~/moduli /etc/ssh/moduli
2015-01-24 19:32:32 +01:00
}
function configure_ssh_client {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_ssh_client" $COMPLETION_FILE; then
return
fi
#sed -i 's/# PasswordAuthentication.*/ PasswordAuthentication no/g' /etc/ssh/ssh_config
#sed -i 's/# ChallengeResponseAuthentication.*/ ChallengeResponseAuthentication no/g' /etc/ssh/ssh_config
sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config
if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> /etc/ssh/ssh_config
fi
sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
echo " Ciphers $SSH_CIPHERS" >> /etc/ssh/ssh_config
fi
sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
if ! grep -q "MACs " /etc/ssh/ssh_config; then
echo " MACs $SSH_MACS" >> /etc/ssh/ssh_config
fi
# Create ssh keys
if [ ! -f ~/.ssh/id_ed25519 ]; then
ssh-keygen -t ed25519 -o -a 100
fi
if [ ! -f ~/.ssh/id_rsa ]; then
ssh-keygen -t rsa -b 4096 -o -a 100
fi
ssh_remove_small_moduli
echo 'configure_ssh_client' >> $COMPLETION_FILE
2015-01-24 19:32:32 +01:00
}
2015-01-16 20:46:15 +01:00
function regenerate_ssh_keys {
2015-12-30 19:14:32 +01:00
if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE; then
return
fi
rm -f /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
ssh_remove_small_moduli
2016-01-05 09:46:31 +01:00
systemctl restart ssh
2015-12-30 19:14:32 +01:00
echo 'regenerate_ssh_keys' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_dns {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_dns" $COMPLETION_FILE; then
return
fi
echo 'domain localdomain' > /etc/resolv.conf
echo 'search localdomain' >> /etc/resolv.conf
echo "nameserver $NAMESERVER1" >> /etc/resolv.conf
echo "nameserver $NAMESERVER2" >> /etc/resolv.conf
echo 'configure_dns' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2016-01-02 11:15:43 +01:00
function set_hostname {
DEFAULT_DOMAIN_NAME="$1"
2015-08-13 14:27:06 +02:00
2015-12-30 19:14:32 +01:00
echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
hostname $DEFAULT_DOMAIN_NAME
2015-08-13 14:27:06 +02:00
2015-12-30 19:14:32 +01:00
if grep -q "127.0.1.1" /etc/hosts; then
sed -i "s/127.0.1.1.*/127.0.1.1 $DEFAULT_DOMAIN_NAME/g" /etc/hosts
else
echo "127.0.1.1 $DEFAULT_DOMAIN_NAME" >> /etc/hosts
fi
2016-01-02 11:15:43 +01:00
}
function set_your_domain_name {
if grep -Fxq "set_your_domain_name" $COMPLETION_FILE; then
return
fi
2016-01-02 11:35:00 +01:00
set_hostname $DEFAULT_DOMAIN_NAME
2016-01-02 11:15:43 +01:00
2015-12-30 19:14:32 +01:00
echo 'set_your_domain_name' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function time_synchronisation {
2015-12-30 19:14:32 +01:00
# mesh peers typically don't sync over the internet
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
2015-11-29 23:04:36 +01:00
2015-12-30 19:14:32 +01:00
if [ -f /usr/local/bin/${PROJECT_NAME}-update-date ]; then
cp /usr/local/bin/${PROJECT_NAME}-update-date /usr/bin/updatedate
else
cp /usr/bin/${PROJECT_NAME}-update-date /usr/bin/updatedate
fi
chmod +x /usr/bin/updatedate
2015-12-07 10:47:33 +01:00
2015-12-30 19:14:32 +01:00
if grep -Fxq "time_synchronisation" $COMPLETION_FILE; then
return
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
apt-get -y install tlsdate
apt-get -y remove ntpdate
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
echo '*/15 * * * * root /usr/bin/updatedate' >> /etc/crontab
2016-01-05 09:46:31 +01:00
systemctl restart cron
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
echo 'time_synchronisation' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_firewall {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -P INPUT ACCEPT
ip6tables -P INPUT ACCEPT
iptables -F
ip6tables -F
iptables -t nat -F
ip6tables -t nat -F
iptables -X
ip6tables -X
iptables -P INPUT DROP
ip6tables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Make sure incoming tcp connections are SYN packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# Drop packets with incoming fragments
iptables -A INPUT -f -j DROP
# Drop bogons
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# Incoming malformed NULL packets:
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
echo 'configure_firewall' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-08-17 14:17:28 +02:00
function configure_firewall_ping {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then
return
fi
# Only allow ping for mesh installs
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
save_firewall_settings
echo 'configure_firewall_ping' >> $COMPLETION_FILE
2015-08-17 14:17:28 +02:00
}
2015-01-25 15:46:46 +01:00
function configure_firewall_for_voip {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
2015-01-25 15:46:46 +01:00
}
2015-11-01 23:23:57 +01:00
function configure_firewall_for_sip {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_sip" $COMPLETION_FILE; then
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_sip' >> $COMPLETION_FILE
2015-11-01 23:23:57 +01:00
}
2015-09-30 11:20:47 +02:00
function configure_firewall_for_ipfs {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
2015-09-30 11:20:47 +02:00
}
2015-08-09 16:35:23 +02:00
function configure_firewall_for_avahi {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
return
fi
iptables -A INPUT -p tcp --dport 548 -j ACCEPT
iptables -A INPUT -p udp --dport 548 -j ACCEPT
iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
iptables -A INPUT -p udp --dport 5353 -j ACCEPT
iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
iptables -A INPUT -p udp --dport 5354 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
2015-08-09 16:35:23 +02:00
}
2015-01-16 20:46:15 +01:00
function configure_firewall_for_cjdns {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_CJDNS != "yes" ]]; then
return
fi
ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-07-19 15:41:51 +02:00
function configure_firewall_for_batman {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BATMAN != "yes" ]]; then
return
fi
2015-08-09 15:34:57 +02:00
2015-12-30 19:14:32 +01:00
save_firewall_settings
echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
2015-07-19 15:41:51 +02:00
}
2015-07-21 23:50:17 +02:00
function configure_firewall_for_babel {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_babel" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BABEL != "yes" ]]; then
return
fi
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $BABEL_PORT -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_babel' >> $COMPLETION_FILE
2015-07-21 23:50:17 +02:00
}
2015-08-24 09:14:13 +02:00
function configure_firewall_for_zeronet {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE
2015-08-24 09:14:13 +02:00
}
2015-01-16 20:46:15 +01:00
function configure_firewall_for_dlna {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
return
fi
iptables -A INPUT -p udp --dport 1900 -j ACCEPT
iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_firewall_for_dns {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_firewall_for_xmpp {
2015-12-30 19:14:32 +01:00
if [ ! -d /etc/prosody ]; then
return
fi
if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_firewall_for_irc {
2015-12-30 19:14:32 +01:00
if [ ! -d /etc/ngircd ]; then
return
fi
if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT
iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_firewall_for_ftp {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -I INPUT -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_firewall_for_web_access {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_firewall_for_web_server {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-07-11 11:31:18 +02:00
function configure_firewall_for_tox {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
2015-07-11 11:31:18 +02:00
}
2015-01-16 20:46:15 +01:00
function configure_firewall_for_ssh {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_firewall_for_git {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_firewall_for_email {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
2016-01-06 17:11:15 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_email' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_internet_protocol {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
if ! grep -q "ignore pings" /etc/sysctl.conf; then
echo '# ignore pings' >> /etc/sysctl.conf
echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
fi
if ! grep -q "disable ipv6" /etc/sysctl.conf; then
echo '# disable ipv6' >> /etc/sysctl.conf
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
fi
if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then
echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
fi
if ! grep -q "keepalive" /etc/sysctl.conf; then
echo '# keepalive' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
fi
echo 'configure_internet_protocol' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_email {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "configure_email" $COMPLETION_FILE; then
return
fi
apt-get -y remove postfix
2016-01-02 11:15:43 +01:00
apt-get -y install exim4 sasl2-bin swaks libnet-ssleay-perl procmail xinetd
2015-12-30 19:14:32 +01:00
if [ ! -d /etc/exim4 ]; then
echo $"ERROR: Exim does not appear to have installed. $CHECK_MESSAGE"
exit 48
fi
2016-01-06 16:37:16 +01:00
onion_service_name='email'
if [ ! -d /var/lib/tor ]; then
echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured."
exit 877367
fi
if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc
echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
echo 'HiddenServicePort 993 127.0.0.1:993' >> /etc/tor/torrc
echo $"Added onion site for ${onion_service_name}"
fi
systemctl restart tor
2016-01-07 10:40:00 +01:00
wait_for_onion_service ${onion_service_name}
2016-01-06 16:37:16 +01:00
if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
echo $"${onion_service_name} onion site hostname not found"
exit 76362
fi
EMAIL_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
2016-01-02 11:15:43 +01:00
if [[ $ONION_ONLY != "no" ]]; then
2016-01-02 11:35:00 +01:00
set_hostname ${EMAIL_ONION_HOSTNAME}
2016-01-02 11:15:43 +01:00
MY_EMAIL_ADDRESS=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}
fi
if ! grep -q "Email onion domain" $COMPLETION_FILE; then
echo "Email onion domain:${EMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
else
sed -i "s|Email onion domain.*|Email onion domain:${EMAIL_ONION_HOSTNAME}|g" $COMPLETION_FILE
fi
2016-01-09 14:29:34 +01:00
# see https://github.com/petterreinholdtsen/exim4-smtorp
echo '# tor stuff first' > /etc/exim4/conf.d/router/100_exim4-smtorp
echo '#' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo '# if were submitting mail *from* a .tor/.onion address,' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo '# make sure any header lines that may give us away is' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo '# stripped out, and add a new, cryptic Message-ID.' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo '# In address_data we store the name we should HELO as.' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo 'tor_to_any:' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' debug_print = "R: manualroute from .onion to $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' condition = ${if match {$sender_address_domain}{\N.*\.(onion|tor)$\N}}' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' address_data = $sender_address_domain' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' route_list = * localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' headers_remove = Received:Message-ID:X-Mailer:User-Agent' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' headers_add = Message-ID: <${lc:${sha1:$message_id}}@$sender_address_domain>' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo '' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo '# this catches the case where were submitting mail' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo '# from a regular email address where we dont need to' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo '# rewrite any headers' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo 'any_to_tor:' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' debug_print = "R: manualroute for $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' route_list = *.onion localhost ; *.tor localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo ' address_data = $smtp_active_hostname' >> /etc/exim4/conf.d/router/100_exim4-smtorp
echo 'remote_smtp_onion:' > /etc/exim4/conf.d/transport/100_exim4-smtorp
echo ' debug_print = "T: remote_smtp_onion for $local_part@$original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo ' driver = smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo ' # set helo_data to where we want to connect to,' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo ' # for the proxy program tor-smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo ' helo_data = "$address_data $original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo ' # wherever we configured our script at' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo ' port = 12668' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo ' # cannot use TLS otherwise it will EHLO again!!' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
echo ' hosts_avoid_tls = *' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
2016-01-02 11:15:43 +01:00
2016-01-04 16:01:04 +01:00
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
fi
2016-01-02 11:15:43 +01:00
cd $INSTALL_DIR
2016-01-26 17:20:06 +01:00
git_clone $EXIM_ONION_REPO $INSTALL_DIR/exim4-smtorp
2016-01-02 11:15:43 +01:00
cd $INSTALL_DIR/exim4-smtorp/tor-smtp
make
if [ ! -f $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp ]; then
echo $'Unable to make tor smtp transport'
exit 52629
fi
if [ ! -d /usr/lib/exim4-smtorp ]; then
mkdir /usr/lib/exim4-smtorp
fi
cp $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp /usr/lib/exim4-smtorp/tor-smtp
if [ ! -f /usr/lib/exim4-smtorp/tor-smtp ]; then
echo $'Unable to copy tor-smtp'
exit 83503
fi
cp $INSTALL_DIR/exim4-smtorp/xinetd /etc/xinetd.d/tor-smtp
if [ ! -f /etc/xinetd.d/tor-smtp ]; then
echo $'Unable to copy to xinetd.d'
exit 835954
fi
systemctl restart xinetd
2015-12-30 19:14:32 +01:00
# configure for Maildir format
sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs
sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs
if ! grep -q "export MAIL" /etc/profile; then
echo 'export MAIL=~/Maildir' >> /etc/profile
fi
sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login
sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd
sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su
echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf
2016-01-02 11:35:00 +01:00
if [[ $ONION_ONLY == "no" ]]; then
# both ICANN and onion domains
echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf
else
2016-01-09 14:29:34 +01:00
echo "dc_other_hostnames='${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf
2016-01-02 11:35:00 +01:00
fi
2015-12-30 19:14:32 +01:00
echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf
RELAY_NETS='192.168.1.0/24'
if [ $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
RELAY_NETS=$(echo $LOCAL_NETWORK_STATIC_IP_ADDRESS | awk -F '.' '{print $1 "." $2 "." $3 ".0/24"}')
fi
echo "dc_relay_nets='$RELAY_NETS'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf
echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf
update-exim4.conf
sed -i "s/START=no/START=yes/g" /etc/default/saslauthd
2016-01-02 11:15:43 +01:00
systemctl start saslauthd
2015-12-30 19:14:32 +01:00
# make a tls certificate for email
if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
${PROJECT_NAME}-addcert -h exim --dhkey $DH_KEYLENGTH
check_certificates exim
fi
cp /etc/ssl/private/exim.key /etc/exim4
cp /etc/ssl/certs/exim.crt /etc/exim4
cp /etc/ssl/certs/exim.dhparam /etc/exim4
chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template
sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DEFAULT_DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template
sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4
if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then
sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template
fi
adduser $MY_USERNAME sasl
addgroup Debian-exim sasl
2016-01-02 11:15:43 +01:00
systemctl restart exim4
2015-12-30 19:14:32 +01:00
if [ ! -d /etc/skel/Maildir ]; then
mkdir -m 700 /etc/skel/.mutt
mkdir -m 700 /etc/skel/Maildir
mkdir -m 700 /etc/skel/Maildir/new
mkdir -m 700 /etc/skel/Maildir/cur
mkdir -m 700 /etc/skel/Maildir/Sent
mkdir -m 700 /etc/skel/Maildir/Sent/tmp
mkdir -m 700 /etc/skel/Maildir/Sent/cur
mkdir -m 700 /etc/skel/Maildir/Sent/new
mkdir -m 700 /etc/skel/Maildir/.learn-spam
mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur
mkdir -m 700 /etc/skel/Maildir/.learn-spam/new
mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp
mkdir -m 700 /etc/skel/Maildir/.learn-ham
mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur
mkdir -m 700 /etc/skel/Maildir/.learn-ham/new
mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp
ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam
ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham
fi
if [ ! -d /home/$MY_USERNAME/Maildir ]; then
mkdir -m 700 /home/$MY_USERNAME/.mutt
mkdir -m 700 /home/$MY_USERNAME/Maildir
mkdir -m 700 /home/$MY_USERNAME/Maildir/cur
mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp
mkdir -m 700 /home/$MY_USERNAME/Maildir/new
mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent
mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur
mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp
mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp
ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam
ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
fi
echo 'configure_email' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function create_procmail {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "create_procmail" $COMPLETION_FILE; then
return
fi
if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then
echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc
echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc
echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc
echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
fi
if [ ! -f /etc/skel/.procmailrc ]; then
cp /home/$MY_USERNAME/.procmailrc /etc/skel/.procmailrc
chown root:root /etc/skel/.procmailrc
fi
echo 'create_procmail' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function spam_filtering {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "spam_filtering" $COMPLETION_FILE; then
return
fi
apt-get -y install exim4-daemon-heavy
apt-get -y install spamassassin
2016-01-04 17:01:31 +01:00
if [ ! -f /etc/default/spamassassin ]; then
echo 'Spamassassin was not installed'
exit 72570
fi
2016-01-05 17:01:31 +01:00
sa-update -v
2015-12-30 19:14:32 +01:00
sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin
sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template
# This configuration is based on https://wiki.debian.org/DebianSpamAssassin
sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
# procmail configuration
echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc
echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc
echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc
echo '| spamc' >> /home/$MY_USERNAME/.procmailrc
echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc
echo ':0' >> /home/$MY_USERNAME/.procmailrc
echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc
echo ':0' >> /home/$MY_USERNAME/.procmailrc
echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
echo 'maybe-spam/' >> /home/$MY_USERNAME/.procmailrc
echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc
echo ':0' >> /home/$MY_USERNAME/.procmailrc
echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc
echo 'spam/' >> /home/$MY_USERNAME/.procmailrc
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
echo '# get spamassassin to check emails' >> /etc/skel/.procmailrc
echo ':0fw: .spamassassin.lock' >> /etc/skel/.procmailrc
echo ' * < 256000' >> /etc/skel/.procmailrc
echo '| spamc' >> /etc/skel/.procmailrc
echo '# strong spam are discarded' >> /etc/skel/.procmailrc
echo ':0' >> /etc/skel/.procmailrc
echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /etc/skel/.procmailrc
echo '/dev/null' >> /etc/skel/.procmailrc
echo '# weak spam are kept just in case - clear this out every now and then' >> /etc/skel/.procmailrc
echo ':0' >> /etc/skel/.procmailrc
echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /etc/skel/.procmailrc
echo 'maybe-spam/' >> /etc/skel/.procmailrc
echo '# otherwise, marginal spam goes here for revision' >> /etc/skel/.procmailrc
echo ':0' >> /etc/skel/.procmailrc
echo ' * ^X-Spam-Level: \*\*' >> /etc/skel/.procmailrc
echo 'spam/' >> /etc/skel/.procmailrc
# filtering scripts
echo '#!/bin/bash' > /usr/bin/filterspam
echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam
echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam
2016-02-01 11:05:29 +01:00
echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" ]]; then' >> /usr/bin/filterspam
2015-12-30 19:14:32 +01:00
echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
echo ' exit' >> /usr/bin/filterspam
echo ' fi' >> /usr/bin/filterspam
echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam
echo ' do' >> /usr/bin/filterspam
echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam
echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam
echo ' done' >> /usr/bin/filterspam
echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam
echo ' do' >> /usr/bin/filterspam
echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam
echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam
echo ' done' >> /usr/bin/filterspam
echo ' fi' >> /usr/bin/filterspam
echo 'done' >> /usr/bin/filterspam
echo 'exit 0' >> /usr/bin/filterspam
echo '#!/bin/bash' > /usr/bin/filterham
echo 'for d in /home/*/ ; do' >> /usr/bin/filterham
echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham
2016-02-01 11:05:29 +01:00
echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" ]]; then' >> /usr/bin/filterham
2015-12-30 19:14:32 +01:00
echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
echo ' exit' >> /usr/bin/filterham
echo ' fi' >> /usr/bin/filterham
echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham
echo ' do' >> /usr/bin/filterham
echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham
echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham
echo ' done' >> /usr/bin/filterham
echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterham
echo ' do' >> /usr/bin/filterham
echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham
echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham
echo ' done' >> /usr/bin/filterham
echo ' fi' >> /usr/bin/filterham
echo 'done' >> /usr/bin/filterham
echo 'exit 0' >> /usr/bin/filterham
if ! grep -q "filterspam" /etc/crontab; then
echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam" >> /etc/crontab
fi
if ! grep -q "filterham" /etc/crontab; then
echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham" >> /etc/crontab
fi
chmod 655 /usr/bin/filterspam /usr/bin/filterham
sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf
sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf
# user preferences
if [ ! -d /home/$MY_USERNAME/.spamassassin ]; then
mkdir /home/$MY_USERNAME/.spamassassin
echo $'# How many points before a mail is considered spam.' > /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# required_score 5' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# Whitelist and blacklist addresses are now file-glob-style patterns, so' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# whitelist_from someone@somewhere.com' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# Add your own customised scores for some tests below. The default scores are' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# read from the installed spamassassin rules files, but you can override them' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# here. To see the list of tests and their default scores, go to' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# http://spamassassin.apache.org/tests.html .' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '#' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# score SYMBOLIC_TEST_NAME n.nn' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# definitely want to uncomment the following lines. They will switch off some' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# rules that detect 8-bit characters, which commonly trigger on mails using CJK' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# character sets, or that assume a western-style charset is in use. ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# score HTML_COMMENT_8BITS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# score UPPERCASE_25_50 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# score UPPERCASE_50_75 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# score UPPERCASE_75_100 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# score OBSCURED_EMAIL 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# Speakers of any language that uses non-English, accented characters may wish' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# to uncomment the following lines. They turn off rules that fire on' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# misformatted messages generated by common mail apps in contravention of the' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo $'# email RFCs.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
echo '# score SUBJ_ILLEGAL_CHARS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
fi
# this must be accessible by root
chown -R $MY_USERNAME:root /home/$MY_USERNAME/.spamassassin
2016-01-04 17:01:31 +01:00
systemctl restart spamassassin
systemctl restart exim4
systemctl restart cron
2015-12-30 19:14:32 +01:00
echo 'spam_filtering' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_imap {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "configure_imap" $COMPLETION_FILE; then
return
fi
dpkg -P dovecot-imapd
dpkg -P dovecot-core
apt-get -y install dovecot-imapd
if [ ! -d /etc/dovecot ]; then
echo $"ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE"
exit 48
fi
if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then
${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
check_certificates dovecot
fi
chown root:dovecot /etc/ssl/certs/dovecot.*
chown root:dovecot /etc/ssl/private/dovecot.*
if [ ! -f /etc/dovecot/conf.d/10-ssl.conf ]; then
echo $'Unable to find /etc/dovecot/conf.d/10-ssl.conf'
exit 83629
fi
sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|ssl = no|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|#ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = 2048|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|#ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
echo "ssl_cipher_list = '$SSL_CIPHERS'" >> /etc/dovecot/conf.d/10-ssl.conf
if [ ! -f /etc/dovecot/conf.d/10-master.conf ]; then
echo $'Unable to find /etc/dovecot/conf.d/10-master.conf'
exit 49259
fi
sed -i 's/#process_limit =.*/process_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
sed -i 's/#default_client_limit.*/default_client_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
if [ ! -f /etc/dovecot/conf.d/10-logging.conf ]; then
echo $'Unable to find /etc/dovecot/conf.d/10-logging.conf'
exit 48936
fi
sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
if [ ! -f /etc/dovecot/dovecot.conf ]; then
echo $'Unable to find /etc/dovecot/dovecot.conf'
exit 43890
fi
sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf
if [ ! -f /etc/dovecot/conf.d/10-auth.conf ]; then
echo $'Unable to find /etc/dovecot/conf.d/10-auth.conf'
exit 843256
fi
sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
if [ ! -f /etc/dovecot/conf.d/10-mail.conf ]; then
echo $'Unable to find /etc/dovecot/conf.d/10-mail.conf'
exit 42036
fi
sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
# This long notify interval makes the system more suited for use with
# battery powered mobile devices
sed -i 's|#imap_idle_notify_interval =.*|imap_idle_notify_interval = 29|g' /etc/dovecot/conf.d/20-imap.conf
if [ -f /var/lib/dovecot/ssl-parameters.dat ]; then
rm /var/lib/dovecot/ssl-parameters.dat
fi
2016-01-05 09:46:31 +01:00
systemctl restart dovecot
2015-12-30 19:14:32 +01:00
echo 'configure_imap' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-06-17 20:28:08 +02:00
function configure_imap_client_certs {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "configure_imap_client_certs" $COMPLETION_FILE; then
return
fi
# http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf
sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
sed -i "s|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf
if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
echo '' >> /etc/dovecot/conf.d/10-auth.conf
echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf
echo ' driver = passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
echo ' args = /etc/dovecot/passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
echo ' deny = no' >> /etc/dovecot/conf.d/10-auth.conf
echo ' master = no' >> /etc/dovecot/conf.d/10-auth.conf
echo ' pass = no' >> /etc/dovecot/conf.d/10-auth.conf
echo '}' >> /etc/dovecot/conf.d/10-auth.conf
fi
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
# make a CA cert
if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
else
2016-01-08 12:18:52 +01:00
${PROJECT_NAME}-addcert -e $DEFAULT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --ca "" --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
2015-12-30 19:54:31 +01:00
fi
2015-12-30 19:14:32 +01:00
fi
fi
# CA configuration
echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf
echo '' >> /etc/ssl/dovecot-ca.cnf
echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf
echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf
echo '' >> /etc/ssl/dovecot-ca.cnf
echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf
echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf
echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf
echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf
echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf
echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf
echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf
echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
echo '' >> /etc/ssl/dovecot-ca.cnf
echo '[ dovecot-ca_policy ]' >> /etc/ssl/dovecot-ca.cnf
echo 'commonName = supplied' >> /etc/ssl/dovecot-ca.cnf
echo 'stateOrProvinceName = supplied' >> /etc/ssl/dovecot-ca.cnf
echo 'countryName = supplied' >> /etc/ssl/dovecot-ca.cnf
echo 'emailAddress = optional' >> /etc/ssl/dovecot-ca.cnf
echo 'organizationName = supplied' >> /etc/ssl/dovecot-ca.cnf
echo 'organizationalUnitName = optional' >> /etc/ssl/dovecot-ca.cnf
echo '' >> /etc/ssl/dovecot-ca.cnf
echo '[ dovecot-ca_extensions ]' >> /etc/ssl/dovecot-ca.cnf
echo 'basicConstraints = CA:false' >> /etc/ssl/dovecot-ca.cnf
echo 'subjectKeyIdentifier = hash' >> /etc/ssl/dovecot-ca.cnf
echo 'authorityKeyIdentifier = keyid:always' >> /etc/ssl/dovecot-ca.cnf
echo 'keyUsage = digitalSignature,keyEncipherment' >> /etc/ssl/dovecot-ca.cnf
echo 'extendedKeyUsage = clientAuth' >> /etc/ssl/dovecot-ca.cnf
if [ -f /etc/ssl/ssldb ]; then
rm /etc/ssl/ssldb
fi
if [ -f /etc/ssl/sslserial ]; then
rm /etc/ssl/sslserial
fi
touch /etc/ssl/ssldb
echo 0001 > /etc/ssl/sslserial
#${PROJECT_NAME}-clientcert -u $MY_USERNAME
2016-01-05 09:46:31 +01:00
systemctl restart dovecot
2015-12-30 19:14:32 +01:00
echo 'configure_imap_client_certs' >> $COMPLETION_FILE
2015-06-17 20:28:08 +02:00
}
2015-09-19 12:47:20 +02:00
function create_gpg_subkey {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "create_gpg_subkey" $COMPLETION_FILE; then
return
fi
apt-get -y install gnupg
GPG_KEY_USAGE=$1
if [[ $GPG_KEY_USAGE != "sign" && $GPG_KEY_USAGE != "auth" && $GPG_KEY_USAGE != "encrypt" ]]; then
echo $"Unknown subkey usage: $GPG_KEY_USAGE"
echo $'Available types: sign|auth|encrypt'
exit 14783
fi
KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g')
# Generate a GPG subkey
# Here a 2048bit length is used to be compatible with yubikey
echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
echo "Key-Grip: $KEYGRIP" > /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Length: 2048' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
echo 'create_gpg_subkey' >> $COMPLETION_FILE
2015-09-19 12:47:20 +02:00
}
2015-06-17 20:28:08 +02:00
2015-11-30 12:14:11 +01:00
function gpg_key_exists {
2015-12-30 19:14:32 +01:00
key_owner_username=$1
key_search_text=$2
if [[ $key_owner_username != "root" ]]; then
KEY_EXISTS=$(su -c "gpg --list-keys \"${key_search_text}\"" - $key_owner_username)
else
KEY_EXISTS=$(gpg --list-keys "${key_search_text}")
fi
if [ ! "$KEY_EXISTS" ]; then
echo "no"
return
fi
if [ "$KEY_EXISTS" == *"error"* ]; then
echo "no"
return
fi
echo "yes"
2015-11-30 12:14:11 +01:00
}
2015-11-30 12:29:10 +01:00
function gpg_pubkey_from_email {
2015-12-30 19:14:32 +01:00
key_owner_username=$1
key_email_address=$2
key_id=
if [[ $key_owner_username != "root" ]]; then
key_id=$(su -c "gpg --list-keys $key_email_address | grep 'pub '" - $key_owner_username | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
else
key_id=$(gpg --list-keys $key_email_address | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
fi
echo $key_id
2015-11-30 12:29:10 +01:00
}
2015-01-16 20:46:15 +01:00
function configure_gpg {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "configure_gpg" $COMPLETION_FILE; then
return
fi
apt-get -y install gnupg
gpg_dir=/home/$MY_USERNAME/.gnupg
# if gpg keys directory was previously imported from usb
if [[ $GPG_KEYS_IMPORTED == "yes" && -d $gpg_dir ]]; then
echo $'GPG keys were imported'
sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $'GPG public key ID could not be obtained'
fi
chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
chmod 700 $gpg_dir
chmod 600 $gpg_dir/*
echo 'configure_gpg' >> $COMPLETION_FILE
return
fi
if [ ! -d $gpg_dir ]; then
mkdir $gpg_dir
echo "keyserver $GPG_KEYSERVER" >> $gpg_dir/gpg.conf
echo 'keyserver-options auto-key-retrieve' >> $gpg_dir/gpg.conf
fi
sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
if ! grep -q "# default preferences" $gpg_dir/gpg.conf; then
echo '' >> $gpg_dir/gpg.conf
echo '# default preferences' >> $gpg_dir/gpg.conf
echo 'personal-digest-preferences SHA256' >> $gpg_dir/gpg.conf
echo 'cert-digest-algo SHA256' >> $gpg_dir/gpg.conf
echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> $gpg_dir/gpg.conf
fi
chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
chmod 700 $gpg_dir
chmod 600 $gpg_dir/*
if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then
echo $'Importing GPG keys from file'
echo $"Public key: $MY_GPG_PUBLIC_KEY"
echo $"Private key: $MY_GPG_PRIVATE_KEY"
# use your existing GPG keys which were exported
if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found"
exit 2483
fi
if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found"
exit 5383
fi
su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [[ $KEY_EXISTS == "no" ]]; then
echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported"
exit 13821
fi
# for security ensure that the private key file doesn't linger around
shred -zu $MY_GPG_PRIVATE_KEY
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $'GPG public key ID could not be obtained'
fi
else
# Generate a GPG key
echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
echo $'Generating a new GPG key'
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [[ $KEY_EXISTS == "no" ]]; then
echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
exit 6362
fi
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $'GPG public key ID could not be obtained'
fi
MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
if grep -q "configure_email" $COMPLETION_FILE; then
if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Change your GPG password' >> /home/$MY_USERNAME/README
echo '========================' >> /home/$MY_USERNAME/README
echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
echo $'You can change the it with:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
echo ' passwd' >> /home/$MY_USERNAME/README
echo ' save' >> /home/$MY_USERNAME/README
echo ' quit' >> /home/$MY_USERNAME/README
fi
if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Publish your GPG public key' >> /home/$MY_USERNAME/README
echo '===========================' >> /home/$MY_USERNAME/README
echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
fi
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
fi
echo 'configure_gpg' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-09-20 14:19:33 +02:00
function configure_backup_key {
2015-12-30 19:14:32 +01:00
if grep -Fxq "configure_backup_key" $COMPLETION_FILE; then
return
fi
apt-get -y install gnupg
BACKUP_KEY_EXISTS=$(gpg_key_exists "root" "$MY_NAME (backup key)")
if [[ $BACKUP_KEY_EXISTS == "yes" ]]; then
return
fi
# Generate a GPG key for backups
BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
echo $'Backup key does not exist. Creating it.'
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
echo $'Checking that the Backup key was created'
BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
echo $'Backup key could not be created'
exit 43382
fi
fi
MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
echo "Backup key: $MY_BACKUP_KEY_ID"
MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
su -c "gpg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
su -c "gpg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
echo 'Public backup key could not be exported'
exit 36829
fi
if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then
echo 'Private backup key could not be exported'
exit 29235
fi
# import backup key to root user
gpg --import --import ${MY_BACKUP_KEY}_public.asc
gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
shred -zu ${MY_BACKUP_KEY}_public.asc
shred -zu ${MY_BACKUP_KEY}_private.asc
echo 'configure_backup_key' >> $COMPLETION_FILE
2015-09-20 14:19:33 +02:00
}
2015-01-16 20:46:15 +01:00
function encrypt_incoming_email {
2015-12-30 19:14:32 +01:00
# encrypts incoming mail using your GPG public key
# so even if an attacker gains access to the data at rest they still need
# to know your GPG key password to be able to read anything
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
# update to the next commit
if [ -f /usr/bin/gpgit.pl ]; then
if grep -q "gpgit commit" $COMPLETION_FILE; then
CURRENT_GPGIT_COMMIT=$(grep "gpgit commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_GPGIT_COMMIT" != "$GPGIT_COMMIT" ]]; then
cd $INSTALL_DIR/gpgit
2016-01-27 11:53:03 +01:00
git_pull $GPGIT_REPO $GPGIT_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/gpgit commit.*/gpgit commit:$GPGIT_COMMIT/g" $COMPLETION_FILE
cp gpgit.pl /usr/bin/gpgit.pl
fi
else
echo "gpgit commit:$GPGIT_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then
return
fi
if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
return
fi
if [ ! -f /usr/bin/gpgit.pl ]; then
apt-get -y install git libmail-gnupg-perl
cd $INSTALL_DIR
2016-01-26 17:20:06 +01:00
git_clone $GPGIT_REPO $INSTALL_DIR/gpgit
2015-12-30 19:14:32 +01:00
cd $INSTALL_DIR/gpgit
git checkout $GPGIT_COMMIT -b $GPGIT_COMMIT
if ! grep -q "gpgit commit" $COMPLETION_FILE; then
echo "gpgit commit:$GPGIT_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/gpgit commit.*/gpgit commit:$GPGIT_COMMIT/g" $COMPLETION_FILE
fi
cp gpgit.pl /usr/bin
fi
# add a procmail rule
if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
echo '' >> /home/$MY_USERNAME/.procmailrc
echo ':0 f' >> /home/$MY_USERNAME/.procmailrc
echo "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
echo '' >> /etc/skel/.procmailrc
echo ':0 f' >> /etc/skel/.procmailrc
echo -n '| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $USER@' >> /etc/skel/.procmailrc
echo "$DEFAULT_DOMAIN_NAME" >> /etc/skel/.procmailrc
fi
echo 'encrypt_incoming_email' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function encrypt_outgoing_email {
2015-12-30 19:14:32 +01:00
# encrypts outgoing mail using your GPG public key
# so even if an attacker gains access to the data at rest they still need
# to know your GPG key password to be able to read sent mail
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then
return
fi
if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
return
fi
if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
return
fi
if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
return
fi
# obtain your public key ID
if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
2016-01-05 09:46:31 +01:00
if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
2015-12-30 19:14:32 +01:00
return
fi
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
return
fi
fi
if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
echo '' >> /home/$MY_USERNAME/.muttrc
echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
else
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
fi
if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
else
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
fi
echo 'encrypt_outgoing_email' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function encrypt_all_email {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
return
fi
if [ -f /usr/local/bin/${PROJECT_NAME}-encrypt-mail ]; then
cp /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
else
cp /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
fi
chmod +x /usr/bin/encmaildir
if grep -Fxq "encrypt_all_email" $COMPLETION_FILE; then
return
fi
if [ ! /home/$MY_USERNAME/README ]; then
touch /home/$MY_USERNAME/README
fi
if ! grep -q $"If you have imported legacy email which is not encrypted" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Encrypting legacy email' >> /home/$MY_USERNAME/README
echo '=======================' >> /home/$MY_USERNAME/README
echo $'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME/README
echo $'then it can be encrypted with the command:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo ' encmaildir' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME/README
echo $'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME/README
echo $'and may be better done on a faster machine.' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'encrypt_all_email' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function email_client {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "email_client" $COMPLETION_FILE; then
return
fi
apt-get -y install mutt-patched lynx abook
if [ ! -f /etc/Muttrc ]; then
echo $"ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE"
exit 49
fi
if [ ! -d /home/$MY_USERNAME/.mutt ]; then
mkdir /home/$MY_USERNAME/.mutt
fi
echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘ ’
cp /home/$MY_USERNAME/.mutt/mailcap /etc/skel/.mutt
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
chown -R root:root /etc/skel/.mutt
echo 'set mbox_type=Maildir' >> /etc/Muttrc
echo 'set folder="~/Maildir"' >> /etc/Muttrc
echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc
echo 'set mbox="~/Maildir"' >> /etc/Muttrc
echo 'set record="+Sent"' >> /etc/Muttrc
echo 'set postponed="+Drafts"' >> /etc/Muttrc
echo 'set trash="+Trash"' >> /etc/Muttrc
echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc
echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc
echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /etc/Muttrc
echo 'set header_cache="+.cache"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo 'macro index S "<tag-prefix><decode-save>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
echo 'macro pager S "<decode-save>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
echo 'macro index H "<tag-prefix><decode-copy>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
echo 'macro pager H "<decode-copy>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# set up the sidebar' >> /etc/Muttrc
echo 'set sidebar_width=22' >> /etc/Muttrc
echo 'set sidebar_visible=yes' >> /etc/Muttrc
echo "set sidebar_delim='|'" >> /etc/Muttrc
echo 'set sidebar_sort=yes' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo 'set rfc2047_parameters' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# Show inbox and sent items' >> /etc/Muttrc
echo 'mailboxes = =Sent =maybe-spam =spam' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc
echo 'color sidebar_new yellow default' >> /etc/Muttrc
echo 'color normal white default' >> /etc/Muttrc
echo 'color hdrdefault brightcyan default' >> /etc/Muttrc
echo 'color signature green default' >> /etc/Muttrc
echo 'color attachment brightyellow default' >> /etc/Muttrc
echo 'color quoted green default' >> /etc/Muttrc
echo 'color quoted1 white default' >> /etc/Muttrc
echo 'color tilde blue default' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc
echo '# ctrl-o to open selected folder' >> /etc/Muttrc
echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc
echo 'bind index \Cn sidebar-next' >> /etc/Muttrc
echo 'bind index \Co sidebar-open' >> /etc/Muttrc
echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc
echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc
echo 'bind pager \Co sidebar-open' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc
echo "macro index,pager \Cb '<enter-command>toggle sidebar_visible<enter><redraw-screen>' 'toggle sidebar'" >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# esc-m Mark new messages as read' >> /etc/Muttrc
echo 'macro index <esc>m "T~N<enter>;WNT~O<enter>;WO\CT~T<enter>" "mark all messages read"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# Collapsing threads' >> /etc/Muttrc
echo 'macro index [ "<collapse-thread>" "collapse/uncollapse thread"' >> /etc/Muttrc
echo 'macro index ] "<collapse-all>" "collapse/uncollapse all threads"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# threads containing new messages' >> /etc/Muttrc
echo 'uncolor index "~(~N)"' >> /etc/Muttrc
echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# new messages themselves' >> /etc/Muttrc
echo 'uncolor index "~N"' >> /etc/Muttrc
echo 'color index brightyellow default "~N"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# GPG/PGP integration' >> /etc/Muttrc
echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc
echo 'set pgp_timeout=1800' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc
echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc
echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc
echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc
echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc
echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc
echo 'set fcc_clear=no # Keep encrypted copy of sent encrypted mail' >> /etc/Muttrc
echo 'unset smime_is_default' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc
echo 'source ~/.mutt-alias' >> /etc/Muttrc
echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc
echo 'macro index,pager A "<pipe-message>abook --add-email-quiet<return>" "add the sender address to abook"' >> /etc/Muttrc
# create an Emacs configuration specifically for use with Mutt, which
# has word wrap and spell checking on by default
echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$MY_USERNAME/.emacs-mutt
echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs-mutt
echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs-mutt
echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs-mutt
echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs-mutt
echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs-mutt
echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs-mutt
echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs-mutt
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs-mutt
echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs-mutt
echo "(dolist (hook '(text-mode-hook))" >> /home/$MY_USERNAME/.emacs-mutt
echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$MY_USERNAME/.emacs-mutt
echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs-mutt
echo '(setq auto-fill-mode 0)' >> /home/$MY_USERNAME/.emacs-mutt
echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt
echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt
# add the emacs mutt configuration to the user profile skeleton
if [ ! -f /etc/skel/.emacs-mutt ]; then
cp /home/$MY_USERNAME/.emacs-mutt /etc/skel/.emacs-mutt
chown root:root /etc/skel/.emacs-mutt
fi
cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc
cp -f /etc/Muttrc /etc/skel/.muttrc
touch /home/$MY_USERNAME/.mutt-alias
cp /home/$MY_USERNAME/.mutt-alias /etc/skel/.mutt-alias
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs-mutt
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias
# default user on generic images
if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then
cp -f /etc/Muttrc /home/${GENERIC_IMAGE_USERNAME}/.muttrc
chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.muttrc
touch /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
cp /etc/skel/.emacs-mutt /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt
chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt
fi
echo 'email_client' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function email_archiving {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
# ensure that the mail archive script is up to date
if [ -f /usr/local/bin/${PROJECT_NAME}-archive-mail ]; then
cp /usr/local/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
else
if [ -f /usr/bin/${PROJECT_NAME}-archive-mail ]; then
cp /usr/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
else
echo "/usr/bin/${PROJECT_NAME}-archive-email was not found. ${PROJECT_NAME} might not have fully installed."
exit 62379
fi
fi
chmod +x /etc/cron.daily/archivemail
# update to the next commit
if [ -d $INSTALL_DIR/cleanup-maildir ]; then
if grep -q "cleanup-maildir commit" $COMPLETION_FILE; then
CURRENT_CLEANUP_MAILDIR_COMMIT=$(grep "cleanup-maildir commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_CLEANUP_MAILDIR_COMMIT" != "$CLEANUP_MAILDIR_COMMIT" ]]; then
cd $INSTALL_DIR/cleanup-maildir
2016-01-27 11:53:03 +01:00
git_pull $CLEANUP_MAILDIR_REPO $CLEANUP_MAILDIR_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/cleanup-maildir commit.*/cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT/g" $COMPLETION_FILE
cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
fi
else
echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "email_archiving" $COMPLETION_FILE; then
return
fi
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
fi
cd $INSTALL_DIR
2016-01-26 17:20:06 +01:00
git_clone $CLEANUP_MAILDIR_REPO $INSTALL_DIR/cleanup-maildir
2016-01-04 16:39:21 +01:00
cd $INSTALL_DIR/cleanup-maildir
2015-12-30 19:14:32 +01:00
git checkout $CLEANUP_MAILDIR_COMMIT -b $CLEANUP_MAILDIR_COMMIT
if ! grep -q "cleanup-maildir commit" $COMPLETION_FILE; then
echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/cleanup-maildir commit.*/cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT/g" $COMPLETION_FILE
fi
cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
echo 'email_archiving' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
# Ensure that the from field is correct when sending email from Mutt
function email_from_address {
2015-12-30 19:14:32 +01:00
if grep -Fxq "email_from_address" $COMPLETION_FILE; then
return
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
return
fi
if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" /home/$MY_USERNAME/.muttrc
else
echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
echo 'email_from_address' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function create_public_mailing_list {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then
return
fi
if [ ! $PUBLIC_MAILING_LIST ]; then
return
fi
# does the mailing list have a separate domain name?
if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then
PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
fi
PUBLIC_MAILING_LIST_USER="mlmmj"
apt-get -y install mlmmj
adduser --system $PUBLIC_MAILING_LIST_USER
addgroup $PUBLIC_MAILING_LIST_USER
adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER
echo ''
echo $"Creating the $PUBLIC_MAILING_LIST mailing list"
echo ''
# create the list
mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER
echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros
echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
# router
echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
# transport
echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then
sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary
fi
newaliases
update-exim4.conf.template -r
update-exim4.conf
2016-01-05 09:46:31 +01:00
systemctl restart exim4
2015-12-30 19:14:32 +01:00
if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README
echo '=================================' >> /home/$MY_USERNAME/README
echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README
echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST"
echo 'create_public_mailing_list' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function create_private_mailing_list {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
# This installation doesn't work, results in ruby errors
# There is currently no schleuder package for Debian jessie
if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then
return
fi
if [ ! $PRIVATE_MAILING_LIST ]; then
return
fi
if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then
echo $'The name of the private mailing list should not be the same as your username'
exit 10
fi
if [ ! $MY_GPG_PUBLIC_KEY ]; then
echo $'To create a private mailing list you need to specify a file'
echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at'
echo $'the top of the script'
exit 11
fi
apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev
gem install schleuder
schleuder-fix-gem-dependencies
schleuder-init-setup --gem
# NOTE: this is version number sensitive and so might need changing
ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder
sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf
sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf
schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST
echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
chown -R schleuder:schleuder /var/lib/schleuder
update-exim4.conf.template -r
update-exim4.conf
2016-01-05 09:46:31 +01:00
systemctl restart exim4
2015-12-30 19:14:32 +01:00
useradd -d /var/schleuderlists -s /bin/false schleuder
adduser Debian-exim schleuder
usermod -a -G mail schleuder
#exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME
echo 'create_private_mailing_list' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-07-05 23:10:12 +02:00
function split_gpg_key_into_fragments {
2015-12-30 19:14:32 +01:00
# split the gpg key into fragments if social key management is enabled
if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
echo 'Splitting GPG key. You may need to enter your passphrase.'
${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
echo 'Yhe GPG key could not be split'
exit 86548
fi
fi
2015-07-05 23:10:12 +02:00
}
2015-01-16 20:46:15 +01:00
function import_email {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
EMAIL_COMPLETE_MSG=$"
2015-12-29 17:42:35 +01:00
*** ${PROJECT_NAME} mailbox installation is complete ***
2015-12-02 21:03:52 +01:00
Now on your internet router forward ports
2015-12-29 17:42:35 +01:00
25, 587, 465, 993 and 2222 to the ${PROJECT_NAME}
"
2015-12-30 19:14:32 +01:00
if grep -Fxq "import_email" $COMPLETION_FILE; then
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
backup_to_friends_servers
intrusion_detection
split_gpg_key_into_fragments
clear
echo ''
echo "$EMAIL_COMPLETE_MSG"
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
echo $' You can now remove the USB drive'
fi
exit 0
fi
return
fi
if [ $IMPORT_MAILDIR ]; then
if [ -d $IMPORT_MAILDIR ]; then
echo $'Transfering email files'
cp -r $IMPORT_MAILDIR /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
else
echo $"Email import directory $IMPORT_MAILDIR not found"
exit 9
fi
fi
echo 'import_email' >> $COMPLETION_FILE
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
backup_to_friends_servers
intrusion_detection
split_gpg_key_into_fragments
# unmount any attached usb drive
clear
echo ''
echo "$EMAIL_COMPLETE_MSG"
echo ''
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
echo $' You can now remove the USB drive'
fi
exit 0
fi
2015-01-16 20:46:15 +01:00
}
function install_web_server {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
return
fi
# update to the next commit
if [ -d $INSTALL_DIR/nginx_ensite ]; then
if grep -q "Nginx-ensite commit" $COMPLETION_FILE; then
CURRENT_NGINX_ENSITE_COMMIT=$(grep "Nginx-ensite commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_NGINX_ENSITE_COMMIT" != "$NGINX_ENSITE_COMMIT" ]]; then
2016-01-04 17:01:31 +01:00
$INSTALL_DIR/nginx_ensite
2016-01-27 11:53:03 +01:00
git_pull $NGINX_ENSITE_REPO $NGINX_ENSITE_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/Nginx-ensite commit.*/Nginx-ensite commit:$NGINX_ENSITE_COMMIT/g" $COMPLETION_FILE
make install
fi
else
echo "Nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_web_server" $COMPLETION_FILE; then
return
fi
# remove apache
apt-get -y remove --purge apache2
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
fi
# install nginx
apt-get -y install nginx php5-fpm git
# limit the number of php processes
sed -i 's/; process.max =.*/process.max = 32/g' /etc/php5/fpm/php-fpm.conf
sed -i 's/;process_control_timeout =.*/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf
if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then
echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf
fi
if [ ! -d /etc/nginx ]; then
echo $"ERROR: nginx does not appear to have installed. $CHECK_MESSAGE"
exit 51
fi
# Nginx settings
echo 'user www-data;' > /etc/nginx/nginx.conf
#echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf
echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo 'events {' >> /etc/nginx/nginx.conf
echo ' worker_connections 50;' >> /etc/nginx/nginx.conf
echo ' # multi_accept on;' >> /etc/nginx/nginx.conf
echo '}' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo 'http {' >> /etc/nginx/nginx.conf
echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf
echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf
echo ' # Note that the Owncloud web interface seems to require a rate of around 140r/s' >> /etc/nginx/nginx.conf
echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf
echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf
echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf
echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf
echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf
echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo ' # Basic Settings' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' sendfile on;' >> /etc/nginx/nginx.conf
echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf
echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf
echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf
echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf
echo ' server_tokens off;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf
echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf
echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo ' # Logging Settings' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf
echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' ###' >> /etc/nginx/nginx.conf
echo ' # Gzip Settings' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo ' gzip on;' >> /etc/nginx/nginx.conf
echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf
echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf
echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf
echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf
echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf
echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf
echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf
echo '}' >> /etc/nginx/nginx.conf
# install a script to easily enable and disable nginx virtual hosts
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
fi
cd $INSTALL_DIR
2016-01-26 17:20:06 +01:00
git_clone $NGINX_ENSITE_REPO $INSTALL_DIR/nginx_ensite
2015-12-30 19:14:32 +01:00
cd $INSTALL_DIR/nginx_ensite
git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT
if ! grep -q "Nginx-ensite commit" $COMPLETION_FILE; then
echo "Nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Nginx-ensite commit.*/Nginx-ensite commit:$NGINX_ENSITE_COMMIT/g" $COMPLETION_FILE
fi
make install
nginx_dissite default
echo 'install_web_server' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function configure_php {
2015-12-30 19:14:32 +01:00
sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini
2015-01-16 20:46:15 +01:00
}
function install_mariadb {
2015-12-30 19:14:32 +01:00
if grep -Fxq "install_mariadb" $COMPLETION_FILE; then
return
fi
apt-get -y install python-software-properties debconf-utils
apt-get -y install software-properties-common
apt-get -y update
get_mariadb_password
if [ ! $MARIADB_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
MARIADB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
MARIADB_PASSWORD="$(openssl rand -base64 32)"
fi
echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
chmod 600 $DATABASE_PASSWORD_FILE
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'MariaDB / MySql' >> /home/$MY_USERNAME/README
echo '===============' >> /home/$MY_USERNAME/README
echo $"Your MariaDB password is: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD"
debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD"
apt-get -y install mariadb-server
apt-get -y remove --purge apache*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo $'Removed Apache installation after MariaDB install'
fi
if [ ! -d /etc/mysql ]; then
echo $"ERROR: mariadb-server does not appear to have installed. $CHECK_MESSAGE"
exit 54
fi
mysqladmin -u root password "$MARIADB_PASSWORD"
echo 'install_mariadb' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function backup_databases_script_header {
2015-12-30 19:14:32 +01:00
if [ ! -f /usr/bin/backupdatabases ]; then
# daily
echo '#!/bin/sh' > /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo -n 'MYSQL_PASSWORD=$(cat ' >> /usr/bin/backupdatabases
echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/backupdatabases
echo 'umask 0077' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases
echo "if [ -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backupdatabases
echo ' exit 1' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
chmod 600 /usr/bin/backupdatabases
chmod +x /usr/bin/backupdatabases
echo '#!/bin/sh' > /etc/cron.daily/backupdatabasesdaily
echo '/usr/bin/backupdatabases' >> /etc/cron.daily/backupdatabasesdaily
chmod 600 /etc/cron.daily/backupdatabasesdaily
chmod +x /etc/cron.daily/backupdatabasesdaily
# weekly
echo '#!/bin/sh' > /etc/cron.weekly/backupdatabasesweekly
echo '' >> /etc/cron.weekly/backupdatabasesweekly
echo 'umask 0077' >> /etc/cron.weekly/backupdatabasesweekly
chmod 600 /etc/cron.weekly/backupdatabasesweekly
chmod +x /etc/cron.weekly/backupdatabasesweekly
# monthly
echo '#!/bin/sh' > /etc/cron.monthly/backupdatabasesmonthly
echo '' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'umask 0077' >> /etc/cron.monthly/backupdatabasesmonthly
chmod 600 /etc/cron.monthly/backupdatabasesmonthly
chmod +x /etc/cron.monthly/backupdatabasesmonthly
fi
2015-01-16 20:46:15 +01:00
}
function repair_databases_script {
2015-12-30 19:14:32 +01:00
if [ -f /etc/cron.hourly/repair ]; then
sed -i "s|/usr/bin/repairdatabase|${PROJECT_NAME}-repair-database|g" /etc/cron.hourly/repair
fi
2015-12-11 16:06:52 +01:00
2015-12-30 19:14:32 +01:00
if grep -Fxq "repair_databases_script" $COMPLETION_FILE; then
return
fi
2015-12-11 16:06:52 +01:00
2015-12-30 19:14:32 +01:00
if [ ! -f $DATABASE_PASSWORD_FILE ]; then
return
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
echo '#!/bin/bash' > /etc/cron.hourly/repair
echo '' >> /etc/cron.hourly/repair
chmod 600 /etc/cron.hourly/repair
chmod +x /etc/cron.hourly/repair
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
echo 'repair_databases_script' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function install_owncloud_music_app {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if ! grep -Fxq "install_owncloud" $COMPLETION_FILE; then
echo $'Tried to install the Owncloud music app, but Owncloud installation was not found'
exit 9823
fi
# update to the next commit
if [ -d /usr/share/owncloud/apps/music ]; then
if grep -q "Owncloud music app commit" $COMPLETION_FILE; then
CURRENT_OWNCLOUD_MUSIC_APP_COMMIT=$(grep "Owncloud music app commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$OWNCLOUD_MUSIC_APP_COMMIT" != "$OWNCLOUD_MUSIC_APP_COMMIT" ]]; then
cd /usr/share/owncloud/apps/music
2016-01-27 11:53:03 +01:00
git_pull $OWNCLOUD_MUSIC_APP_REPO $OWNCLOUD_MUSIC_APP_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/Owncloud music app commit.*/Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT/g" $COMPLETION_FILE
fi
else
echo "Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_owncloud_music_app" $COMPLETION_FILE; then
return
fi
cd /usr/share/owncloud/apps
2016-01-26 17:20:06 +01:00
git_clone $OWNCLOUD_MUSIC_APP_REPO Music
2016-01-08 18:18:58 +01:00
cd /usr/share/owncloud/apps/Music
2015-12-30 19:14:32 +01:00
git checkout $OWNCLOUD_MUSIC_APP_COMMIT -b $OWNCLOUD_MUSIC_APP_COMMIT
if ! grep -q "Owncloud music app commit" $COMPLETION_FILE; then
echo "Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Owncloud music app commit.*/Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT/g" $COMPLETION_FILE
fi
if grep -q $"Music player in Owncloud" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Music player in Owncloud' >> /home/$MY_USERNAME/README
echo '========================' >> /home/$MY_USERNAME/README
echo $'To enable the music app within ouwncloud log in to the Owncloud' >> /home/$MY_USERNAME/README
echo $'administrator account then go to Apps on the left hand dropdown' >> /home/$MY_USERNAME/README
echo $'menu and enable the music app. You can then log out and log back' >> /home/$MY_USERNAME/README
echo $'in as your Owncloud user and select music from the left hand' >> /home/$MY_USERNAME/README
echo $'dropdown menu.' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'install_owncloud_music_app' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function add_ddns_domain {
2015-12-30 20:04:10 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
if [ ! $CURRENT_DDNS_DOMAIN ]; then
echo $'ddns domain not specified'
exit 5638
fi
if [ ! -f /etc/inadyn.conf ]; then
echo $'Unable to find inadyn configuration file /etc/inadyn.conf'
exit 5745
fi
if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then
echo '' >> /etc/inadyn.conf
echo "system $DDNS_PROVIDER" >> /etc/inadyn.conf
echo ' ssl' >> /etc/inadyn.conf
echo " checkip-url $GET_IP_ADDRESS_URL /" >> /etc/inadyn.conf
if [ $DDNS_USERNAME ]; then
echo " username $DDNS_USERNAME" >> /etc/inadyn.conf
fi
if [ $DDNS_PASSWORD ]; then
echo " password $DDNS_PASSWORD" >> /etc/inadyn.conf
fi
fi
if ! grep -q "$CURRENT_DDNS_DOMAIN" /etc/inadyn.conf; then
echo " alias $CURRENT_DDNS_DOMAIN" >> /etc/inadyn.conf
fi
chmod 600 /etc/inadyn.conf
2016-01-05 09:46:31 +01:00
systemctl restart inadyn
2015-12-30 19:14:32 +01:00
systemctl daemon-reload
# clear the arguments
CURRENT_DDNS_DOMAIN=
2015-01-16 20:46:15 +01:00
}
2015-12-29 21:37:49 +01:00
function configure_owncloud_onion_site {
2015-12-30 19:14:32 +01:00
if [ ! $OWNCLOUD_DOMAIN_NAME ]; then
return
fi
if [ ! -f /etc/owncloud/config.php ]; then
return
fi
if [ ! -f /var/lib/tor/hidden_service_owncloud/hostname ]; then
return
fi
OWNCLOUD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_owncloud/hostname)
if ! grep -q "${OWNCLOUD_ONION_HOSTNAME}" /etc/owncloud/config.php; then
sed -i "s|0 => '${OWNCLOUD_DOMAIN_NAME}',|0 => '${OWNCLOUD_DOMAIN_NAME}',
2015-12-29 21:37:49 +01:00
1 => '${OWNCLOUD_ONION_HOSTNAME}',|g" /etc/owncloud/config.php
2015-12-30 19:14:32 +01:00
sed -i "s|'writable' => false,|'writable' => false,
2015-12-29 21:37:49 +01:00
),
1 =>
array (
'path' => '/usr/share/owncloud/apps',
'url' => '/apps',
'writable' => false,|g" /etc/owncloud/config.php
2015-12-30 19:14:32 +01:00
echo $'Owncloud configured for onion site'
fi
2015-12-29 21:37:49 +01:00
}
2015-01-16 20:46:15 +01:00
function install_owncloud {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
OWNCLOUD_COMPLETION_MSG1=$" *** ${PROJECT_NAME} $SYSTEM_TYPE is now installed ***"
OWNCLOUD_COMPLETION_MSG2=$"Open $OWNCLOUD_DOMAIN_NAME in a web browser to complete the setup"
if grep -Fxq "install_owncloud" $COMPLETION_FILE; then
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
install_owncloud_music_app
backup_to_friends_servers
intrusion_detection
split_gpg_key_into_fragments
# unmount any attached usb drive
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
fi
echo ''
echo "$OWNCLOUD_COMPLETION_MSG1"
echo "$OWNCLOUD_COMPLETION_MSG2"
exit 0
fi
return
fi
# if this is exclusively a cloud setup
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
if [ ! $DEFAULT_DOMAIN_NAME ]; then
echo $'No default domain name when installing cloud variant'
exit 5380
fi
fi
if [ ! $OWNCLOUD_DOMAIN_NAME ]; then
echo $'No Owncloud domain name was specified'
exit 3095
fi
if [[ $SYSTEM_TYPE != "$VARIANT_CLOUD" ]]; then
if [[ $SYSTEM_TYPE != "$VARIANT_FULL" ]]; then
echo $"Owncloud install did not recognise the system type $SYSTEM_TYPE"
exit 6746
fi
fi
2016-01-04 17:18:36 +01:00
apt-get -y install fonts-linuxlibertine fonts-sil-gentium-basic fonts-way-microhei
apt-get -y install libjs-twitter-bootstrap
2015-12-30 19:14:32 +01:00
apt-get -y install owncloud
apt-get -y remove --purge apache*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo $'Removed Apache installation after Owncloud install'
fi
install_mariadb
get_mariadb_password
get_mariadb_owncloud_admin_password
if [ ! $OWNCLOUD_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
OWNCLOUD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
OWNCLOUD_ADMIN_PASSWORD="$(openssl rand -base64 32)"
fi
fi
if ! grep -q "Owncloud database user" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Owncloud' >> /home/$MY_USERNAME/README
echo '========' >> /home/$MY_USERNAME/README
echo $'Owncloud database user: owncloudadmin' >> /home/$MY_USERNAME/README
echo $"Owncloud database password: $OWNCLOUD_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo $'Owncloud database name: owncloud' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'After creating an administrator account then create a user account via' >> /home/$MY_USERNAME/README
echo $"the Users dropdown menu entry. The username should be '$MY_USERNAME'." >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'On mobile devices you can download the Owncloud client via F-Droid.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'To synchronise calendar entries with Android "install CalDAV Sync Adapter"' >> /home/$MY_USERNAME/README
echo $'using F-Droid then go to settings/accounts and add a CalDav account with' >> /home/$MY_USERNAME/README
echo $"the URL https://$OWNCLOUD_DOMAIN_NAME/remote.php/caldav/principals/$MY_USERNAME" >> /home/$MY_USERNAME/README
echo $'and the username and password shown above.' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
2016-01-21 10:35:50 +01:00
create_database owncloud "$OWNCLOUD_ADMIN_PASSWORD"
2015-12-30 19:14:32 +01:00
if [ ! -d /var/www/$OWNCLOUD_DOMAIN_NAME ]; then
mkdir /var/www/$OWNCLOUD_DOMAIN_NAME
fi
if [ -d /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
fi
ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param HTTPS on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
else
echo -n '' > /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
fi
2015-12-30 19:14:32 +01:00
echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " listen 127.0.0.1:${OWNCLOUD_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2016-01-17 11:49:11 +01:00
echo ' fastcgi_param HTTPS off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
configure_php
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
if [ ! -f /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam ]; then
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
${PROJECT_NAME}-addcert -h $OWNCLOUD_DOMAIN_NAME --dhkey $DH_KEYLENGTH
else
2016-01-08 12:18:52 +01:00
${PROJECT_NAME}-addcert -e $OWNCLOUD_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
2015-12-30 19:54:31 +01:00
fi
check_certificates $OWNCLOUD_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
fi
fi
# Ensure that the database gets backed up locally, if remote
# backups are not being used
backup_databases_script_header
echo '' >> /usr/bin/backupdatabases
echo $'# Backup Owncloud database' >> /usr/bin/backupdatabases
echo 'TEMPFILE=/root/owncloud.sql' >> /usr/bin/backupdatabases
echo 'DAILYFILE=/var/backups/owncloud_daily.sql' >> /usr/bin/backupdatabases
echo 'mysqldump --password="$MYSQL_PASSWORD" owncloud > $TEMPFILE' >> /usr/bin/backupdatabases
echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases
echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
echo ' mysql -u root --password="$MYSQL_PASSWORD" owncloud -o < $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the Owncloud database. Attempted to restore from yesterdays backup" | mail -s "Owncloud backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' else' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the Owncloud database." | mail -s "Owncloud backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' fi' >> /usr/bin/backupdatabases
echo 'else' >> /usr/bin/backupdatabases
echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
nginx_ensite $OWNCLOUD_DOMAIN_NAME
2016-01-06 10:29:07 +01:00
OWNCLOUD_ONION_HOSTNAME=$(add_onion_service owncloud 80 ${OWNCLOUD_ONION_PORT})
2015-12-30 19:14:32 +01:00
2016-01-04 16:55:24 +01:00
systemctl restart php5-fpm
systemctl restart nginx
2015-12-30 19:14:32 +01:00
if ! grep -q "Owncloud onion domain" /home/$MY_USERNAME/README; then
echo "Owncloud onion domain: ${OWNCLOUD_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo "Owncloud onion domain:${OWNCLOUD_ONION_HOSTNAME}" >> $COMPLETION_FILE
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$OWNCLOUD_DOMAIN_NAME
add_ddns_domain
2016-01-04 17:23:04 +01:00
echo "Owncloud domain:$OWNCLOUD_DOMAIN_NAME" >> $COMPLETION_FILE
2015-12-30 19:14:32 +01:00
echo 'install_owncloud' >> $COMPLETION_FILE
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
install_owncloud_music_app
backup_to_friends_servers
intrusion_detection
split_gpg_key_into_fragments
# unmount any attached usb drive
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
fi
echo ''
echo "$OWNCLOUD_COMPLETION_MSG1"
echo "$OWNCLOUD_COMPLETION_MSG2"
exit 0
fi
2015-01-16 20:46:15 +01:00
}
2015-03-17 21:21:25 +01:00
function install_gogs {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! $GIT_DOMAIN_NAME ]; then
return
fi
export GOPATH=/home/git/go
2016-01-05 18:43:02 +01:00
systemctl set-environment GOPATH=/home/git/go
2015-12-30 19:14:32 +01:00
# update to the next commit
if [ -d /var/www/$GIT_DOMAIN_NAME ]; then
if grep -q "Gogs commit" $COMPLETION_FILE; then
CURRENT_GOGS_COMMIT=$(grep "Gogs commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_GOGS_COMMIT" != "$GOGS_COMMIT" ]]; then
cd $GOPATH/src/github.com/gogits/gogs
2016-01-27 11:53:03 +01:00
git_pull $GIT_DOMAIN_REPO $GOGS_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/Gogs commit.*/Gogs commit:$GOGS_COMMIT/g" $COMPLETION_FILE
go get -u ./...
if [ ! "$?" = "0" ]; then
exit 52792
fi
go build
if [ ! "$?" = "0" ]; then
exit 36226
fi
systemctl restart gogs
fi
else
echo "Gogs commit:$GOGS_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_gogs" $COMPLETION_FILE; then
return
fi
# http://gogs.io/docs/installation/install_from_source.md
# add a gogs user account
adduser --disabled-login --gecos 'Gogs' git
# install Go
apt-get -y install golang libpam0g-dev
if ! grep -q "export GOPATH=/home/git/go" ~/.bashrc; then
echo 'export GOPATH=/home/git/go' >> ~/.bashrc
echo 'systemctl set-environment GOPATH=/home/git/go' >> ~/.bashrc
fi
if [ ! -d $GOPATH ]; then
mkdir -p $GOPATH
fi
2016-01-27 16:21:21 +01:00
GO_PACKAGE_MANAGER_REPO2=$(echo "$GO_PACKAGE_MANAGER_REPO" | sed 's|https://||g')
2016-01-27 16:09:05 +01:00
go get -u $GO_PACKAGE_MANAGER_REPO2
2015-12-30 19:14:32 +01:00
if [ ! "$?" = "0" ]; then
exit 479832
fi
# clone the repo
if [ ! -d $GOPATH/src/github.com/gogits ]; then
mkdir -p $GOPATH/src/github.com/gogits
fi
2016-01-26 17:20:06 +01:00
git_clone $GIT_DOMAIN_REPO $GOPATH/src/github.com/gogits/gogs
2016-01-27 16:37:47 +01:00
if [ ! -d $GOPATH/src/github.com/gogits/gogs ]; then
echo $"Unable to clone repo $GOPATH/src/github.com/gogits/gogs"
exit 85482
fi
cd $GOPATH/src/github.com/gogits/gogs
2015-12-30 19:14:32 +01:00
git checkout $GOGS_COMMIT -b $GOGS_COMMIT
if ! grep -q "Gogs commit" $COMPLETION_FILE; then
echo "Gogs commit:$GOGS_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Gogs commit.*/Gogs commit:$GOGS_COMMIT/g" $COMPLETION_FILE
fi
# install
go get -u ./...
go build
if [ ! "$?" = "0" ]; then
exit 546750
fi
install_mariadb
get_mariadb_password
get_mariadb_git_admin_password
if [ ! $GIT_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
GIT_ADMIN_PASSWORD="$(openssl rand -base64 32)"
fi
fi
if ! grep -q $"Gogs admin user password" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Gogs' >> /home/$MY_USERNAME/README
echo '====' >> /home/$MY_USERNAME/README
echo $'Database type: MySql' >> /home/$MY_USERNAME/README
echo $'Database host: 127.0.0.1:3306' >> /home/$MY_USERNAME/README
echo $'Database user: root' >> /home/$MY_USERNAME/README
echo $"Database password: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README
echo $'Database name: gogs' >> /home/$MY_USERNAME/README
echo $'Gogs admin user: gogsadmin' >> /home/$MY_USERNAME/README
echo $"Gogs admin user password: $GIT_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo $"Gogs admin user email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Install Steps For First-time Run:' >> /home/$MY_USERNAME/README
echo $'Leave email service settings empty' >> /home/$MY_USERNAME/README
echo $'Check "Enable Register Confirmation"' >> /home/$MY_USERNAME/README
echo $'Check "Enable Mail Notification"' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'After the initial install edit /home/git/go/src/github.com/gogits/gogs/custom/conf/app.ini' >> /home/$MY_USERNAME/README
echo $'and within the [server] section set:' >> /home/$MY_USERNAME/README
echo " DOMAIN = $GIT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
echo " ROOT_URL = http://$GIT_DOMAIN_NAME/" >> /home/$MY_USERNAME/README
echo " SSH_PORT = $SSH_PORT" >> /home/$MY_USERNAME/README
echo $'If you want to disable new account registrations then append the following:' >> /home/$MY_USERNAME/README
echo ' [service]' >> /home/$MY_USERNAME/README
echo ' DISABLE_REGISTRATION = true' >> /home/$MY_USERNAME/README
echo $'Then restart with:' >> /home/$MY_USERNAME/README
echo ' systemctl restart gogs' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $"Note that there's a usability/security trade-off made here." >> /home/$MY_USERNAME/README
echo $"In order to allow git clone via http we don't redirect everything" >> /home/$MY_USERNAME/README
echo $'over https. Instead only critical things such as user login,' >> /home/$MY_USERNAME/README
echo $'settings and admin are encrypted.' >> /home/$MY_USERNAME/README
echo $'There are also potential security issues with cloning/pulling/pushing' >> /home/$MY_USERNAME/README
echo $'code over http, since a determined adversary could inject malware' >> /home/$MY_USERNAME/README
echo $'into the stream as it passes, so beware.' >> /home/$MY_USERNAME/README
echo $'If you have a bought domain and a non-self signed cert then you' >> /home/$MY_USERNAME/README
echo $"should change /etc/nginx/sites-available/$GIT_DOMAIN_NAME to redirect everything over https." >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
2016-01-21 10:35:50 +01:00
create_database gogs "$GOGS_ADMIN_PASSWORD"
2015-12-30 19:14:32 +01:00
chmod 600 /home/git/go/src/github.com/gogits/gogs/custom/conf/app.ini
chown -R git:git /home/git
cp $GOPATH/src/github.com/gogits/gogs/scripts/systemd/gogs.service /etc/systemd/system
sed -i 's|#After=mysqld.service|After=mysqld.service|g' /etc/systemd/system/gogs.service
sed -i "s|WorkingDirectory=.*|WorkingDirectory=$GOPATH/src/github.com/gogits/gogs|g" /etc/systemd/system/gogs.service
sed -i "s|ExecStart=.*|ExecStart=$GOPATH/src/github.com/gogits/gogs/gogs web|g" /etc/systemd/system/gogs.service
sed -i "s|Environment.*|Environment=\"USER=git\" \"HOME=/home/git\" \"GOPATH=/home/git/go\"|g" /etc/systemd/system/gogs.service
systemctl enable gogs
systemctl daemon-reload
systemctl restart gogs
if [ ! -d /var/www/$GIT_DOMAIN_NAME ]; then
mkdir /var/www/$GIT_DOMAIN_NAME
fi
if [ -d /var/www/$GIT_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$GIT_DOMAIN_NAME/htdocs
fi
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
2016-01-17 11:49:11 +01:00
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' location ^~ /user/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' location ^~ /admin/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$GIT_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$GIT_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' log_not_found off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
else
echo -n '' > /etc/nginx/sites-available/$GIT_DOMAIN_NAME
fi
2015-12-30 19:14:32 +01:00
echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " listen 127.0.0.1:${GIT_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' log_not_found off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
configure_php
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
if [ ! -f /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam ]; then
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
${PROJECT_NAME}-addcert -h $GIT_DOMAIN_NAME --dhkey $DH_KEYLENGTH
else
2016-01-08 12:18:52 +01:00
${PROJECT_NAME}-addcert -e $GIT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
2015-12-30 19:54:31 +01:00
fi
check_certificates $GIT_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
fi
fi
nginx_ensite $GIT_DOMAIN_NAME
2016-01-06 17:33:32 +01:00
if [ ! -d /var/lib/tor ]; then
echo $'No Tor installation found. Gogs onion site cannot be configured.'
exit 877367
fi
if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/' >> /etc/tor/torrc
2016-01-07 14:54:17 +01:00
echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}" >> /etc/tor/torrc
2016-01-06 17:33:32 +01:00
echo "HiddenServicePort 9418 127.0.0.1:9418" >> /etc/tor/torrc
echo $'Added onion site for Gogs'
fi
systemctl restart tor
2016-01-07 10:40:00 +01:00
wait_for_onion_service 'gogs'
2016-01-06 17:33:32 +01:00
GIT_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_gogs/hostname)
2015-12-30 19:14:32 +01:00
2016-01-04 16:55:24 +01:00
systemctl restart php5-fpm
systemctl restart nginx
2015-12-30 19:14:32 +01:00
if ! grep -q "Gogs onion domain" /home/$MY_USERNAME/README; then
echo "Gogs onion domain: ${GIT_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
2016-01-06 17:33:32 +01:00
if ! grep -q "Gogs onion domain" $COMPLETION_FILE; then
echo "Gogs onion domain:${GIT_ONION_HOSTNAME}" >> $COMPLETION_FILE
fi
2015-12-30 19:14:32 +01:00
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$GIT_DOMAIN_NAME
add_ddns_domain
echo "Gogs domain:$GIT_DOMAIN_NAME" >> $COMPLETION_FILE
echo 'install_gogs' >> $COMPLETION_FILE
2015-03-17 21:21:25 +01:00
}
2015-08-24 20:36:10 +02:00
function tox_avahi {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "tox_avahi" $COMPLETION_FILE; then
return
fi
if [ ! -d /etc/avahi ]; then
echo $'tox_avahi: avahi is not installed'
exit 87359
fi
# install a command to obtain the Tox ID
cd $INSTALL_DIR
2016-01-26 17:20:06 +01:00
git_clone $TOXID_REPO $INSTALL_DIR/toxid
2015-12-30 19:14:32 +01:00
if [ ! -d $INSTALL_DIR/toxid ]; then
exit 63921
fi
cd $INSTALL_DIR/toxid
make
if [ ! "$?" = "0" ]; then
exit 58432
fi
make install
toxavahi
# publish regularly
if ! grep -q "toxavahi" /etc/crontab; then
echo "* * * * * root toxavahi > /dev/null" >> /etc/crontab
fi
systemctl restart avahi-daemon
echo 'tox_avahi' >> $COMPLETION_FILE
2015-08-24 20:36:10 +02:00
}
2015-07-11 11:31:18 +02:00
function install_tox_node {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
# update to the next commit
if [ -d $INSTALL_DIR/toxcore ]; then
if grep -q "toxcore commit" $COMPLETION_FILE; then
CURRENT_TOX_COMMIT=$(grep "toxcore commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_TOX_COMMIT" != "$TOX_COMMIT" ]]; then
cd $INSTALL_DIR/toxcore
2016-01-27 11:53:03 +01:00
git_pull $TOX_REPO $TOX_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/toxcore commit.*/toxcore commit:$TOX_COMMIT/g" $COMPLETION_FILE
autoreconf -i
./configure --enable-daemon
make
make install
systemctl restart tox-bootstrapd.service
fi
else
echo "toxcore commit:$TOX_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_tox_node" $COMPLETION_FILE; then
return
fi
# toxcore
apt-get -y install build-essential libtool autotools-dev
apt-get -y install automake checkinstall check git yasm
apt-get -y install libsodium13 libsodium-dev libcap2-bin
apt-get -y install libconfig9 libconfig-dev
cd $INSTALL_DIR
2016-01-26 17:20:06 +01:00
git_clone $TOX_REPO $INSTALL_DIR/toxcore
2015-12-30 19:14:32 +01:00
cd $INSTALL_DIR/toxcore
git checkout $TOX_COMMIT -b $TOX_COMMIT
if ! grep -q "toxcore commit" $COMPLETION_FILE; then
echo "toxcore commit:$TOX_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/toxcore commit.*/toxcore commit:$TOX_COMMIT/g" $COMPLETION_FILE
fi
autoreconf -i
./configure --enable-daemon
if [ ! "$?" = "0" ]; then
exit 78467
fi
make
if [ ! "$?" = "0" ]; then
exit 84562
fi
make install
cp /usr/local/lib/libtoxcore* /usr/lib/
if [ ! -f /usr/local/bin/tox-bootstrapd ]; then
echo $"File not found /usr/local/bin/tox-bootstrapd"
exit 73862
fi
useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
chmod 700 /var/lib/tox-bootstrapd
if [ ! -f $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf ]; then
echo $"File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf"
exit 476835
fi
# remove Maildir
if [ -d /var/lib/tox-bootstrapd/Maildir ]; then
rm -rf /var/lib/tox-bootstrapd/Maildir
fi
# create configuration file
echo "port = $TOX_PORT" > /etc/tox-bootstrapd.conf
echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> /etc/tox-bootstrapd.conf
echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> /etc/tox-bootstrapd.conf
echo 'enable_ipv6 = true' >> /etc/tox-bootstrapd.conf
echo 'enable_ipv4_fallback = true' >> /etc/tox-bootstrapd.conf
echo 'enable_lan_discovery = true' >> /etc/tox-bootstrapd.conf
echo 'enable_tcp_relay = true' >> /etc/tox-bootstrapd.conf
echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> /etc/tox-bootstrapd.conf
echo 'enable_motd = true' >> /etc/tox-bootstrapd.conf
echo 'motd = "tox-bootstrapd"' >> /etc/tox-bootstrapd.conf
if [ $TOX_NODES ]; then
echo 'bootstrap_nodes = (' >> /etc/tox-bootstrapd.conf
toxcount=0
while [ "x${TOX_NODES[toxcount]}" != "x" ]
do
toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
echo "{ // $toxval_maintainer" >> /etc/tox-bootstrapd.conf
if [[ $toxval_ipv6 != 'NONE' ]]; then
echo " address = \"$toxval_ipv6\"" >> /etc/tox-bootstrapd.conf
else
echo " address = \"$toxval_ipv4\"" >> /etc/tox-bootstrapd.conf
fi
echo " port = $toxval_port" >> /etc/tox-bootstrapd.conf
echo " public_key = \"$toxval_pubkey\"" >> /etc/tox-bootstrapd.conf
toxcount=$(( $toxcount + 1 ))
if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
echo "}," >> /etc/tox-bootstrapd.conf
else
echo "}" >> /etc/tox-bootstrapd.conf
fi
done
echo ')' >> /etc/tox-bootstrapd.conf
fi
if [ ! -f $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
echo $"File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
exit 7359
fi
cp $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/
enable_ipv6
systemctl daemon-reload
systemctl enable tox-bootstrapd.service
systemctl start tox-bootstrapd.service
if [ ! "$?" = "0" ]; then
systemctl status tox-bootstrapd.service
exit 5846
fi
2016-01-06 16:54:54 +01:00
TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT})
if ! grep -q "tox onion domain" $COMPLETION_FILE; then
echo "tox onion domain:${TOX_ONION_HOSTNAME}" >> $COMPLETION_FILE
else
sed -i "s|tox onion domain.*|tox onion domain:${TOX_ONION_HOSTNAME}|g" $COMPLETION_FILE
fi
2015-12-30 19:14:32 +01:00
systemctl restart tox-bootstrapd.service
2016-01-06 16:54:54 +01:00
2015-12-30 19:14:32 +01:00
TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1)
if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
echo $'Could not obtain the tox node public key'
exit 6529
fi
# save the public key for later reference
echo "$TOX_PUBLIC_KEY" > $TOX_BOOTSTRAP_ID_FILE
configure_firewall_for_tox
if ! grep -q $"Your Tox node public key is" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Tox' >> /home/$MY_USERNAME/README
echo '===' >> /home/$MY_USERNAME/README
2016-01-06 16:54:54 +01:00
echo $"tox onion domain: ${TOX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
2015-12-30 19:14:32 +01:00
echo $"Your Tox node public key is: $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README
echo $'In the Toxic client you can connect to it with:' >> /home/$MY_USERNAME/README
echo " /connect $DEFAULT_DOMAIN_NAME.local $TOX_PORT $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'install_tox_node' >> $COMPLETION_FILE
2015-07-11 11:31:18 +02:00
}
2015-07-11 18:05:18 +02:00
function install_tox_client {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
# update to the next commit
if [ -d $INSTALL_DIR/toxic ]; then
if grep -q "Toxic commit" $COMPLETION_FILE; then
CURRENT_TOXIC_COMMIT=$(grep "Toxic commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_TOXIC_COMMIT" != "$TOXIC_COMMIT" ]]; then
cd $INSTALL_DIR/toxic
2016-01-27 11:53:03 +01:00
git_pull $TOXIC_REPO $TOXIC_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/Toxic commit.*/Toxic commit:$TOXIC_COMMIT/g" $COMPLETION_FILE
make
make install
fi
else
echo "Toxic commit:$TOXIC_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_tox_client" $COMPLETION_FILE; then
return
fi
apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev libcurl4-openssl-dev
cd $INSTALL_DIR
2016-01-26 17:20:06 +01:00
git_clone $TOXIC_REPO $INSTALL_DIR/toxic
2015-12-30 19:14:32 +01:00
cd $INSTALL_DIR/toxic
git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT
if ! grep -q "Toxic commit" $COMPLETION_FILE; then
echo "Toxic commit:$TOXIC_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Toxic commit.*/Toxic commit:$TOXIC_COMMIT/g" $COMPLETION_FILE
fi
make
if [ ! -f $INSTALL_DIR/toxic/build/toxic ]; then
exit 74872
fi
make install
2016-01-17 00:44:04 +01:00
su -c "echo 'n
2015-08-27 22:39:35 +02:00
/nick $MY_USERNAME
/exit
2016-01-17 00:44:04 +01:00
' | /usr/bin/toxic -d" - $MY_USERNAME
2015-07-11 18:05:18 +02:00
2015-12-30 19:14:32 +01:00
echo 'install_tox_client' >> $COMPLETION_FILE
2015-07-11 18:05:18 +02:00
}
2015-01-16 20:46:15 +01:00
function install_xmpp {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
return
fi
2016-01-01 14:06:38 +01:00
apt-get -y install lua-sec lua-bitop
2016-01-01 12:30:30 +01:00
apt-get -y install prosody prosody-modules mercurial
2015-12-30 19:14:32 +01:00
if [ ! -d /etc/prosody ]; then
echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
exit 52
fi
2016-01-01 12:30:30 +01:00
# obtain the prosody modules
cd $INSTALL_DIR
hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then
echo $'mod_onions prosody module could not be found'
exit 73254
fi
# install the onions module
cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua
if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then
echo $'mod_onions.lua could not be copied to the prosody modules directory'
exit 63952
fi
# create a certificate
2015-12-30 19:14:32 +01:00
if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
check_certificates xmpp
fi
chown prosody:prosody /etc/ssl/private/xmpp.key
chown prosody:prosody /etc/ssl/certs/xmpp.*
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
2016-01-01 12:30:30 +01:00
echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
2015-12-30 19:14:32 +01:00
echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
fi
sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
2016-01-01 12:30:30 +01:00
systemctl restart prosody
2015-12-30 19:14:32 +01:00
touch /home/$MY_USERNAME/README
2016-01-01 12:30:30 +01:00
if [ ! -d /var/lib/tor ]; then
echo $'No Tor installation found. XMPP onion site cannot be configured.'
exit 877367
fi
if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
2016-01-06 16:37:16 +01:00
echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
2016-01-01 12:30:30 +01:00
echo $'Added onion site for XMPP chat'
fi
systemctl restart tor
2016-01-07 10:40:00 +01:00
wait_for_onion_service 'xmpp'
2016-01-01 12:30:30 +01:00
2016-01-01 13:01:35 +01:00
if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
2016-01-01 12:30:30 +01:00
echo $'XMPP onion site hostname not found'
exit 65349
fi
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
2016-01-01 13:20:14 +01:00
if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
2016-01-01 14:22:56 +01:00
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
2016-01-01 13:20:14 +01:00
echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then
echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
else
sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
fi
2016-01-01 12:30:30 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
XMPP_PASSWORD="$(openssl rand -base64 8)"
fi
prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'XMPP' >> /home/$MY_USERNAME/README
echo '====' >> /home/$MY_USERNAME/README
2016-01-01 12:30:30 +01:00
echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
2015-12-30 19:14:32 +01:00
echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
echo $'You can change it with: ' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'install_xmpp' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function install_watchdog_script {
2015-12-30 19:14:32 +01:00
if grep -Fxq "install_watchdog_script" $COMPLETION_FILE; then
return
fi
echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
# application specific stuff is added later
chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then
echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
echo 'install_watchdog_script' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function install_irc_server {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
return
fi
apt-get -y install ngircd
# for mesh peers also install an irc client
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
apt-get -y install irssi
fi
if [ ! -d /etc/ngircd ]; then
echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
exit 53
fi
if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
check_certificates ngircd
fi
DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
fi
echo '**************************************************' > /etc/ngircd/motd
echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd
echo '* *' >> /etc/ngircd/motd
echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd
echo '**************************************************' >> /etc/ngircd/motd
sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
2016-02-13 19:43:03 +01:00
sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
2016-02-13 15:51:17 +01:00
if [[ $ONION_ONLY != 'yes' ]]; then
2016-02-13 19:17:36 +01:00
sed -i "s/;Ports =.*/;Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf
2016-02-13 15:51:17 +01:00
else
2016-02-13 19:17:36 +01:00
sed -i "s/;Ports =.*/Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf
2016-02-13 15:51:17 +01:00
fi
2015-12-30 19:14:32 +01:00
sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
IRC_SALT="$(openssl rand -base64 32)"
if [ -f $IMAGE_PASSWORD_FILE ]; then
IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
IRC_OPERATOR_PASSWORD="$(openssl rand -base64 8)"
fi
sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
2016-02-13 15:23:25 +01:00
sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
2015-12-30 19:14:32 +01:00
if [ $IRC_PASSWORD ]; then
sed -i "0,/RE/s/Password =.*/Password = $IRC_PASSWORD/" /etc/ngircd/ngircd.conf
fi
# If we are on a mesh then DNS is not available
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
fi
2016-02-13 15:03:38 +01:00
# upgrade a cypher
sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
2015-12-30 19:14:32 +01:00
mkdir /var/run/ircd
chown -R irc:irc /var/run/ircd
mkdir /var/run/ngircd
touch /var/run/ngircd/ngircd.pid
chown -R irc:irc /var/run/ngircd
2016-01-06 13:30:07 +01:00
2016-02-13 17:45:14 +01:00
IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
2016-01-06 13:30:07 +01:00
if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
fi
2015-12-30 19:14:32 +01:00
systemctl restart ngircd
# keep the daemon running
echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'IRC Server' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
2016-02-13 17:45:14 +01:00
if [[ $ONION_ONLY != 'yes' ]]; then
echo " irssi" >> /home/$MY_USERNAME/README
echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
else
echo " usetorwith irssi" >> /home/$MY_USERNAME/README
echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
fi
2015-12-30 19:14:32 +01:00
echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'install_irc_server' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function get_wiki_admin_password {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Wiki password" /home/$MY_USERNAME/README; then
WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
2015-01-16 20:46:15 +01:00
}
function install_wiki {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then
return
fi
if grep -Fxq "install_wiki" $COMPLETION_FILE; then
return
fi
if [ ! $WIKI_DOMAIN_NAME ]; then
return
fi
apt-get -y install dokuwiki
apt-get -y remove --purge apache*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo $'Removed Apache installation after Dokuwiki install'
fi
if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
mkdir /var/www/$WIKI_DOMAIN_NAME
fi
if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
fi
ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
mkdir /var/lib/dokuwiki/custom
cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
chown www-data /var/lib/dokuwiki/custom
chown www-data /var/lib/dokuwiki/custom/local.php
chown -R www-data /etc/dokuwiki
chown -R www-data /usr/share/dokuwiki/lib/
chmod 600 /var/lib/dokuwiki/custom/local.php
chmod -R 755 /usr/share/dokuwiki/lib
sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
# set the admin user
sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
# disallow registration of new users
if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
fi
if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
fi
if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
fi
if ! grep -q "authtype" /etc/dokuwiki/local.php; then
echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
fi
get_wiki_admin_password
if [ ! $WIKI_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
WIKI_ADMIN_PASSWORD="$(openssl rand -base64 16)"
fi
fi
HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
chmod 640 /var/lib/dokuwiki/acl/users.auth.php
if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf
fi
if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf
fi
if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
echo 'webm video/webm' >> /etc/dokuwiki/mime.conf
fi
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2016-01-17 11:49:11 +01:00
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$WIKI_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$WIKI_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
else
echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
fi
2015-12-30 19:14:32 +01:00
echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
${PROJECT_NAME}-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH
else
2016-01-08 12:18:52 +01:00
${PROJECT_NAME}-addcert -e $WIKI_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
2015-12-30 19:54:31 +01:00
fi
check_certificates $WIKI_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
fi
fi
configure_php
nginx_ensite $WIKI_DOMAIN_NAME
2016-01-06 10:29:07 +01:00
WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
2015-12-30 19:14:32 +01:00
systemctl restart php5-fpm
systemctl restart nginx
echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$WIKI_DOMAIN_NAME
add_ddns_domain
# add some post-install instructions
if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Wiki' >> /home/$MY_USERNAME/README
echo '====' >> /home/$MY_USERNAME/README
echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
echo 'install_wiki' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function get_blog_admin_password {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Your blog password is" /home/$MY_USERNAME/README; then
FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
2015-01-16 20:46:15 +01:00
}
function install_blog {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! $FULLBLOG_DOMAIN_NAME ]; then
echo $'The blog domain name was not specified'
exit 5062
fi
# update to the next commit
if [ -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs ]; then
if grep -q "Blog commit" $COMPLETION_FILE; then
CURRENT_FULLBLOG_COMMIT=$(grep "Blog commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_FULLBLOG_COMMIT" != "$FULLBLOG_COMMIT" ]]; then
cd /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
2016-01-27 11:53:03 +01:00
git_pull $FULLBLOG_REPO $FULLBLOG_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
fi
else
echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_blog" $COMPLETION_FILE; then
return
fi
if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
mkdir /var/www/$FULLBLOG_DOMAIN_NAME
fi
cd /var/www/$FULLBLOG_DOMAIN_NAME
2016-01-26 17:20:06 +01:00
git_clone $FULLBLOG_REPO htdocs
2015-12-30 19:14:32 +01:00
cd htdocs
git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT
if ! grep -q "Blog commit" $COMPLETION_FILE; then
echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
fi
cd /var/www/$FULLBLOG_DOMAIN_NAME
chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2016-01-17 11:49:11 +01:00
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
else
echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
fi
2015-12-30 19:14:32 +01:00
echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
${PROJECT_NAME}-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
else
2016-01-08 12:18:52 +01:00
${PROJECT_NAME}-addcert -e $FULLBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
2015-12-30 19:54:31 +01:00
fi
check_certificates $FULLBLOG_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
fi
fi
configure_php
# blog settings
cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
# create a user password
get_blog_admin_password
if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 16)"
fi
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'HTMLy Blog' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README
echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
echo $'Edit your blog title and time zone at:' >> /home/$MY_USERNAME/README
echo " /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
# create a user
echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo "password = '$FULLBLOG_ADMIN_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
nginx_ensite $FULLBLOG_DOMAIN_NAME
2016-01-06 10:29:07 +01:00
FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})
2015-12-30 19:14:32 +01:00
systemctl restart php5-fpm
systemctl restart nginx
if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then
echo "Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$FULLBLOG_DOMAIN_NAME
add_ddns_domain
echo 'install_blog' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2016-02-07 20:14:40 +01:00
function install_rss_reader {
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
RSS_READER_PATH=/etc/share/tt-rss
# update to the next commit
if [ -d $RSS_READER_PATH ]; then
if grep -q "RSS reader commit" $COMPLETION_FILE; then
CURRENT_RSS_READER_COMMIT=$(grep "RSS reader commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_RSS_READER_COMMIT" != "$RSS_READER_COMMIT" ]]; then
cd $RSS_READER_PATH
git_pull $RSS_READER_REPO $RSS_READER_COMMIT
sed -i "s/RSS reader commit.*/RSS reader commit:$RSS_READER_COMMIT/g" $COMPLETION_FILE
2016-02-09 10:47:32 +01:00
# ensure that socks5 proxy is used
if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/plugins/af_unburn/init.php; then
sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php
fi
if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/include/functions.php; then
sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php
fi
2016-02-07 20:14:40 +01:00
chown -R www-data:www-data $RSS_READER_PATH
fi
else
echo "RSS reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_rss_reader" $COMPLETION_FILE; then
return
fi
apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
2016-02-07 21:13:13 +01:00
if [ ! -d /etc/share ]; then
mkdir /etc/share
fi
2016-02-07 21:19:47 +01:00
cd /etc/share
git_clone $RSS_READER_REPO tt-rss
2016-02-07 20:14:40 +01:00
if [ ! -d $RSS_READER_PATH ]; then
echo $'Could not clone RSS reader repo'
exit 52925
fi
cd $RSS_READER_PATH
git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
if ! grep -q "RSS reader commit" $COMPLETION_FILE; then
echo "RSS reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE
fi
install_mariadb
get_mariadb_password
repair_databases_script
get_mariadb_rss_reader_admin_password
if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
RSS_READER_ADMIN_PASSWORD="$(openssl rand -base64 32)"
fi
fi
create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
2016-02-08 16:00:43 +01:00
RSS_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_READER_ONION_PORT})
2016-02-07 20:14:40 +01:00
echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo " server_name $RSS_READER_DOMAIN_NAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' # Logs' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' # Root' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo " root $RSS_READER_PATH;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' # Index' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
2016-02-08 15:20:09 +01:00
echo ' index index.html index.htm index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
2016-02-07 20:14:40 +01:00
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' # PHP' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' # Location' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
2016-02-08 15:20:09 +01:00
echo ' index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' location /mobile {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' index index.htm;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
2016-02-07 20:14:40 +01:00
echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' # Fancy URLs' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' # Restrict access that is unnecessary anyway' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
2016-02-08 15:20:09 +01:00
echo ' location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
2016-02-07 20:14:40 +01:00
echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
2016-02-08 15:20:09 +01:00
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge|maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' rewrite ^(.*)$ /mobile$request_uri? redirect;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
2016-02-07 20:14:40 +01:00
echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
2016-02-08 16:19:04 +01:00
if [ ! -f $RSS_READER_PATH/config.php ]; then
# generate a config file
RSS_FEED_CRYPT_KEY="$(openssl rand -base64 26 | cut -c1-24)"
echo '<?php' > $RSS_READER_PATH/config.php
2016-02-09 09:22:59 +01:00
echo " define ('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
2016-02-08 16:19:04 +01:00
echo " define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
echo " define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
echo " define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
echo " define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php
echo " define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php
echo " define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php
echo " define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php
echo " define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php
echo " define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php
echo " define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php
echo " define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php
echo " define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php
echo " define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php
echo " define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php
echo " define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php
echo " define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php
echo " define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php
echo " define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php
echo " define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php
echo " define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php
echo " define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php
echo " define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php
echo " define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php
echo " define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php
echo " define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php
echo " define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php
echo " define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php
echo " define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php
echo " define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php
echo " define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php
echo " define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php
echo " define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php
echo " define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php
echo " define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php
echo " define('CHECK_FOR_UPDATES', true);" >> $RSS_READER_PATH/config.php
echo " define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php
echo " define('PLUGINS', 'auth_internal, note');" >> $RSS_READER_PATH/config.php
echo " define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php
echo " define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php
fi
2016-02-08 16:00:43 +01:00
2016-02-09 10:47:32 +01:00
# ensure that socks5 proxy is used
if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/plugins/af_unburn/init.php; then
sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php
fi
if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/include/functions.php; then
sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php
fi
2016-02-07 21:52:26 +01:00
chown -R www-data:www-data $RSS_READER_PATH
chmod a+x $RSS_READER_PATH
2016-02-07 20:14:40 +01:00
configure_php
nginx_ensite $RSS_READER_DOMAIN_NAME
systemctl restart php5-fpm
systemctl restart nginx
if ! grep -q "RSS reader onion domain" $COMPLETION_FILE; then
echo "RSS reader onion domain:${RSS_READER_ONION_HOSTNAME}" >> $COMPLETION_FILE
fi
2016-02-07 21:30:15 +01:00
if ! grep -q "RSS reader domain" $COMPLETION_FILE; then
echo "RSS reader domain:${RSS_READER_DOMAIN_NAME}" >> $COMPLETION_FILE
2016-02-07 20:14:40 +01:00
fi
2016-02-08 10:27:07 +01:00
# daemon to update feeds
echo '[Unit]' > /etc/systemd/system/ttrss.service
echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
echo 'After=network.target mysql.service' >> /etc/systemd/system/ttrss.service
echo '' >> /etc/systemd/system/ttrss.service
echo '[Service]' >> /etc/systemd/system/ttrss.service
echo 'User=www-data' >> /etc/systemd/system/ttrss.service
echo "ExecStart=$RSS_READER_PATH/update_daemon2.php" >> /etc/systemd/system/ttrss.service
echo '' >> /etc/systemd/system/ttrss.service
echo '[Install]' >> /etc/systemd/system/ttrss.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service
systemctl enable ttrss
systemctl start ttrss
2016-02-07 20:14:40 +01:00
# some post-install instructions for the user
if ! grep -q $"RSS Reader" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'RSS Reader' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo $"RSS reader domain: ${RSS_READER_DOMAIN_NAME}" >> /home/$MY_USERNAME/README
echo $"RSS reader onion domain: ${RSS_READER_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo $"RSS reader admin username: ${MY_USERNAME}" >> /home/$MY_USERNAME/README
echo $"RSS reader admin password: ${RSS_READER_ADMIN_PASSWORD}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
2016-02-07 21:52:26 +01:00
echo $"To set up the system open http://${RSS_READER_ONION_HOSTNAME} and enter:" >> /home/$MY_USERNAME/README
echo $' Database type: MySQL' >> /home/$MY_USERNAME/README
echo $" Username: root" >> /home/$MY_USERNAME/README
echo $" Password: ${MARIADB_PASSWORD}" >> /home/$MY_USERNAME/README
echo $' Database name: ttrss' >> /home/$MY_USERNAME/README
echo $' Host name: localhost' >> /home/$MY_USERNAME/README
echo $' Port: 3306' >> /home/$MY_USERNAME/README
echo $" Tiny Tint RSS URL: http://${RSS_READER_ONION_HOSTNAME}/" >> /home/$MY_USERNAME/README
2016-02-08 12:14:02 +01:00
echo $" Tiny Tint RSS URL (mobile): http://${RSS_READER_ONION_HOSTNAME}/mobile" >> /home/$MY_USERNAME/README
2016-02-07 21:52:26 +01:00
echo '' >> /home/$MY_USERNAME/README
echo $'Click "Test Configuration" and then "Initialize database"' >> /home/$MY_USERNAME/README
echo $'You may need to click "save configuration"' >> /home/$MY_USERNAME/README
2016-02-07 22:14:03 +01:00
echo $'Initially log in with username "admin" and password "password"' >> /home/$MY_USERNAME/README
echo $'Then go to Preferences/Users, click on the "admin" user and then change the password.' >> /home/$MY_USERNAME/README
echo $'You will immediately see what looks like an authorisation error, so log out and log back' >> /home/$MY_USERNAME/README
echo $'in with username "admin" and your new password.' >> /home/$MY_USERNAME/README
2016-02-07 20:14:40 +01:00
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'install_rss_reader' >> $COMPLETION_FILE
}
2016-02-08 12:14:02 +01:00
function install_rss_mobile_reader {
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! $RSS_READER_PATH ]; then
RSS_READER_PATH=/etc/share/tt-rss
fi
2016-02-08 15:23:04 +01:00
RSS_MOBILE_READER_PATH=/etc/share/g2ttrss-mobile
2016-02-08 12:14:02 +01:00
if [ ! -d $RSS_READER_PATH ]; then
echo $'tt-rss is not installed, so the mobile version cannot be installed'
exit 63452
fi
# update to the next commit
if [ -d $RSS_MOBILE_READER_PATH ]; then
if grep -q "RSS mobile reader commit" $COMPLETION_FILE; then
CURRENT_RSS_MOBILE_READER_COMMIT=$(grep "RSS mobile reader commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_RSS_MOBILE_READER_COMMIT" != "$RSS_MOBILE_READER_COMMIT" ]]; then
cd $RSS_MOBILE_READER_PATH
git_pull $RSS_MOBILE_READER_REPO $RSS_MOBILE_READER_COMMIT
sed -i "s/RSS mobile reader commit.*/RSS mobile reader commit:$RSS_MOBILE_READER_COMMIT/g" $COMPLETION_FILE
chown -R www-data:www-data $RSS_MOBILE_READER_PATH
fi
else
echo "RSS mobile reader commit:$RSS_MOBILE_READER_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
return
fi
cd /etc/share
2016-02-08 15:23:04 +01:00
git_clone $RSS_MOBILE_READER_REPO g2ttrss-mobile
2016-02-08 12:14:02 +01:00
if [ ! -d $RSS_MOBILE_READER_PATH ]; then
echo $'Could not clone RSS mobile reader repo'
exit 24816
fi
cd $RSS_MOBILE_READER_PATH
git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
if ! grep -q "RSS mobile reader commit" $COMPLETION_FILE; then
echo "RSS mobile reader commit:$RSS_MOBILE_READER_COMMIT" >> $COMPLETION_FILE
fi
2016-02-08 23:33:14 +01:00
sed -i 's|global_ttrssUrl =.*|global_ttrssUrl = "../";|g' $RSS_MOBILE_READER_PATH/js/g2tt-config.js
2016-02-08 15:20:09 +01:00
2016-02-08 12:14:02 +01:00
# link to the main site
ln -s $RSS_MOBILE_READER_PATH $RSS_READER_PATH/mobile
chown -R www-data:www-data $RSS_MOBILE_READER_PATH
2016-02-08 23:32:07 +01:00
chown -R www-data:www-data $RSS_READER_PATH
2016-02-08 12:14:02 +01:00
chmod a+x $RSS_MOBILE_READER_PATH
echo 'install_rss_mobile_reader' >> $COMPLETION_FILE
}
2015-01-16 20:46:15 +01:00
function install_gnu_social {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! $MICROBLOG_DOMAIN_NAME ]; then
echo $'No domain name was given for the microblog'
exit 7359
fi
# update to the next commit
if [ -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
if grep -q "GNU Social commit" $COMPLETION_FILE; then
2016-02-04 11:38:07 +01:00
CURRENT_MICROBLOG_COMMIT=$(grep "GNU Social commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_MICROBLOG_COMMIT" != "$MICROBLOG_COMMIT" ]]; then
2015-12-30 19:14:32 +01:00
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
2016-02-04 11:38:07 +01:00
git_pull $MICROBLOG_REPO $MICROBLOG_COMMIT
sed -i "s/GNU Social commit.*/GNU Social commit:$MICROBLOG_COMMIT/g" $COMPLETION_FILE
2015-12-30 19:14:32 +01:00
chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
fi
else
2016-02-04 11:38:07 +01:00
echo "GNU Social commit:$MICROBLOG_COMMIT" >> $COMPLETION_FILE
2015-12-30 19:14:32 +01:00
fi
fi
if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
return
fi
install_mariadb
get_mariadb_password
repair_databases_script
apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then
mkdir /var/www/$MICROBLOG_DOMAIN_NAME
fi
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
2016-01-26 17:20:06 +01:00
git_clone $MICROBLOG_REPO /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
2016-01-08 22:28:27 +01:00
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
echo $'Unable to clone gnusocial repo'
exit 87525
fi
2015-12-30 19:14:32 +01:00
fi
2016-01-08 22:13:12 +01:00
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
2016-02-04 11:38:07 +01:00
git checkout $MICROBLOG_COMMIT -b $MICROBLOG_COMMIT
2015-12-30 19:14:32 +01:00
if ! grep -q "GNU Social commit" $COMPLETION_FILE; then
2016-02-04 11:38:07 +01:00
echo "GNU Social commit:$MICROBLOG_COMMIT" >> $COMPLETION_FILE
2015-12-30 19:14:32 +01:00
else
2016-02-04 11:38:07 +01:00
sed -i "s/GNU Social commit.*/GNU Social commit:$MICROBLOG_COMMIT/g" $COMPLETION_FILE
2015-12-30 19:14:32 +01:00
fi
chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
chmod +x /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php
get_mariadb_gnusocial_admin_password
if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
MICROBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
MICROBLOG_ADMIN_PASSWORD="$(openssl rand -base64 32)"
fi
fi
2016-02-03 20:12:38 +01:00
create_database gnusocial "$MICROBLOG_ADMIN_PASSWORD" $MY_USERNAME
2015-12-30 19:14:32 +01:00
if [ ! -f "/etc/aliases" ]; then
touch /etc/aliases
fi
if grep -q "www-data: root" /etc/aliases; then
echo 'www-data: root' >> /etc/aliases
fi
if grep -q "/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" /etc/aliases; then
echo "*: /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" >> /etc/aliases
fi
newaliases
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$MICROBLOG_DOMAIN_NAME
add_ddns_domain
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' listen 80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' listen [::]:80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' # Security' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.pem;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Logs' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' error_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Root' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Index' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # PHP' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' location ~ \.php {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Location' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' try_files $uri $uri/ @gnusocial;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Fancy URLs' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' location @gnusocial {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Restrict access that is unnecessary anyway' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' location ~ /\.(ht|git) {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:54:31 +01:00
echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
else
echo -n '' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
fi
2015-12-30 19:14:32 +01:00
echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo " listen 127.0.0.1:$MICROBLOG_ONION_PORT default_server;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Logs' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' error_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' # Root' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Index' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # PHP' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' location ~ \.php {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Location' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' try_files $uri $uri/ @gnusocial;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Fancy URLs' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' location @gnusocial {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' # Restrict access that is unnecessary anyway' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' location ~ /\.(ht|git) {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-07 20:14:40 +01:00
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2016-02-04 15:31:29 +01:00
echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2015-12-30 19:14:32 +01:00
echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
configure_php
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
if [ ! -f /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam ]; then
2016-01-08 12:18:52 +01:00
${PROJECT_NAME}-addcert -e $MICROBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
2015-12-30 19:54:31 +01:00
check_certificates $MICROBLOG_DOMAIN_NAME
fi
2015-12-30 19:14:32 +01:00
fi
# Ensure that the database gets backed up locally, if remote
# backups are not being used
backup_databases_script_header
2016-01-09 19:33:44 +01:00
if ! grep -q "GNU Social" /usr/bin/backupdatabases; then
echo '' >> /usr/bin/backupdatabases
echo $'# Backup the GNU Social database' >> /usr/bin/backupdatabases
echo 'TEMPFILE=/root/gnusocial.sql' >> /usr/bin/backupdatabases
echo 'DAILYFILE=/var/backups/gnusocial_daily.sql' >> /usr/bin/backupdatabases
echo 'mysqldump --password="$MYSQL_PASSWORD" gnusocial > $TEMPFILE' >> /usr/bin/backupdatabases
echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases
echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
echo ' mysql -u root --password="$MYSQL_PASSWORD" gnusocial -o < $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the GNU Social database. Attempted to restore from yesterdays backup" | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' else' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the GNU Social database." | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' fi' >> /usr/bin/backupdatabases
echo 'else' >> /usr/bin/backupdatabases
echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
fi
if ! grep -q "GNU Social" /etc/cron.weekly/backupdatabasesweekly; then
echo '' >> /etc/cron.weekly/backupdatabasesweekly
echo $'# GNU Social' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/gnusocial_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/gnusocial_daily.sql /var/backups/gnusocial_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
fi
if ! grep -q "GNU Social" /etc/cron.monthly/backupdatabasesmonthly; then
echo '' >> /etc/cron.monthly/backupdatabasesmonthly
echo $'# GNU Social' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/gnusocial_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/gnusocial_monthly.sql /var/backups/gnusocial_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
fi
2015-12-30 19:14:32 +01:00
if ! grep -q "gnusocial" /etc/cron.hourly/repair; then
echo "${PROJECT_NAME}-repair-database gnusocial" >> /etc/cron.hourly/repair
fi
nginx_ensite $MICROBLOG_DOMAIN_NAME
2016-02-03 16:13:46 +01:00
# NOTE: For the typical case always enable SSL and only
# disable it if in onion only mode. This is due to complexities
# with the way URLs are generated by GNU Social
gnu_social_ssl='always'
if [[ $ONION_ONLY != 'no' ]]; then
gnu_social_ssl='never'
fi
2016-01-09 17:26:21 +01:00
# Create the configuration
2016-02-03 16:13:46 +01:00
gnu_social_installer=/var/www/${MICROBLOG_DOMAIN_NAME}/htdocs/scripts/install_cli.php
2016-02-03 16:54:22 +01:00
${gnu_social_installer} --server "${MICROBLOG_DOMAIN_NAME}" \
2016-02-03 17:17:45 +01:00
--host="localhost" --database="gnusocial" \
2016-02-03 16:13:46 +01:00
--dbtype=mysql --username="root" -v \
--password="$MARIADB_PASSWORD" \
2016-02-03 20:51:40 +01:00
--sitename="${MICROBLOG_DOMAIN_NAME}" --fancy='yes' \
2016-02-03 20:12:38 +01:00
--admin-nick="$MY_USERNAME" \
2016-02-03 16:13:46 +01:00
--admin-pass="$MICROBLOG_ADMIN_PASSWORD" \
--site-profile="community" \
--ssl=${gnu_social_ssl}
if [ ! "$?" = "0" ]; then
# failed to install
echo $'Could not install GNU Social'
exit 72357
fi
2016-01-11 18:06:59 +01:00
2016-02-04 15:37:05 +01:00
# check microblog has a config file
2016-02-04 15:31:29 +01:00
microblog_config_file=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
2016-02-04 15:37:05 +01:00
if [ ! -f $microblog_config_file ]; then
echo $'Microblog config.php not found'
exit 87586
fi
# Some useful settings
2016-02-04 10:46:06 +01:00
if ! grep -q "Recommended GNU social settings" $microblog_config_file; then
echo "" >> $microblog_config_file
echo "// Recommended GNU social settings" >> $microblog_config_file
2016-02-04 15:31:29 +01:00
echo "\$config['thumbnail']['maxsize'] = 3000;" >> $microblog_config_file
echo "\$config['profile']['delete'] = true;" >> $microblog_config_file
echo "\$config['profile']['changenick'] = true;" >> $microblog_config_file
echo "\$config['public']['localonly'] = false;" >> $microblog_config_file
2016-02-04 10:46:06 +01:00
echo "addPlugin('StoreRemoteMedia');" >> $microblog_config_file
2016-02-04 15:31:29 +01:00
echo "\$config['queue']['enabled'] = true;" >> $microblog_config_file
echo "\$config['queue']['daemon'] = true;" >> $microblog_config_file
2016-02-04 10:46:06 +01:00
fi
2016-02-04 15:31:29 +01:00
# This improves performance
2016-02-10 15:09:38 +01:00
sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $microblog_config_file
2016-02-04 15:31:29 +01:00
2016-01-06 10:29:07 +01:00
MICROBLOG_ONION_HOSTNAME=$(add_onion_service microblog 80 ${MICROBLOG_ONION_PORT})
2015-12-30 19:14:32 +01:00
systemctl restart php5-fpm
systemctl restart nginx
if ! grep -q "GNU Social onion domain" /home/$MY_USERNAME/README; then
echo "GNU Social onion domain: ${MICROBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo "GNU Social onion domain:${MICROBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
# some post-install instructions for the user
2016-02-03 20:12:38 +01:00
if ! grep -q $"Microblog administrator" /home/$MY_USERNAME/README; then
2015-12-30 19:14:32 +01:00
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Microblog' >> /home/$MY_USERNAME/README
echo '=========' >> /home/$MY_USERNAME/README
2016-02-03 20:12:38 +01:00
echo $"Microblog administrator nickname: $MY_USERNAME" >> /home/$MY_USERNAME/README
2016-02-03 16:13:46 +01:00
echo $"Microblog administrator password: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
2015-12-30 19:14:32 +01:00
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo "GNU Social domain:$MICROBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
echo 'install_gnu_social' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2016-02-10 16:20:59 +01:00
function expire_gnu_social_posts {
# To prevent the database size from growing endlessly this script expires posts
# after a number of months
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
return
fi
gnusocial_expire_script=/usr/bin/gnusocial-expire
echo '<?php' > $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
2016-02-10 16:23:16 +01:00
echo '// GNU Social post expiry script, based on StatExpire by Tony Baldwin' >> $gnusocial_expire_script
echo '// https://github.com/tonybaldwin/statexpire' >> $gnusocial_expire_script
2016-02-10 16:20:59 +01:00
echo '' >> $gnusocial_expire_script
echo '$oldate=date(("Y-m-d"), strtotime("-3 months"));' >> $gnusocial_expire_script
echo '$username="root";' >> $gnusocial_expire_script
2016-02-10 16:32:05 +01:00
echo "\$password=trim(file_get_contents(\"$DATABASE_PASSWORD_FILE\"));" >> $gnusocial_expire_script
2016-02-10 16:20:59 +01:00
echo '$database="gnusocial";' >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo 'if (!$link = mysql_connect("localhost", $username, $password)) {' >> $gnusocial_expire_script
echo ' echo "Could not connect to mariadb";' >> $gnusocial_expire_script
echo ' exit;' >> $gnusocial_expire_script
echo '}' >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo 'if (!mysql_select_db($database, $link)) {' >> $gnusocial_expire_script
echo ' echo "Could not select gnusocial database";' >> $gnusocial_expire_script
echo ' exit;' >> $gnusocial_expire_script
echo '}' >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo "\$notice_query=\"DELETE FROM notice WHERE created <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_script
echo "\$conversation_query=\"DELETE FROM conversation WHERE created <= '$oldate 01:01:01'\";" >> $gnusocial_expire_script
echo "\$reply_query=\"DELETE FROM reply WHERE modified <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo 'mysql_query($notice_query);' >> $gnusocial_expire_script
echo '$rowaff1=mysql_affected_rows();' >> $gnusocial_expire_script
echo 'mysql_query($conversation_query);' >> $gnusocial_expire_script
echo '$rowaff2=mysql_affected_rows();' >> $gnusocial_expire_script
echo 'mysql_query($reply_query);' >> $gnusocial_expire_script
echo '$rowaff3=mysql_affected_rows();' >> $gnusocial_expire_script
echo 'mysql_close();' >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo 'echo "Expire GNU Social posts: $rowaff1 notices, $rowaff2 conversations, and $rowaff3 replies deleted from database.\n";' >> $gnusocial_expire_script
chmod +x $gnusocial_expire_script
# Add a cron job
if ! grep -q "$gnusocial_expire_script" /etc/crontab; then
2016-02-10 16:34:59 +01:00
echo "10 3 5 * * root /usr/bin/timeout 500 /usr/bin/php $gnusocial_expire_script" >> /etc/crontab
2016-02-10 16:20:59 +01:00
fi
# remove old expire script
if [ -f /etc/cron.weekly/clear-microblog-database ]; then
rm /etc/cron.weekly/clear-microblog-database
fi
}
2016-02-03 18:57:11 +01:00
function install_gnu_social_theme {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
# update to the next commit
2016-02-03 19:02:21 +01:00
if grep -q "addPlugin('Qvitter')" /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php; then
2016-02-03 18:57:11 +01:00
if grep -q "GNU Social theme commit" $COMPLETION_FILE; then
2016-02-03 19:37:14 +01:00
CURRENT_MICROBLOG_THEME_COMMIT=$(grep "GNU Social theme commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_MICROBLOG_THEME_COMMIT" != "$MICROBLOG_THEME_COMMIT" ]]; then
2016-02-11 15:15:13 +01:00
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter
2016-02-03 19:37:14 +01:00
git_pull $MICROBLOG_THEME_REPO $MICROBLOG_THEME_COMMIT
2016-02-03 20:18:09 +01:00
sed -i "s/GNU Social theme commit.*/GNU Social theme commit:$MICROBLOG_THEME_COMMIT/g" $COMPLETION_FILE
2016-02-03 18:57:11 +01:00
chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local
fi
else
2016-02-03 19:37:14 +01:00
echo "GNU Social theme commit:$MICROBLOG_THEME_COMMIT" >> $COMPLETION_FILE
2016-02-03 18:57:11 +01:00
fi
fi
if grep -Fxq "install_gnu_social_theme" $COMPLETION_FILE; then
return
fi
2016-02-04 16:54:46 +01:00
apt-get -y install wget
2016-02-03 18:57:11 +01:00
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins ]; then
mkdir -p /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
fi
2016-02-03 19:02:21 +01:00
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
2016-02-03 19:45:43 +01:00
git_clone $MICROBLOG_THEME_REPO Qvitter
2016-02-03 19:53:21 +01:00
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter
2016-02-03 19:45:43 +01:00
git checkout $MICROBLOG_THEME_COMMIT -b $MICROBLOG_THEME_COMMIT
2016-02-03 18:57:11 +01:00
2016-02-04 16:54:46 +01:00
# download a custom background image
2016-02-04 20:21:46 +01:00
MICROBLOG_BACKGROUND_IMAGE_URL_EXT=
2016-02-04 16:54:46 +01:00
if [ $MICROBLOG_BACKGROUND_IMAGE_URL ]; then
2016-02-04 20:21:46 +01:00
if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".jpeg" || $$MICROBLOG_BACKGROUND_IMAGE_URL == *".jpg" ]]; then
MICROBLOG_BACKGROUND_IMAGE_URL_EXT="jpg"
fi
if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".png" ]]; then
MICROBLOG_BACKGROUND_IMAGE_URL_EXT="png"
fi
if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".gif" ]]; then
MICROBLOG_BACKGROUND_IMAGE_URL_EXT="gif"
fi
if [ $MICROBLOG_BACKGROUND_IMAGE_URL_EXT ]; then
wget $MICROBLOG_BACKGROUND_IMAGE_URL -O img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}
if [ ! -f img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT} ]; then
echo "$MICROBLOG_BACKGROUND_IMAGE_URL"
echo $'Custom background image for microblog could not be downloaded'
exit 87524
fi
2016-02-04 16:54:46 +01:00
fi
fi
2016-02-04 10:46:06 +01:00
microblog_config_file=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
if ! grep -q "addPlugin('Qvitter')" $microblog_config_file; then
2016-02-04 10:57:17 +01:00
MICROBLOG_WELCOME_MESSAGE=$(echo $MICROBLOG_WELCOME_MESSAGE | sed "s|\$MICROBLOG_DOMAIN_NAME|$MICROBLOG_DOMAIN_NAME|g")
2016-02-04 10:46:06 +01:00
echo "" >> $microblog_config_file
echo "// Qvitter settings" >> $microblog_config_file
echo "addPlugin('Qvitter');" >> $microblog_config_file
2016-02-04 15:31:29 +01:00
echo "\$config['site']['qvitter']['enabledbydefault'] = true;" >> $microblog_config_file
echo "\$config['site']['qvitter']['defaultbackgroundcolor'] = '#f4f4f4';" >> $microblog_config_file
echo "\$config['site']['qvitter']['defaultlinkcolor'] = '#0084B4';" >> $microblog_config_file
echo "\$config['site']['qvitter']['timebetweenpolling'] = 120000; // two minutes" >> $microblog_config_file
echo "\$config['site']['qvitter']['urlshortenerapiurl'] = 'http://qttr.at/shortener.php';" >> $microblog_config_file
echo "\$config['site']['qvitter']['urlshortenersignature'] = 'b6afeec983';" >> $microblog_config_file
2016-02-04 16:54:46 +01:00
if [ $MICROBLOG_BACKGROUND_IMAGE_URL ]; then
echo "\$config['site']['qvitter']['sitebackground'] = 'img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}';" >> $microblog_config_file
else
echo "\$config['site']['qvitter']['sitebackground'] = 'img/vagnsmossen.jpg';" >> $microblog_config_file
fi
2016-02-04 15:31:29 +01:00
echo "\$config['site']['qvitter']['favicon'] = 'img/favicon.ico?v=4';" >> $microblog_config_file
echo "\$config['site']['qvitter']['sprite'] = Plugin::staticPath('Qvitter', '').'img/sprite.png?v=40';" >> $microblog_config_file
echo "\$config['site']['qvitter']['enablewelcometext'] = true;" >> $microblog_config_file
echo "\$config['site']['qvitter']['customwelcometext']['en'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
echo "\$config['site']['qvitter']['customwelcometext']['de'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
echo "\$config['site']['qvitter']['customwelcometext']['fr'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
echo "\$config['site']['qvitter']['customwelcometext']['es'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
echo "\$config['site']['qvitter']['blocked_ips'] = array();" >> $microblog_config_file
2016-02-04 16:54:46 +01:00
else
2016-02-04 20:21:46 +01:00
if [ $MICROBLOG_BACKGROUND_IMAGE_URL_EXT ]; then
if [ -f img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT} ]; then
sed -i "s|\$config['site']['qvitter']['sitebackground'].*|\$config['site']['qvitter']['sitebackground'] = 'img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}';|g" $microblog_config_file
fi
2016-02-04 16:54:46 +01:00
fi
2016-02-03 18:57:11 +01:00
fi
2016-02-03 19:50:57 +01:00
if ! grep -q "GNU Social theme commit" $COMPLETION_FILE; then
2016-02-03 20:18:09 +01:00
echo "GNU Social theme commit:$MICROBLOG_THEME_COMMIT" >> $COMPLETION_FILE
2016-02-03 19:50:57 +01:00
fi
2016-02-03 18:57:11 +01:00
chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
echo 'install_gnu_social_theme' >> $COMPLETION_FILE
}
2016-02-11 15:15:13 +01:00
function install_gnu_social_markdown {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
# update to the next commit
if grep -q "addPlugin('Markdown'" /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php; then
if grep -q "GNU Social Markdown commit" $COMPLETION_FILE; then
CURRENT_MICROBLOG_MARKDOWN_COMMIT=$(grep "GNU Social Markdown commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_MICROBLOG_MARKDOWN_COMMIT" != "$MICROBLOG_MARKDOWN_COMMIT" ]]; then
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Markdown
git_pull $MICROBLOG_MARKDOWN_REPO $MICROBLOG_MARKDOWN_COMMIT
sed -i "s/GNU Social Markdown commit.*/GNU Social Markdown commit:$MICROBLOG_MARKDOWN_COMMIT/g" $COMPLETION_FILE
chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local
fi
else
echo "GNU Social Markdown commit:$MICROBLOG_MARKDOWN_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_gnu_social_markdown" $COMPLETION_FILE; then
return
fi
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins ]; then
mkdir -p /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
fi
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
git_clone $MICROBLOG_MARKDOWN_REPO Markdown
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Markdown
git checkout $MICROBLOG_MARKDOWN_COMMIT -b $MICROBLOG_MARKDOWN_COMMIT
microblog_config_file=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
if ! grep -q "addPlugin('Markdown'" $microblog_config_file; then
echo "" >> $microblog_config_file
echo "// Markdown settings" >> $microblog_config_file
2016-02-11 15:22:03 +01:00
echo "addPlugin('Markdown');" >> $microblog_config_file
2016-02-11 15:15:13 +01:00
fi
if ! grep -q "GNU Social Markdown commit" $COMPLETION_FILE; then
echo "GNU Social Markdown commit:$MICROBLOG_MARKDOWN_COMMIT" >> $COMPLETION_FILE
fi
chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
echo 'install_gnu_social_markdown' >> $COMPLETION_FILE
}
2015-09-06 23:24:56 +02:00
function install_hubzilla {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! $HUBZILLA_DOMAIN_NAME ]; then
return
fi
2015-12-30 22:28:22 +01:00
# For now it probably won't install as onion-only. This might change in future
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
# update to the next commit
if [ -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
if grep -q "Hubzilla commit" $COMPLETION_FILE; then
CURRENT_HUBZILLA_COMMIT=$(grep "Hubzilla commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_HUBZILLA_COMMIT" != "$HUBZILLA_COMMIT" ]]; then
cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
2016-01-27 11:53:03 +01:00
git_pull $HUBZILLA_REPO $HUBZILLA_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/Hubzilla commit.*/Hubzilla commit:$HUBZILLA_COMMIT/g" $COMPLETION_FILE
chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
fi
else
echo "Hubzilla commit:$HUBZILLA_COMMIT" >> $COMPLETION_FILE
fi
2016-01-08 16:20:44 +01:00
if grep -q "Hubzilla addons commit" $COMPLETION_FILE; then
CURRENT_HUBZILLA_ADDONS_COMMIT=$(grep "Hubzilla addons commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_HUBZILLA_ADDONS_COMMIT" != "$HUBZILLA_ADDONS_COMMIT" ]]; then
cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/addon
2016-01-27 11:53:03 +01:00
git_pull $HUBZILLA_ADDONS_REPO $HUBZILLA_ADDONS_COMMIT
2016-01-08 16:20:44 +01:00
sed -i "s/Hubzilla addons commit.*/Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT/g" $COMPLETION_FILE
chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
fi
else
echo "Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT" >> $COMPLETION_FILE
fi
2015-12-30 19:14:32 +01:00
fi
if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then
return
fi
install_mariadb
get_mariadb_password
repair_databases_script
apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
apt-get -y install php5-dev imagemagick php5-imagick
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
mkdir /var/www/$HUBZILLA_DOMAIN_NAME
fi
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
mkdir /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
fi
if [ ! -f /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/index.php ]; then
cd $INSTALL_DIR
2016-01-26 17:20:06 +01:00
git_clone $HUBZILLA_REPO hubzilla
2015-12-30 19:14:32 +01:00
git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
if ! grep -q "Hubzilla commit" $COMPLETION_FILE; then
echo "Hubzilla commit:$HUBZILLA_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Hubzilla commit.*/Hubzilla commit:$HUBZILLA_COMMIT/g" $COMPLETION_FILE
fi
rm -rf /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
mv hubzilla /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
2016-01-08 16:20:44 +01:00
2016-01-26 17:20:06 +01:00
git_clone $HUBZILLA_ADDONS_REPO /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/addon
2016-01-08 16:20:44 +01:00
cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/addon
git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
if ! grep -q "Hubzilla addons commit" $COMPLETION_FILE; then
echo "Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Hubzilla addons commit.*/Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT/g" $COMPLETION_FILE
fi
2015-12-30 19:14:32 +01:00
# some extra themes
2016-01-26 17:20:06 +01:00
git_clone $HUBZILLA_THEMES_REPO /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/redmatrix-themes1
2015-12-30 19:14:32 +01:00
cp -r /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/redmatrix-themes1/* view/theme/
2016-01-08 16:20:44 +01:00
chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
2015-12-30 19:14:32 +01:00
fi
get_mariadb_hubzilla_admin_password
if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
HUBZILLA_ADMIN_PASSWORD="$(openssl rand -base64 32)"
fi
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Hubzilla' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo $"Your MariaDB Hubzilla admin password is: $HUBZILLA_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
2016-01-21 10:35:50 +01:00
create_database hubzilla "$HUBZILLA_ADMIN_PASSWORD"
2015-12-30 19:14:32 +01:00
if ! grep -q "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" /etc/crontab; then
echo "12,22,32,42,52 * * * * root cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs; /usr/bin/timeout 500 /usr/bin/php include/poller.php" >> /etc/crontab
fi
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$HUBZILLA_DOMAIN_NAME
add_ddns_domain
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.bundle.crt;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$HUBZILLA_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
else
echo -n '' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
fi
2015-12-30 19:14:32 +01:00
echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
configure_php
2015-12-30 19:54:31 +01:00
if [[ $ONION_ONLY == "no" ]]; then
if [ ! -f /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam ]; then
2016-01-08 12:18:52 +01:00
${PROJECT_NAME}-addcert -e $HUBZILLA_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
2015-12-30 19:54:31 +01:00
check_certificates $HUBZILLA_DOMAIN_NAME
fi
2015-12-30 19:14:32 +01:00
fi
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl/smarty3 ]; then
mkdir /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl/smarty3
fi
if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store" ]; then
mkdir "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store"
fi
if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]" ]; then
mkdir "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]"
fi
if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3" ]; then
mkdir "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3"
chmod 777 "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3"
fi
chmod 777 /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl
chown -R www-data:www-data "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store"
chmod 777 /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl/smarty3
# Ensure that the database gets backed up locally, if remote
# backups are not being used
backup_databases_script_header
echo '' >> /usr/bin/backupdatabases
echo $'# Backup the Hubzilla database' >> /usr/bin/backupdatabases
echo 'TEMPFILE=/root/hubzilla.sql' >> /usr/bin/backupdatabases
echo 'DAILYFILE=/var/backups/hubzilla_daily.sql' >> /usr/bin/backupdatabases
echo 'mysqldump --password="$MYSQL_PASSWORD" hubzilla > $TEMPFILE' >> /usr/bin/backupdatabases
echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
echo 'if [ "$FILESIZE" -lt "1024" ]; then' >> /usr/bin/backupdatabases
echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
echo ' mysql -u root --password="$MYSQL_PASSWORD" hubzilla -o < $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the Hubzilla database. Attempted to restore from yesterdays backup" | mail -s "Hubzilla backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' else' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the Hubzilla database." | mail -s "Hubzilla backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' fi' >> /usr/bin/backupdatabases
echo 'else' >> /usr/bin/backupdatabases
echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
echo '' >> /etc/cron.weekly/backupdatabasesweekly
echo '# Hubzilla' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/hubzilla_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/hubzilla_weekly.sql /var/backups/hubzilla_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/hubzilla_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/hubzilla_daily.sql /var/backups/hubzilla_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
echo '' >> /etc/cron.monthly/backupdatabasesmonthly
echo '# Hubzilla' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/hubzilla_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/hubzilla_monthly.sql /var/backups/hubzilla_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/hubzilla_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/hubzilla_weekly.sql /var/backups/hubzilla_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
if ! grep -q "hubzilla" /etc/cron.hourly/repair; then
echo "${PROJECT_NAME}-repair-database hubzilla" >> /etc/cron.hourly/repair
# remove legacy stuff
sed -i 's|/usr/bin/repairdatabase redmatrix||g' /etc/cron.hourly/repair
fi
chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
nginx_ensite $HUBZILLA_DOMAIN_NAME
2016-01-06 10:29:07 +01:00
HUBZILLA_ONION_HOSTNAME=$(add_onion_service hubzilla 80 ${HUBZILLA_ONION_PORT})
2015-12-30 19:14:32 +01:00
2016-01-04 16:55:24 +01:00
systemctl restart php5-fpm
systemctl restart nginx
systemctl restart cron
2015-12-30 19:14:32 +01:00
if ! grep -q "Hubzilla onion domain" /home/$MY_USERNAME/README; then
echo "Hubzilla onion domain: ${HUBZILLA_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo "Hubzilla domain:${HUBZILLA_DOMAIN_NAME}" >> $COMPLETION_FILE
echo "Hubzilla onion domain:${HUBZILLA_ONION_HOSTNAME}" >> $COMPLETION_FILE
echo 'install_hubzilla' >> $COMPLETION_FILE
2015-09-06 23:24:56 +02:00
}
2015-01-16 20:46:15 +01:00
function script_for_attaching_usb_drive {
2015-12-30 19:14:32 +01:00
if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
return
fi
echo '#!/bin/bash' > /usr/bin/attach-music
echo 'remove-music' >> /usr/bin/attach-music
echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music
echo 'fi' >> /usr/bin/attach-music
echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
echo 'service minidlna restart' >> /usr/bin/attach-music
echo 'minidlnad -R' >> /usr/bin/attach-music
chmod +x /usr/bin/attach-music
ln -s /usr/bin/attach-music /usr/bin/attach-usb
ln -s /usr/bin/attach-music /usr/bin/attach-videos
ln -s /usr/bin/attach-music /usr/bin/attach-pictures
ln -s /usr/bin/attach-music /usr/bin/attach-media
echo '#!/bin/bash' > /usr/bin/remove-music
echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
echo " umount $USB_MOUNT" >> /usr/bin/remove-music
echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music
echo 'fi' >> /usr/bin/remove-music
chmod +x /usr/bin/remove-music
ln -s /usr/bin/remove-music /usr/bin/detach-music
ln -s /usr/bin/remove-music /usr/bin/detach-usb
ln -s /usr/bin/remove-music /usr/bin/remove-usb
ln -s /usr/bin/remove-music /usr/bin/detach-media
ln -s /usr/bin/remove-music /usr/bin/remove-media
ln -s /usr/bin/remove-music /usr/bin/detach-videos
ln -s /usr/bin/remove-music /usr/bin/remove-videos
ln -s /usr/bin/remove-music /usr/bin/detach-pictures
ln -s /usr/bin/remove-music /usr/bin/remove-pictures
echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function install_dlna_server {
2015-12-30 19:14:32 +01:00
if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
apt-get -y install minidlna
if [ ! -f /etc/minidlna.conf ]; then
echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
exit 55
fi
sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
fi
if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
fi
if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
fi
if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
fi
if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
fi
sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
else
sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
fi
sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
service minidlna force-reload
service minidlna reload
sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
if ! grep -q "max_user_watches" $COMPLETION_FILE; then
echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
fi
/sbin/sysctl -p
echo 'install_dlna_server' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function install_mediagoblin {
2015-12-30 19:14:32 +01:00
return
if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
return
fi
apt-get -y install git-core python python-dev python-lxml python-imaging python-virtualenv
apt-get -y install postgresql postgresql-client python-psycopg2
apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject
apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools
apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev
apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools
su -c "createuser -A -D mediagoblin" - postgres
su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres
adduser --disabled-login --gecos 'Mediagoblin' mediagoblin
MEDIAGOBLIN_DOMAIN_ROOT="/home/mediagoblin"
MEDIAGOBLIN_PATH="$MEDIAGOBLIN_DOMAIN_ROOT/mediagoblin"
MEDIAGOBLIN_PATH_BIN="$MEDIAGOBLIN_PATH/mediagoblin/bin"
mkdir -p $MEDIAGOBLIN_DOMAIN_ROOT
chown -hR mediagoblin: $MEDIAGOBLIN_DOMAIN_ROOT
su -c "cd $MEDIAGOBLIN_DOMAIN_ROOT; git clone $MEDIAGOBLIN_REPO" - mediagoblin
cd $MEDIAGOBLIN_DOMAIN_ROOT
git checkout -q v0.7.1
su -c "cd $MEDIAGOBLIN_PATH; git submodule init" - mediagoblin
su -c "cd $MEDIAGOBLIN_PATH; git submodule update" - mediagoblin
su -c "cd $MEDIAGOBLIN_PATH; (virtualenv --python=python2 --system-site-packages . || cd $MEDIAGOBLIN_PATH; virtualenv --python=python2 .) && ./bin/python setup.py develop" - mediagoblin
su -c "cd $MEDIAGOBLIN_PATH; ./bin/easy_install flup" - mediagoblin
if [ -f $MEDIAGOBLIN_PATH/lib/python2.7/no-global-site-packages.txt ]; then
virtualenv deactivate
rm -f $MEDIAGOBLIN_PATH/lib/python2.7/no-global-site-packages.txt
su -c "cd $MEDIAGOBLIN_PATH; source bin/activate" - mediagoblin
fi
if [ -f $MEDIAGOBLIN_PATH/mediagoblin.example.ini ]; then
# this is for versions > 0.7.1
su -c "cp $MEDIAGOBLIN_PATH/mediagoblin.example.ini $MEDIAGOBLIN_PATH/mediagoblin_local.ini" - mediagoblin
sed -i 's|# data_basedir.*|data_basedir = "/var/lib/mediagoblin"|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
else
su -c "cp $MEDIAGOBLIN_PATH/mediagoblin.ini $MEDIAGOBLIN_PATH/mediagoblin_local.ini" - mediagoblin
fi
sed -i 's|# sql_engine.*|sql_engine = postgresql:///mediagoblin|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
sed -i "s/email_sender_address.*/email_sender_address = \"$MY_EMAIL_ADDRESS\"/g" $MEDIAGOBLIN_PATH/mediagoblin_local.ini
sed -i 's|email_debug_mode.*|email_debug_mode = false|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
# add extra media types
if ! grep -q "media_types.stl" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
echo '[[mediagoblin.media_types.stl]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
fi
if ! grep -q "media_types.audio" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
echo '[[mediagoblin.media_types.audio]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
fi
if ! grep -q "media_types.video" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
echo '[[mediagoblin.media_types.video]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
fi
#su -c 'cd $MEDIAGOBLIN_PATH; ./bin/pip install scikits.audiolab' - mediagoblin
#su -c "cd $MEDIAGOBLIN_PATH; git submodule update && ./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate" - mediagoblin
su -c "cd $MEDIAGOBLIN_PATH; ./bin/gmg dbupdate" - mediagoblin
echo 'server {' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location ^~ /auth/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location ^~ /u/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location ^~ /submit/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " root /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$MEDIAGOBLIN_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' log_not_found off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
if [ ! -f /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam ]; then
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
${PROJECT_NAME}-addcert -h $MEDIAGOBLIN_DOMAIN_NAME --dhkey $DH_KEYLENGTH
else
2016-01-08 12:18:52 +01:00
${PROJECT_NAME}-addcert -e $MEDIAGOBLIN_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
2015-12-30 19:14:32 +01:00
fi
check_certificates $MEDIAGOBLIN_DOMAIN_NAME
fi
nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
2016-01-04 16:55:24 +01:00
systemctl restart php5-fpm
systemctl restart nginx
2015-12-30 19:14:32 +01:00
/usr/sbin/nginx -s reload
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$MEDIAGOBLIN_DOMAIN_NAME
add_ddns_domain
# init with systemd
echo '[Unit]' > /etc/systemd/system/mediagoblin.service
echo 'Description=Mediagoblin (Media Server)' >> /etc/systemd/system/mediagoblin.service
echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin.service
echo 'After=network.target' >> /etc/systemd/system/mediagoblin.service
echo 'After=postgresql.service' >> /etc/systemd/system/mediagoblin.service
echo '' >> /etc/systemd/system/mediagoblin.service
echo '[Service]' >> /etc/systemd/system/mediagoblin.service
echo 'Type=simple' >> /etc/systemd/system/mediagoblin.service
echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin.service
echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin.service
echo 'WorkingDirectory=/home/mediagoblin/mediagoblin' >> /etc/systemd/system/mediagoblin.service
echo 'ExecStart=/home/mediagoblin/mediagoblin/lazyserver.sh --server-name=broadcast' >> /etc/systemd/system/mediagoblin.service
echo 'Restart=always' >> /etc/systemd/system/mediagoblin.service
echo 'Environment="USER=mediagoblin","HOME=/home/mediagoblin"' >> /etc/systemd/system/mediagoblin.service
echo '' >> /etc/systemd/system/mediagoblin.service
echo '[Install]' >> /etc/systemd/system/mediagoblin.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin.service
systemctl enable mediagoblin
systemctl restart mediagoblin
echo 'install_mediagoblin' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function create_upgrade_script {
2015-12-30 19:14:32 +01:00
if [ -f /usr/local/bin/${PROJECT_NAME}-upgrade ]; then
cp /usr/local/bin/${PROJECT_NAME}-upgrade /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
else
cp /usr/bin/${PROJECT_NAME}-upgrade /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
fi
2015-11-30 18:52:39 +01:00
2015-12-30 19:14:32 +01:00
if grep -Fxq "create_upgrade_script" $COMPLETION_FILE; then
return
fi
2015-11-25 20:28:18 +01:00
2015-12-30 19:14:32 +01:00
apt-get -y install unattended-upgrades
2015-11-25 20:28:18 +01:00
2015-12-30 19:14:32 +01:00
echo 'create_upgrade_script' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
function intrusion_detection {
2015-12-30 19:14:32 +01:00
if grep -Fxq "intrusion_detection" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
apt-get -y install tripwire
apt-get -y autoremove
cd /etc/tripwire
cp site.key $DEFAULT_DOMAIN_NAME-site.key
echo '*** Installing intrusion detection ***'
echo '
2015-12-02 12:27:25 +01:00
' | tripwire --init
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
# make a script for easy resetting of the tripwire
echo '#!/bin/sh' > /usr/bin/reset-tripwire
echo 'tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt' >> /usr/bin/reset-tripwire
chmod +x /usr/bin/reset-tripwire
sed -i 's/SYSLOGREPORTING.*/SYSLOGREPORTING =false/g' /etc/tripwire/twcfg.txt
# only send emails if something has changed
sed -i 's|MAILNOVIOLATIONS.*|MAILNOVIOLATIONS = false|g' /etc/tripwire/twcfg.txt
sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt
sed -i 's|/etc/rc.boot.*||g' /etc/tripwire/twpol.txt
# Don't show any changes to /proc
sed -i 's|/proc.*||g' /etc/tripwire/twpol.txt
# Don't report log changes
sed -i 's|/var/log.*||g' /etc/tripwire/twpol.txt
# Ignore /etc/tripwire
if ! grep -q "!/etc/tripwire" /etc/tripwire/twpol.txt; then
sed -i '\|/etc\t\t->.*|a\ !/etc/tripwire;' /etc/tripwire/twpol.txt
fi
# Avoid logging the changed database
sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
# recreate the configuration
echo '
2015-08-15 18:23:30 +02:00
2015-08-17 14:17:28 +02:00
' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
2015-12-30 19:14:32 +01:00
# reset
echo '
2015-08-17 14:17:28 +02:00
2015-08-15 18:23:30 +02:00
' | reset-tripwire
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
echo 'intrusion_detection' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
# see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
# Local Redirection and Anonymizing Middlebox
function route_outgoing_traffic_through_tor {
2015-12-30 19:14:32 +01:00
if grep -Fxq "route_outgoing_traffic_through_tor" $COMPLETION_FILE; then
return
fi
if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
return
fi
apt-get -y install tor tor-arm
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
### set variables
# Destinations you don't want routed through Tor
_non_tor="192.168.1.0/24 192.168.0.0/24"
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
# The user that Tor runs as
_tor_uid="debian-tor"
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
# Tor's TransPort
_trans_port="9040"
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
# Your internal interface
_int_if="eth0"
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
### Set iptables *nat
iptables -t nat -A OUTPUT -o lo -j RETURN
iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
# Allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor; do
iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN
done
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
# Redirect all other pre-routing and output to Tor
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
### set iptables *filter
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
# Allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor 127.0.0.0/8; do
iptables -A OUTPUT -d $_clearnet -j ACCEPT
done
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
# Allow only Tor output
iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
iptables -A OUTPUT -j REJECT
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
save_firewall_settings
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "fs.file-max" /etc/sysctl.conf; then
echo "fs.file-max=100000" >> /etc/sysctl.conf
/sbin/sysctl -p
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
echo 'domain localdomain' > /etc/resolv.conf
echo 'search localdomain' >> /etc/resolv.conf
echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "VirtualAddrNetworkIPv4" /etc/tor/torrc; then
echo 'VirtualAddrNetworkIPv4 10.192.0.0/10' >> /etc/tor/torrc
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "TransPort" /etc/tor/torrc; then
echo 'TransPort 9040' >> /etc/tor/torrc
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "TransListenAddress 127.0.0.1" /etc/tor/torrc; then
echo 'TransListenAddress 127.0.0.1' >> /etc/tor/torrc
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
echo "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "DNSPort" /etc/tor/torrc; then
echo 'DNSPort 53' >> /etc/tor/torrc
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "DNSListenAddress 127.0.0.1" /etc/tor/torrc; then
echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
if ! grep -q "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
fi
2015-01-16 20:46:15 +01:00
2015-12-30 19:14:32 +01:00
echo 'route_outgoing_traffic_through_tor' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
# A command to create a git repository for a project
function create_git_project {
2015-12-30 19:14:32 +01:00
if grep -Fxq "create_git_project" $COMPLETION_FILE; then
return
fi
apt-get -y install git
echo '#!/bin/bash' > /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'GIT_PROJECT_NAME=$1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'if [ ! $GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo ' echo "Please specify a project name, without any spaces"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo ' exit 1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'if [ ! -d /home/$USER/projects/$GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo ' mkdir -p /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'cd /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'git init --bare' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo -n 'echo "Your project has been created, ' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'use the following command to clone the repository"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo -n " git clone ssh://$MY_USERNAME@$DEFAULT_DOMAIN_NAME:$SSH_PORT" >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '/home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'create_git_project' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-11-26 23:40:09 +01:00
function check_date {
2015-12-30 19:14:32 +01:00
curr_date=$(date)
if [[ $curr_date == *"1970"* ]]; then
apt-get -y install ntp
fi
2015-11-26 23:40:09 +01:00
}
2015-01-16 20:46:15 +01:00
function install_dynamicdns {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
2015-12-30 20:04:10 +01:00
if [[ $ONION_ONLY != "no" ]]; then
return
fi
2015-12-30 19:14:32 +01:00
# update to the next commit
if [ -d $INSTALL_DIR/inadyn ]; then
if grep -q "inadyn commit" $COMPLETION_FILE; then
CURRENT_INADYN_COMMIT=$(grep "inadyn commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_INADYN_COMMIT" != "$INADYN_COMMIT" ]]; then
cd $INSTALL_DIR/inadyn
2016-01-27 11:53:03 +01:00
git_pull $INADYN_REPO $INADYN_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/inadyn commit.*/inadyn commit:$INADYN_COMMIT/g" $COMPLETION_FILE
./configure
USE_OPENSSL=1 make
make install
systemctl restart inadyn
fi
else
echo "inadyn commit:$INADYN_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_dynamicdns" $COMPLETION_FILE; then
return
fi
# Here we compile from source because the current package
# doesn't support https, which could result in passwords
# being leaked
# Debian version 1.99.4-1
# https version 1.99.8
apt-get -y install build-essential curl libgnutls28-dev automake1.11
2016-01-26 17:20:06 +01:00
git_clone $INADYN_REPO $INSTALL_DIR/inadyn
2015-12-30 19:14:32 +01:00
if [ ! -d $INSTALL_DIR/inadyn ]; then
echo 'inadyn repo not cloned'
echo -n | openssl s_client -showcerts -connect github.com:443 -CApath /etc/ssl/certs
exit 6785
fi
cd $INSTALL_DIR/inadyn
git checkout $INADYN_COMMIT -b $INADYN_COMMIT
if ! grep -q "inadyn commit" $COMPLETION_FILE; then
echo "inadyn commit:$INADYN_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/inadyn commit.*/inadyn commit:$INADYN_COMMIT/g" $COMPLETION_FILE
fi
./configure
if [ ! "$?" = "0" ]; then
exit 74890
fi
USE_OPENSSL=1 make
if [ ! "$?" = "0" ]; then
exit 74858
fi
make install
if [ ! "$?" = "0" ]; then
exit 3785
fi
# create an unprivileged user
#useradd -r -s /bin/false debian-inadyn
# create a configuration file
echo 'background' > /etc/inadyn.conf
echo 'verbose 1' >> /etc/inadyn.conf
echo 'period 300' >> /etc/inadyn.conf
echo 'startup-delay 60' >> /etc/inadyn.conf
echo 'cache-dir /run/inadyn' >> /etc/inadyn.conf
echo 'logfile /dev/null' >> /etc/inadyn.conf
chmod 600 /etc/inadyn.conf
echo '[Unit]' > /etc/systemd/system/inadyn.service
echo 'Description=inadyn (DynDNS updater)' >> /etc/systemd/system/inadyn.service
echo 'After=network.target' >> /etc/systemd/system/inadyn.service
echo '' >> /etc/systemd/system/inadyn.service
echo '[Service]' >> /etc/systemd/system/inadyn.service
echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf' >> /etc/systemd/system/inadyn.service
echo 'Restart=always' >> /etc/systemd/system/inadyn.service
echo 'Type=forking' >> /etc/systemd/system/inadyn.service
echo '' >> /etc/systemd/system/inadyn.service
echo '[Install]' >> /etc/systemd/system/inadyn.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/inadyn.service
systemctl enable inadyn
systemctl start inadyn
systemctl daemon-reload
echo 'install_dynamicdns' >> $COMPLETION_FILE
2015-01-16 20:46:15 +01:00
}
2015-01-25 15:46:46 +01:00
function get_voip_server_password {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "VoIP server password" /home/$MY_USERNAME/README; then
if [ ! $VOIP_SERVER_PASSWORD ]; then
VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
2015-01-25 15:46:46 +01:00
}
2015-11-01 23:02:44 +01:00
function get_sip_server_password {
2015-12-30 19:14:32 +01:00
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "SIP server password" /home/$MY_USERNAME/README; then
if [ ! $SIP_SERVER_PASSWORD ]; then
SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
2015-11-01 23:02:44 +01:00
}
2015-09-24 21:16:33 +02:00
function install_ipfs {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
return
fi
2016-01-05 18:43:02 +01:00
export GOPATH=/home/git/go
systemctl set-environment GOPATH=/home/git/go
2015-12-30 19:14:32 +01:00
# update to the next commit
if [ -d /home/git/go/src/github.com/ipfs/go-ipfs ]; then
if grep -q "ipfs commit" $COMPLETION_FILE; then
CURRENT_IPFS_COMMIT=$(grep "ipfs commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
if [[ "$CURRENT_IPFS_COMMIT" != "$IPFS_COMMIT" ]]; then
cd /home/git/go/src/github.com/ipfs/go-ipfs
2016-01-27 15:37:05 +01:00
git_pull $IPFS_GO_REPO $IPFS_COMMIT
2015-12-30 19:14:32 +01:00
sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
chown -R git:git /home/git
systemctl restart ipfs
systemctl daemon-reload
fi
else
echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
fi
fi
if grep -Fxq "install_ipfs" $COMPLETION_FILE; then
return
fi
apt-get -y install golang libpam0g-dev fuse
if [ ! -d /home/git ]; then
# add a gogs user account
adduser --disabled-login --gecos 'Gogs' git
# install Go
if ! grep -q "export GOPATH=/home/git/go" ~/.bashrc; then
echo 'export GOPATH=/home/git/go' >> ~/.bashrc
echo 'systemctl set-environment GOPATH=/home/git/go' >> ~/.bashrc
fi
export GOPATH=/home/git/go
if [ ! -d $GOPATH ]; then
mkdir -p $GOPATH
fi
fi
IPFS_PATH=/home/git/go/bin
if ! grep -q 'GOPATH/bin' ~/.bashrc; then
2016-01-05 18:43:02 +01:00
export PATH="$GOPATH/bin:$PATH:"
2015-12-30 19:14:32 +01:00
echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
fi
# set gopath for the user
if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
echo 'export GOPATH=/home/git/go' >> /home/$MY_USERNAME/.bashrc
echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
fi
2016-01-27 16:21:21 +01:00
IPFS_GO_REPO2=$(echo "$IPFS_GO_REPO" | sed 's|https://||g')
2016-01-27 16:09:05 +01:00
go get -u ${IPFS_GO_REPO2}/cmd/ipfs
2015-12-30 19:14:32 +01:00
if [ ! "$?" = "0" ]; then
exit 8242
fi
2016-01-27 16:37:47 +01:00
cd /home/git/go/src/$IPFS_GO_REPO2
2015-12-30 19:14:32 +01:00
git checkout $IPFS_COMMIT -b $IPFS_COMMIT
if ! grep -q "ipfs commit" $COMPLETION_FILE; then
echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
fi
# initialise
su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
echo "IPFS could not be initialised for user $MY_USERNAME"
exit 7358
fi
# directories to mount to
if [ ! -d /ipfs ]; then
mkdir /ipfs
mkdir /ipns
chown $MY_USERNAME:$MY_USERNAME /ipfs
chown $MY_USERNAME:$MY_USERNAME /ipns
fi
if [ -f /etc/fuse.conf ]; then
chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
fi
if [ -f /dev/fuse ]; then
chown $MY_USERNAME:$MY_USERNAME /dev/fuse
fi
echo '[Unit]' > /etc/systemd/system/ipfs.service
echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service
echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
echo 'After=network.target' >> /etc/systemd/system/ipfs.service
echo '' >> /etc/systemd/system/ipfs.service
echo '[Service]' >> /etc/systemd/system/ipfs.service
echo 'Type=simple' >> /etc/systemd/system/ipfs.service
echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=/home/git/go\"" >> /etc/systemd/system/ipfs.service
echo '' >> /etc/systemd/system/ipfs.service
echo '[Install]' >> /etc/systemd/system/ipfs.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
systemctl enable ipfs
systemctl daemon-reload
systemctl restart ipfs
if [ -d /etc/avahi ]; then
su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
if [ ! -f /tmp/ipfsid ]; then
echo 'No IPFS identity was created'
exit 37895
fi
IPFS_PEER_ID=$(cat /tmp/ipfsid)
if [ ${#IPFS_PEER_ID} -lt 10 ]; then
echo 'Invalid IPFS peer ID'
echo "$IPFS_PEER_ID"
exit 74782
fi
# Add an avahi service
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/ipfs.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/ipfs.service
echo '<service-group>' >> /etc/avahi/services/ipfs.service
echo ' <name replace-wildcards="yes">%h IPFS</name>' >> /etc/avahi/services/ipfs.service
echo ' <service>' >> /etc/avahi/services/ipfs.service
echo ' <type>_ipfs._tcp</type>' >> /etc/avahi/services/ipfs.service
echo " <port>$IPFS_PORT</port>" >> /etc/avahi/services/ipfs.service
echo " <txt-record>$IPFS_PEER_ID</txt-record>" >> /etc/avahi/services/ipfs.service
echo ' </service>' >> /etc/avahi/services/ipfs.service
echo '</service-group>' >> /etc/avahi/services/ipfs.service
rm /tmp/ipfsid
fi
echo 'install_ipfs' >> $COMPLETION_FILE
2015-09-24 21:16:33 +02:00
}
2015-01-25 15:46:46 +01:00
function install_voip {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "install_voip" $COMPLETION_FILE; then
return
fi
apt-get -y install mumble-server
get_voip_server_password
if [ ! $VOIP_SERVER_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
VOIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
VOIP_SERVER_PASSWORD="$(openssl rand -base64 16)"
if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
VOIP_SERVER_PASSWORD="$(openssl rand -base64 16)"
fi
fi
fi
# Make an ssl cert for the server
if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
check_certificates mumble
fi
# Check that the cert was created
if [ ! -f /etc/ssl/certs/mumble.crt ]; then
echo $'VoIP server certificate not created'
exit 57892
fi
if [ ! -f /etc/ssl/private/mumble.key ]; then
echo $'VoIP server key not created'
exit 57893
fi
if [ ! -d /var/lib/mumble-server ]; then
mkdir /var/lib/mumble-server
fi
cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
cp /etc/ssl/private/mumble.key /var/lib/mumble-server
chown -R mumble-server:mumble-server /var/lib/mumble-server
sed -i "s|welcometext=.*|welcometext=\"<br />Welcome to $DEFAULT_DOMAIN_NAME <b>VoIP</b>.<br />Chat freely!<br />\"|g" /etc/mumble-server.ini
if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini
fi
sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini
sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini
sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini
sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
if ! grep -q "allowping" /etc/mumble-server.ini; then
echo 'allowping=False' >> /etc/mumble-server.ini
fi
sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini
sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini
sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
2016-01-06 13:22:56 +01:00
sed -i "s|port=.*|port=${VOIP_PORT}|g" /etc/mumble-server.ini
2016-01-06 10:47:51 +01:00
2016-01-06 16:41:22 +01:00
VOIP_ONION_HOSTNAME=$(add_onion_service voip ${VOIP_PORT} ${VOIP_PORT})
2016-01-06 10:47:51 +01:00
if ! grep -q $"VoIP onion domain" $COMPLETION_FILE; then
echo "VoIP onion domain:$VOIP_ONION_HOSTNAME" >> $COMPLETION_FILE
fi
2015-12-30 19:14:32 +01:00
systemctl restart mumble-server
if ! grep -q $"VoIP Server" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'VoIP Server' >> /home/$MY_USERNAME/README
echo '===========' >> /home/$MY_USERNAME/README
2016-01-06 10:47:51 +01:00
echo $"VoIP onion domain:$VOIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
2015-12-30 19:14:32 +01:00
echo $'VoIP server username: mumble-server' >> /home/$MY_USERNAME/README
if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then
echo $"VoIP server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
fi
echo '' >> /home/$MY_USERNAME/README
echo $'To connect to the VoIP server use your username and the server password shown above.' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'install_voip' >> $COMPLETION_FILE
2015-01-25 15:46:46 +01:00
}
2015-11-01 23:02:44 +01:00
function install_sip {
2015-12-30 19:14:32 +01:00
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "install_sip" $COMPLETION_FILE; then
return
fi
apt-get -y install sipwitch
get_sip_server_password
if [ ! $SIP_SERVER_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
SIP_SERVER_PASSWORD="$(openssl rand -base64 10)"
fi
fi
echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
echo '<sipwitch>' >> /etc/sipwitch.conf
echo '<provision>' >> /etc/sipwitch.conf
echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
echo '<extension>201</extension>' >> /etc/sipwitch.conf
echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
echo '</user>' >> /etc/sipwitch.conf
echo '</provision>' >> /etc/sipwitch.conf
echo '<access>' >> /etc/sipwitch.conf
echo '</access>' >> /etc/sipwitch.conf
echo '<stack>' >> /etc/sipwitch.conf
echo " <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
echo ' <mapped>200</mapped>' >> /etc/sipwitch.conf
echo ' <threading>2</threading>' >> /etc/sipwitch.conf
echo ' <interface>*</interface>' >> /etc/sipwitch.conf
echo ' <dumping>false</dumping>' >> /etc/sipwitch.conf
echo ' <system>system</system>' >> /etc/sipwitch.conf
echo ' <anon>anonymous</anon>' >> /etc/sipwitch.conf
echo '</stack>' >> /etc/sipwitch.conf
echo '<timers>' >> /etc/sipwitch.conf
echo ' <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
echo ' <ring>4</ring>' >> /etc/sipwitch.conf
echo ' <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
echo ' <cfna>4</cfna>' >> /etc/sipwitch.conf
echo ' <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
echo ' <reset>6</reset>' >> /etc/sipwitch.conf
echo '</timers>' >> /etc/sipwitch.conf
echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
echo '<registry>' >> /etc/sipwitch.conf
echo ' <prefix>200</prefix>' >> /etc/sipwitch.conf
echo ' <range>100</range>' >> /etc/sipwitch.conf
echo ' <keysize>77</keysize>' >> /etc/sipwitch.conf
echo ' <mapped>200</mapped>' >> /etc/sipwitch.conf
echo ' <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
echo '</registry>' >> /etc/sipwitch.conf
echo '<routing>' >> /etc/sipwitch.conf
echo '</routing>' >> /etc/sipwitch.conf
echo '</sipwitch>' >> /etc/sipwitch.conf
sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
groupadd sipwitch
usermod -aG sipwitch $MY_USERNAME
2016-01-06 16:41:22 +01:00
SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
2016-01-06 13:15:14 +01:00
if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then
echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE
fi
2016-01-05 09:46:31 +01:00
systemctl restart sipwitch
2015-12-30 19:14:32 +01:00
if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'SIP Server' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
2016-01-06 13:15:14 +01:00
echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
2015-12-30 19:14:32 +01:00
echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'install_sip' >> $COMPLETION_FILE
2015-11-01 23:02:44 +01:00
}
2015-01-16 20:46:15 +01:00
function install_final {
2015-12-30 19:14:32 +01:00
if grep -Fxq "install_final" $COMPLETION_FILE; then
return
fi
# unmount any attached usb drive
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
fi
split_gpg_key_into_fragments
echo 'install_final' >> $COMPLETION_FILE
clear
echo ''
echo $"
2015-12-29 17:42:35 +01:00
*** ${PROJECT_NAME} installation is complete. Rebooting... ***
2015-12-02 21:17:03 +01:00
Now forward these ports from your internet router
HTTP 80
HTTPS 443
SSH 2222
DLNA 1900
DLNA 8200
XMPP 5222-5223
XMPP 5269
XMPP 5280-5281
IRC 6697
Git 9418
Email 25
Email 587
Email 465
Email 993
VoIP 64738
VoIP 5060
Tox 33445
IPFS 4001
2015-12-29 17:42:35 +01:00
"
2015-12-30 19:14:32 +01:00
if [ -f "/home/$MY_USERNAME/README" ]; then
echo $"See /home/$MY_USERNAME/README for post-installation instructions."
echo ''
fi
if [ ! -f $IMAGE_PASSWORD_FILE ]; then
reboot
fi
2015-01-16 20:46:15 +01:00
}
read_configuration
2015-12-30 20:04:10 +01:00
set_default_onion_domains
2015-12-02 15:33:56 +01:00
locale_setup
2015-01-16 20:46:15 +01:00
parse_args
2015-01-29 15:39:15 +01:00
check_domains
2015-01-16 20:46:15 +01:00
install_not_on_BBB
remove_default_user
configure_firewall
2015-08-17 14:17:28 +02:00
configure_firewall_ping
2015-01-16 20:46:15 +01:00
configure_firewall_for_ssh
configure_firewall_for_dns
configure_firewall_for_ftp
configure_firewall_for_web_access
2015-01-25 15:46:46 +01:00
configure_firewall_for_voip
2015-11-01 23:23:57 +01:00
configure_firewall_for_sip
2015-08-09 16:35:23 +02:00
configure_firewall_for_avahi
2015-08-24 09:14:13 +02:00
configure_firewall_for_zeronet
2015-09-30 11:20:47 +02:00
configure_firewall_for_ipfs
2015-01-16 20:46:15 +01:00
remove_proprietary_repos
change_debian_repos
enable_backports
configure_dns
2015-11-26 23:01:43 +01:00
initial_setup
2015-12-29 15:53:03 +01:00
install_tor
2016-01-25 17:35:16 +01:00
enable_ssh_via_onion
2015-11-26 23:40:09 +01:00
check_date
2015-01-16 20:46:15 +01:00
install_dynamicdns
2015-03-10 19:59:26 +01:00
randomize_cron
2015-02-15 16:16:06 +01:00
create_freedns_updater
2015-10-26 15:50:16 +01:00
mark_admin_user_account
2015-01-16 20:46:15 +01:00
enforce_good_passwords
install_editor
change_login_message
enable_zram
random_number_generator
set_your_domain_name
time_synchronisation
configure_internet_protocol
create_git_project
configure_ssh
2016-01-04 11:18:46 +01:00
configure_ssh_onion
2016-01-07 17:20:04 +01:00
allow_ssh_to_onion_address
2015-02-14 18:18:38 +01:00
remove_instructions_from_motd
2015-01-16 20:46:15 +01:00
check_hwrng
search_for_attached_usb_drive
regenerate_ssh_keys
2016-02-01 11:05:29 +01:00
create_mirrors
2015-01-16 20:46:15 +01:00
create_upgrade_script
2015-12-12 12:32:15 +01:00
letsencrypt_renewals
2015-08-15 10:01:45 +02:00
install_zeronet
2015-08-23 14:45:14 +02:00
install_watchdog_script
2015-07-27 21:48:31 +02:00
configure_avahi
2015-12-31 14:02:44 +01:00
create_avahi_onion_domains
2015-09-02 23:10:12 +02:00
install_zeronet_blog
2015-12-11 18:15:52 +01:00
install_zeronet_mail
2015-09-02 23:10:12 +02:00
install_zeronet_forum
2015-09-06 16:28:54 +02:00
#install_atheros_wifi
2015-08-09 15:34:57 +02:00
configure_firewall_for_cjdns
2015-07-27 21:48:31 +02:00
mesh_cjdns
mesh_cjdns_tools
2015-08-09 15:34:57 +02:00
configure_firewall_for_batman
2015-07-27 21:48:31 +02:00
mesh_batman_bridge
2015-08-09 15:34:57 +02:00
configure_firewall_for_babel
2015-07-27 21:48:31 +02:00
mesh_babel
2015-01-16 20:46:15 +01:00
route_outgoing_traffic_through_tor
configure_email
create_procmail
2015-03-18 19:40:00 +01:00
spam_filtering
2015-01-16 20:46:15 +01:00
configure_imap
2015-06-20 18:32:22 +02:00
#configure_imap_client_certs
2015-01-16 20:46:15 +01:00
configure_gpg
2015-09-20 14:19:33 +02:00
configure_backup_key
2015-01-16 20:46:15 +01:00
encrypt_incoming_email
encrypt_outgoing_email
email_client
email_archiving
email_from_address
configure_firewall_for_email
create_public_mailing_list
#create_private_mailing_list
encrypt_all_email
import_email
script_for_attaching_usb_drive
install_web_server
configure_firewall_for_web_server
install_owncloud
install_owncloud_music_app
2015-12-29 21:37:49 +01:00
configure_owncloud_onion_site
2015-03-17 22:22:44 +01:00
install_gogs
2015-01-16 20:46:15 +01:00
install_xmpp
2015-07-11 11:31:18 +02:00
install_tox_node
2015-07-11 18:05:18 +02:00
install_tox_client
2015-08-24 20:36:10 +02:00
tox_avahi
2015-01-16 20:46:15 +01:00
configure_firewall_for_xmpp
install_irc_server
configure_firewall_for_irc
2015-01-25 15:46:46 +01:00
install_voip
2015-11-01 23:02:44 +01:00
install_sip
2015-01-16 20:46:15 +01:00
install_wiki
install_blog
2015-10-27 11:50:41 +01:00
mark_blog_domain
2015-01-16 20:46:15 +01:00
install_gnu_social
2016-02-10 16:20:59 +01:00
expire_gnu_social_posts
2016-02-03 18:57:11 +01:00
install_gnu_social_theme
2016-02-11 15:15:13 +01:00
install_gnu_social_markdown
2016-02-07 20:14:40 +01:00
install_rss_reader
2016-02-08 12:14:02 +01:00
install_rss_mobile_reader
2015-09-07 23:18:32 +02:00
install_hubzilla
2015-01-16 20:46:15 +01:00
install_dlna_server
configure_firewall_for_dlna
2016-01-08 18:44:29 +01:00
#install_mediagoblin
2015-12-06 15:05:51 +01:00
#install_ipfs
2015-01-16 20:46:15 +01:00
repair_databases_script
backup_to_friends_servers
intrusion_detection
install_final
2015-12-29 17:42:35 +01:00
echo "${PROJECT_NAME} installation is complete"
2015-01-16 20:46:15 +01:00
exit 0
