2014-09-20 09:32:52 +02:00
#!/bin/bash
2014-09-29 10:33:19 +02:00
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# This install script is intended for use with Debian Jessie
#
# Please note that the various hashes and download archives
# for systems such as Owncloud and Dokuwiki may need to be updated
#
2014-09-29 10:40:26 +02:00
# License
# =======
#
# Copyright (C) 2014 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
2014-09-29 10:33:19 +02:00
# Summary
# =======
2014-09-29 10:40:26 +02:00
#
2014-09-30 11:27:20 +02:00
# This script is intended to be run on the target device, which
# is typically a Beaglebone Black.
#
2014-09-29 10:33:19 +02:00
# To be able to run this script you need to get to a condition
# where you have Debian Jessie installed, with at least one
# unprivileged user account and at least one subdomain created on
# https://freedns.afraid.org/. If you're not installing on a
# Beaglebone Black then set the variable INSTALLING_ON_BBB to "no"
2014-09-23 12:50:40 +02:00
#
# Note on dynamic dns
# ===================
#
# I'm not particularly trying to promote freedns.afraid.org
# as a service, it just happens to be a dynamic DNS system which
# provides free (as in beer) accounts, and I'm trying to make the
# process of setting up a working server as trivial as possible.
# Other dynamic DNS systems are available, and if you're using
# something different then comment out the section within
2014-09-23 12:56:14 +02:00
# argument_checks and the call to dynamic_dns_freedns.
2014-09-23 12:50:40 +02:00
#
# Prerequisites
# =============
#
2014-09-30 11:44:08 +02:00
# You will need to initially prepare a microSD card with a Debian
# image on it. This can be done using the initial_setup.sh script.
2014-09-29 10:33:19 +02:00
#
2014-09-30 11:44:08 +02:00
# If you are not using a Beaglebone Black then just prepare the
# target system with a fresh installation of Debian Jessie.
2014-10-04 12:27:07 +02:00
#
# Configuration file
# ==================
# If you don't want to edit this script directly then you can
# create a configuration file called freedombone.cfg, which should
# be in the same directory as install-freedombone.sh.
# Within the configuration file you can specify the main settings
# such as:
#
# INSTALLING_ON_BBB=yes
# SSH_PORT=2222
# MICROBLOG_DOMAIN_NAME=mydomain
# MICROBLOG_FREEDNS_SUBDOMAIN_CODE=[code]
# ...
#
# Note that there are no spaces around the equals.
2014-09-21 16:00:38 +02:00
2014-09-20 09:32:52 +02:00
DOMAIN_NAME = $1
MY_USERNAME = $2
2014-09-23 12:50:40 +02:00
FREEDNS_SUBDOMAIN_CODE = $3
2014-09-23 23:07:35 +02:00
SYSTEM_TYPE = $4
2014-09-20 23:58:23 +02:00
2014-09-29 10:14:56 +02:00
# Are we installing on a Beaglebone Black (BBB) or some other system?
INSTALLING_ON_BBB = "yes"
2014-10-05 21:14:16 +02:00
# Version number of this script
VERSION = "1.00"
2014-09-26 15:16:08 +02:00
# Different system variants which may be specified within
# the SYSTEM_TYPE option
2014-09-26 14:34:31 +02:00
VARIANT_WRITER = "writer"
VARIANT_CLOUD = "cloud"
VARIANT_CHAT = "chat"
VARIANT_MAILBOX = "mailbox"
2014-09-28 20:39:38 +02:00
VARIANT_NONMAILBOX = "nonmailbox"
2014-09-26 14:34:31 +02:00
VARIANT_SOCIAL = "social"
2014-09-27 18:59:35 +02:00
VARIANT_MEDIA = "media"
2014-09-26 14:34:31 +02:00
2014-10-04 12:21:43 +02:00
# An optional configuration file which overrides some of these variables
CONFIGURATION_FILE = "freedombone.cfg"
2014-09-20 21:59:13 +02:00
SSH_PORT = 2222
2014-09-29 10:14:56 +02:00
2014-10-03 11:16:33 +02:00
# Why use Google as a time source?
# The thinking here is that it's likely to be reliable and fast.
# The ping doesn't reveal any information other than that the server
# is running, and if anyone maliciously alters the time on Google's
# servers then that would certainly be newsworthy and they'd be
# likely to do something about it quickly.
# If you have better time sources then change them here.
TLS_TIME_SOURCE1 = "google.com"
TLS_TIME_SOURCE2 = "www.ptb.de"
2014-09-29 10:14:56 +02:00
# kernel specifically tweaked for the Beaglebone Black
2014-09-20 23:58:23 +02:00
KERNEL_VERSION = "v3.15.10-bone7"
2014-09-29 10:14:56 +02:00
# Whether or not to use the beaglebone's hardware random number generator
2014-09-21 00:41:20 +02:00
USE_HWRNG = "yes"
2014-09-29 10:14:56 +02:00
# Whether this system is being installed within a docker container
2014-09-23 21:42:00 +02:00
INSTALLED_WITHIN_DOCKER = "no"
2014-09-23 15:54:26 +02:00
2014-10-01 13:32:34 +02:00
# If you want to run a public mailing list specify its name here.
# There should be no spaces in the name
PUBLIC_MAILING_LIST =
# Optional different domain name for the public mailing list
PUBLIC_MAILING_LIST_DOMAIN_NAME =
2014-10-02 12:19:11 +02:00
# Directory where the public mailing list data is stored
PUBLIC_MAILING_LIST_DIRECTORY = "/var/spool/mlmmj"
2014-10-01 13:32:34 +02:00
2014-09-24 13:56:30 +02:00
# If you want to run an encrypted mailing list specify its name here.
# There should be no spaces in the name
PRIVATE_MAILING_LIST =
2014-09-27 19:59:57 +02:00
# Domain name or freedns subdomain for mediagoblin installation
MEDIAGOBLIN_DOMAIN_NAME =
MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE =
MEDIAGOBLIN_REPO = ""
MEDIAGOBLIN_ADMIN_PASSWORD =
2014-09-26 22:30:49 +02:00
# Domain name or freedns subdomain for microblog installation
MICROBLOG_DOMAIN_NAME =
2014-09-27 10:59:02 +02:00
MICROBLOG_FREEDNS_SUBDOMAIN_CODE =
2014-09-26 22:30:49 +02:00
MICROBLOG_REPO = "git://gitorious.org/social/mainline.git"
2014-09-27 00:19:24 +02:00
MICROBLOG_ADMIN_PASSWORD =
2014-09-26 22:30:49 +02:00
2014-09-26 23:48:08 +02:00
# Domain name or redmatrix installation
REDMATRIX_DOMAIN_NAME =
2014-09-27 10:59:02 +02:00
REDMATRIX_FREEDNS_SUBDOMAIN_CODE =
2014-09-27 14:40:17 +02:00
REDMATRIX_REPO = "https://github.com/friendica/red.git"
REDMATRIX_ADDONS_REPO = "https://github.com/friendica/red-addons.git"
REDMATRIX_ADMIN_PASSWORD =
2014-09-26 23:48:08 +02:00
2014-10-11 13:07:05 +02:00
# Domain name and freedns subdomain for Owncloud installation
2014-09-24 20:05:40 +02:00
OWNCLOUD_DOMAIN_NAME =
OWNCLOUD_FREEDNS_SUBDOMAIN_CODE =
2014-10-11 18:50:59 +02:00
OWNCLOUD_ADMIN_PASSWORD =
2014-09-24 20:05:40 +02:00
2014-10-11 13:07:05 +02:00
# Domain name and freedns subdomain for your wiki
2014-09-26 14:17:22 +02:00
WIKI_DOMAIN_NAME =
2014-10-04 12:44:28 +02:00
WIKI_FREEDNS_SUBDOMAIN_CODE =
2014-09-26 15:16:08 +02:00
2014-10-11 13:07:05 +02:00
# Domain name and freedns subdomain for your blog
2014-10-11 18:33:50 +02:00
FULLBLOG_DOMAIN_NAME =
FULLBLOG_FREEDNS_SUBDOMAIN_CODE =
2014-10-11 19:49:12 +02:00
MY_BLOG_TITLE = "My Blog"
MY_BLOG_SUBTITLE = "Another Freedombone Blog"
2014-09-26 18:32:46 +02:00
2014-09-23 14:04:15 +02:00
GPG_KEYSERVER = "hkp://keys.gnupg.net"
2014-09-20 09:32:52 +02:00
2014-09-30 16:38:02 +02:00
# whether to encrypt all incoming email with your public key
GPG_ENCRYPT_STORED_EMAIL = "yes"
2014-09-29 11:40:42 +02:00
# gets set to yes if gpg keys are imported from usb
GPG_KEYS_IMPORTED = "no"
2014-09-23 15:54:26 +02:00
# optionally you can provide your exported GPG key pair here
# Note that the private key file will be deleted after use
# If these are unspecified then a new GPG key will be created
MY_GPG_PUBLIC_KEY =
MY_GPG_PRIVATE_KEY =
2014-10-02 11:33:56 +02:00
# optionally specify your public key ID
MY_GPG_PUBLIC_KEY_ID =
2014-09-23 19:11:22 +02:00
# If you have existing mail within a Maildir
# you can specify the directory here and the files
# will be imported
IMPORT_MAILDIR =
2014-09-22 15:48:38 +02:00
# The Debian package repository to use.
2014-09-29 12:20:17 +02:00
DEBIAN_REPO = "ftp.us.debian.org"
2014-09-22 15:48:38 +02:00
DEBIAN_VERSION = "jessie"
2014-09-20 09:32:52 +02:00
# Directory where source code is downloaded and compiled
2014-09-23 21:52:01 +02:00
INSTALL_DIR = $HOME /build
2014-09-20 09:32:52 +02:00
2014-09-23 19:44:07 +02:00
# device name for an attached usb drive
USB_DRIVE = /dev/sda1
2014-09-28 22:00:51 +02:00
# Location where the USB drive is mounted to
2014-09-29 16:21:06 +02:00
USB_MOUNT = /mnt/usb
2014-09-28 22:00:51 +02:00
2014-10-10 22:25:58 +02:00
# name of a script used to upgrade the system
UPGRADE_SCRIPT_NAME = "freedombone-upgrade"
2014-09-28 23:13:46 +02:00
# Name of a script used to create a backup of the system on usb drive
2014-09-28 22:00:51 +02:00
BACKUP_SCRIPT_NAME = "backup"
2014-10-03 12:40:51 +02:00
# Name of a script used to restore the system from usb drive
RESTORE_SCRIPT_NAME = "restore"
2014-10-02 19:59:29 +02:00
# name of a script used to backup to friends servers
BACKUP_TO_FRIENDS_SCRIPT_NAME = "backup2friends"
2014-10-02 22:13:59 +02:00
# name of a script used to restore backed up data from a friend
RESTORE_FROM_FRIEND_SCRIPT_NAME = "restorefromfriend"
2014-10-02 19:59:29 +02:00
# passphrase used for automatic backups to friends servers
# this will be automatically generated
BACKUP_TO_FRIENDS_PASSPHRASE =
2014-09-24 20:05:40 +02:00
# memory limit for php in MB
2014-10-04 19:14:40 +02:00
MAX_PHP_MEMORY = 64
2014-09-24 20:05:40 +02:00
2014-09-26 22:18:43 +02:00
# default MariaDB password
MARIADB_PASSWORD =
2014-10-02 12:19:11 +02:00
# Directory where XMPP settings are stored
XMPP_DIRECTORY = "/var/lib/prosody"
2014-10-02 00:49:10 +02:00
# file containing a list of remote locations to backup to
2014-10-03 12:40:51 +02:00
# Format: [username@friendsdomain//home/username] [ssh_password]
# With the only space character being between the server and the password
2014-10-10 23:19:07 +02:00
FRIENDS_SERVERS_LIST = /home/$MY_USERNAME /backup.list
2014-10-02 00:49:10 +02:00
2014-10-11 20:01:26 +02:00
# list of encryption protocols
2014-09-27 16:08:30 +02:00
SSL_PROTOCOLS = "TLSv1 TLSv1.1 TLSv1.2"
2014-09-29 12:33:02 +02:00
# list of ciphers to use. See bettercrypto.org recommendations
2014-09-27 16:05:18 +02:00
SSL_CIPHERS = "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
2014-10-10 22:32:46 +02:00
# the default email address
MY_EMAIL_ADDRESS = $MY_USERNAME @$DOMAIN_NAME
2014-10-11 20:01:26 +02:00
# optionally specify your name to appear on the blog
MY_NAME = $DOMAIN_NAME
2014-09-20 20:12:33 +02:00
export DEBIAN_FRONTEND = noninteractive
2014-09-21 11:02:15 +02:00
# File which keeps track of what has already been installed
2014-09-23 21:52:01 +02:00
COMPLETION_FILE = $HOME /freedombone-completed.txt
2014-09-21 11:02:15 +02:00
if [ ! -f $COMPLETION_FILE ] ; then
2014-09-23 17:10:46 +02:00
touch $COMPLETION_FILE
2014-09-21 11:02:15 +02:00
fi
2014-09-29 12:07:43 +02:00
# message if something fails to install
2014-09-29 13:40:53 +02:00
CHECK_MESSAGE = " Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE , run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list. "
2014-09-29 12:07:43 +02:00
2014-09-24 21:42:52 +02:00
function show_help {
echo ''
echo './install-freedombone.sh [domain] [username] [subdomain code] [system type]'
echo ''
echo 'domain'
echo '------'
echo 'This is your domain name or freedns subdomain.'
echo ''
echo 'username'
echo '--------'
echo ''
echo 'This will be your username on the system. It should be all'
echo 'lower case and contain no spaces'
echo ''
echo 'subdomain code'
echo '--------------'
echo 'This is the freedns dynamic DNS code for your subdomain.'
echo "To find it from https://freedns.afraid.org select 'Dynamic DNS',"
echo "then 'quick cron example' and copy the code located between "
echo "'?' and '=='."
echo ''
echo 'system type'
echo '-----------'
echo 'This can either be blank if you wish to install the full system,'
2014-09-26 15:19:37 +02:00
echo " or for more specialised variants you can specify ' $VARIANT_MAILBOX ', ' $VARIANT_CLOUD ', "
2014-09-28 20:39:38 +02:00
echo " ' $VARIANT_CHAT ', ' $VARIANT_SOCIAL ', ' $VARIANT_MEDIA ' or ' $VARIANT_WRITER '. "
echo " If you wish to install everything except email then use the ' $VARIANT_NONMAILBOX ' variaint. "
2014-09-24 21:42:52 +02:00
}
2014-09-20 21:51:50 +02:00
function argument_checks {
2014-09-23 16:00:30 +02:00
if [ ! -d /home/$MY_USERNAME ] ; then
2014-09-23 17:10:46 +02:00
echo " There is no user ' $MY_USERNAME ' on the system. Use 'adduser $MY_USERNAME ' to create the user. "
exit 1
2014-09-23 16:00:30 +02:00
fi
2014-09-20 21:51:50 +02:00
if [ ! $DOMAIN_NAME ] ; then
2014-09-24 23:17:44 +02:00
show_help
2014-09-23 17:10:46 +02:00
exit 2
2014-09-20 21:51:50 +02:00
fi
if [ ! $MY_USERNAME ] ; then
2014-09-24 23:17:44 +02:00
show_help
2014-09-23 17:10:46 +02:00
exit 3
2014-09-20 21:51:50 +02:00
fi
2014-09-23 12:50:40 +02:00
if [ ! $FREEDNS_SUBDOMAIN_CODE ] ; then
2014-09-24 23:17:44 +02:00
show_help
2014-09-23 17:10:46 +02:00
exit 4
2014-09-23 12:50:40 +02:00
fi
2014-09-26 22:44:35 +02:00
if [ $SYSTEM_TYPE ] ; then
2014-09-28 20:39:38 +02:00
if [ [ $SYSTEM_TYPE != $VARIANT_WRITER && $SYSTEM_TYPE != $VARIANT_CLOUD && $SYSTEM_TYPE != $VARIANT_CHAT && $SYSTEM_TYPE != $VARIANT_MAILBOX && $SYSTEM_TYPE != $VARIANT_NONMAILBOX && $SYSTEM_TYPE != $VARIANT_SOCIAL && $SYSTEM_TYPE != $VARIANT_MEDIA ] ] ; then
2014-09-26 23:48:08 +02:00
echo " ' $SYSTEM_TYPE ' is an unrecognised Freedombone variant. "
exit 30
fi
2014-09-26 22:44:35 +02:00
fi
2014-09-29 12:36:34 +02:00
}
2014-10-04 12:21:43 +02:00
function read_configuration {
if [ -f $CONFIGURATION_FILE ] ; then
2014-10-11 20:01:26 +02:00
if grep -q "MY_NAME" $CONFIGURATION_FILE ; then
MY_NAME = $( grep "MY_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
2014-10-10 22:32:46 +02:00
if grep -q "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE ; then
MY_EMAIL_ADDRESS = $( grep "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
2014-10-04 12:21:43 +02:00
if grep -q "INSTALLING_ON_BBB" $CONFIGURATION_FILE ; then
INSTALLING_ON_BBB = $( grep "INSTALLING_ON_BBB" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "SSH_PORT" $CONFIGURATION_FILE ; then
SSH_PORT = $( grep "SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE ; then
INSTALLED_WITHIN_DOCKER = $( grep "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE ; then
PUBLIC_MAILING_LIST = $( grep "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE ; then
MICROBLOG_DOMAIN_NAME = $( grep "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "MICROBLOG_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE ; then
MICROBLOG_FREEDNS_SUBDOMAIN_CODE = $( grep "MICROBLOG_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "REDMATRIX_DOMAIN_NAME" $CONFIGURATION_FILE ; then
REDMATRIX_DOMAIN_NAME = $( grep "REDMATRIX_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "REDMATRIX_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE ; then
REDMATRIX_FREEDNS_SUBDOMAIN_CODE = $( grep "REDMATRIX_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE ; then
OWNCLOUD_DOMAIN_NAME = $( grep "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "OWNCLOUD_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE ; then
OWNCLOUD_FREEDNS_SUBDOMAIN_CODE = $( grep "OWNCLOUD_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE ; then
WIKI_DOMAIN_NAME = $( grep "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "WIKI_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE ; then
WIKI_FREEDNS_SUBDOMAIN_CODE = $( grep "WIKI_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
2014-10-11 18:33:50 +02:00
if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE ; then
FULLBLOG_DOMAIN_NAME = $( grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
2014-10-11 13:07:05 +02:00
fi
2014-10-11 18:33:50 +02:00
if grep -q "FULLBLOG_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE ; then
FULLBLOG_FREEDNS_SUBDOMAIN_CODE = $( grep "FULLBLOG_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
2014-10-11 13:07:05 +02:00
fi
2014-10-11 19:49:12 +02:00
if grep -q "MY_BLOG_TITLE" $CONFIGURATION_FILE ; then
MY_BLOG_TITLE = $( grep "MY_BLOG_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE ; then
MY_BLOG_SUBTITLE = $( grep "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
2014-10-04 12:21:43 +02:00
if grep -q "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE ; then
GPG_ENCRYPT_STORED_EMAIL = $( grep "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE ; then
MY_GPG_PUBLIC_KEY = $( grep "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE ; then
MY_GPG_PRIVATE_KEY = $( grep "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
2014-10-05 11:26:15 +02:00
fi
if grep -q "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE ; then
MY_GPG_PUBLIC_KEY_ID = $( grep "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
2014-10-04 12:21:43 +02:00
fi
if grep -q "USB_DRIVE" $CONFIGURATION_FILE ; then
USB_DRIVE = $( grep "USB_DRIVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "MAX_PHP_MEMORY" $CONFIGURATION_FILE ; then
MAX_PHP_MEMORY = $( grep "MAX_PHP_MEMORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
2014-10-04 13:01:02 +02:00
if grep -q "TLS_TIME_SOURCE1" $CONFIGURATION_FILE ; then
TLS_TIME_SOURCE1 = $( grep "TLS_TIME_SOURCE1" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
if grep -q "TLS_TIME_SOURCE2" $CONFIGURATION_FILE ; then
TLS_TIME_SOURCE2 = $( grep "TLS_TIME_SOURCE2" $CONFIGURATION_FILE | awk -F '=' '{print $2}' )
fi
2014-10-04 12:21:43 +02:00
fi
}
2014-09-30 20:01:07 +02:00
function check_hwrng {
2014-09-30 20:08:46 +02:00
# If hardware random number generation was enabled then make sure that the device exists.
# if /dev/hwrng is not found then any subsequent cryptographic key generation would
# suffer from low entropy and might be insecure
if [ ! -f /etc/default/rng-tools ] ; then
return
fi
2014-09-30 21:42:31 +02:00
if [ ! -e /dev/hwrng ] ; then
2014-09-30 20:08:46 +02:00
ls /dev/hw*
2014-09-30 21:39:43 +02:00
echo 'The hardware random number generator is enabled but could not be detected on'
2014-09-30 20:08:46 +02:00
echo '/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.'
exit 75
fi
2014-09-30 20:01:07 +02:00
}
2014-10-02 18:18:50 +02:00
function import_gpg_key_to_root {
2014-10-02 20:35:35 +02:00
# This is a compromise. backup needs access to things which the user
# doesn't have access to, but also needs to be able to encrypt as the user
# Perhaps there is some better way to do this.
# Maybe there should be a separate backup GPG key. Discuss.
2014-10-02 18:18:50 +02:00
if [ ! $MY_GPG_PUBLIC_KEY ] ; then
MY_GPG_PUBLIC_KEY = /tmp/public_key.gpg
2014-10-02 14:42:03 +02:00
fi
2014-10-02 18:18:50 +02:00
apt-get -y --force-yes install gnupg
2014-10-02 14:42:03 +02:00
2014-10-02 15:43:48 +02:00
if [ ! $MY_GPG_PUBLIC_KEY_ID ] ; then
2014-10-10 22:32:46 +02:00
MY_GPG_PUBLIC_KEY_ID = $( su -c " gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub ' " - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}' )
2014-10-02 16:21:47 +02:00
fi
2014-10-05 11:23:51 +02:00
# if the above fails because the key has an unexpected email address
if [ ! $MY_GPG_PUBLIC_KEY_ID ] ; then
# copy the whole keyring from the user
cp -r /home/$MY_USERNAME /.gnupg /root
# get the first entry, which we assume to be the imported key
MY_GPG_PUBLIC_KEY_ID = $( gpg --list-keys | grep "pub " | head -n 1 | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}' )
2014-10-05 11:31:00 +02:00
else
# make sure that the root user has access to your gpg public key
if [ $MY_GPG_PUBLIC_KEY_ID ] ; then
su -c "gpg --export-ownertrust > ~/temp_trust.txt" - $MY_USERNAME
su -c " gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID " - $MY_USERNAME
su -c " gpg --output ~/temp_private_key.txt --armor --export-secret-key $MY_GPG_PUBLIC_KEY_ID " - $MY_USERNAME
gpg --import-ownertrust < /home/$MY_USERNAME /temp_trust.txt
gpg --import $MY_GPG_PUBLIC_KEY
gpg --allow-secret-key-import --import /home/$MY_USERNAME /temp_private_key.txt
shred -zu /home/$MY_USERNAME /temp_private_key.txt
shred -zu /home/$MY_USERNAME /temp_trust.txt
fi
2014-10-02 15:31:18 +02:00
fi
2014-10-02 18:18:50 +02:00
}
function create_backup_script {
if grep -Fxq "create_backup_script" $COMPLETION_FILE ; then
return
fi
apt-get -y --force-yes install duplicity
import_gpg_key_to_root
2014-10-02 15:31:18 +02:00
2014-10-02 14:42:03 +02:00
echo '#!/bin/bash' > /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:31:18 +02:00
echo 'GPG_KEY=$1' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 16:02:36 +02:00
echo 'if [ ! $GPG_KEY ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:31:18 +02:00
echo ' echo "You need to specify a GPG key ID with which to create the backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 1' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:46:08 +02:00
echo " GPG_KEY=' $MY_GPG_PUBLIC_KEY_ID ' " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:31:18 +02:00
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 14:42:03 +02:00
echo " if [ ! -b $USB_DRIVE ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Please attach a USB drive"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 1' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir $USB_MOUNT " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mount $USB_DRIVE $USB_MOUNT " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT /backup ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir $USB_MOUNT /backup " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Put some files into a temporary directory so that they can be easily backed up' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir /home/ $MY_USERNAME /tempfiles " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-11 10:35:44 +02:00
if grep -Fxq "install_gnu_social" $COMPLETION_FILE ; then
2014-10-02 15:31:18 +02:00
echo 'echo "Obtaining GNU Social database backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 14:42:03 +02:00
echo " mysqldump --password= $MARIADB_PASSWORD gnusocial > /home/ $MY_USERNAME /tempfiles/gnusocial.sql " >> /usr/bin/$BACKUP_SCRIPT_NAME
fi
2014-10-11 10:33:55 +02:00
if grep -Fxq "install_redmatrix" $COMPLETION_FILE ; then
2014-10-02 15:31:18 +02:00
echo 'echo "Obtaining Red Matrix database backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 14:42:03 +02:00
echo " mysqldump --password= $MARIADB_PASSWORD redmatrix > /home/ $MY_USERNAME /tempfiles/redmatrix.sql " >> /usr/bin/$BACKUP_SCRIPT_NAME
fi
2014-10-11 10:37:39 +02:00
if grep -Fxq "install_owncloud" $COMPLETION_FILE ; then
2014-10-02 15:31:18 +02:00
echo 'echo "Obtaining Owncloud data backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-04 21:41:12 +02:00
echo " tar -czvf /home/ $MY_USERNAME /tempfiles/owncloud.tar.gz /var/www/ $OWNCLOUD_DOMAIN_NAME /htdocs/data/ $MY_USERNAME " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 14:42:03 +02:00
fi
2014-10-11 10:39:13 +02:00
if grep -Fxq "install_wiki" $COMPLETION_FILE ; then
2014-10-02 15:31:18 +02:00
echo 'echo "Obtaining wiki data backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-04 21:44:45 +02:00
echo " tar -czvf /home/ $MY_USERNAME /tempfiles/wiki.tar.gz /var/www/ $WIKI_DOMAIN_NAME /htdocs/data " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 14:42:03 +02:00
fi
2014-10-11 13:07:05 +02:00
if grep -Fxq "install_blog" $COMPLETION_FILE ; then
echo 'echo "Obtaining blog backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-11 18:33:50 +02:00
echo " tar -czvf /home/ $MY_USERNAME /tempfiles/blog.tar.gz /var/www/ $FULLBLOG_DOMAIN_NAME /htdocs " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-11 13:07:05 +02:00
fi
2014-10-02 15:05:30 +02:00
echo 'echo "Archiving miscellaneous files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:08:57 +02:00
echo " tar -czvf /home/ $MY_USERNAME /tempfiles/miscfiles.tar.gz /home/ $MY_USERNAME /.gnupg /home/ $MY_USERNAME /.muttrc /home/ $MY_USERNAME /.procmailrc /home/ $MY_USERNAME /.ssh /home/ $MY_USERNAME /personal " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 14:42:03 +02:00
2014-10-02 15:05:30 +02:00
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup the public mailing list' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up the public mailing list"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 16:02:36 +02:00
echo -n ' duplicity incr --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " $PUBLIC_MAILING_LIST_DIRECTORY file:// $USB_MOUNT /backup/publicmailinglist " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:05:30 +02:00
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup xmpp settings' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d $XMPP_DIRECTORY ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up the XMPP settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 16:02:36 +02:00
echo -n ' duplicity incr --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " $XMPP_DIRECTORY file:// $USB_MOUNT /backup/xmpp " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:05:30 +02:00
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup web content and other stuff' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up web content and miscellaneous files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 16:02:36 +02:00
echo -n ' duplicity incr --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " /home/ $MY_USERNAME /tempfiles file:// $USB_MOUNT /backup/tempfiles " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:05:30 +02:00
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup email' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /Maildir ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up emails"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 16:02:36 +02:00
echo -n ' duplicity incr --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " /home/ $MY_USERNAME /Maildir file:// $USB_MOUNT /backup/Maildir " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:05:30 +02:00
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup DLNA cache' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up DLNA cache"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 16:02:36 +02:00
echo -n ' duplicity incr --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " /var/cache/minidlna file:// $USB_MOUNT /backup/dlna " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:05:30 +02:00
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 14:42:03 +02:00
2014-10-02 15:05:30 +02:00
echo 'echo "Cleaning up backup files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 17:20:03 +02:00
echo " if [ -d /home/ $MY_USERNAME /Maildir ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " duplicity --force cleanup file:// $USB_MOUNT /backup/Maildir " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " duplicity --force cleanup file:// $USB_MOUNT /backup/tempfiles " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " duplicity --force cleanup file:// $USB_MOUNT /backup/dlna " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d $XMPP_DIRECTORY ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " duplicity --force cleanup file:// $USB_MOUNT /backup/xmpp " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " duplicity --force cleanup file:// $USB_MOUNT /backup/publicmailinglist " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 16:21:47 +02:00
2014-10-02 15:05:30 +02:00
echo 'echo "Removing old backups"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 17:20:03 +02:00
echo " if [ -d /home/ $MY_USERNAME /Maildir ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " duplicity --force remove-all-but-n-full 2 file:// $USB_MOUNT /backup/Maildir " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " duplicity --force remove-all-but-n-full 2 file:// $USB_MOUNT /backup/tempfiles " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " duplicity --force remove-all-but-n-full 2 file:// $USB_MOUNT /backup/dlna " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d $XMPP_DIRECTORY ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " duplicity --force remove-all-but-n-full 2 file:// $USB_MOUNT /backup/xmpp " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " duplicity --force remove-all-but-n-full 2 file:// $USB_MOUNT /backup/publicmailinglist " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 14:42:03 +02:00
2014-10-02 15:05:30 +02:00
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-11 10:19:55 +02:00
echo 'sync' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 15:05:30 +02:00
echo '# Remove temporary files' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Removing temporary files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf /home/ $MY_USERNAME /tempfiles " >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 22:13:59 +02:00
echo " umount $USB_MOUNT " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-11 10:19:55 +02:00
echo " rm -rf $USB_MOUNT " >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 18:47:06 +02:00
echo 'echo "Backup to USB drive is complete. You can now unplug it."' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 14:42:03 +02:00
echo 'exit 0' >> /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-11 10:04:59 +02:00
chmod 400 /usr/bin/$BACKUP_SCRIPT_NAME
chmod +x /usr/bin/$BACKUP_SCRIPT_NAME
2014-10-02 14:42:03 +02:00
echo 'create_backup_script' >> $COMPLETION_FILE
}
function create_restore_script {
if grep -Fxq "create_restore_script" $COMPLETION_FILE ; then
return
fi
apt-get -y --force-yes install duplicity
2014-10-02 18:18:50 +02:00
import_gpg_key_to_root
echo '#!/bin/bash' > /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'GPG_KEY=$1' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'if [ ! $GPG_KEY ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "You need to specify a GPG key ID with which to restore from backup"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 1' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " GPG_KEY=' $MY_GPG_PUBLIC_KEY_ID ' " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ ! -b $USB_DRIVE ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Please attach a USB drive"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 1' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " mkdir $USB_MOUNT " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " mount $USB_DRIVE $USB_MOUNT " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT /backup ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "No backup directory found on the USB drive."' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 2' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring public mailing list"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " duplicity --force file:// $USB_MOUNT /backup/publicmailinglist $PUBLIC_MAILING_LIST_DIRECTORY " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ -d $XMPP_DIRECTORY ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring XMPP settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " duplicity --force file:// $USB_MOUNT /backup/xmpp $XMPP_DIRECTORY " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 22:13:59 +02:00
echo " rm -rf /home/ $MY_USERNAME /tempfiles/* " >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 18:18:50 +02:00
echo 'else' >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 22:13:59 +02:00
echo " mkdir /home/ $MY_USERNAME /tempfiles " >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 18:18:50 +02:00
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'echo "Restoring web content and miscellaneous files"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " duplicity --force file:// $USB_MOUNT /backup/tempfiles /home/ $MY_USERNAME /tempfiles " >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 22:13:59 +02:00
echo " tar -xzvf /home/ $MY_USERNAME /tempfiles/miscfiles.tar.gz -C / " >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-03 00:36:51 +02:00
2014-10-11 10:35:44 +02:00
if grep -Fxq "install_gnu_social" $COMPLETION_FILE ; then
2014-10-03 00:45:03 +02:00
echo " if [ -f /home/ $MY_USERNAME /tempfiles/gnusocial.sql ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring microblog database"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " mysql -u root --password= $MARIADB_PASSWORD gnusocial -o < /home/ $MY_USERNAME /tempfiles/gnusocial.sql " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-03 00:36:51 +02:00
fi
2014-10-11 10:33:55 +02:00
if grep -Fxq "install_redmatrix" $COMPLETION_FILE ; then
2014-10-03 00:45:03 +02:00
echo " if [ -f /home/ $MY_USERNAME /tempfiles/redmatrix.sql ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring Red Matrix database"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " mysql -u root --password= $MARIADB_PASSWORD redmatrix -o < /home/ $MY_USERNAME /tempfiles/redmatrix.sql " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-03 00:36:51 +02:00
fi
2014-10-11 10:37:39 +02:00
if grep -Fxq "install_owncloud" $COMPLETION_FILE ; then
2014-10-03 00:45:03 +02:00
echo " if [ -f /home/ $MY_USERNAME /tempfiles/owncloud.tar.gz ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring Owncloud"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " tar -xzvf /home/ $MY_USERNAME /tempfiles/owncloud.tar.gz -C / " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-03 00:36:51 +02:00
fi
2014-10-11 10:39:13 +02:00
if grep -Fxq "install_wiki" $COMPLETION_FILE ; then
2014-10-03 00:45:03 +02:00
echo " if [ -f /home/ $MY_USERNAME /tempfiles/wiki.tar.gz ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-11 13:07:05 +02:00
echo ' echo "Restoring Wiki"' >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-03 00:45:03 +02:00
echo " tar -xzvf /home/ $MY_USERNAME /tempfiles/wiki.tar.gz -C / " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-03 00:36:51 +02:00
fi
2014-10-11 13:07:05 +02:00
if grep -Fxq "install_blog" $COMPLETION_FILE ; then
echo " if [ -f /home/ $MY_USERNAME /tempfiles/blog.tar.gz ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring blog"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " tar -xzvf /home/ $MY_USERNAME /tempfiles/blog.tar.gz -C / " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
fi
2014-10-02 22:13:59 +02:00
echo " rm -rf /home/ $MY_USERNAME /tempfiles " >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 18:18:50 +02:00
echo " if [ -d /home/ $MY_USERNAME /Maildir ]; then " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring emails"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " duplicity --force file:// $USB_MOUNT /backup/Maildir /home/ $MY_USERNAME /Maildir " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring DLNA cache"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " duplicity --force file:// $USB_MOUNT /backup/dlna /var/cache/minidlna " >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 18:47:06 +02:00
echo 'sync' >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 22:13:59 +02:00
echo " umount $USB_MOUNT " >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-11 10:19:55 +02:00
echo " rm -rf $USB_MOUNT " >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 18:47:06 +02:00
echo 'echo "Restore from USB drive is complete. You can now remove it."' >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 18:18:50 +02:00
echo 'exit 0' >> /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-11 10:04:59 +02:00
chmod 400 /usr/bin/$RESTORE_SCRIPT_NAME
chmod +x /usr/bin/$RESTORE_SCRIPT_NAME
2014-10-02 18:18:50 +02:00
2014-10-02 14:42:03 +02:00
echo 'create_restore_script' >> $COMPLETION_FILE
}
2014-10-02 14:06:03 +02:00
function backup_to_friends_servers {
if grep -Fxq "backup_to_friends_servers" $COMPLETION_FILE ; then
return
fi
if [ ! $FRIENDS_SERVERS_LIST ] ; then
return
fi
apt-get -y --force-yes install duplicity
2014-10-02 19:59:29 +02:00
if [ ! $BACKUP_TO_FRIENDS_PASSPHRASE ] ; then
BACKUP_TO_FRIENDS_PASSPHRASE = $( openssl rand -base64 32)
2014-10-02 20:32:12 +02:00
fi
if ! grep -q "With a USB drive attached just type" /home/$MY_USERNAME /README; then
2014-10-02 20:10:59 +02:00
if [ ! -f /home/$MY_USERNAME /README ] ; then
touch /home/$MY_USERNAME /README
fi
echo '' >> /home/$MY_USERNAME /README
2014-10-02 20:21:31 +02:00
echo '' >> /home/$MY_USERNAME /README
echo 'Backups' >> /home/$MY_USERNAME /README
echo '=======' >> /home/$MY_USERNAME /README
echo 'With a USB drive attached just type "backup" or "restore" when logged in as root.' >> /home/$MY_USERNAME /README
echo 'You will be asked to enter your GPG key passphrase.' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
2014-10-02 20:10:59 +02:00
echo " Passphrase for backups on friends servers: $BACKUP_TO_FRIENDS_PASSPHRASE " >> /home/$MY_USERNAME /README
2014-10-02 20:21:31 +02:00
echo " To add friends servers create a file called $FRIENDS_SERVERS_LIST "
echo 'and add entries like this:' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
2014-10-02 23:32:27 +02:00
echo 'username1@domain1//home/username1 ssh_password1' >> /home/$MY_USERNAME /README
echo 'username2@domain2//home/username2 ssh_password2' >> /home/$MY_USERNAME /README
echo '...' >> /home/$MY_USERNAME /README
2014-10-02 20:21:31 +02:00
echo '' >> /home/$MY_USERNAME /README
echo 'The system will try to backup to these remote locations once per day.' >> /home/$MY_USERNAME /README
2014-10-02 20:10:59 +02:00
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
2014-10-02 19:59:29 +02:00
fi
echo '#!/bin/bash' > /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " PASSPHRASE=' $BACKUP_TO_FRIENDS_PASSPHRASE ' " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ ! -f $FRIENDS_SERVERS_LIST ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 1' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Put some files into a temporary directory so that they can be easily backed up' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ ! -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mkdir /home/ $MY_USERNAME /tempfiles " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
2014-10-11 10:35:44 +02:00
if grep -Fxq "install_gnu_social" $COMPLETION_FILE ; then
2014-10-05 10:38:48 +02:00
echo 'if [ -f /var/backups/gnusocial_daily.sql ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " cp /var/backups/gnusocial_daily.sql /home/ $MY_USERNAME /tempfiles/gnusocial.sql " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'else' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mysqldump --password= $MARIADB_PASSWORD gnusocial > /home/ $MY_USERNAME /tempfiles/gnusocial.sql " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
2014-10-02 14:06:03 +02:00
fi
2014-10-11 10:33:55 +02:00
if grep -Fxq "install_redmatrix" $COMPLETION_FILE ; then
2014-10-05 10:38:48 +02:00
echo 'if [ -f /var/backups/redmatrix_daily.sql ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " cp /var/backups/redmatrix_daily.sql /home/ $MY_USERNAME /tempfiles/redmatrix.sql " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'else' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mysqldump --password= $MARIADB_PASSWORD redmatrix > /home/ $MY_USERNAME /tempfiles/redmatrix.sql " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
2014-10-02 14:06:03 +02:00
fi
2014-10-11 10:37:39 +02:00
if grep -Fxq "install_owncloud" $COMPLETION_FILE ; then
2014-10-04 21:41:12 +02:00
echo " tar -czvf /home/ $MY_USERNAME /tempfiles/owncloud.tar.gz /var/www/ $OWNCLOUD_DOMAIN_NAME /htdocs/data/ $MY_USERNAME " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
2014-10-02 14:06:03 +02:00
fi
2014-10-11 10:39:13 +02:00
if grep -Fxq "install_wiki" $COMPLETION_FILE ; then
2014-10-04 21:44:45 +02:00
echo " tar -czvf /home/ $MY_USERNAME /tempfiles/wiki.tar.gz /var/www/ $WIKI_DOMAIN_NAME /htdocs/data " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
2014-10-02 14:06:03 +02:00
fi
2014-10-11 13:07:05 +02:00
if grep -Fxq "install_blog" $COMPLETION_FILE ; then
2014-10-11 18:33:50 +02:00
echo " tar -czvf /home/ $MY_USERNAME /tempfiles/blog.tar.gz /var/www/ $FULLBLOG_DOMAIN_NAME /htdocs/data " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
2014-10-11 13:07:05 +02:00
fi
2014-10-02 22:38:07 +02:00
echo " tar -czvf /home/ $MY_USERNAME /tempfiles/miscfiles.tar.gz /home/ $MY_USERNAME /.gnupg /home/ $MY_USERNAME /.muttrc /home/ $MY_USERNAME /.procmailrc /home/ $MY_USERNAME /.ssh /home/ $MY_USERNAME /personal " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
2014-10-02 19:59:29 +02:00
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'while read remote_server' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'do' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Get the server and its password' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
2014-10-02 22:34:23 +02:00
echo ' SERVER="scp://${* %%remote_server}"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
2014-10-02 19:59:29 +02:00
echo ' FTP_PASSWORD="${remote_server%% *}"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Backup the public mailing list' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' duplicity incr --ssh-askpass --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " $PUBLIC_MAILING_LIST_DIRECTORY $SERVER /publicmailinglist " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Backup xmpp settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d $XMPP_DIRECTORY ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' duplicity incr --ssh-askpass --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " $XMPP_DIRECTORY $SERVER /xmpp " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Backup web content and other stuff' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' duplicity incr --ssh-askpass --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " /home/ $MY_USERNAME /tempfiles $SERVER /tempfiles " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Backup email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /Maildir ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' duplicity incr --ssh-askpass $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " /home/ $MY_USERNAME /Maildir $SERVER /Maildir " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Backup DLNA cache' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' duplicity incr --ssh-askpass --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " /var/cache/minidlna $SERVER /dlna " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Cleaning up backup files"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /Maildir ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " duplicity --ssh-askpass --force cleanup $SERVER /Maildir " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " duplicity --ssh-askpass --force cleanup $SERVER /tempfiles " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " duplicity --ssh-askpass --force cleanup $SERVER /dlna " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d $XMPP_DIRECTORY ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " duplicity --ssh-askpass --force cleanup $SERVER /xmpp " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " duplicity --ssh-askpass --force cleanup $SERVER /publicmailinglist " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Removing old backups"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /Maildir ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " duplicity --ssh-askpass --force remove-all-but-n-full 2 $SERVER /Maildir " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " duplicity --ssh-askpass --force remove-all-but-n-full 2 $SERVER /tempfiles " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " duplicity --ssh-askpass --force remove-all-but-n-full 2 $SERVER /dlna " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d $XMPP_DIRECTORY ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " duplicity --ssh-askpass --force remove-all-but-n-full 2 $SERVER /xmpp " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " duplicity --ssh-askpass --force remove-all-but-n-full 2 $SERVER /publicmailinglist " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " done < $FRIENDS_SERVERS_LIST " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Remove temporary files' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " rm -rf /home/ $MY_USERNAME /tempfiles " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'exit 0' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
chown root:root /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
chmod 400 /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
chmod +x /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
2014-10-02 14:06:03 +02:00
# update crontab
echo '#!/bin/bash' > /etc/cron.daily/backuptofriends
2014-10-02 19:59:29 +02:00
echo " /usr/bin/ $BACKUP_TO_FRIENDS_SCRIPT_NAME " >> /etc/cron.daily/backuptofriends
2014-10-02 14:06:03 +02:00
chmod +x /etc/cron.daily/backuptofriends
echo 'backup_to_friends_servers' >> $COMPLETION_FILE
}
2014-10-02 22:13:59 +02:00
function restore_from_friend {
if grep -Fxq "restore_from_friend" $COMPLETION_FILE ; then
return
fi
2014-10-02 22:20:19 +02:00
if ! grep -q "Restoring from Backups" /home/$MY_USERNAME /README; then
if [ ! -f /home/$MY_USERNAME /README ] ; then
touch /home/$MY_USERNAME /README
fi
echo '' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo 'Restoring from Backups' >> /home/$MY_USERNAME /README
echo '======================' >> /home/$MY_USERNAME /README
echo 'To restore from USB backup plug in the USB drive then log in' >> /home/$MY_USERNAME /README
echo 'as root and just type "restore".' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo "To restore from a friend's server use the command:" >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo " $RESTORE_FROM_FRIEND_SCRIPT_NAME [server] " >> /home/$MY_USERNAME /README
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
fi
2014-10-02 22:13:59 +02:00
if [ ! $BACKUP_TO_FRIENDS_PASSPHRASE ] ; then
BACKUP_TO_FRIENDS_PASSPHRASE = $( openssl rand -base64 32)
fi
echo '#!/bin/bash' > /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'SERVER_NAME=$1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " PASSPHRASE=' $BACKUP_TO_FRIENDS_PASSPHRASE ' " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ ! $SERVER_NAME ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " echo ' $RESTORE_FROM_FRIEND_SCRIPT_NAME [server]' " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ ! -f $FRIENDS_SERVERS_LIST ]; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " echo 'No friends list found at $FRIENDS_SERVERS_LIST ' " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n 'if ! grep -q "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " $FRIENDS_SERVERS_LIST ; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Server not found within the friends list"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 3' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n 'SERVER=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " $FRIENDS_SERVERS_LIST | awk -F ' ' '{print $1 }') " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n 'FTP_PASSWORD=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " $FRIENDS_SERVERS_LIST | awk -F ' ' '{print $2 }') " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring public mailing list"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-02 22:34:23 +02:00
echo " duplicity --force scp:// $SERVER /publicmailinglist $PUBLIC_MAILING_LIST_DIRECTORY " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-02 22:13:59 +02:00
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ -d $XMPP_DIRECTORY ]; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring XMPP settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-02 22:34:23 +02:00
echo " duplicity --force scp:// $SERVER /xmpp $XMPP_DIRECTORY " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-02 22:13:59 +02:00
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /tempfiles ]; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " rm -rf /home/ $MY_USERNAME /tempfiles/* " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'else' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " mkdir /home/ $MY_USERNAME /tempfiles " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'echo "Restoring web content and miscellaneous files"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-02 22:34:23 +02:00
echo " duplicity --force scp:// $SERVER /tempfiles /home/ $MY_USERNAME /tempfiles " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-02 22:13:59 +02:00
echo " tar -xzvf /home/ $MY_USERNAME /tempfiles/miscfiles.tar.gz -C / " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-03 00:45:03 +02:00
2014-10-11 10:35:44 +02:00
if grep -Fxq "install_gnu_social" $COMPLETION_FILE ; then
2014-10-03 00:45:03 +02:00
echo " if [ -f /home/ $MY_USERNAME /tempfiles/gnusocial.sql ]; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring microblog database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " mysql -u root --password= $MARIADB_PASSWORD gnusocial -o < /home/ $MY_USERNAME /tempfiles/gnusocial.sql " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
fi
2014-10-11 10:33:55 +02:00
if grep -Fxq "install_redmatrix" $COMPLETION_FILE ; then
2014-10-03 00:45:03 +02:00
echo " if [ -f /home/ $MY_USERNAME /tempfiles/redmatrix.sql ]; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring Red Matrix database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " mysql -u root --password= $MARIADB_PASSWORD redmatrix -o < /home/ $MY_USERNAME /tempfiles/redmatrix.sql " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
fi
2014-10-11 10:37:39 +02:00
if grep -Fxq "install_owncloud" $COMPLETION_FILE ; then
2014-10-03 00:45:03 +02:00
echo " if [ -f /home/ $MY_USERNAME /tempfiles/owncloud.tar.gz ]; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring Owncloud"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " tar -xzvf /home/ $MY_USERNAME /tempfiles/owncloud.tar.gz -C / " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
fi
2014-10-11 10:39:13 +02:00
if grep -Fxq "install_wiki" $COMPLETION_FILE ; then
2014-10-03 00:45:03 +02:00
echo " if [ -f /home/ $MY_USERNAME /tempfiles/wiki.tar.gz ]; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-11 13:07:05 +02:00
echo ' echo "Restoring Wiki"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-03 00:45:03 +02:00
echo " tar -xzvf /home/ $MY_USERNAME /tempfiles/wiki.tar.gz -C / " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
fi
2014-10-11 13:07:05 +02:00
if grep -Fxq "install_blog" $COMPLETION_FILE ; then
echo " if [ -f /home/ $MY_USERNAME /tempfiles/blog.tar.gz ]; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring Blog"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " tar -xzvf /home/ $MY_USERNAME /tempfiles/blog.tar.gz -C / " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
fi
2014-10-02 22:13:59 +02:00
echo " rm -rf /home/ $MY_USERNAME /tempfiles " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ -d /home/ $MY_USERNAME /Maildir ]; then " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring emails"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-02 22:34:23 +02:00
echo " duplicity --force scp:// $SERVER /Maildir /home/ $MY_USERNAME /Maildir " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-02 22:13:59 +02:00
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring DLNA cache"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-02 22:34:23 +02:00
echo " duplicity --force scp:// $SERVER /dlna /var/cache/minidlna " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
2014-10-02 22:13:59 +02:00
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'exit 0' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'restore_from_friend' >> $COMPLETION_FILE
}
2014-09-29 12:36:34 +02:00
function remove_default_user {
2014-09-29 12:33:02 +02:00
# make sure you don't use the default user account
if [ [ $MY_USERNAME = = "debian" ] ] ; then
echo 'Do not use the default debian user account. Create a different user with: adduser [username]'
exit 68
fi
# remove the default debian user to prevent it from becoming an attack vector
if [ -d /home/debian ] ; then
userdel -r debian
2014-09-29 12:36:34 +02:00
echo 'Default debian user account removed'
2014-09-29 12:33:02 +02:00
fi
2014-09-20 21:51:50 +02:00
}
2014-09-29 13:03:00 +02:00
function enforce_good_passwords {
# because humans are generally bad at choosing passwords
if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE ; then
return
fi
apt-get -y --force-yes install libpam-cracklib
2014-09-29 13:41:44 +02:00
sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
2014-09-29 13:03:00 +02:00
echo 'enforce_good_passwords' >> $COMPLETION_FILE
}
2014-09-21 12:45:57 +02:00
function change_login_message {
if grep -Fxq "change_login_message" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 12:45:57 +02:00
fi
echo '' > /etc/motd
echo ".---. . . " >> /etc/motd
echo "| | | " >> /etc/motd
echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd
echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd
2014-09-21 14:07:10 +02:00
echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd
2014-09-24 10:33:46 +02:00
2014-09-27 18:59:35 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_MEDIA " ] ] ; then
2014-09-27 20:51:45 +02:00
echo ' . . . ' >> /etc/motd
2014-09-27 23:28:33 +02:00
echo ' |\ /| | o ' >> /etc/motd
echo " | \/ | .-. .-.| . .-. " >> /etc/motd
echo " | |(.-'( | | ( ) " >> /etc/motd
echo " ' ' --' -' --' - -' - " >> /etc/motd
2014-09-27 18:59:35 +02:00
fi
2014-09-26 15:57:25 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " ] ] ; then
echo ' . . . . . ' >> /etc/motd
echo ' \ \ / / o _|_ ' >> /etc/motd
echo ' \ \ /.--.. | .-. .--.' >> /etc/motd
echo " \/ \/ | | | (.-' | " >> /etc/motd
echo " ' ' ' -' - -' --'' " >> /etc/motd
fi
2014-09-26 14:34:31 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " ] ] ; then
2014-09-24 15:44:49 +02:00
echo ' .--.. . ' >> /etc/motd
echo ' : | | ' >> /etc/motd
echo ' | | .-. . . .-.| ' >> /etc/motd
echo ' : |( )| |( | ' >> /etc/motd
2014-09-24 16:18:01 +02:00
echo " --' - -' -- - -' -" >> /etc/motd
2014-09-24 15:44:49 +02:00
fi
2014-09-26 14:34:31 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_CHAT " ] ] ; then
2014-09-24 15:44:49 +02:00
echo ' .--.. . ' >> /etc/motd
echo ' : | _|_ ' >> /etc/motd
echo ' | |--. .-. | ' >> /etc/motd
echo ' : | |( ) | ' >> /etc/motd
echo " --'' - -' - -' " >> /etc/motd
fi
2014-09-26 14:34:31 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_SOCIAL " ] ] ; then
2014-09-24 15:44:49 +02:00
echo ' .-. . ' >> /etc/motd
echo ' ( ) o | ' >> /etc/motd
2014-09-24 16:18:01 +02:00
echo ' -. .-. .-. . .-. | ' >> /etc/motd
2014-09-24 15:44:49 +02:00
echo ' ( )( )( | ( ) | ' >> /etc/motd
2014-09-24 16:18:01 +02:00
echo " -' -' -'-' - -' - - " >> /etc/motd
2014-09-24 15:44:49 +02:00
fi
2014-09-26 22:58:15 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_MAILBOX " ] ] ; then
2014-09-24 10:38:14 +02:00
echo ' . . . . ' >> /etc/motd
echo ' |\ /| o | | ' >> /etc/motd
echo ' | \/ | .-. . | |.-. .-.-. ,- ' >> /etc/motd
echo ' | |( ) | | | )( ) : ' >> /etc/motd
2014-09-29 15:44:00 +02:00
echo " ' ' -' --' - -' -' -'-' - " >> /etc/motd
2014-09-24 10:33:46 +02:00
fi
2014-09-24 15:44:49 +02:00
2014-09-21 14:07:10 +02:00
echo '' >> /etc/motd
2014-09-21 22:01:18 +02:00
echo ' Freedom in the Cloud' >> /etc/motd
2014-09-21 14:07:10 +02:00
echo '' >> /etc/motd
2014-09-21 12:45:57 +02:00
echo 'change_login_message' >> $COMPLETION_FILE
}
2014-09-23 19:44:07 +02:00
function search_for_attached_usb_drive {
# If a USB drive is attached then search for email,
2014-09-23 20:32:05 +02:00
# gpg, ssh keys and emacs configuration
2014-09-23 19:44:07 +02:00
if grep -Fxq "search_for_attached_usb_drive" $COMPLETION_FILE ; then
return
fi
2014-09-23 22:31:31 +02:00
if [ -b $USB_DRIVE ] ; then
2014-09-28 22:00:51 +02:00
if [ ! -d $USB_MOUNT ] ; then
2014-09-23 21:56:39 +02:00
echo 'Mounting USB drive'
2014-09-28 22:00:51 +02:00
mkdir $USB_MOUNT
mount $USB_DRIVE $USB_MOUNT
2014-09-23 20:56:21 +02:00
fi
2014-09-28 20:39:38 +02:00
if ! [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT /Maildir ] ; then
2014-09-24 21:15:53 +02:00
echo 'Maildir found on USB drive'
2014-09-28 22:00:51 +02:00
IMPORT_MAILDIR = $USB_MOUNT /Maildir
2014-09-24 21:15:53 +02:00
fi
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT /.gnupg ] ; then
2014-09-24 21:15:53 +02:00
echo 'Importing GPG keyring'
2014-09-28 22:00:51 +02:00
cp -r $USB_MOUNT /.gnupg /home/$MY_USERNAME
2014-09-24 21:15:53 +02:00
chown -R $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.gnupg
2014-09-29 11:40:42 +02:00
GPG_KEYS_IMPORTED = "yes"
2014-09-24 21:15:53 +02:00
if [ -f /home/$MY_USERNAME /.gnupg/secring.gpg ] ; then
2014-09-28 22:00:51 +02:00
shred -zu $USB_MOUNT /.gnupg/secring.gpg
shred -zu $USB_MOUNT /.gnupg/random_seed
shred -zu $USB_MOUNT /.gnupg/trustdb.gpg
rm -rf $USB_MOUNT /.gnupg
2014-09-24 21:15:53 +02:00
else
echo 'GPG files did not copy'
exit 7
fi
fi
2014-09-30 22:43:10 +02:00
if [ -f $USB_MOUNT /.procmailrc ] ; then
echo 'Importing procmail settings'
cp $USB_MOUNT /.procmailrc /home/$MY_USERNAME
chown -R $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.procmailrc
fi
2014-09-28 22:00:51 +02:00
if [ -f $USB_MOUNT /private_key.gpg ] ; then
2014-09-24 21:15:53 +02:00
echo 'GPG private key found on USB drive'
2014-09-28 22:00:51 +02:00
MY_GPG_PRIVATE_KEY = $USB_MOUNT /private_key.gpg
2014-09-24 21:15:53 +02:00
fi
2014-09-28 22:00:51 +02:00
if [ -f $USB_MOUNT /public_key.gpg ] ; then
2014-09-24 21:15:53 +02:00
echo 'GPG public key found on USB drive'
2014-09-28 22:00:51 +02:00
MY_GPG_PUBLIC_KEY = $USB_MOUNT /public_key.gpg
2014-09-23 22:56:28 +02:00
fi
2014-09-23 20:56:21 +02:00
fi
2014-10-02 12:19:11 +02:00
if [ -d $USB_MOUNT /prosody ] ; then
if [ ! -d $XMPP_DIRECTORY ] ; then
mkdir $XMPP_DIRECTORY
fi
cp -r $USB_MOUNT /prosody/* $XMPP_DIRECTORY
chown -R prosody:prosody $XMPP_DIRECTORY
fi
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT /.ssh ] ; then
2014-09-23 20:56:21 +02:00
echo 'Importing ssh keys'
2014-09-28 22:00:51 +02:00
cp -r $USB_MOUNT /.ssh /home/$MY_USERNAME
2014-09-23 20:56:21 +02:00
chown -R $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.ssh
# for security delete the ssh keys from the usb drive
2014-09-23 22:56:28 +02:00
if [ -f /home/$MY_USERNAME /.ssh/id_rsa ] ; then
2014-09-28 22:00:51 +02:00
shred -zu $USB_MOUNT /.ssh/id_rsa
shred -zu $USB_MOUNT /.ssh/id_rsa.pub
shred -zu $USB_MOUNT /.ssh/known_hosts
rm -rf $USB_MOUNT /.ssh
2014-09-23 22:56:28 +02:00
else
echo 'ssh files did not copy'
2014-09-23 23:13:42 +02:00
exit 8
2014-09-23 22:56:28 +02:00
fi
2014-09-23 20:56:21 +02:00
fi
2014-09-28 22:00:51 +02:00
if [ -f $USB_MOUNT /.emacs ] ; then
2014-09-23 20:56:21 +02:00
echo 'Importing .emacs file'
2014-09-28 22:00:51 +02:00
cp -f $USB_MOUNT /.emacs /home/$MY_USERNAME /.emacs
2014-09-23 20:56:21 +02:00
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.emacs
fi
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT /.emacs.d ] ; then
2014-09-23 20:56:21 +02:00
echo 'Importing .emacs.d directory'
2014-09-28 22:00:51 +02:00
cp -r $USB_MOUNT /.emacs.d /home/$MY_USERNAME
2014-09-23 20:56:21 +02:00
chown -R $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.emacs.d
fi
2014-09-29 10:56:39 +02:00
if [ -d $USB_MOUNT /ssl ] ; then
echo 'Importing SSL certificates'
cp -r $USB_MOUNT /ssl/* /etc/ssl
chmod 640 /etc/ssl/certs/*
chmod 400 /etc/ssl/private/*
2014-09-29 11:40:42 +02:00
# change ownership of some certificates
2014-09-29 16:21:06 +02:00
if [ -d /etc/prosody ] ; then
2014-09-29 11:40:42 +02:00
chown prosody:prosody /etc/ssl/private/xmpp.*
chown prosody:prosody /etc/ssl/certs/xmpp.*
fi
2014-09-29 16:21:06 +02:00
if [ -d /etc/dovecot ] ; then
2014-09-29 11:40:42 +02:00
chown root:dovecot /etc/ssl/certs/dovecot.*
chown root:dovecot /etc/ssl/private/dovecot.*
fi
if [ -f /etc/ssl/private/exim.key ] ; then
chown root:Debian-exim /etc/ssl/private/exim.key /etc/ssl/certs/exim.crt /etc/ssl/certs/exim.dhparam
fi
2014-09-29 10:56:39 +02:00
fi
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT /personal ] ; then
2014-09-23 20:56:21 +02:00
echo 'Importing personal directory'
2014-09-28 22:00:51 +02:00
cp -r $USB_MOUNT /personal /home/$MY_USERNAME
2014-09-23 20:56:21 +02:00
chown -R $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /personal
fi
2014-09-23 22:31:31 +02:00
else
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT ] ; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
2014-09-23 22:31:31 +02:00
fi
echo 'No USB drive attached'
2014-09-23 19:44:07 +02:00
fi
echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE
}
2014-09-21 10:02:31 +02:00
function remove_proprietary_repos {
2014-09-21 11:29:56 +02:00
if grep -Fxq "remove_proprietary_repos" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-21 10:02:31 +02:00
sed -i 's/ non-free//g' /etc/apt/sources.list
2014-09-21 11:02:15 +02:00
echo 'remove_proprietary_repos' >> $COMPLETION_FILE
2014-09-21 10:02:31 +02:00
}
2014-09-22 15:48:38 +02:00
function change_debian_repos {
if grep -Fxq "change_debian_repos" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 20:44:16 +02:00
fi
2014-09-22 15:48:38 +02:00
rm -rf /var/lib/apt/lists/*
apt-get clean
sed -i " s/ftp.us.debian.org/ $DEBIAN_REPO /g " /etc/apt/sources.list
# ensure that there is a security repo
if ! grep -q "security" /etc/apt/sources.list; then
2014-10-04 11:19:23 +02:00
echo " deb http://security.debian.org/ $DEBIAN_VERSION /updates main contrib " >> /etc/apt/sources.list
echo " #deb-src http://security.debian.org/ $DEBIAN_VERSION /updates main contrib " >> /etc/apt/sources.list
2014-09-22 15:48:38 +02:00
fi
apt-get update
2014-09-23 14:31:27 +02:00
apt-get -y --force-yes install apt-transport-https
2014-09-22 15:48:38 +02:00
echo 'change_debian_repos' >> $COMPLETION_FILE
2014-09-21 20:44:16 +02:00
}
2014-09-20 09:32:52 +02:00
function initial_setup {
2014-09-21 11:29:56 +02:00
if grep -Fxq "initial_setup" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-22 00:11:08 +02:00
apt-get -y remove --purge apache*
2014-09-20 09:32:52 +02:00
apt-get -y dist-upgrade
apt-get -y install ca-certificates emacs24
2014-10-04 11:02:16 +02:00
2014-09-21 11:02:15 +02:00
echo 'initial_setup' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
function install_editor {
2014-09-21 11:29:56 +02:00
if grep -Fxq "install_editor" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-20 09:32:52 +02:00
update-alternatives --set editor /usr/bin/emacs24
2014-10-04 11:02:16 +02:00
# A minimal emacs configuration
echo "(add-to-list 'load-path " ~/.emacs.d/")" > /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME /.emacs
echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME /.emacs
echo "'goto-line)" >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME /.emacs
echo " '(lambda ()" >> /home/$MY_USERNAME /.emacs
echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Set standard indent to 4 rather that 4 ========================='
echo '' >> /home/$MY_USERNAME /.emacs
echo '(setq standard-indent 4)' >> /home/$MY_USERNAME /.emacs
echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME /.emacs
echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo '(setq make-backup-files t)' >> /home/$MY_USERNAME /.emacs
echo '(setq version-control t)' >> /home/$MY_USERNAME /.emacs
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Line length ====================================================' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo '(line-number-mode 1)' >> /home/$MY_USERNAME /.emacs
echo '(column-number-mode 1)' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME /.emacs
echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME /.emacs
echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME /.emacs
echo ';; via hooks.' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo ';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME /.emacs
echo '' >> /home/$MY_USERNAME /.emacs
echo "(require 'epa)" >> /home/$MY_USERNAME /.emacs
echo '(epa-file-enable)' >> /home/$MY_USERNAME /.emacs
2014-10-04 11:03:16 +02:00
cp /home/$MY_USERNAME /.emacs /root/.emacs
2014-10-04 11:02:16 +02:00
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.emacs
2014-09-21 11:02:15 +02:00
echo 'install_editor' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
function enable_backports {
2014-09-21 11:29:56 +02:00
if grep -Fxq "enable_backports" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-10-04 11:19:23 +02:00
if ! grep -Fxq " deb http:// $DEBIAN_REPO /debian $DEBIAN_VERSION -backports main " /etc/apt/sources.list; then
echo " deb http:// $DEBIAN_REPO /debian $DEBIAN_VERSION -backports main " >> /etc/apt/sources.list
2014-09-21 12:54:23 +02:00
fi
2014-09-21 11:02:15 +02:00
echo 'enable_backports' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
function update_the_kernel {
2014-09-21 11:29:56 +02:00
if grep -Fxq "update_the_kernel" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-29 10:14:56 +02:00
# if this is not a beaglebone or is a docker container
# then just use the standard kernel
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" || $INSTALLING_ON_BBB != "yes" ] ] ; then
2014-09-23 21:56:39 +02:00
return
2014-09-23 21:42:00 +02:00
fi
2014-09-20 09:32:52 +02:00
cd /opt/scripts/tools
2014-09-20 23:58:23 +02:00
./update_kernel.sh --kernel $KERNEL_VERSION
2014-09-21 11:02:15 +02:00
echo 'update_the_kernel' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
function enable_zram {
2014-09-21 11:29:56 +02:00
if grep -Fxq "enable_zram" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-29 10:14:56 +02:00
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" || $INSTALLING_ON_BBB != "yes" ] ] ; then
2014-09-23 21:56:39 +02:00
return
2014-09-23 21:42:00 +02:00
fi
2014-09-23 14:39:49 +02:00
if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then
echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf
fi
2014-09-20 23:58:23 +02:00
echo '#!/bin/bash' > /etc/init.d/zram
echo '### BEGIN INIT INFO' >> /etc/init.d/zram
echo '# Provides: zram' >> /etc/init.d/zram
echo '# Required-Start:' >> /etc/init.d/zram
echo '# Required-Stop:' >> /etc/init.d/zram
echo '# Default-Start: 2 3 4 5' >> /etc/init.d/zram
echo '# Default-Stop: 0 1 6' >> /etc/init.d/zram
echo '# Short-Description: Increased Performance In Linux With zRam (Virtual Swap Compressed in RAM)' >> /etc/init.d/zram
echo '# Description: Adapted from systemd scripts at https://github.com/mystilleef/FedoraZram' >> /etc/init.d/zram
echo '### END INIT INFO' >> /etc/init.d/zram
echo 'start() {' >> /etc/init.d/zram
echo ' # get the number of CPUs' >> /etc/init.d/zram
echo ' num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram
echo ' # if something goes wrong, assume we have 1' >> /etc/init.d/zram
2014-09-21 00:14:07 +02:00
echo ' [ "$num_cpus" != 0 ] || num_cpus=1' >> /etc/init.d/zram
2014-09-20 23:58:23 +02:00
echo ' # set decremented number of CPUs' >> /etc/init.d/zram
echo ' decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram
echo ' # get the amount of memory in the machine' >> /etc/init.d/zram
echo ' mem_total_kb=$(grep MemTotal /proc/meminfo | grep -E --only-matching "[[:digit:]]+")' >> /etc/init.d/zram
echo ' mem_total=$((mem_total_kb * 1024))' >> /etc/init.d/zram
echo ' # load dependency modules' >> /etc/init.d/zram
echo ' modprobe zram num_devices=$num_cpus' >> /etc/init.d/zram
echo ' # initialize the devices' >> /etc/init.d/zram
echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
2014-09-21 00:18:32 +02:00
echo ' echo $((mem_total / num_cpus)) > /sys/block/zram$i/disksize' >> /etc/init.d/zram
2014-09-20 23:58:23 +02:00
echo ' done' >> /etc/init.d/zram
echo ' # Creating swap filesystems' >> /etc/init.d/zram
echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
2014-09-21 00:18:32 +02:00
echo ' mkswap /dev/zram$i' >> /etc/init.d/zram
2014-09-20 23:58:23 +02:00
echo ' done' >> /etc/init.d/zram
echo ' # Switch the swaps on' >> /etc/init.d/zram
echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
2014-09-21 00:18:32 +02:00
echo ' swapon -p 100 /dev/zram$i' >> /etc/init.d/zram
2014-09-20 23:58:23 +02:00
echo ' done' >> /etc/init.d/zram
echo '}' >> /etc/init.d/zram
echo 'stop() {' >> /etc/init.d/zram
echo ' # get the number of CPUs' >> /etc/init.d/zram
echo ' num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram
echo ' # set decremented number of CPUs' >> /etc/init.d/zram
echo ' decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram
echo ' # Switching off swap' >> /etc/init.d/zram
echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
2014-09-21 00:18:32 +02:00
echo ' if [ "$(grep /dev/zram$i /proc/swaps)" != "" ]; then' >> /etc/init.d/zram
echo ' swapoff /dev/zram$i' >> /etc/init.d/zram
echo ' sleep 1' >> /etc/init.d/zram
echo ' fi' >> /etc/init.d/zram
2014-09-20 23:58:23 +02:00
echo ' done' >> /etc/init.d/zram
echo ' sleep 1' >> /etc/init.d/zram
echo ' rmmod zram' >> /etc/init.d/zram
echo '}' >> /etc/init.d/zram
2014-09-21 00:14:07 +02:00
echo 'case "$1" in' >> /etc/init.d/zram
2014-09-20 23:58:23 +02:00
echo ' start)' >> /etc/init.d/zram
echo ' start' >> /etc/init.d/zram
echo ' ;;' >> /etc/init.d/zram
echo ' stop)' >> /etc/init.d/zram
echo ' stop' >> /etc/init.d/zram
echo ' ;;' >> /etc/init.d/zram
echo ' restart)' >> /etc/init.d/zram
echo ' stop' >> /etc/init.d/zram
echo ' sleep 3' >> /etc/init.d/zram
echo ' start' >> /etc/init.d/zram
echo ' ;;' >> /etc/init.d/zram
echo ' *)' >> /etc/init.d/zram
2014-09-21 00:14:07 +02:00
echo ' echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/zram
2014-09-20 23:58:23 +02:00
echo ' RETVAL=1' >> /etc/init.d/zram
echo 'esac' >> /etc/init.d/zram
echo 'exit $RETVAL' >> /etc/init.d/zram
2014-09-20 09:32:52 +02:00
chmod +x /etc/init.d/zram
update-rc.d zram defaults
2014-09-21 11:02:15 +02:00
echo 'enable_zram' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
2014-09-21 00:41:20 +02:00
function random_number_generator {
2014-09-21 11:29:56 +02:00
if grep -Fxq "random_number_generator" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-29 10:14:56 +02:00
if [ [ $INSTALLING_ON_BBB != "yes" ] ] ; then
# On systems which are not beaglebones assume that
# no hardware random number generator is available
# and use the second best option
apt-get -y --force-yes install haveged
return
fi
2014-09-24 16:26:13 +02:00
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
2014-09-23 21:56:39 +02:00
# it is assumed that docker uses the random number
# generator of the host system
return
2014-09-23 21:42:00 +02:00
fi
2014-09-24 16:26:13 +02:00
if [ [ $USE_HWRNG = = "yes" ] ] ; then
2014-09-23 14:21:41 +02:00
apt-get -y --force-yes install rng-tools
2014-09-21 00:41:20 +02:00
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
else
2014-09-23 17:10:46 +02:00
apt-get -y --force-yes install haveged
2014-09-21 00:41:20 +02:00
fi
2014-09-21 11:02:15 +02:00
echo 'random_number_generator' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
function configure_ssh {
2014-09-21 11:29:56 +02:00
if grep -Fxq "configure_ssh" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-21 00:31:49 +02:00
sed -i " s/Port 22/Port $SSH_PORT /g " /etc/ssh/sshd_config
2014-09-20 20:26:31 +02:00
sed -i 's/PermitRootLogin without-password/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config
sed -i 's/ServerKeyBits 1024/ServerKeyBits 4096/g' /etc/ssh/sshd_config
sed -i 's/TCPKeepAlive yes/TCPKeepAlive no/g' /etc/ssh/sshd_config
sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config
sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config
2014-09-20 23:58:23 +02:00
echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config
echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config
echo 'Ciphers aes256-ctr,aes128-ctr' >> /etc/ssh/sshd_config
echo ' MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1' >> /etc/ssh/sshd_config
2014-09-23 14:46:23 +02:00
apt-get -y --force-yes install fail2ban
2014-09-21 11:02:15 +02:00
echo 'configure_ssh' >> $COMPLETION_FILE
2014-09-25 10:32:27 +02:00
# Don't reboot if installing within docker
# random numbers will come from the host system
2014-09-29 10:14:56 +02:00
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" || $INSTALLING_ON_BBB != "yes" ] ] ; then
2014-09-25 10:32:27 +02:00
return
fi
2014-09-21 12:14:31 +02:00
echo ''
echo ''
echo ' *** Rebooting to initialise ssh settings and random number generator ***'
echo ''
2014-09-21 12:18:29 +02:00
echo " *** Reconnect via ssh on port $SSH_PORT , then run this script again *** "
2014-09-21 12:14:31 +02:00
echo ''
2014-09-21 11:44:23 +02:00
reboot
2014-09-20 09:32:52 +02:00
}
function regenerate_ssh_keys {
2014-09-21 11:29:56 +02:00
if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-20 09:32:52 +02:00
rm -f /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
service ssh restart
2014-09-21 11:02:15 +02:00
echo 'regenerate_ssh_keys' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
2014-09-21 13:15:25 +02:00
function configure_dns {
if grep -Fxq "configure_dns" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 13:15:25 +02:00
fi
2014-09-21 16:00:38 +02:00
echo 'domain localdomain' > /etc/resolv.conf
echo 'search localdomain' >> /etc/resolv.conf
echo 'nameserver 213.73.91.35' >> /etc/resolv.conf
echo 'nameserver 85.214.20.141' >> /etc/resolv.conf
2014-09-21 13:15:25 +02:00
echo 'configure_dns' >> $COMPLETION_FILE
}
2014-09-20 09:32:52 +02:00
function set_your_domain_name {
2014-09-21 11:29:56 +02:00
if grep -Fxq "set_your_domain_name" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-20 09:32:52 +02:00
echo " $DOMAIN_NAME " > /etc/hostname
hostname $DOMAIN_NAME
2014-09-21 13:15:25 +02:00
sed -i " s/127.0.1.1 arm/127.0.1.1 $DOMAIN_NAME /g " /etc/hosts
2014-09-20 09:32:52 +02:00
echo " 127.0.1.1 $DOMAIN_NAME " >> /etc/hosts
2014-09-21 11:02:15 +02:00
echo 'set_your_domain_name' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
function time_synchronisation {
2014-09-21 11:29:56 +02:00
if grep -Fxq "time_synchronisation" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-10-01 00:40:31 +02:00
#apt-get -y --force-yes install tlsdate
# building tlsdate from source is a workaround because of
# this bug https://github.com/ioerror/tlsdate/issues/130
2014-10-01 00:57:00 +02:00
apt-get -y --force-yes install build-essential automake git pkg-config autoconf libtool libssl-dev libevent-dev
2014-10-01 11:13:27 +02:00
2014-10-01 00:51:54 +02:00
if [ ! -d $INSTALL_DIR ] ; then
mkdir $INSTALL_DIR
fi
2014-10-01 00:40:31 +02:00
cd $INSTALL_DIR
git clone https://github.com/ioerror/tlsdate.git
cd $INSTALL_DIR /tlsdate
./autogen.sh
./configure
make
make install
2014-10-01 01:03:35 +02:00
cp /usr/local/bin/tlsdate* /usr/bin
cp /usr/local/sbin/tlsdate* /usr/bin
2014-10-01 00:40:31 +02:00
2014-09-20 09:32:52 +02:00
apt-get -y remove ntpdate
2014-09-20 23:58:23 +02:00
echo '#!/bin/bash' > /usr/bin/updatedate
2014-10-03 11:16:33 +02:00
echo "TIMESOURCE='TLS_TIME_SOURCE1'" >> /usr/bin/updatedate
echo "TIMESOURCE2='TLS_TIME_SOURCE2'" >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo 'LOGFILE=/var/log/tlsdate.log' >> /usr/bin/updatedate
echo 'TIMEOUT=5' >> /usr/bin/updatedate
2014-10-10 22:32:46 +02:00
echo " EMAIL= $MY_EMAIL_ADDRESS " >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo '# File which contains the previous date as a number' >> /usr/bin/updatedate
echo 'BEFORE_DATE_FILE=/var/log/tlsdateprevious.txt' >> /usr/bin/updatedate
echo '# File which contains the previous date as a string' >> /usr/bin/updatedate
echo 'BEFORE_FULLDATE_FILE=/var/log/tlsdate.txt' >> /usr/bin/updatedate
echo 'DATE_BEFORE=$(date)' >> /usr/bin/updatedate
echo 'BEFORE=$(date -d "$Y-$M-$D" "+%s")' >> /usr/bin/updatedate
echo 'BACKWARDS_BETWEEN=0' >> /usr/bin/updatedate
echo '# If the date was previously set' >> /usr/bin/updatedate
2014-10-01 11:10:35 +02:00
echo 'if [ -f "$BEFORE_DATE_FILE" ]; then' >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo ' BEFORE_FILE=$(cat $BEFORE_DATE_FILE)' >> /usr/bin/updatedate
echo ' BEFORE_FULLDATE=$(cat $BEFORE_FULLDATE_FILE)' >> /usr/bin/updatedate
echo ' # is the date going backwards?' >> /usr/bin/updatedate
2014-10-01 11:10:35 +02:00
echo ' if (( $BEFORE_FILE > $BEFORE )); then' >> /usr/bin/updatedate
2014-09-21 00:14:07 +02:00
echo ' echo -n "Date went backwards between tlsdate updates. " >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo -n "$BEFORE_FILE > $BEFORE, " >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo "$BEFORE_FULLDATE > $DATE_BEFORE" >> $LOGFILE' >> /usr/bin/updatedate
2014-10-01 11:10:35 +02:00
echo ' # Send a warning email' >> /usr/bin/updatedate
2014-09-21 00:14:07 +02:00
echo ' echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo ' # Try another time source' >> /usr/bin/updatedate
echo ' TIMESOURCE=$TIMESOURCE2' >> /usr/bin/updatedate
echo ' # try running without any parameters' >> /usr/bin/updatedate
echo ' tlsdate >> $LOGFILE' >> /usr/bin/updatedate
echo ' BACKWARDS_BETWEEN=1' >> /usr/bin/updatedate
echo ' fi' >> /usr/bin/updatedate
echo 'fi' >> /usr/bin/updatedate
echo '# Set the date' >> /usr/bin/updatedate
echo '/usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE -p 443 >> $LOGFILE' >> /usr/bin/updatedate
echo 'DATE_AFTER=$(date)' >> /usr/bin/updatedate
echo 'AFTER=$(date -d "$Y-$M-$D" ' +%s')' >> /usr/bin/updatedate
echo '# After setting the date did it go backwards?' >> /usr/bin/updatedate
2014-10-01 11:10:35 +02:00
echo 'if (( $AFTER < $BEFORE )); then' >> /usr/bin/updatedate
2014-09-21 00:14:07 +02:00
echo ' echo "Incorrect date: $DATE_BEFORE -> $DATE_AFTER" >> $LOGFILE' >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo ' # Send a warning email' >> /usr/bin/updatedate
2014-09-21 00:14:07 +02:00
echo ' echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo ' # Try resetting the date from another time source' >> /usr/bin/updatedate
echo ' /usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE2 -p 443 >> $LOGFILE' >> /usr/bin/updatedate
echo ' DATE_AFTER=$(date)' >> /usr/bin/updatedate
echo ' AFTER=$(date -d "$Y-$M-$D" "+%s")' >> /usr/bin/updatedate
echo 'else' >> /usr/bin/updatedate
echo ' echo -n $TIMESOURCE >> $LOGFILE' >> /usr/bin/updatedate
2014-10-01 11:10:35 +02:00
echo ' if [ -f "$BEFORE_DATE_FILE" ]; then' >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo -n $BEFORE_FILE >> $LOGFILE' >> /usr/bin/updatedate
echo ' fi' >> /usr/bin/updatedate
2014-09-21 00:14:07 +02:00
echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo ' echo -n $BEFORE >> $LOGFILE' >> /usr/bin/updatedate
2014-09-21 00:14:07 +02:00
echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo ' echo -n $AFTER >> $LOGFILE' >> /usr/bin/updatedate
2014-09-21 00:14:07 +02:00
echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo ' echo $DATE_AFTER >> $LOGFILE' >> /usr/bin/updatedate
echo 'fi' >> /usr/bin/updatedate
echo '# Log the last date' >> /usr/bin/updatedate
2014-10-01 11:10:35 +02:00
echo 'if [[ $BACKWARDS_BETWEEN == 0 ]]; then' >> /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo ' echo "$AFTER" > $BEFORE_DATE_FILE' >> /usr/bin/updatedate
echo ' echo "$DATE_AFTER" > $BEFORE_FULLDATE_FILE' >> /usr/bin/updatedate
echo ' exit 0' >> /usr/bin/updatedate
echo 'else' >> /usr/bin/updatedate
echo ' exit 1' >> /usr/bin/updatedate
echo 'fi' >> /usr/bin/updatedate
2014-09-20 09:32:52 +02:00
chmod +x /usr/bin/updatedate
2014-09-20 23:58:23 +02:00
echo '*/15 * * * * root /usr/bin/updatedate' >> /etc/crontab
2014-09-20 09:32:52 +02:00
service cron restart
2014-09-20 23:58:23 +02:00
echo '#!/bin/bash' > /etc/init.d/tlsdate
echo '# /etc/init.d/tlsdate' >> /etc/init.d/tlsdate
echo '### BEGIN INIT INFO' >> /etc/init.d/tlsdate
echo '# Provides: tlsdate' >> /etc/init.d/tlsdate
echo '# Required-Start: $remote_fs $syslog' >> /etc/init.d/tlsdate
echo '# Required-Stop: $remote_fs $syslog' >> /etc/init.d/tlsdate
echo '# Default-Start: 2 3 4 5' >> /etc/init.d/tlsdate
echo '# Default-Stop: 0 1 6' >> /etc/init.d/tlsdate
echo '# Short-Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate
echo '# Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate
echo '### END INIT INFO' >> /etc/init.d/tlsdate
echo '# Author: Bob Mottram <bob@robotics.uk.to>' >> /etc/init.d/tlsdate
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin"' >> /etc/init.d/tlsdate
echo 'LOGFILE="/var/log/tlsdate.log"' >> /etc/init.d/tlsdate
echo 'TLSDATECOMMAND="tlsdate --timewarp -l -H www.ptb.de -p 443 >> $LOGFILE"' >> /etc/init.d/tlsdate
echo '#Start-Stop here' >> /etc/init.d/tlsdate
echo 'case "$1" in' >> /etc/init.d/tlsdate
echo ' start)' >> /etc/init.d/tlsdate
echo ' echo "tlsdate started"' >> /etc/init.d/tlsdate
echo ' $TLSDATECOMMAND' >> /etc/init.d/tlsdate
echo ' ;;' >> /etc/init.d/tlsdate
echo ' stop)' >> /etc/init.d/tlsdate
echo ' echo "tlsdate stopped"' >> /etc/init.d/tlsdate
echo ' ;;' >> /etc/init.d/tlsdate
echo ' restart)' >> /etc/init.d/tlsdate
echo ' echo "tlsdate restarted"' >> /etc/init.d/tlsdate
echo ' $TLSDATECOMMAND' >> /etc/init.d/tlsdate
echo ' ;;' >> /etc/init.d/tlsdate
echo ' *)' >> /etc/init.d/tlsdate
echo ' echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/tlsdate
echo ' exit 1' >> /etc/init.d/tlsdate
echo ' ;;' >> /etc/init.d/tlsdate
echo 'esac' >> /etc/init.d/tlsdate
echo 'exit 0' >> /etc/init.d/tlsdate
2014-09-20 09:32:52 +02:00
chmod +x /etc/init.d/tlsdate
update-rc.d tlsdate defaults
2014-09-21 11:02:15 +02:00
echo 'time_synchronisation' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
function configure_firewall {
2014-09-21 11:29:56 +02:00
if grep -Fxq "configure_firewall" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-24 16:26:13 +02:00
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
2014-09-23 21:56:39 +02:00
# docker does its own firewalling
return
2014-09-23 21:42:00 +02:00
fi
2014-09-20 09:32:52 +02:00
iptables -P INPUT ACCEPT
ip6tables -P INPUT ACCEPT
iptables -F
ip6tables -F
iptables -X
ip6tables -X
iptables -P INPUT DROP
ip6tables -P INPUT DROP
2014-09-21 23:57:26 +02:00
iptables -A INPUT -i lo -j ACCEPT
2014-09-21 23:55:21 +02:00
iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2014-10-02 11:02:11 +02:00
# Make sure incoming tcp connections are SYN packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# Drop packets with incoming fragments
iptables -A INPUT -f -j DROP
# Drop bogons
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# Incoming malformed NULL packets:
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
2014-09-21 11:02:15 +02:00
echo 'configure_firewall' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
2014-09-21 11:20:47 +02:00
function save_firewall_settings {
iptables-save > /etc/firewall.conf
ip6tables-save > /etc/firewall6.conf
printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables
}
2014-09-21 23:11:57 +02:00
function configure_firewall_for_dns {
2014-09-22 10:13:53 +02:00
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 23:11:57 +02:00
fi
2014-09-24 16:26:13 +02:00
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
2014-09-23 21:56:39 +02:00
# docker does its own firewalling
return
2014-09-23 21:42:00 +02:00
fi
2014-09-22 10:13:53 +02:00
iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
2014-09-21 23:11:57 +02:00
save_firewall_settings
2014-09-22 10:13:53 +02:00
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
2014-09-21 23:11:57 +02:00
}
2014-09-25 15:06:33 +02:00
function configure_firewall_for_xmpp {
if [ ! -d /etc/prosody ] ; then
return
fi
if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE ; then
return
fi
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p tcp --dport 5222:5223 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 5269 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 5280:5281 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
}
2014-09-25 17:22:27 +02:00
function configure_firewall_for_irc {
if [ ! -d /etc/ngircd ] ; then
return
fi
if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE ; then
return
fi
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p tcp --dport 6697 -j ACCEPT
2014-10-06 20:01:50 +02:00
iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 6697 -j ACCEPT
2014-09-25 17:22:27 +02:00
iptables -A INPUT -i eth0 -p tcp --dport 9999 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
}
2014-09-21 23:06:32 +02:00
function configure_firewall_for_ftp {
if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 23:06:32 +02:00
fi
2014-09-24 16:26:13 +02:00
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
2014-09-23 21:56:39 +02:00
# docker does its own firewalling
return
2014-09-23 21:42:00 +02:00
fi
2014-09-22 10:20:40 +02:00
iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
2014-09-21 23:06:32 +02:00
save_firewall_settings
echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
}
2014-09-24 18:22:08 +02:00
function configure_firewall_for_web_access {
if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 22:17:21 +02:00
fi
2014-09-24 16:26:13 +02:00
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
2014-09-23 21:56:39 +02:00
# docker does its own firewalling
return
2014-09-23 21:42:00 +02:00
fi
2014-09-22 10:29:40 +02:00
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
2014-09-21 22:17:21 +02:00
save_firewall_settings
2014-09-24 18:22:08 +02:00
echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
}
function configure_firewall_for_web_server {
if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE ; then
return
fi
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
2014-09-21 22:17:21 +02:00
}
2014-09-20 22:03:55 +02:00
function configure_firewall_for_ssh {
2014-09-21 11:29:56 +02:00
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-24 16:26:13 +02:00
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
2014-09-23 21:56:39 +02:00
# docker does its own firewalling
return
2014-09-23 21:42:00 +02:00
fi
2014-09-21 19:52:33 +02:00
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
2014-09-20 22:03:55 +02:00
iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
2014-09-21 11:20:47 +02:00
save_firewall_settings
2014-09-21 11:02:15 +02:00
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
2014-09-20 22:03:55 +02:00
}
2014-09-21 13:53:31 +02:00
function configure_firewall_for_git {
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 13:53:31 +02:00
fi
2014-09-24 16:26:13 +02:00
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
2014-09-23 21:56:39 +02:00
# docker does its own firewalling
return
2014-09-23 21:42:00 +02:00
fi
2014-09-21 13:53:31 +02:00
iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
}
2014-09-20 09:32:52 +02:00
function configure_firewall_for_email {
2014-09-28 20:39:38 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
2014-09-24 23:30:32 +02:00
return
fi
2014-09-21 11:29:56 +02:00
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-24 16:26:13 +02:00
if [ [ $INSTALLED_WITHIN_DOCKER = = "yes" ] ] ; then
2014-09-23 21:56:39 +02:00
# docker does its own firewalling
return
2014-09-23 21:42:00 +02:00
fi
2014-09-20 09:32:52 +02:00
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT
2014-09-21 11:20:47 +02:00
save_firewall_settings
2014-09-21 11:02:15 +02:00
echo 'configure_firewall_for_email' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
function configure_internet_protocol {
2014-09-21 11:29:56 +02:00
if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-20 20:26:31 +02:00
sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
2014-09-20 23:58:23 +02:00
echo '# ignore pings' >> /etc/sysctl.conf
echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
echo '# disable ipv6' >> /etc/sysctl.conf
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
echo '# keepalive' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
2014-09-21 11:02:15 +02:00
echo 'configure_internet_protocol' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
function script_to_make_self_signed_certificates {
2014-09-21 11:29:56 +02:00
if grep -Fxq "script_to_make_self_signed_certificates" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-20 23:58:23 +02:00
echo '#!/bin/bash' > /usr/bin/makecert
echo 'HOSTNAME=$1' >> /usr/bin/makecert
echo 'COUNTRY_CODE="US"' >> /usr/bin/makecert
echo 'AREA="Free Speech Zone"' >> /usr/bin/makecert
echo 'LOCATION="Freedomville"' >> /usr/bin/makecert
echo 'ORGANISATION="Freedombone"' >> /usr/bin/makecert
echo 'UNIT="Freedombone Unit"' >> /usr/bin/makecert
echo 'if ! which openssl > /dev/null ;then' >> /usr/bin/makecert
echo ' echo "$0: openssl is not installed, exiting" 1>&2' >> /usr/bin/makecert
echo ' exit 1' >> /usr/bin/makecert
echo 'fi' >> /usr/bin/makecert
2014-09-21 00:14:07 +02:00
echo 'openssl req -x509 -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt' >> /usr/bin/makecert
2014-09-20 23:58:23 +02:00
echo 'openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam' >> /usr/bin/makecert
echo 'chmod 400 /etc/ssl/private/$HOSTNAME.key' >> /usr/bin/makecert
echo 'chmod 640 /etc/ssl/certs/$HOSTNAME.crt' >> /usr/bin/makecert
echo 'chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam' >> /usr/bin/makecert
2014-09-22 11:03:49 +02:00
echo 'if [ -f /etc/init.d/nginx ]; then' >> /usr/bin/makecert
echo ' /etc/init.d/nginx reload' >> /usr/bin/makecert
2014-09-22 12:15:21 +02:00
echo 'fi' >> /usr/bin/makecert
2014-09-20 23:58:23 +02:00
echo '# add the public certificate to a separate directory' >> /usr/bin/makecert
echo '# so that we can redistribute it easily' >> /usr/bin/makecert
echo 'if [ ! -d /etc/ssl/mycerts ]; then' >> /usr/bin/makecert
echo ' mkdir /etc/ssl/mycerts' >> /usr/bin/makecert
echo 'fi' >> /usr/bin/makecert
echo 'cp /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/mycerts' >> /usr/bin/makecert
echo '# Create a bundle of your certificates' >> /usr/bin/makecert
echo 'cat /etc/ssl/mycerts/*.crt > /etc/ssl/freedombone-bundle.crt' >> /usr/bin/makecert
echo 'tar -czvf /etc/ssl/freedombone-certs.tar.gz /etc/ssl/mycerts/*.crt' >> /usr/bin/makecert
2014-09-20 09:32:52 +02:00
chmod +x /usr/bin/makecert
2014-09-21 11:02:15 +02:00
echo 'script_to_make_self_signed_certificates' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
function configure_email {
2014-09-28 20:39:38 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
2014-09-24 20:05:40 +02:00
return
fi
2014-09-21 11:29:56 +02:00
if grep -Fxq "configure_email" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-20 09:32:52 +02:00
apt-get -y remove postfix
2014-09-23 00:18:46 +02:00
apt-get -y --force-yes install exim4 sasl2-bin swaks libnet-ssleay-perl procmail
2014-09-29 12:04:49 +02:00
if [ ! -d /etc/exim4 ] ; then
echo " ERROR: Exim does not appear to have installed. $CHECK_MESSAGE "
exit 48
fi
2014-09-30 23:38:18 +02:00
# configure for Maildir format
sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs
sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs
if ! grep -q "export MAIL" /etc/profile; then
echo 'export MAIL=~/Maildir' >> /etc/profile
fi
sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login
sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd
sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su
2014-09-20 23:58:23 +02:00
echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf
2014-09-20 09:32:52 +02:00
echo " dc_other_hostnames=' $DOMAIN_NAME ' " >> /etc/exim4/update-exim4.conf.conf
echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_relay_nets='192.168.1.0/24'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf
echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf
update-exim4.conf
2014-09-20 20:26:31 +02:00
sed -i "s/START=no/START=yes/g" /etc/default/saslauthd
2014-09-20 09:32:52 +02:00
/etc/init.d/saslauthd start
2014-09-20 18:44:38 +02:00
# make a tls certificate for email
2014-09-29 11:25:37 +02:00
if [ ! -f /etc/ssl/private/exim.key ] ; then
2014-09-29 11:40:42 +02:00
makecert exim
2014-09-29 11:25:37 +02:00
fi
cp /etc/ssl/private/exim.key /etc/exim4
cp /etc/ssl/certs/exim.crt /etc/exim4
cp /etc/ssl/certs/exim.dhparam /etc/exim4
2014-09-20 09:32:52 +02:00
chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
2014-09-20 18:44:38 +02:00
2014-09-20 20:26:31 +02:00
sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template
2014-09-20 23:58:23 +02:00
sed -i " /.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DOMAIN_NAME \nMAIN_TLS_ENABLE = true " /etc/exim4/exim4.conf.template
2014-09-20 20:26:31 +02:00
sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4
2014-09-22 11:38:36 +02:00
if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then
sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template
2014-09-22 11:03:49 +02:00
fi
2014-09-20 18:44:38 +02:00
adduser $MY_USERNAME sasl
addgroup Debian-exim sasl
/etc/init.d/exim4 restart
2014-09-22 11:56:09 +02:00
if [ ! -d /etc/skel/Maildir ] ; then
mkdir -m 700 /etc/skel/Maildir
mkdir -m 700 /etc/skel/Maildir/Sent
mkdir -m 700 /etc/skel/Maildir/Sent/tmp
mkdir -m 700 /etc/skel/Maildir/Sent/cur
mkdir -m 700 /etc/skel/Maildir/Sent/new
mkdir -m 700 /etc/skel/Maildir/.learn-spam
mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur
mkdir -m 700 /etc/skel/Maildir/.learn-spam/new
mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp
mkdir -m 700 /etc/skel/Maildir/.learn-ham
mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur
mkdir -m 700 /etc/skel/Maildir/.learn-ham/new
mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp
ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam
ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham
fi
2014-09-20 18:44:38 +02:00
if [ ! -d /home/$MY_USERNAME /Maildir ] ; then
mkdir -m 700 /home/$MY_USERNAME /Maildir
mkdir -m 700 /home/$MY_USERNAME /Maildir/cur
mkdir -m 700 /home/$MY_USERNAME /Maildir/tmp
mkdir -m 700 /home/$MY_USERNAME /Maildir/new
mkdir -m 700 /home/$MY_USERNAME /Maildir/Sent
mkdir -m 700 /home/$MY_USERNAME /Maildir/Sent/cur
2014-09-23 17:10:46 +02:00
mkdir -m 700 /home/$MY_USERNAME /Maildir/Sent/tmp
mkdir -m 700 /home/$MY_USERNAME /Maildir/Sent/new
mkdir -m 700 /home/$MY_USERNAME /Maildir/.learn-spam
mkdir -m 700 /home/$MY_USERNAME /Maildir/.learn-spam/cur
mkdir -m 700 /home/$MY_USERNAME /Maildir/.learn-spam/new
mkdir -m 700 /home/$MY_USERNAME /Maildir/.learn-spam/tmp
mkdir -m 700 /home/$MY_USERNAME /Maildir/.learn-ham
mkdir -m 700 /home/$MY_USERNAME /Maildir/.learn-ham/cur
mkdir -m 700 /home/$MY_USERNAME /Maildir/.learn-ham/new
mkdir -m 700 /home/$MY_USERNAME /Maildir/.learn-ham/tmp
ln -s /home/$MY_USERNAME /Maildir/.learn-spam /home/$MY_USERNAME /Maildir/spam
ln -s /home/$MY_USERNAME /Maildir/.learn-ham /home/$MY_USERNAME /Maildir/ham
chown -R $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /Maildir
2014-09-20 18:44:38 +02:00
fi
2014-09-21 11:02:15 +02:00
echo 'configure_email' >> $COMPLETION_FILE
2014-09-20 18:44:38 +02:00
}
2014-09-30 22:51:29 +02:00
function create_procmail {
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
return
fi
if grep -Fxq "create_procmail" $COMPLETION_FILE ; then
return
fi
if [ ! -f /home/$MY_USERNAME /.procmailrc ] ; then
echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME /.procmailrc
echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME /.procmailrc
echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME /.procmailrc
echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME /.procmailrc
fi
echo 'create_procmail' >> $COMPLETION_FILE
}
2014-09-20 18:44:38 +02:00
function spam_filtering {
2014-09-23 12:50:40 +02:00
# NOTE: spamassassin installation currently doesn't work, sa-compile fails with a make error 23/09/2014
2014-09-28 20:39:38 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
2014-09-24 20:05:40 +02:00
return
fi
2014-09-21 11:29:56 +02:00
if grep -Fxq "spam_filtering" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-23 12:50:40 +02:00
apt-get -y --force-yes install exim4-daemon-heavy
apt-get -y --force-yes install spamassassin
sa-update -v
2014-09-20 20:26:31 +02:00
sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin
sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template
2014-09-20 18:44:38 +02:00
# This configuration is based on https://wiki.debian.org/DebianSpamAssassin
2014-09-20 20:26:31 +02:00
sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data
2014-09-20 23:58:23 +02:00
echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
2014-09-20 18:44:38 +02:00
# procmail configuration
2014-09-20 23:58:23 +02:00
echo '# get spamassassin to check emails' >> /home/$MY_USERNAME /.procmailrc
echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME /.procmailrc
echo ' * < 256000' >> /home/$MY_USERNAME /.procmailrc
echo '| spamc' >> /home/$MY_USERNAME /.procmailrc
echo '# strong spam are discarded' >> /home/$MY_USERNAME /.procmailrc
echo ':0' >> /home/$MY_USERNAME /.procmailrc
echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME /.procmailrc
echo '/dev/null' >> /home/$MY_USERNAME /.procmailrc
echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME /.procmailrc
echo ':0' >> /home/$MY_USERNAME /.procmailrc
echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME /.procmailrc
echo '.0-spam/' >> /home/$MY_USERNAME /.procmailrc
echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME /.procmailrc
echo ':0' >> /home/$MY_USERNAME /.procmailrc
echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME /.procmailrc
echo '.spam/' >> /home/$MY_USERNAME /.procmailrc
2014-09-20 18:44:38 +02:00
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.procmailrc
# filtering scripts
2014-09-20 23:58:23 +02:00
echo '#!/bin/bash' > /usr/bin/filterspam
echo 'USERNAME=$1' >> /usr/bin/filterspam
echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
echo ' exit' >> /usr/bin/filterspam
echo 'fi' >> /usr/bin/filterspam
echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam
echo 'do' >> /usr/bin/filterspam
echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam
2014-09-21 00:14:07 +02:00
echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam
2014-09-20 23:58:23 +02:00
echo 'done' >> /usr/bin/filterspam
echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam
echo 'do' >> /usr/bin/filterspam
echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam
echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam
echo 'done' >> /usr/bin/filterspam
echo '#!/bin/bash' > /usr/bin/filterham
echo 'USERNAME=$1' >> /usr/bin/filterham
echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
echo ' exit' >> /usr/bin/filterham
echo 'fi' >> /usr/bin/filterham
echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham
echo 'do' >> /usr/bin/filterham
echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham
echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham
echo 'done' >> /usr/bin/filterham
echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterham
echo 'do' >> /usr/bin/filterham
echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham
echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham
echo 'done' >> /usr/bin/filterham
2014-09-20 18:44:38 +02:00
2014-09-23 13:00:11 +02:00
if ! grep -q "filterspam" /etc/crontab; then
echo " */3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam $MY_USERNAME " >> /etc/crontab
fi
if ! grep -q "filterham" /etc/crontab; then
echo " */3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham $MY_USERNAME " >> /etc/crontab
fi
2014-09-20 18:44:38 +02:00
chmod 655 /usr/bin/filterspam /usr/bin/filterham
2014-09-20 20:55:20 +02:00
sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf
sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf
2014-09-20 18:44:38 +02:00
service spamassassin restart
service exim4 restart
service cron restart
2014-09-21 11:02:15 +02:00
echo 'spam_filtering' >> $COMPLETION_FILE
2014-09-20 09:32:52 +02:00
}
2014-09-20 20:12:33 +02:00
function configure_imap {
2014-09-28 20:39:38 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
2014-09-24 20:05:40 +02:00
return
fi
2014-09-21 11:29:56 +02:00
if grep -Fxq "configure_imap" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-23 12:50:40 +02:00
apt-get -y --force-yes install dovecot-common dovecot-imapd
2014-09-29 12:04:49 +02:00
if [ ! -d /etc/dovecot ] ; then
echo " ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE "
exit 48
fi
2014-09-29 10:56:39 +02:00
if [ ! -f /etc/ssl/private/dovecot.key ] ; then
2014-09-29 11:40:42 +02:00
makecert dovecot
2014-09-29 10:56:39 +02:00
fi
chown root:dovecot /etc/ssl/certs/dovecot.*
chown root:dovecot /etc/ssl/private/dovecot.*
2014-09-20 20:12:33 +02:00
2014-10-07 20:34:55 +02:00
sed -i 's|#ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
2014-09-20 20:12:33 +02:00
sed -i 's|ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
2014-10-07 20:34:55 +02:00
sed -i 's|ssl_key = </etc/dovecot/private/dovecot.pem|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
2014-09-20 20:12:33 +02:00
sed -i 's|#ssl_dh_parameters_length = 1024|ssl_dh_parameters_length = 1024|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's/#ssl_prefer_server_ciphers = no/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
2014-09-27 16:05:18 +02:00
echo " ssl_cipher_list = ' $SSL_CIPHERS ' " >> /etc/dovecot/conf.d/10-ssl.conf
2014-09-20 20:12:33 +02:00
2014-10-07 20:34:55 +02:00
sed -i 's/#auth_verbose = no/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
2014-09-20 20:12:33 +02:00
sed -i 's/#listen = *, ::/listen = */g' /etc/dovecot/dovecot.conf
sed -i 's/#disable_plaintext_auth = yes/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
sed -i 's/auth_mechanisms = plain/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
2014-10-07 20:34:55 +02:00
sed -i 's|mail_location = mbox:~/mail:INBOX=/var/mail/%u|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
2014-09-21 11:02:15 +02:00
echo 'configure_imap' >> $COMPLETION_FILE
2014-09-20 20:12:33 +02:00
}
2014-09-20 20:34:21 +02:00
function configure_gpg {
2014-09-21 11:29:56 +02:00
if grep -Fxq "configure_gpg" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-23 14:46:23 +02:00
apt-get -y --force-yes install gnupg
2014-09-23 14:04:15 +02:00
2014-09-29 11:40:42 +02:00
# if gpg keys directory was previously imported from usb
if [ [ $GPG_KEYS_IMPORTED = = "yes" && -d /home/$MY_USERNAME /.gnupg ] ] ; then
sed -i " s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER |g " /home/$MY_USERNAME /.gnupg/gpg.conf
2014-10-10 22:32:46 +02:00
MY_GPG_PUBLIC_KEY_ID = $( su -c " gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub ' " - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}' )
2014-09-29 11:40:42 +02:00
echo 'configure_gpg' >> $COMPLETION_FILE
return
fi
2014-09-23 14:04:15 +02:00
if [ ! -d /home/$MY_USERNAME /.gnupg ] ; then
2014-09-23 17:10:46 +02:00
mkdir /home/$MY_USERNAME /.gnupg
echo 'keyserver hkp://keys.gnupg.net' >> /home/$MY_USERNAME /.gnupg/gpg.conf
echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME /.gnupg/gpg.conf
2014-09-23 14:04:15 +02:00
fi
sed -i " s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER |g " /home/$MY_USERNAME /.gnupg/gpg.conf
2014-09-23 16:21:45 +02:00
if ! grep -q "# default preferences" /home/$MY_USERNAME /.gnupg/gpg.conf; then
2014-09-23 14:04:15 +02:00
echo '' >> /home/$MY_USERNAME /.gnupg/gpg.conf
echo '# default preferences' >> /home/$MY_USERNAME /.gnupg/gpg.conf
echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME /.gnupg/gpg.conf
echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME /.gnupg/gpg.conf
echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME /.gnupg/gpg.conf
fi
2014-09-23 14:05:42 +02:00
chown -R $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.gnupg
2014-09-23 15:54:26 +02:00
2014-09-23 16:39:33 +02:00
if [ [ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ] ] ; then
2014-09-23 17:10:46 +02:00
# use your existing GPG keys which were exported
if [ ! -f $MY_GPG_PUBLIC_KEY ] ; then
echo " GPG public key file $MY_GPG_PUBLIC_KEY was not found "
exit 5
fi
if [ ! -f $MY_GPG_PRIVATE_KEY ] ; then
echo " GPG private key file $MY_GPG_PRIVATE_KEY was not found "
exit 6
fi
2014-09-23 19:01:18 +02:00
su -c " gpg --import $MY_GPG_PUBLIC_KEY " - $MY_USERNAME
su -c " gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY " - $MY_USERNAME
2014-09-23 17:10:46 +02:00
# for security ensure that the private key file doesn't linger around
shred -zu $MY_GPG_PRIVATE_KEY
2014-10-10 22:32:46 +02:00
MY_GPG_PUBLIC_KEY_ID = $( su -c " gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub ' " - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}' )
2014-09-23 15:54:26 +02:00
else
# Generate a GPG key
2014-09-23 19:01:18 +02:00
echo 'Key-Type: 1' > /home/$MY_USERNAME /gpg-genkey.conf
echo 'Key-Length: 4096' >> /home/$MY_USERNAME /gpg-genkey.conf
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME /gpg-genkey.conf
echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME /gpg-genkey.conf
2014-10-10 22:32:46 +02:00
echo " Name-Real: $MY_EMAIL_ADDRESS " >> /home/$MY_USERNAME /gpg-genkey.conf
echo " Name-Email: $MY_EMAIL_ADDRESS " >> /home/$MY_USERNAME /gpg-genkey.conf
2014-09-23 19:01:18 +02:00
echo 'Expire-Date: 0' >> /home/$MY_USERNAME /gpg-genkey.conf
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /gpg-genkey.conf
su -c " gpg --batch --gen-key /home/ $MY_USERNAME /gpg-genkey.conf " - $MY_USERNAME
shred -zu /home/$MY_USERNAME /gpg-genkey.conf
2014-10-10 22:32:46 +02:00
MY_GPG_PUBLIC_KEY_ID = $( su -c " gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub ' " - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}' )
2014-09-24 13:56:30 +02:00
MY_GPG_PUBLIC_KEY = /tmp/public_key.gpg
2014-09-24 15:44:49 +02:00
su -c " gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID " - $MY_USERNAME
2014-09-23 15:54:26 +02:00
fi
2014-09-21 11:02:15 +02:00
echo 'configure_gpg' >> $COMPLETION_FILE
2014-09-20 20:34:21 +02:00
}
2014-09-30 16:38:02 +02:00
function encrypt_incoming_email {
# encrypts incoming mail using your GPG public key
# so even if an attacker gains access to the data at rest they still need
# to know your GPG key password to be able to read anything
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
return
fi
if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE ; then
return
fi
if [ [ $GPG_ENCRYPT_STORED_EMAIL != "yes" ] ] ; then
return
fi
if [ ! -f /usr/bin/gpgit.pl ] ; then
2014-09-30 18:02:59 +02:00
apt-get -y --force-yes install git libmail-gnupg-perl
2014-09-30 16:38:02 +02:00
cd $INSTALL_DIR
git clone https://github.com/mikecardwell/gpgit
cd gpgit
cp gpgit.pl /usr/bin
fi
# add a procmail rule
if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME /.procmailrc; then
2014-09-30 22:54:14 +02:00
echo '' >> /home/$MY_USERNAME /.procmailrc
2014-09-30 22:52:06 +02:00
echo ':0 f' >> /home/$MY_USERNAME /.procmailrc
2014-10-10 22:32:46 +02:00
echo " | /usr/bin/gpgit.pl $MY_EMAIL_ADDRESS " >> /home/$MY_USERNAME /.procmailrc
2014-09-30 16:38:02 +02:00
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.procmailrc
fi
echo 'encrypt_incoming_email' >> $COMPLETION_FILE
}
2014-10-02 00:49:10 +02:00
function encrypt_outgoing_email {
# encrypts outgoing mail using your GPG public key
# so even if an attacker gains access to the data at rest they still need
# to know your GPG key password to be able to read sent mail
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
return
fi
if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE ; then
return
fi
if [ [ $GPG_ENCRYPT_STORED_EMAIL != "yes" ] ] ; then
return
fi
echo 'sent_items_router:' > /etc/exim4/conf.d/router/170_exim4-config_encryptsent
echo ' driver = accept' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
echo ' transport = sent_items_transport' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
echo ' condition = ${if !eq{$authenticated_id}{}}' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
echo ' unseen' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
echo ' no_verify' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
# TODO
echo 'sent_items_transport:'
echo ' driver = pipe'
echo ' user = $authenticated_id'
echo ' group = Debian-exim'
echo ' temp_errors = *'
echo ' transport_filter = /usr/bin/gpgit.pl $sender_address'
echo ' command = /usr/bin/pipe2imap.pl --ssl --user master --authas $authenticated_id --passfile /etc/exim4/master_imap_password.txt --folder "Sent Items" --flags "\\seen"'
echo ' log_defer_output = true'
service exim4 restart
echo 'encrypt_outgoing_email' >> $COMPLETION_FILE
}
2014-09-30 16:38:02 +02:00
2014-10-03 12:40:51 +02:00
function encrypt_all_email {
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
return
fi
if grep -Fxq "encrypt_all_email" $COMPLETION_FILE ; then
return
fi
if [ [ $GPG_ENCRYPT_STORED_EMAIL != "yes" ] ] ; then
return
fi
echo '#!/bin/bash' > /usr/bin/encmaildir
echo '#' >> /usr/bin/encmaildir
echo '# GPLv2' >> /usr/bin/encmaildir
2014-10-03 12:43:53 +02:00
echo '# GPG Encrypt a Maildir using gpgit.pl' >> /usr/bin/encmaildir
2014-10-03 12:40:51 +02:00
echo '# Oct 03, 2014' >> /usr/bin/encmaildir
echo '#' >> /usr/bin/encmaildir
echo '# Change log:' >> /usr/bin/encmaildir
2014-10-03 12:43:53 +02:00
echo '# Sep 03, 2011' >> /usr/bin/encmaildir
echo '# - Temporary file is based on file_owner to avoid' >> /usr/bin/encmaildir
echo '# issues with permission differences.' >> /usr/bin/encmaildir
echo '# - Temporary file is removed after run.' >> /usr/bin/encmaildir
echo '# - Optional arguments passed to "find".' >> /usr/bin/encmaildir
echo '# - Full paths to binaries.' >> /usr/bin/encmaildir
echo '# - Removed unneccessary need of "cat", "grep", etc.' >> /usr/bin/encmaildir
echo '# Sep 04, 2011' >> /usr/bin/encmaildir
echo '# - Dont remove Dovecot index/uid unless messages' >> /usr/bin/encmaildir
echo '# have been GPG encrypted.' >> /usr/bin/encmaildir
echo '# - Adjust file tests to not just use -e' >> /usr/bin/encmaildir
echo '# - Quote all file operations' >> /usr/bin/encmaildir
echo '# Sep 05, 2011' >> /usr/bin/encmaildir
echo '# - Dont arbitrarily copy files, only overwrite the file' >> /usr/bin/encmaildir
echo '# in ~/Maildir if it differs after calling gpgencmail.pl' >> /usr/bin/encmaildir
echo '# - Only rebuild the index if we have modified ~/Maildir' >> /usr/bin/encmaildir
echo '# Oct 03, 2014' >> /usr/bin/encmaildir
echo '# - Minor modifications for use with Freedombone' >> /usr/bin/encmaildir
2014-10-03 12:40:51 +02:00
echo '' >> /usr/bin/encmaildir
echo 'if [[ -z "$1" || -z "$2" || -z "$3" ]]; then' >> /usr/bin/encmaildir
echo ' echo "Usage is ./encmaildir.sh {optional arguments passed to find for messages such as -mtime 0}"' >> /usr/bin/encmaildir
echo ' exit 0' >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo 'MAIL_DIR=$1' >> /usr/bin/encmaildir
echo 'EMAIL_ADDRESS=$2' >> /usr/bin/encmaildir
echo 'USERNAME=$3' >> /usr/bin/encmaildir
echo 'if [ ! -d "$MAIL_DIR" ]; then' >> /usr/bin/encmaildir
echo " MAIL_DIR='/home/ $MY_USERNAME /Maildir' " >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo 'if [ ! $EMAIL_ADDRESS ]; then' >> /usr/bin/encmaildir
2014-10-10 22:32:46 +02:00
echo " EMAIL_ADDRESS=' $MY_EMAIL_ADDRESS ' " >> /usr/bin/encmaildir
2014-10-03 12:40:51 +02:00
echo 'fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo 'if [ ! $USERNAME ]; then' >> /usr/bin/encmaildir
echo " USERNAME=' $MY_USERNAME ' " >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo '# Does this key exist?' >> /usr/bin/encmaildir
echo 'gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1' >> /usr/bin/encmaildir
echo 'if [ $? -gt 0 ]; then' >> /usr/bin/encmaildir
echo ' echo "A GPG key for $EMAIL_ADDRESS could not be found!"' >> /usr/bin/encmaildir
echo ' exit 0' >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo '# Find all files in the Maildir specified.' >> /usr/bin/encmaildir
echo 'echo "Calling find"' >> /usr/bin/encmaildir
echo -n 'find "$MAIL_DIR" -type f -regex ' >> /usr/bin/encmaildir
echo -n "'.*/\(cur\|new\)/.*' " >> /usr/bin/encmaildir
echo '$4|while read line; do' >> /usr/bin/encmaildir
echo ' gpgit.pl --encrypt-mode prefer-inline "$EMAIL_ADDRESS" "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' # Check to see if there are differences between the existing' >> /usr/bin/encmaildir
echo ' # Maildir file and what was created by gpgit.pl' >> /usr/bin/encmaildir
echo ' diff -qa "$line" "/tmp/msg_$USERNAME" > /dev/null 2>&1;' >> /usr/bin/encmaildir
echo ' if [ $? -gt 0 ]; then' >> /usr/bin/encmaildir
echo ' # Preserve timestamps, set ownership.' >> /usr/bin/encmaildir
echo ' chown $USERNAME:$USERNAME "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir
echo ' chmod 600 "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir
echo ' touch "/tmp/msg_$USERNAME" --reference="$line"' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' # Unlink the original Maildir message' >> /usr/bin/encmaildir
echo ' unlink "$line"' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' # Strip message sizes, retain experimental flags' >> /usr/bin/encmaildir
echo ' # and status flags, and copy the file over.' >> /usr/bin/encmaildir
echo ' STRIPSIZES=$(/bin/echo "$line"|/bin/sed -e "s/W=[[:digit:]]*//" -e "s/S=[[:digit:]]*//" -e "s/,,//" -e "s/,:2/:2/")' >> /usr/bin/encmaildir
echo ' cp -av "/tmp/msg_$USERNAME" "$STRIPSIZES"' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' #Indexes must be rebuilt, weve modified Maildir.' >> /usr/bin/encmaildir
echo ' touch "/tmp/rebuild_index_$USERNAME"' >> /usr/bin/encmaildir
echo ' else' >> /usr/bin/encmaildir
echo ' echo "Not copying, no differences between /tmp/msg_$USERNAME and $line"' >> /usr/bin/encmaildir
echo ' fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' # Remove the temporary file' >> /usr/bin/encmaildir
echo ' unlink "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir
echo 'done' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
2014-10-03 12:53:34 +02:00
echo '# Remove Dovecot index and uids for regeneration.' >> /usr/bin/encmaildir
2014-10-03 12:40:51 +02:00
echo 'if [ -f "/tmp/rebuild_index_$USERNAME" ]; then' >> /usr/bin/encmaildir
echo ' echo "Removing Dovecot indexes and uids"' >> /usr/bin/encmaildir
echo -n ' find "$MAIL_DIR" -type f -regex ' >> /usr/bin/encmaildir
echo "'.*\(dovecot-\|dovecot\.\|\.uidvalidity\).*' -delete" >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' # Remove the temporary file' >> /usr/bin/encmaildir
echo ' unlink "/tmp/rebuild_index_$USERNAME"' >> /usr/bin/encmaildir
echo 'else' >> /usr/bin/encmaildir
echo ' echo "No messages found needing GPG encryption, not' >> /usr/bin/encmaildir
echo ' echo "removing Dovecot indexes and UIDs."' >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo 'exit 0' >> /usr/bin/encmaildir
chmod +x /usr/bin/encmaildir
2014-10-03 12:53:34 +02:00
if [ ! /home/$MY_USERNAME /README ] ; then
touch /home/$MY_USERNAME /README
fi
if ! grep -q "If you have imported legacy email" /home/$MY_USERNAME /README; then
echo '' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo 'Encrypting legacy email' >> /home/$MY_USERNAME /README
echo '=======================' >> /home/$MY_USERNAME /README
echo 'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME /README
echo 'then it can be encrypted with the command:' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo ' encmaildir' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo 'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME /README
echo 'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME /README
echo 'and may be better done on a faster machine.' >> /home/$MY_USERNAME /README
2014-10-03 12:55:02 +02:00
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
2014-10-03 12:53:34 +02:00
fi
2014-10-03 12:40:51 +02:00
echo 'encrypt_all_email' >> $COMPLETION_FILE
}
2014-09-20 20:55:20 +02:00
function email_client {
2014-09-28 20:39:38 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
2014-09-24 20:05:40 +02:00
return
fi
2014-09-21 11:29:56 +02:00
if grep -Fxq "email_client" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-09-23 12:50:40 +02:00
apt-get -y --force-yes install mutt-patched lynx abook
2014-09-29 12:04:49 +02:00
if [ ! -f /etc/Muttrc ] ; then
echo " ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE "
exit 49
fi
2014-09-20 20:55:20 +02:00
if [ ! -d /home/$MY_USERNAME /.mutt ] ; then
mkdir /home/$MY_USERNAME /.mutt
fi
echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘ s/^ //’ ; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME /.mutt/mailcap
chown -R $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.mutt
2014-09-20 23:58:23 +02:00
echo 'set mbox_type=Maildir' >> /etc/Muttrc
echo 'set folder="~/Maildir"' >> /etc/Muttrc
echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc
echo 'set mbox="~/Maildir"' >> /etc/Muttrc
echo 'set record="+Sent"' >> /etc/Muttrc
echo 'set postponed="+Drafts"' >> /etc/Muttrc
echo 'set trash="+Trash"' >> /etc/Muttrc
echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc
echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc
echo 'set editor="emacs"' >> /etc/Muttrc
echo 'set header_cache="+.cache"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
2014-09-21 00:14:07 +02:00
echo 'macro index S "<tag-prefix><save-message>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
echo 'macro pager S "<save-message>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
echo 'macro index H "<tag-prefix><copy-message>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
echo 'macro pager H "<copy-message>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo '' >> /etc/Muttrc
echo '# set up the sidebar' >> /etc/Muttrc
echo 'set sidebar_width=12' >> /etc/Muttrc
echo 'set sidebar_visible=yes' >> /etc/Muttrc
2014-09-20 20:55:20 +02:00
echo "set sidebar_delim='|'" >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo 'set sidebar_sort=yes' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo 'set rfc2047_parameters' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# Show inbox and sent items' >> /etc/Muttrc
echo 'mailboxes = =Sent' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc
echo 'color sidebar_new yellow default' >> /etc/Muttrc
echo 'color normal white default' >> /etc/Muttrc
echo 'color hdrdefault brightcyan default' >> /etc/Muttrc
echo 'color signature green default' >> /etc/Muttrc
echo 'color attachment brightyellow default' >> /etc/Muttrc
echo 'color quoted green default' >> /etc/Muttrc
echo 'color quoted1 white default' >> /etc/Muttrc
echo 'color tilde blue default' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc
echo '# ctrl-o to open selected folder' >> /etc/Muttrc
echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc
echo 'bind index \Cn sidebar-next' >> /etc/Muttrc
echo 'bind index \Co sidebar-open' >> /etc/Muttrc
echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc
echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc
echo 'bind pager \Co sidebar-open' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc
2014-09-21 00:14:07 +02:00
echo "macro index,pager \Cb '<enter-command>toggle sidebar_visible<enter><redraw-screen>' 'toggle sidebar'" >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo '' >> /etc/Muttrc
echo '# esc-m Mark new messages as read' >> /etc/Muttrc
2014-09-21 00:14:07 +02:00
echo 'macro index <esc>m "T~N<enter>;WNT~O<enter>;WO\CT~T<enter>" "mark all messages read"' >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo '' >> /etc/Muttrc
echo '# Collapsing threads' >> /etc/Muttrc
2014-09-21 00:14:07 +02:00
echo 'macro index [ "<collapse-thread>" "collapse/uncollapse thread"' >> /etc/Muttrc
echo 'macro index ] "<collapse-all>" "collapse/uncollapse all threads"' >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo '' >> /etc/Muttrc
echo '# threads containing new messages' >> /etc/Muttrc
2014-09-21 00:14:07 +02:00
echo 'uncolor index "~(~N)"' >> /etc/Muttrc
echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo '' >> /etc/Muttrc
echo '# new messages themselves' >> /etc/Muttrc
2014-09-21 00:14:07 +02:00
echo 'uncolor index "~N"' >> /etc/Muttrc
echo 'color index brightyellow default "~N"' >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo '' >> /etc/Muttrc
echo '# GPG/PGP integration' >> /etc/Muttrc
echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc
2014-10-01 11:27:51 +02:00
echo 'set pgp_timeout=1800' >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo '' >> /etc/Muttrc
echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc
echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc
2014-09-23 23:57:40 +02:00
echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc
echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc
echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc
2014-09-24 00:28:32 +02:00
echo 'set fcc_clear # Keep cleartext copy of sent encrypted mail' >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo 'unset smime_is_default' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc
echo 'source ~/.mutt-alias' >> /etc/Muttrc
2014-09-21 00:14:07 +02:00
echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc
2014-09-20 23:58:23 +02:00
echo 'macro index,pager A "<pipe-message>abook --add-email-quiet<return>" "add the sender address to abook"' >> /etc/Muttrc
2014-09-20 21:27:11 +02:00
cp -f /etc/Muttrc /home/$MY_USERNAME /.muttrc
touch /home/$MY_USERNAME /.mutt-alias
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.muttrc
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /.mutt-alias
2014-09-21 11:02:15 +02:00
echo 'email_client' >> $COMPLETION_FILE
2014-09-20 20:55:20 +02:00
}
2014-09-20 21:43:32 +02:00
function folders_for_mailing_lists {
2014-09-28 20:39:38 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
2014-09-24 20:05:40 +02:00
return
fi
2014-09-21 11:29:56 +02:00
if grep -Fxq "folders_for_mailing_lists" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-10-02 12:26:44 +02:00
echo '#!/bin/bash' > /usr/bin/addmailinglist
echo 'MYUSERNAME=$1' >> /usr/bin/addmailinglist
echo 'MAILINGLIST=$2' >> /usr/bin/addmailinglist
echo 'SUBJECTTAG=$3' >> /usr/bin/addmailinglist
echo 'MUTTRC=/home/$MYUSERNAME/.muttrc' >> /usr/bin/addmailinglist
echo 'PM=/home/$MYUSERNAME/.procmailrc' >> /usr/bin/addmailinglist
echo 'LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo '# Exit if the list was already added' >> /usr/bin/addmailinglist
echo 'if grep -q "=$MAILINGLIST" $MUTTRC; then' >> /usr/bin/addmailinglist
echo ' exit 1' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'if ! [[ $MYUSERNAME && $MAILINGLIST && $SUBJECTTAG ]]; then' >> /usr/bin/addmailinglist
echo ' echo "mailinglistsrule [user name] [mailing list name] [subject tag]"' >> /usr/bin/addmailinglist
echo ' exit 1' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'if [ ! -d "$LISTDIR" ]; then' >> /usr/bin/addmailinglist
echo ' mkdir -m 700 $LISTDIR' >> /usr/bin/addmailinglist
echo ' mkdir -m 700 $LISTDIR/tmp' >> /usr/bin/addmailinglist
echo ' mkdir -m 700 $LISTDIR/new' >> /usr/bin/addmailinglist
echo ' mkdir -m 700 $LISTDIR/cur' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR' >> /usr/bin/addmailinglist
echo 'echo "" >> $PM' >> /usr/bin/addmailinglist
echo 'echo ":0" >> $PM' >> /usr/bin/addmailinglist
echo 'echo " * ^Subject:.*()\[$SUBJECTTAG\]" >> $PM' >> /usr/bin/addmailinglist
echo 'echo "$LISTDIR/new" >> $PM' >> /usr/bin/addmailinglist
echo 'chown $MYUSERNAME:$MYUSERNAME $PM' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'if [ ! -f "$MUTTRC" ]; then' >> /usr/bin/addmailinglist
echo ' cp /etc/Muttrc $MUTTRC' >> /usr/bin/addmailinglist
echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'PROCMAILLOG=/home/$MYUSERNAME/log' >> /usr/bin/addmailinglist
echo 'if [ ! -d $PROCMAILLOG ]; then' >> /usr/bin/addmailinglist
echo ' mkdir $PROCMAILLOG' >> /usr/bin/addmailinglist
echo ' chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /usr/bin/addmailinglist
echo 'if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then' >> /usr/bin/addmailinglist
echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC' >> /usr/bin/addmailinglist
echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo 'exit 0' >> /usr/bin/addmailinglist
chmod +x /usr/bin/addmailinglist
2014-09-21 11:02:15 +02:00
echo 'folders_for_mailing_lists' >> $COMPLETION_FILE
2014-09-20 21:43:32 +02:00
}
function folders_for_email_addresses {
2014-09-28 20:39:38 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
2014-09-24 20:05:40 +02:00
return
fi
2014-09-21 11:29:56 +02:00
if grep -Fxq "folders_for_email_addresses" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 11:02:15 +02:00
fi
2014-10-02 12:28:44 +02:00
echo '#!/bin/bash' > /usr/bin/addemailtofolder
echo 'MYUSERNAME=$1' >> /usr/bin/addemailtofolder
echo 'EMAILADDRESS=$2' >> /usr/bin/addemailtofolder
echo 'MAILINGLIST=$3' >> /usr/bin/addemailtofolder
echo 'MUTTRC=/home/$MYUSERNAME/.muttrc' >> /usr/bin/addemailtofolder
echo 'PM=/home/$MYUSERNAME/.procmailrc' >> /usr/bin/addemailtofolder
echo 'LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST' >> /usr/bin/addemailtofolder
echo '' >> /usr/bin/addemailtofolder
echo 'if ! [[ $MYUSERNAME && $EMAILADDRESS && $MAILINGLIST ]]; then' >> /usr/bin/addemailtofolder
echo ' echo "addemailtofolder [user name] [email address] [mailing list name]"' >> /usr/bin/addemailtofolder
echo ' exit 1' >> /usr/bin/addemailtofolder
echo 'fi' >> /usr/bin/addemailtofolder
echo '' >> /usr/bin/addemailtofolder
echo 'if [ ! -d "$LISTDIR" ]; then' >> /usr/bin/addemailtofolder
echo ' mkdir -m 700 $LISTDIR' >> /usr/bin/addemailtofolder
echo ' mkdir -m 700 $LISTDIR/tmp' >> /usr/bin/addemailtofolder
echo ' mkdir -m 700 $LISTDIR/new' >> /usr/bin/addemailtofolder
echo ' mkdir -m 700 $LISTDIR/cur' >> /usr/bin/addemailtofolder
echo 'fi' >> /usr/bin/addemailtofolder
echo 'chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR' >> /usr/bin/addemailtofolder
echo 'echo "" >> $PM' >> /usr/bin/addemailtofolder
echo 'echo ":0" >> $PM' >> /usr/bin/addemailtofolder
echo 'echo " * ^From: $EMAILADDRESS" >> $PM' >> /usr/bin/addemailtofolder
echo 'echo "$LISTDIR/new" >> $PM' >> /usr/bin/addemailtofolder
echo 'chown $MYUSERNAME:$MYUSERNAME $PM' >> /usr/bin/addemailtofolder
echo 'if [ ! -f "$MUTTRC" ]; then' >> /usr/bin/addemailtofolder
echo ' cp /etc/Muttrc $MUTTRC' >> /usr/bin/addemailtofolder
echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addemailtofolder
echo 'fi' >> /usr/bin/addemailtofolder
echo 'PROCMAILLOG=/home/$MYUSERNAME/log' >> /usr/bin/addemailtofolder
echo 'if [ ! -d $PROCMAILLOG ]; then' >> /usr/bin/addemailtofolder
echo ' mkdir $PROCMAILLOG' >> /usr/bin/addemailtofolder
echo ' chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG' >> /usr/bin/addemailtofolder
echo 'fi' >> /usr/bin/addemailtofolder
echo 'MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /usr/bin/addemailtofolder
echo 'if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then' >> /usr/bin/addemailtofolder
echo ' if ! grep -q "=$MAILINGLIST" $MUTTRC; then' >> /usr/bin/addemailtofolder
echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC' >> /usr/bin/addemailtofolder
echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addemailtofolder
echo ' fi' >> /usr/bin/addemailtofolder
echo 'fi' >> /usr/bin/addemailtofolder
echo 'exit 0' >> /usr/bin/addemailtofolder
chmod +x /usr/bin/addemailtofolder
2014-09-21 11:02:15 +02:00
echo 'folders_for_email_addresses' >> $COMPLETION_FILE
2014-09-20 21:43:32 +02:00
}
2014-09-23 12:50:40 +02:00
function dynamic_dns_freedns {
if grep -Fxq "dynamic_dns_freedns" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-23 12:50:40 +02:00
fi
echo '#!/bin/bash' > /usr/bin/dynamicdns
echo '# subdomain name 1' >> /usr/bin/dynamicdns
echo " wget -O - https://freedns.afraid.org/dynamic/update.php? $FREEDNS_SUBDOMAIN_CODE == >> /dev/null 2>&1 " >> /usr/bin/dynamicdns
echo '# add any other subdomains below' >> /usr/bin/dynamicdns
chmod 600 /usr/bin/dynamicdns
chmod +x /usr/bin/dynamicdns
if ! grep -q "dynamicdns" /etc/crontab; then
2014-10-05 18:22:04 +02:00
echo '*/5 * * * * root /usr/bin/timeout 240 /usr/bin/dynamicdns' >> /etc/crontab
2014-09-23 12:50:40 +02:00
fi
2014-09-23 13:16:40 +02:00
service cron restart
2014-09-23 12:50:40 +02:00
echo 'dynamic_dns_freedns' >> $COMPLETION_FILE
}
2014-10-01 13:32:34 +02:00
function create_public_mailing_list {
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
return
fi
if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE ; then
return
fi
if [ ! $PUBLIC_MAILING_LIST ] ; then
return
fi
# does the mailing list have a separate domain name?
if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ] ; then
PUBLIC_MAILING_LIST_DOMAIN_NAME = $DOMAIN_NAME
fi
2014-10-01 17:50:38 +02:00
PUBLIC_MAILING_LIST_USER = "mlmmj"
2014-10-01 13:32:34 +02:00
apt-get -y --force-yes install mlmmj
2014-10-01 17:50:38 +02:00
adduser --system $PUBLIC_MAILING_LIST_USER
addgroup $PUBLIC_MAILING_LIST_USER
adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER
2014-10-01 13:32:34 +02:00
2014-10-01 14:15:37 +02:00
echo ''
echo " Creating the $PUBLIC_MAILING_LIST mailing list "
echo ''
2014-10-01 13:32:34 +02:00
# create the list
2014-10-01 17:50:38 +02:00
mlmmj-make-ml -a -L " $PUBLIC_MAILING_LIST " -c $PUBLIC_MAILING_LIST_USER
echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros
echo " SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER " >> /etc/exim4/conf.d/main/000_localmacros
echo " SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER " >> /etc/exim4/conf.d/main/000_localmacros
2014-10-01 13:32:34 +02:00
2014-10-01 17:50:38 +02:00
# router
2014-10-01 13:32:34 +02:00
echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
2014-10-01 17:50:38 +02:00
echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
2014-10-01 13:32:34 +02:00
echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
2014-10-01 13:47:27 +02:00
echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
2014-10-01 13:32:34 +02:00
echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
2014-10-01 13:47:27 +02:00
echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
2014-10-01 13:32:34 +02:00
echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
2014-10-01 17:50:38 +02:00
# transport
2014-10-01 13:32:34 +02:00
echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
2014-10-01 17:50:38 +02:00
echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
2014-10-01 13:32:34 +02:00
echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
2014-10-01 13:47:27 +02:00
echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
2014-10-01 13:32:34 +02:00
if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i " /MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME " /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
2014-10-01 17:50:38 +02:00
if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
2014-10-01 13:32:34 +02:00
if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then
sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary
fi
2014-10-01 14:07:56 +02:00
newaliases
2014-10-01 17:50:38 +02:00
update-exim4.conf.template -r
update-exim4.conf
service exim4 restart
2014-10-01 14:15:37 +02:00
2014-10-02 20:32:12 +02:00
if ! grep -q " $PUBLIC_MAILING_LIST mailing list " /home/$MY_USERNAME /README; then
echo '' >> /home/$MY_USERNAME /README
2014-10-01 17:56:48 +02:00
echo '' >> /home/$MY_USERNAME /README
2014-10-02 20:32:12 +02:00
echo 'Public mailing list' >> /home/$MY_USERNAME /README
echo '===================' >> /home/$MY_USERNAME /README
2014-10-01 17:56:48 +02:00
echo " To subscribe to the $PUBLIC_MAILING_LIST mailing list send a " >> /home/$MY_USERNAME /README
echo " cleartext email to $PUBLIC_MAILING_LIST +subscribe@ $DOMAIN_NAME " >> /home/$MY_USERNAME /README
fi
2014-10-02 12:26:44 +02:00
addmailinglist $MY_USERNAME " $PUBLIC_MAILING_LIST " " $PUBLIC_MAILING_LIST "
2014-10-01 13:32:34 +02:00
echo 'create_public_mailing_list' >> $COMPLETION_FILE
}
2014-09-24 13:56:30 +02:00
function create_private_mailing_list {
2014-09-28 20:39:38 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
2014-09-24 20:05:40 +02:00
return
fi
2014-09-24 18:07:17 +02:00
# This installation doesn't work, results in ruby errors
# There is currently no schleuder package for Debian jessie
2014-09-24 13:56:30 +02:00
if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE ; then
return
fi
if [ ! $PRIVATE_MAILING_LIST ] ; then
2014-09-24 15:44:49 +02:00
return
2014-09-24 13:56:30 +02:00
fi
2014-10-01 13:32:34 +02:00
if [ [ $PRIVATE_MAILING_LIST = = $MY_USERNAME ] ] ; then
2014-09-24 15:44:49 +02:00
echo 'The name of the private mailing list should not be the'
echo 'same as your username'
exit 10
2014-09-24 13:56:30 +02:00
fi
if [ ! $MY_GPG_PUBLIC_KEY ] ; then
2014-09-24 15:44:49 +02:00
echo 'To create a private mailing list you need to specify a file'
echo 'containing your exported GPG key within MY_GPG_PUBLIC_KEY at'
echo 'the top of the script'
exit 11
2014-09-24 13:56:30 +02:00
fi
apt-get -y --force-yes install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev
gem install schleuder
schleuder-fix-gem-dependencies
2014-09-24 16:12:21 +02:00
schleuder-init-setup --gem
2014-09-24 17:36:01 +02:00
# NOTE: this is version number sensitive and so might need changing
ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder
2014-09-24 13:56:30 +02:00
sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf
sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf
2014-10-10 22:32:46 +02:00
schleuder-newlist $PRIVATE_MAILING_LIST @$DOMAIN_NAME -realname " $PRIVATE_MAILING_LIST " -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
2014-10-02 12:28:44 +02:00
addemailtofolder $MY_USERNAME $PRIVATE_MAILING_LIST @$DOMAIN_NAME $PRIVATE_MAILING_LIST
2014-09-24 13:56:30 +02:00
echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
chown -R schleuder:schleuder /var/lib/schleuder
update-exim4.conf.template -r
update-exim4.conf
service exim4 restart
useradd -d /var/schleuderlists -s /bin/false schleuder
adduser Debian-exim schleuder
usermod -a -G mail schleuder
2014-09-24 17:29:46 +02:00
#exim -d -bt $PRIVATE_MAILING_LIST@$DOMAIN_NAME
2014-09-24 13:56:30 +02:00
echo 'create_private_mailing_list' >> $COMPLETION_FILE
}
2014-09-23 19:11:22 +02:00
function import_email {
2014-09-28 20:39:38 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " || $SYSTEM_TYPE = = " $VARIANT_NONMAILBOX " ] ] ; then
2014-09-24 20:05:40 +02:00
return
fi
2014-09-23 23:14:44 +02:00
EMAIL_COMPLETE_MSG = ' *** Freedombone mailbox installation is complete ***'
2014-09-23 19:11:22 +02:00
if grep -Fxq "import_email" $COMPLETION_FILE ; then
2014-09-26 22:58:15 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_MAILBOX " ] ] ; then
2014-10-02 15:31:18 +02:00
create_backup_script
create_restore_script
2014-10-02 14:06:03 +02:00
backup_to_friends_servers
2014-10-11 16:50:42 +02:00
intrusion_detection
2014-09-29 17:51:28 +02:00
echo ''
2014-09-29 16:26:11 +02:00
echo " $EMAIL_COMPLETE_MSG "
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT ] ; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
2014-09-23 23:13:42 +02:00
echo ' You can now remove the USB drive'
fi
exit 0
fi
2014-09-23 19:11:22 +02:00
return
fi
if [ $IMPORT_MAILDIR ] ; then
if [ -d $IMPORT_MAILDIR ] ; then
2014-09-23 20:56:21 +02:00
echo 'Transfering email files'
2014-09-23 22:50:56 +02:00
cp -r $IMPORT_MAILDIR /home/$MY_USERNAME
2014-09-23 20:56:21 +02:00
chown -R $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /Maildir
else
echo " Email import directory $IMPORT_MAILDIR not found "
2014-09-23 23:13:42 +02:00
exit 9
2014-09-23 20:56:21 +02:00
fi
2014-09-23 19:11:22 +02:00
fi
echo 'import_email' >> $COMPLETION_FILE
2014-09-26 22:58:15 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_MAILBOX " ] ] ; then
2014-10-02 15:31:18 +02:00
create_backup_script
create_restore_script
2014-10-02 14:06:03 +02:00
backup_to_friends_servers
2014-10-11 16:50:42 +02:00
intrusion_detection
2014-09-23 23:07:35 +02:00
# unmount any attached usb drive
echo ''
2014-09-29 16:26:11 +02:00
echo " $EMAIL_COMPLETE_MSG "
2014-09-23 23:07:35 +02:00
echo ''
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT ] ; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
2014-09-23 23:07:35 +02:00
echo ' You can now remove the USB drive'
fi
exit 0
fi
2014-09-23 19:11:22 +02:00
}
2014-09-24 18:17:04 +02:00
function install_web_server {
2014-09-26 14:34:31 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_CHAT " ] ] ; then
2014-09-25 15:06:33 +02:00
return
fi
2014-09-24 18:17:04 +02:00
if grep -Fxq "install_web_server" $COMPLETION_FILE ; then
return
fi
# remove apache
apt-get -y remove --purge apache2
if [ -d /etc/apache2 ] ; then
rm -rf /etc/apache2
fi
# install nginx
apt-get -y --force-yes install nginx php5-fpm git
2014-09-29 12:04:49 +02:00
if [ ! -d /etc/nginx ] ; then
echo " ERROR: nginx does not appear to have installed. $CHECK_MESSAGE "
exit 51
fi
2014-09-24 18:17:04 +02:00
# install a script to easily enable and disable nginx virtual hosts
2014-09-24 18:25:48 +02:00
if [ ! -d $INSTALL_DIR ] ; then
mkdir $INSTALL_DIR
fi
2014-09-24 18:17:04 +02:00
cd $INSTALL_DIR
git clone https://github.com/perusio/nginx_ensite
cd $INSTALL_DIR /nginx_ensite
cp nginx_* /usr/sbin
2014-09-24 20:05:40 +02:00
nginx_dissite default
2014-09-24 18:17:04 +02:00
echo 'install_web_server' >> $COMPLETION_FILE
}
2014-09-26 14:17:22 +02:00
function configure_php {
2014-09-26 17:02:38 +02:00
sed -i " s/memory_limit = 128M/memory_limit = ${ MAX_PHP_MEMORY } M/g " /etc/php5/fpm/php.ini
2014-09-26 14:17:22 +02:00
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
2014-09-26 17:02:38 +02:00
sed -i " s/memory_limit = -1/memory_limit = ${ MAX_PHP_MEMORY } M/g " /etc/php5/cli/php.ini
2014-09-26 14:17:22 +02:00
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini
}
2014-10-11 18:50:59 +02:00
function get_mariadb_password {
if [ -f /home/$MY_USERNAME /README ] ; then
if grep -q "MariaDB password" /home/$MY_USERNAME /README; then
MARIADB_PASSWORD = $( cat /home/$MY_USERNAME /README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//' )
fi
fi
}
function get_mariadb_gnusocial_admin_password {
if [ -f /home/$MY_USERNAME /README ] ; then
if grep -q "MariaDB gnusocial admin password" /home/$MY_USERNAME /README; then
MICROBLOG_ADMIN_PASSWORD = $( cat /home/$MY_USERNAME /README | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//' )
fi
fi
}
function get_mariadb_redmatrix_admin_password {
if [ -f /home/$MY_USERNAME /README ] ; then
if grep -q "MariaDB Red Matrix admin password" /home/$MY_USERNAME /README; then
REDMATRIX_ADMIN_PASSWORD = $( cat /home/$MY_USERNAME /README | grep "MariaDB Red Matrix admin password" | awk -F ':' '{print $2}' | sed 's/^ *//' )
fi
fi
}
function get_mariadb_owncloud_admin_password {
if [ -f /home/$MY_USERNAME /README ] ; then
2014-10-11 19:12:17 +02:00
if grep -q "Owncloud database password" /home/$MY_USERNAME /README; then
OWNCLOUD_ADMIN_PASSWORD = $( cat /home/$MY_USERNAME /README | grep "Owncloud database password" | awk -F ':' '{print $2}' | sed 's/^ *//' )
2014-10-11 18:50:59 +02:00
fi
fi
}
function install_mariadb {
if grep -Fxq "install_mariadb" $COMPLETION_FILE ; then
return
fi
apt-get -y --force-yes install python-software-properties debconf-utils
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
add-apt-repository 'deb http://mariadb.biz.net.id//repo/10.1/debian sid main'
apt-get -y --force-yes install software-properties-common
apt-get -y update
get_mariadb_password
if [ ! $MARIADB_PASSWORD ] ; then
MARIADB_PASSWORD = $( openssl rand -base64 32)
echo '' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo 'MariaDB / MySql' >> /home/$MY_USERNAME /README
echo '===============' >> /home/$MY_USERNAME /README
echo " Your MariaDB password is: $MARIADB_PASSWORD " >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
fi
debconf-set-selections <<< " mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD "
debconf-set-selections <<< " mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD "
apt-get -y --force-yes install mariadb-server
if [ ! -d /etc/mysql ] ; then
echo " ERROR: mariadb-server does not appear to have installed. $CHECK_MESSAGE "
exit 54
fi
mysqladmin -u root password " $MARIADB_PASSWORD "
echo 'install_mariadb' >> $COMPLETION_FILE
}
function backup_databases_script_header {
if [ ! -f /usr/bin/backupdatabases ] ; then
# daily
echo '#!/bin/sh' > /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo " EMAIL=' $MY_EMAIL_ADDRESS ' " >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo " MYSQL_PASSWORD=' $MARIADB_PASSWORD ' " >> /usr/bin/backupdatabases
echo 'umask 0077' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases
echo " if [ -f $FRIENDS_SERVER_LIST ]; then " >> /usr/bin/backupdatabases
echo ' exit 1' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
chmod 600 /usr/bin/backupdatabases
chmod +x /usr/bin/backupdatabases
echo '#!/bin/sh' > /etc/cron.daily/backupdatabasesdaily
echo '/usr/bin/backupdatabases' >> /etc/cron.daily/backupdatabasesdaily
chmod 600 /etc/cron.daily/backupdatabasesdaily
chmod +x /etc/cron.daily/backupdatabasesdaily
# weekly
echo '#!/bin/sh' > /etc/cron.weekly/backupdatabasesweekly
echo '' >> /etc/cron.weekly/backupdatabasesweekly
echo 'umask 0077' >> /etc/cron.weekly/backupdatabasesweekly
chmod 600 /etc/cron.weekly/backupdatabasesweekly
chmod +x /etc/cron.weekly/backupdatabasesweekly
# monthly
echo '#!/bin/sh' > /etc/cron.monthly/backupdatabasesmonthly
echo '' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'umask 0077' >> /etc/cron.monthly/backupdatabasesmonthly
chmod 600 /etc/cron.monthly/backupdatabasesmonthly
chmod +x /etc/cron.monthly/backupdatabasesmonthly
fi
}
function repair_databases_script {
if grep -Fxq "repair_databases_script" $COMPLETION_FILE ; then
return
fi
echo '#!/bin/bash' > /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo 'DATABASE=$1' >> /usr/bin/repairdatabase
echo " EMAIL= $MY_EMAIL_ADDRESS " >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo " MYSQL_ROOT_PASSWORD=' $MARIADB_PASSWORD ' " >> /usr/bin/repairdatabase
echo 'TEMPFILE=/root/repairdatabase_$DATABASE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo 'umask 0077' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo '# check the database' >> /usr/bin/repairdatabase
echo 'mysqlcheck -c -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE > $TEMPFILE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo '# Attempt to repair the database if it contains errors' >> /usr/bin/repairdatabase
echo 'if grep -q "Error" "$TEMPFILE"; then' >> /usr/bin/repairdatabase
echo ' mysqlcheck -u root --password=$MYSQL_ROOT_PASSWORD --auto-repair $DATABASE' >> /usr/bin/repairdatabase
echo 'else' >> /usr/bin/repairdatabase
echo ' # No errors were found, so exit' >> /usr/bin/repairdatabase
echo ' rm -f $TEMPFILE' >> /usr/bin/repairdatabase
echo ' exit 0' >> /usr/bin/repairdatabase
echo 'fi' >> /usr/bin/repairdatabase
echo 'rm -f $TEMPFILE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo '# Check the database again' >> /usr/bin/repairdatabase
echo 'mysqlcheck -c -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE > $TEMPFILE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo '# If it still contains errors then restore from backup' >> /usr/bin/repairdatabase
echo 'if grep -q "Error" "$TEMPFILE"; then' >> /usr/bin/repairdatabase
echo ' mysql -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE -o < /var/backups/${DATABASE}_daily.sql' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo ' # Send a warning email' >> /usr/bin/repairdatabase
echo ' echo "$DATABASE database corruption could not be repaired. Restored from backup." | mail -s "Freedombone database maintenance" $EMAIL' >> /usr/bin/repairdatabase
echo ' rm -f $TEMPFILE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo ' exit 1' >> /usr/bin/repairdatabase
echo 'fi' >> /usr/bin/repairdatabase
echo 'rm -f $TEMPFILE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo 'exit 0' >> /usr/bin/repairdatabase
chmod 600 /usr/bin/repairdatabase
chmod +x /usr/bin/repairdatabase
echo '#!/bin/bash' > /etc/cron.hourly/repair
echo '' >> /etc/cron.hourly/repair
chmod 600 /etc/cron.hourly/repair
chmod +x /etc/cron.hourly/repair
echo 'repair_databases_script' >> $COMPLETION_FILE
}
2014-09-24 20:05:40 +02:00
function install_owncloud {
2014-09-27 18:59:35 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_MAILBOX " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " ] ] ; then
2014-09-24 20:05:40 +02:00
return
fi
OWNCLOUD_COMPLETION_MSG1 = " *** Freedombone $SYSTEM_TYPE is now installed *** "
OWNCLOUD_COMPLETION_MSG2 = " Open $OWNCLOUD_DOMAIN_NAME in a web browser to complete the setup "
if grep -Fxq "install_owncloud" $COMPLETION_FILE ; then
2014-09-26 14:34:31 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " ] ] ; then
2014-10-02 15:31:18 +02:00
create_backup_script
create_restore_script
2014-10-02 14:06:03 +02:00
backup_to_friends_servers
2014-10-11 16:50:42 +02:00
intrusion_detection
2014-09-24 20:05:40 +02:00
# unmount any attached usb drive
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT ] ; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
2014-09-24 20:05:40 +02:00
fi
echo ''
2014-09-29 16:26:11 +02:00
echo " $OWNCLOUD_COMPLETION_MSG1 "
echo " $OWNCLOUD_COMPLETION_MSG2 "
2014-09-24 20:05:40 +02:00
exit 0
fi
return
fi
2014-09-24 23:02:09 +02:00
# if this is exclusively a cloud setup
2014-09-26 14:34:31 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " ] ] ; then
2014-09-24 23:02:09 +02:00
OWNCLOUD_DOMAIN_NAME = $DOMAIN_NAME
OWNCLOUD_FREEDNS_SUBDOMAIN_CODE = $FREEDNS_SUBDOMAIN_CODE
fi
2014-09-24 20:05:40 +02:00
if [ ! $OWNCLOUD_DOMAIN_NAME ] ; then
return
fi
2014-09-26 14:34:31 +02:00
if ! [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " ] ] ; then
2014-09-24 20:05:40 +02:00
if [ ! $SYSTEM_TYPE ] ; then
return
fi
fi
2014-10-11 16:12:48 +02:00
apt-get -y --force-yes install owncloud
2014-10-11 18:50:59 +02:00
install_mariadb
get_mariadb_password
get_mariadb_owncloud_admin_password
if [ ! $OWNCLOUD_ADMIN_PASSWORD ] ; then
OWNCLOUD_ADMIN_PASSWORD = $( openssl rand -base64 32)
2014-10-11 19:12:17 +02:00
fi
if ! grep -q "Database user: owncloudadmin" /home/$MY_USERNAME /README; then
2014-10-11 18:50:59 +02:00
echo '' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo 'Owncloud' >> /home/$MY_USERNAME /README
echo '========' >> /home/$MY_USERNAME /README
2014-10-11 19:12:17 +02:00
echo 'Owncloud database user: owncloudadmin' >> /home/$MY_USERNAME /README
echo " Owncloud database password: $OWNCLOUD_ADMIN_PASSWORD " >> /home/$MY_USERNAME /README
echo 'Owncloud database name: owncloud' >> /home/$MY_USERNAME /README
2014-10-11 18:50:59 +02:00
echo '' >> /home/$MY_USERNAME /README
2014-10-11 19:12:17 +02:00
echo 'After creating an administrator account then create a user account via' >> /home/$MY_USERNAME /README
echo " the Users dropdown menu entry. The username should be ' $MY_USERNAME '. " >> /home/$MY_USERNAME /README
2014-10-11 18:50:59 +02:00
fi
echo " create database owncloud;
CREATE USER 'owncloudadmin' @'localhost' IDENTIFIED BY '$OWNCLOUD_ADMIN_PASSWORD' ;
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloudadmin' @'localhost' ;
quit" > $INSTALL_DIR /batch.sql
chmod 600 $INSTALL_DIR /batch.sql
mysql -u root --password= " $MARIADB_PASSWORD " < $INSTALL_DIR /batch.sql
shred -zu $INSTALL_DIR /batch.sql
2014-09-24 20:05:40 +02:00
if [ ! -d /var/www/$OWNCLOUD_DOMAIN_NAME ] ; then
mkdir /var/www/$OWNCLOUD_DOMAIN_NAME
fi
2014-10-11 11:31:47 +02:00
if [ -d /var/www/$OWNCLOUD_DOMAIN_NAME /htdocs ] ; then
rm -rf /var/www/$OWNCLOUD_DOMAIN_NAME /htdocs
fi
ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME /htdocs
2014-09-24 20:05:40 +02:00
echo 'server {' > /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " server_name $OWNCLOUD_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " root /var/www/ $OWNCLOUD_DOMAIN_NAME /htdocs; " >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " server_name $OWNCLOUD_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/ $OWNCLOUD_DOMAIN_NAME .crt; " >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/ $OWNCLOUD_DOMAIN_NAME .key; " >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/ $OWNCLOUD_DOMAIN_NAME .dhparam; " >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-27 17:57:32 +02:00
echo " ssl_protocols $SSL_PROTOCOLS ; # not possible to do exclusive " >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-27 16:05:18 +02:00
echo " ssl_ciphers ' $SSL_CIPHERS '; " >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param HTTPS on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-10-11 19:12:17 +02:00
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-24 20:05:40 +02:00
echo ' # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
configure_php
2014-09-24 20:05:40 +02:00
2014-09-24 23:24:37 +02:00
if [ ! -f /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME .key ] ; then
makecert $OWNCLOUD_DOMAIN_NAME
fi
2014-09-24 20:05:40 +02:00
nginx_ensite $OWNCLOUD_DOMAIN_NAME
service php5-fpm restart
service nginx restart
# update the dynamic DNS
2014-09-27 14:47:23 +02:00
if [ $OWNCLOUD_FREEDNS_SUBDOMAIN_CODE ] ; then
if [ [ $OWNCLOUD_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ] ] ; then
if ! grep -q " $OWNCLOUD_DOMAIN_NAME " /usr/bin/dynamicdns; then
echo " # $OWNCLOUD_DOMAIN_NAME " >> /usr/bin/dynamicdns
echo " wget -O - https://freedns.afraid.org/dynamic/update.php? $OWNCLOUD_FREEDNS_SUBDOMAIN_CODE == >> /dev/null 2>&1 " >> /usr/bin/dynamicdns
fi
2014-09-24 20:05:40 +02:00
fi
2014-09-27 14:47:23 +02:00
else
echo 'WARNING: No freeDNS subdomain code given for Owncloud. It is assumed that you are using some other dynamic DNS provider.'
2014-09-24 20:05:40 +02:00
fi
echo 'install_owncloud' >> $COMPLETION_FILE
2014-09-26 14:34:31 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " ] ] ; then
2014-10-02 15:31:18 +02:00
create_backup_script
create_restore_script
2014-10-02 14:06:03 +02:00
backup_to_friends_servers
2014-10-11 16:50:42 +02:00
intrusion_detection
2014-09-24 20:05:40 +02:00
# unmount any attached usb drive
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT ] ; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
2014-09-24 20:05:40 +02:00
fi
echo ''
2014-09-29 16:26:11 +02:00
echo " $OWNCLOUD_COMPLETION_MSG1 "
echo " $OWNCLOUD_COMPLETION_MSG2 "
2014-09-24 20:05:40 +02:00
exit 0
fi
}
2014-09-25 15:06:33 +02:00
function install_xmpp {
2014-09-27 18:59:35 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_MAILBOX " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " ] ] ; then
2014-09-25 15:06:33 +02:00
return
fi
if grep -Fxq "install_xmpp" $COMPLETION_FILE ; then
return
fi
apt-get -y --force-yes install prosody
2014-09-29 12:04:49 +02:00
if [ ! -d /etc/prosody ] ; then
echo " ERROR: prosody does not appear to have installed. $CHECK_MESSAGE "
exit 52
fi
2014-09-25 19:17:07 +02:00
if [ ! -f "/etc/ssl/private/xmpp.key" ] ; then
makecert xmpp
fi
2014-09-25 15:06:33 +02:00
chown prosody:prosody /etc/ssl/private/xmpp.key
chown prosody:prosody /etc/ssl/certs/xmpp.*
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
sed -i " s/example.com/ $DOMAIN_NAME /g " /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
2014-09-25 20:52:53 +02:00
echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
2014-09-25 15:06:33 +02:00
echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
2014-09-25 20:52:53 +02:00
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
2014-09-25 15:06:33 +02:00
fi
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
fi
sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
fi
2014-09-25 20:52:53 +02:00
if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
2014-09-25 15:06:33 +02:00
sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
2014-09-25 19:17:07 +02:00
sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
2014-09-25 20:52:53 +02:00
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
sed -i 's/example.com/$DOMAIN_NAME/g' /etc/prosody/prosody.cfg.lua
2014-09-25 15:06:33 +02:00
service prosody restart
2014-09-25 19:17:07 +02:00
touch /home/$MY_USERNAME /README
2014-09-25 20:52:53 +02:00
if ! grep -q "Your XMPP password is" /home/$MY_USERNAME /README; then
2014-09-25 19:17:07 +02:00
XMPP_PASSWORD = $( openssl rand -base64 8)
prosodyctl register $MY_USERNAME $DOMAIN_NAME $XMPP_PASSWORD
2014-10-02 20:32:12 +02:00
echo '' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo 'XMPP' >> /home/$MY_USERNAME /README
echo '====' >> /home/$MY_USERNAME /README
2014-09-25 19:17:07 +02:00
echo " Your XMPP password is: $XMPP_PASSWORD " >> /home/$MY_USERNAME /README
echo 'You can change it with: ' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
2014-10-10 22:32:46 +02:00
echo " prosodyctl passwd $MY_EMAIL_ADDRESS " >> /home/$MY_USERNAME /README
2014-09-25 19:17:07 +02:00
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
fi
2014-09-25 15:06:33 +02:00
echo 'install_xmpp' >> $COMPLETION_FILE
}
2014-09-25 17:22:27 +02:00
function install_irc_server {
2014-09-27 18:59:35 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_MAILBOX " || $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " ] ] ; then
2014-09-25 17:22:27 +02:00
return
fi
if grep -Fxq "install_irc_server" $COMPLETION_FILE ; then
return
fi
apt-get -y --force-yes install ngircd
2014-09-29 12:04:49 +02:00
if [ ! -d /etc/ngircd ] ; then
echo " ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE "
exit 53
fi
2014-10-06 20:01:50 +02:00
if [ ! -f /etc/ssl/private/ngircd.key ] ; then
2014-09-25 21:07:23 +02:00
makecert ngircd
fi
2014-09-25 17:22:27 +02:00
echo '**************************************************' > /etc/ngircd/motd
echo '* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd
echo '* *' >> /etc/ngircd/motd
echo '* Freedom in the Cloud *' >> /etc/ngircd/motd
echo '**************************************************' >> /etc/ngircd/motd
sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
2014-10-10 22:32:46 +02:00
sed -i " s/irc@irc.example.com/ $MY_EMAIL_ADDRESS /g " /etc/ngircd/ngircd.conf
2014-09-25 17:22:27 +02:00
sed -i " s/irc.example.net/ $DOMAIN_NAME /g " /etc/ngircd/ngircd.conf
sed -i " s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DOMAIN_NAME |g " /etc/ngircd/ngircd.conf
sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
sed -i 's/;Ports = 6697, 9999/Ports = 6697, 9999/g' /etc/ngircd/ngircd.conf
sed -i 's/;Name = #ngircd/Name = #freedombone/g' /etc/ngircd/ngircd.conf
sed -i 's/;Topic = Our ngircd testing channel/Topic = Freedombone chat channel/g' /etc/ngircd/ngircd.conf
sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
sed -i 's|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#freedombone.key|g' /etc/ngircd/ngircd.conf
2014-10-06 20:09:40 +02:00
sed -i 's/;CloakHost = cloaked.host/CloakHost = freedombone/g' /etc/ngircd/ngircd.conf
2014-09-26 14:17:22 +02:00
IRC_SALT = $( openssl rand -base64 32)
2014-09-25 21:07:23 +02:00
IRC_OPERATOR_PASSWORD = $( openssl rand -base64 8)
2014-09-26 14:17:22 +02:00
sed -i " s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT |g " /etc/ngircd/ngircd.conf
2014-09-25 17:22:27 +02:00
sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
2014-09-25 17:29:46 +02:00
sed -i " s/;Name = TheOper/Name = $MY_USERNAME /g " /etc/ngircd/ngircd.conf
2014-09-25 21:07:23 +02:00
sed -i " s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD /g " /etc/ngircd/ngircd.conf
2014-09-25 17:22:27 +02:00
service ngircd restart
2014-10-05 22:43:46 +02:00
2014-10-05 22:44:37 +02:00
if ! grep -q "IRC Server" /home/$MY_USERNAME /README; then
2014-10-05 22:43:46 +02:00
echo '' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo 'IRC Server' >> /home/$MY_USERNAME /README
echo '==========' >> /home/$MY_USERNAME /README
echo 'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo " /server add -auto -ssl $DOMAIN_NAME 6697 " >> /home/$MY_USERNAME /README
echo " /connect $DOMAIN_NAME " >> /home/$MY_USERNAME /README
echo ' /join #freedombone' >> /home/$MY_USERNAME /README
fi
2014-09-25 17:22:27 +02:00
echo 'install_irc_server' >> $COMPLETION_FILE
}
2014-09-26 14:17:22 +02:00
function install_wiki {
2014-09-27 18:59:35 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_MAILBOX " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " ] ] ; then
2014-09-26 14:17:22 +02:00
return
fi
if grep -Fxq "install_wiki" $COMPLETION_FILE ; then
return
fi
2014-10-01 19:39:54 +02:00
# if everything is being installed or if this is exclusively a writer setup
if [ [ ! $SYSTEM_TYPE || $SYSTEM_TYPE = = " $VARIANT_WRITER " ] ] ; then
2014-09-26 14:17:22 +02:00
WIKI_DOMAIN_NAME = $DOMAIN_NAME
WIKI_FREEDNS_SUBDOMAIN_CODE = $FREEDNS_SUBDOMAIN_CODE
fi
if [ ! $WIKI_DOMAIN_NAME ] ; then
return
fi
2014-10-11 16:12:48 +02:00
apt-get -y --force-yes install dokuwiki
2014-09-26 14:17:22 +02:00
if [ ! -d /var/www/$WIKI_DOMAIN_NAME ] ; then
mkdir /var/www/$WIKI_DOMAIN_NAME
2014-09-26 16:25:44 +02:00
fi
2014-10-11 11:47:27 +02:00
if [ -d /var/www/$WIKI_DOMAIN_NAME /htdocs ] ; then
rm -rf /var/www/$WIKI_DOMAIN_NAME /htdocs
2014-09-26 14:17:22 +02:00
fi
if [ ! -f /etc/ssl/private/$WIKI_DOMAIN_NAME .key ] ; then
makecert $WIKI_DOMAIN_NAME
fi
2014-10-11 11:47:27 +02:00
ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME /htdocs
2014-09-26 14:17:22 +02:00
if ! grep -q "video/ogg" /var/www/$WIKI_DOMAIN_NAME /htdocs/conf/mime.conf; then
echo 'ogv video/ogg' >> /var/www/$WIKI_DOMAIN_NAME /htdocs/conf/mime.conf
echo 'mp4 video/mp4' >> /var/www/$WIKI_DOMAIN_NAME /htdocs/conf/mime.conf
echo 'webm video/webm' >> /var/www/$WIKI_DOMAIN_NAME /htdocs/conf/mime.conf
fi
echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/ $WIKI_DOMAIN_NAME /htdocs; " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-10-11 12:01:51 +02:00
echo " server_name $WIKI_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo " error_log /var/www/ $WIKI_DOMAIN_NAME /error.log; " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 16:50:40 +02:00
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-10-11 12:01:51 +02:00
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-10-11 12:01:51 +02:00
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-10-11 12:01:51 +02:00
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-10-11 12:01:51 +02:00
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-10-11 12:01:51 +02:00
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-10-11 12:01:51 +02:00
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/ $WIKI_DOMAIN_NAME /htdocs; " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/www/ $WIKI_DOMAIN_NAME /error_ssl.log; " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 16:50:40 +02:00
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/ $WIKI_DOMAIN_NAME .crt; " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/ $WIKI_DOMAIN_NAME .key; " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/ $WIKI_DOMAIN_NAME .dhparam; " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-27 17:57:32 +02:00
echo " ssl_protocols $SSL_PROTOCOLS ; # not possible to do exclusive " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-27 16:05:18 +02:00
echo " ssl_ciphers ' $SSL_CIPHERS '; " >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 17:34:41 +02:00
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 17:22:25 +02:00
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
2014-09-26 16:50:40 +02:00
configure_php
2014-09-26 14:17:22 +02:00
nginx_ensite $WIKI_DOMAIN_NAME
service php5-fpm restart
service nginx restart
# update the dynamic DNS
2014-09-27 14:47:23 +02:00
if [ $WIKI_FREEDNS_SUBDOMAIN_CODE ] ; then
if [ [ $WIKI_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ] ] ; then
if ! grep -q " $WIKI_DOMAIN_NAME " /usr/bin/dynamicdns; then
echo " # $WIKI_DOMAIN_NAME " >> /usr/bin/dynamicdns
echo " wget -O - https://freedns.afraid.org/dynamic/update.php? $WIKI_FREEDNS_SUBDOMAIN_CODE == >> /dev/null 2>&1 " >> /usr/bin/dynamicdns
fi
2014-09-26 14:17:22 +02:00
fi
2014-09-27 14:47:23 +02:00
else
echo 'WARNING: No freeDNS subdomain code given for wiki installation. It is assumed that you are using some other dynamic DNS provider.'
2014-09-26 14:17:22 +02:00
fi
# add some post-install instructions
if ! grep -q "Once you have set up the wiki" /home/$MY_USERNAME /README; then
echo '' >> /home/$MY_USERNAME /README
2014-10-02 20:32:12 +02:00
echo '' >> /home/$MY_USERNAME /README
echo 'Wiki' >> /home/$MY_USERNAME /README
echo '====' >> /home/$MY_USERNAME /README
2014-09-26 14:17:22 +02:00
echo 'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo " rm /var/www/ $WIKI_DOMAIN_NAME /htdocs/install.php " >> /home/$MY_USERNAME /README
2014-09-27 18:20:17 +02:00
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
2014-09-26 14:17:22 +02:00
fi
echo 'install_wiki' >> $COMPLETION_FILE
}
2014-10-11 20:22:10 +02:00
function get_blog_admin_password {
if [ -f /home/$MY_USERNAME /README ] ; then
if grep -q "Your blog password is" /home/$MY_USERNAME /README; then
FULLBLOG_ADMIN_PASSWORD = $( cat /home/$MY_USERNAME /README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//' )
fi
fi
}
2014-09-26 14:17:22 +02:00
function install_blog {
2014-09-27 18:59:35 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_MAILBOX " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " ] ] ; then
2014-09-26 14:17:22 +02:00
return
fi
if grep -Fxq "install_blog" $COMPLETION_FILE ; then
return
fi
2014-10-11 18:33:50 +02:00
if [ ! $FULLBLOG_DOMAIN_NAME ] ; then
2014-10-11 16:50:42 +02:00
return
2014-10-11 13:07:05 +02:00
fi
2014-10-11 18:33:50 +02:00
if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ] ; then
mkdir /var/www/$FULLBLOG_DOMAIN_NAME
2014-10-11 13:07:05 +02:00
fi
2014-10-11 18:33:50 +02:00
cd /var/www/$FULLBLOG_DOMAIN_NAME
2014-10-11 13:07:05 +02:00
git clone https://github.com/danpros/htmly htdocs
2014-10-11 18:33:50 +02:00
if [ ! -f /etc/ssl/private/$FULLBLOG_DOMAIN_NAME .key ] ; then
makecert $FULLBLOG_DOMAIN_NAME
fi
echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " root /var/www/ $FULLBLOG_DOMAIN_NAME /htdocs; " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " server_name $FULLBLOG_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " error_log /var/www/ $FULLBLOG_DOMAIN_NAME /error.log; " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " root /var/www/ $FULLBLOG_DOMAIN_NAME /htdocs; " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " server_name $FULLBLOG_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " error_log /var/www/ $FULLBLOG_DOMAIN_NAME /error_ssl.log; " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/ $FULLBLOG_DOMAIN_NAME .crt; " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/ $FULLBLOG_DOMAIN_NAME .key; " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/ $FULLBLOG_DOMAIN_NAME .dhparam; " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS ; # not possible to do exclusive " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_ciphers ' $SSL_CIPHERS '; " >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 19:49:12 +02:00
echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-10-11 18:33:50 +02:00
echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
2014-09-26 14:17:22 +02:00
2014-10-11 13:07:05 +02:00
configure_php
2014-10-11 20:22:10 +02:00
# blog settings
2014-10-11 19:51:36 +02:00
cp /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/config.ini
2014-10-11 20:01:26 +02:00
sed -i " s/site.url.*/site.url = 'https:// $FULLBLOG_DOMAIN_NAME '/g " /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/config.ini
2014-10-11 19:51:36 +02:00
sed -i " s/blog.title.*/blog.title = ' $MY_BLOG_TITLE '/g " /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/config.ini
sed -i " s/blog.tagline.*/blog.tagline = ' $MY_BLOG_SUBTITLE '/g " /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/config.ini
sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/config.ini
2014-10-11 20:01:26 +02:00
sed -i " s/Your name/ $MY_NAME /g " /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/config.ini
2014-09-26 18:16:34 +02:00
2014-10-11 20:22:10 +02:00
# create a user password
get_blog_admin_password
if [ ! $FULLBLOG_ADMIN_PASSWORD ] ; then
FULLBLOG_ADMIN_PASSWORD = $( openssl rand -base64 32)
echo '' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo 'HTMLy Blog' >> /home/$MY_USERNAME /README
echo '==========' >> /home/$MY_USERNAME /README
echo " Your blog username: $MY_USERNAME " >> /home/$MY_USERNAME /README
echo " Your blog password is: $FULLBLOG_ADMIN_PASSWORD " >> /home/$MY_USERNAME /README
echo " Log into your blog at https:// $FULLBLOG_DOMAIN_NAME /login " >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
fi
# create a user
cp /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/users/username.ini.example /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/users/$MY_USERNAME .ini
HASHED_BLOG_PASSWORD = $( sha256sum $FULLBLOG_ADMIN_PASSWORD )
sed -i " s/yourpassword/ $HASHED_BLOG_PASSWORD /g " /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/users/$MY_USERNAME .ini
sed -i 's/encryption = clear/encryption = sha256/g' /var/www/$FULLBLOG_DOMAIN_NAME /htdocs/config/users/$MY_USERNAME .ini
2014-10-11 18:33:50 +02:00
nginx_ensite $FULLBLOG_DOMAIN_NAME
2014-10-11 13:07:05 +02:00
service php5-fpm restart
service nginx restart
# update the dynamic DNS
2014-10-11 18:33:50 +02:00
if [ $FULLBLOG_FREEDNS_SUBDOMAIN_CODE ] ; then
if [ [ $FULLBLOG_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ] ] ; then
if ! grep -q " $FULLBLOG_DOMAIN_NAME " /usr/bin/dynamicdns; then
echo " # $FULLBLOG_DOMAIN_NAME " >> /usr/bin/dynamicdns
echo " wget -O - https://freedns.afraid.org/dynamic/update.php? $FULLBLOG_FREEDNS_SUBDOMAIN_CODE == >> /dev/null 2>&1 " >> /usr/bin/dynamicdns
2014-10-11 13:07:05 +02:00
fi
fi
else
echo 'WARNING: No freeDNS subdomain code given for blog installation. It is assumed that you are using some other dynamic DNS provider.'
2014-09-26 20:36:24 +02:00
fi
2014-09-26 14:17:22 +02:00
echo 'install_blog' >> $COMPLETION_FILE
}
2014-09-26 21:41:48 +02:00
function install_gnu_social {
if grep -Fxq "install_gnu_social" $COMPLETION_FILE ; then
return
fi
2014-09-27 18:59:35 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_MAILBOX " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " ] ] ; then
2014-09-26 21:41:48 +02:00
return
fi
2014-09-26 22:18:43 +02:00
if [ ! $MICROBLOG_DOMAIN_NAME ] ; then
2014-09-26 23:48:08 +02:00
return
2014-09-26 22:18:43 +02:00
fi
install_mariadb
2014-09-27 00:44:33 +02:00
get_mariadb_password
2014-10-03 00:13:13 +02:00
repair_databases_script
2014-09-26 22:18:43 +02:00
2014-09-26 23:48:08 +02:00
apt-get -y --force-yes install php-gettext php5-curl php5-gd php5-mysql git
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ] ; then
mkdir /var/www/$MICROBLOG_DOMAIN_NAME
fi
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME /htdocs ] ; then
mkdir /var/www/$MICROBLOG_DOMAIN_NAME /htdocs
fi
2014-09-26 21:41:48 +02:00
2014-09-26 22:30:49 +02:00
if [ ! -f /var/www/$MICROBLOG_DOMAIN_NAME /htdocs/index.php ] ; then
2014-09-26 23:48:08 +02:00
cd $INSTALL_DIR
2014-09-26 22:30:49 +02:00
git clone $MICROBLOG_REPO gnusocial
rm -rf /var/www/$MICROBLOG_DOMAIN_NAME /htdocs
mv gnusocial /var/www/$MICROBLOG_DOMAIN_NAME /htdocs
chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME /htdocs
chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME /htdocs
chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME /htdocs/avatar
chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME /htdocs/background
chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME /htdocs/file
chmod +x /var/www/$MICROBLOG_DOMAIN_NAME /htdocs/scripts/maildaemon.php
fi
2014-09-26 22:18:43 +02:00
2014-09-27 00:44:33 +02:00
get_mariadb_gnusocial_admin_password
2014-09-27 00:19:24 +02:00
if [ ! $MICROBLOG_ADMIN_PASSWORD ] ; then
MICROBLOG_ADMIN_PASSWORD = $( openssl rand -base64 32)
echo '' >> /home/$MY_USERNAME /README
2014-10-02 20:32:12 +02:00
echo '' >> /home/$MY_USERNAME /README
echo 'GNU Social' >> /home/$MY_USERNAME /README
echo '==========' >> /home/$MY_USERNAME /README
2014-09-27 00:19:24 +02:00
echo " Your MariaDB gnusocial admin password is: $MICROBLOG_ADMIN_PASSWORD " >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
fi
echo " create database gnusocial;
CREATE USER 'gnusocialadmin' @'localhost' IDENTIFIED BY '$MICROBLOG_ADMIN_PASSWORD' ;
GRANT ALL PRIVILEGES ON gnusocial.* TO 'gnusocialadmin' @'localhost' ;
quit" > $INSTALL_DIR /batch.sql
chmod 600 $INSTALL_DIR /batch.sql
2014-09-27 10:43:33 +02:00
mysql -u root --password= " $MARIADB_PASSWORD " < $INSTALL_DIR /batch.sql
2014-09-27 00:19:24 +02:00
shred -zu $INSTALL_DIR /batch.sql
2014-09-27 12:01:36 +02:00
if [ ! -f "/etc/aliases" ] ; then
touch /etc/aliases
fi
if grep -q "www-data: root" /etc/aliases; then
echo 'www-data: root' >> /etc/aliases
fi
if grep -q " /var/www/ $MICROBLOG_DOMAIN_NAME /htdocs/scripts/maildaemon.php " /etc/aliases; then
echo " *: /var/www/ $MICROBLOG_DOMAIN_NAME /htdocs/scripts/maildaemon.php " >> /etc/aliases
fi
newaliases
2014-09-27 10:59:02 +02:00
# update the dynamic DNS
2014-09-27 14:40:17 +02:00
if [ $MICROBLOG_FREEDNS_SUBDOMAIN_CODE ] ; then
if [ [ $MICROBLOG_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ] ] ; then
if ! grep -q " $MICROBLOG_DOMAIN_NAME " /usr/bin/dynamicdns; then
echo " # $MICROBLOG_DOMAIN_NAME " >> /usr/bin/dynamicdns
echo " wget -O - https://freedns.afraid.org/dynamic/update.php? $MICROBLOG_FREEDNS_SUBDOMAIN_CODE == >> /dev/null 2>&1 " >> /usr/bin/dynamicdns
fi
2014-09-27 10:59:02 +02:00
fi
2014-09-27 14:47:23 +02:00
else
echo 'WARNING: No freeDNS subdomain code given for microblog. It is assumed that you are using some other dynamic DNS provider.'
2014-09-27 10:59:02 +02:00
fi
2014-09-27 12:33:22 +02:00
echo 'server {' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " server_name $MICROBLOG_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " root /var/www/ $MICROBLOG_DOMAIN_NAME /htdocs; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " error_log /var/www/ $MICROBLOG_DOMAIN_NAME /error.log; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " server_name $MICROBLOG_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-10-05 15:20:00 +02:00
echo " root /var/www/ $MICROBLOG_DOMAIN_NAME /htdocs; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' index index.php index.html index.htm;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' location /index.php {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_buffer_size 128k;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_buffers 4 256k;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_busy_buffers_size 256k;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-09-27 12:33:22 +02:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/ $MICROBLOG_DOMAIN_NAME .crt; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/ $MICROBLOG_DOMAIN_NAME .key; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/ $MICROBLOG_DOMAIN_NAME .dhparam; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-09-27 17:57:32 +02:00
echo " ssl_protocols $SSL_PROTOCOLS ; # not possible to do exclusive " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-09-27 16:05:18 +02:00
echo " ssl_ciphers ' $SSL_CIPHERS '; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-09-27 12:33:22 +02:00
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-09-27 13:01:54 +02:00
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-09-27 12:33:22 +02:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-10-05 15:20:00 +02:00
echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-09-27 12:33:22 +02:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-10-05 15:20:00 +02:00
echo ' location ~* ^/(.*)\.(ico|css|js|gif|png|jpg|bmp|JPG|jpeg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " root /var/www/ $MICROBLOG_DOMAIN_NAME /htdocs; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*)$ /$1 break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' expires max;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-09-27 12:33:22 +02:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-10-05 15:20:00 +02:00
echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-09-27 12:33:22 +02:00
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-10-05 15:20:00 +02:00
echo " access_log /var/www/ $MICROBLOG_DOMAIN_NAME /access_ssl.log; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " error_log /var/www/ $MICROBLOG_DOMAIN_NAME /error_ssl.log; " >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
2014-09-27 12:33:22 +02:00
echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
configure_php
2014-09-27 12:51:09 +02:00
if [ ! -f /etc/ssl/private/$MICROBLOG_DOMAIN_NAME .key ] ; then
makecert $MICROBLOG_DOMAIN_NAME
fi
2014-10-02 23:36:41 +02:00
# Ensure that the database gets backed up locally, if remote
# backups are not being used
backup_databases_script_header
echo '' >> /usr/bin/backupdatabases
echo '# Backup the GNU Social database' >> /usr/bin/backupdatabases
echo 'TEMPFILE=/root/gnusocial.sql' >> /usr/bin/backupdatabases
echo 'DAILYFILE=/var/backups/gnusocial_daily.sql' >> /usr/bin/backupdatabases
2014-10-10 23:19:07 +02:00
echo 'mysqldump --password="$MYSQL_PASSWORD" gnusocial > $TEMPFILE' >> /usr/bin/backupdatabases
2014-10-02 23:36:41 +02:00
echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases
echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
2014-10-10 23:19:07 +02:00
echo ' mysql -u root --password="$MYSQL_PASSWORD" gnusocial -o < $DAILYFILE' >> /usr/bin/backupdatabases
2014-10-02 23:36:41 +02:00
echo '' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the GNU Social database. Attempted to restore from yesterdays backup" | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' else' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the GNU Social database." | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' fi' >> /usr/bin/backupdatabases
echo 'else' >> /usr/bin/backupdatabases
echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
2014-10-02 23:48:58 +02:00
echo '' >> /etc/cron.weekly/backupdatabasesweekly
echo '# GNU Social' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/gnusocial_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/gnusocial_daily.sql /var/backups/gnusocial_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
2014-10-02 23:57:28 +02:00
echo '' >> /etc/cron.monthly/backupdatabasesmonthly
echo '# GNU Social' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/gnusocial_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/gnusocial_monthly.sql /var/backups/gnusocial_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
2014-10-03 00:13:13 +02:00
echo '/usr/bin/repairdatabase gnusocial' >> /etc/cron.hourly/repair
2014-09-27 12:33:22 +02:00
nginx_ensite $MICROBLOG_DOMAIN_NAME
service php5-fpm restart
service nginx restart
2014-09-27 12:16:35 +02:00
# some post-install instructions for the user
if ! grep -q "To set up your microblog" /home/$MY_USERNAME /README; then
echo '' >> /home/$MY_USERNAME /README
2014-10-02 20:32:12 +02:00
echo '' >> /home/$MY_USERNAME /README
echo 'Microblog' >> /home/$MY_USERNAME /README
echo '=========' >> /home/$MY_USERNAME /README
2014-09-27 12:16:35 +02:00
echo "To set up your microblog go to" >> /home/$MY_USERNAME /README
echo " https:// $MICROBLOG_DOMAIN_NAME /install.php " >> /home/$MY_USERNAME /README
echo 'and enter the following settings:' >> /home/$MY_USERNAME /README
echo ' - Set a name for the site' >> /home/$MY_USERNAME /README
echo ' - Server SSL: enable' >> /home/$MY_USERNAME /README
echo ' - Hostname: localhost' >> /home/$MY_USERNAME /README
2014-09-27 13:48:47 +02:00
echo ' - Type: MySql/MariaDB' >> /home/$MY_USERNAME /README
2014-09-27 12:16:35 +02:00
echo ' - Name: gnusocial' >> /home/$MY_USERNAME /README
echo ' - DB username: gnusocialadmin' >> /home/$MY_USERNAME /README
echo " - DB Password; $MICROBLOG_ADMIN_PASSWORD " >> /home/$MY_USERNAME /README
echo " - Administrator nickname: $MY_USERNAME " >> /home/$MY_USERNAME /README
echo " - Administrator password: $MICROBLOG_ADMIN_PASSWORD " >> /home/$MY_USERNAME /README
echo ' - Subscribe to announcements: ticked' >> /home/$MY_USERNAME /README
echo ' - Site profile: Community' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo " Navigate to https:// $MICROBLOG_DOMAIN_NAME and you can then " >> /home/$MY_USERNAME /README
2014-09-27 12:33:22 +02:00
echo 'complete the configuration via the *Admin* section on the header' >> /home/$MY_USERNAME /README
echo 'bar. Some recommended admin settings are:' >> /home/$MY_USERNAME /README
2014-09-27 12:16:35 +02:00
echo '' >> /home/$MY_USERNAME /README
echo 'Under the *Site* settings:' >> /home/$MY_USERNAME /README
echo ' Text limit: 140' >> /home/$MY_USERNAME /README
echo ' Dupe Limit: 60000' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo 'Under the *User* settings:' >> /home/$MY_USERNAME /README
echo ' Bio limit: 1000' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
echo 'Under the *Access* settings:' >> /home/$MY_USERNAME /README
echo ' /Invite only/ ticked' >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
2014-09-27 18:20:17 +02:00
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
2014-09-27 12:16:35 +02:00
fi
2014-09-26 21:41:48 +02:00
echo 'install_gnu_social' >> $COMPLETION_FILE
}
2014-09-26 22:18:43 +02:00
function install_redmatrix {
if grep -Fxq "install_redmatrix" $COMPLETION_FILE ; then
return
fi
2014-09-27 18:59:35 +02:00
if [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_MAILBOX " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_MEDIA " ] ] ; then
2014-09-26 22:18:43 +02:00
return
fi
2014-09-27 10:59:02 +02:00
# if this is exclusively a writer setup
if [ [ $SYSTEM_TYPE = = " $VARIANT_SOCIAL " ] ] ; then
REDMATRIX_DOMAIN_NAME = $DOMAIN_NAME
REDMATRIX_FREEDNS_SUBDOMAIN_CODE = $FREEDNS_SUBDOMAIN_CODE
fi
2014-09-27 14:40:17 +02:00
if [ ! $REDMATRIX_DOMAIN_NAME ] ; then
2014-09-27 14:47:23 +02:00
return
2014-09-27 14:40:17 +02:00
fi
2014-09-26 22:18:43 +02:00
install_mariadb
2014-09-27 14:40:17 +02:00
get_mariadb_password
2014-10-03 00:13:13 +02:00
repair_databases_script
2014-09-26 22:18:43 +02:00
2014-09-27 15:56:47 +02:00
apt-get -y --force-yes install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git git
2014-09-26 23:48:08 +02:00
if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME ] ; then
mkdir /var/www/$REDMATRIX_DOMAIN_NAME
fi
if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME /htdocs ] ; then
mkdir /var/www/$REDMATRIX_DOMAIN_NAME /htdocs
fi
2014-09-26 22:18:43 +02:00
2014-09-27 14:40:17 +02:00
if [ ! -f /var/www/$REDMATRIX_DOMAIN_NAME /htdocs/index.php ] ; then
cd $INSTALL_DIR
git clone $REDMATRIX_REPO redmatrix
rm -rf /var/www/$REDMATRIX_DOMAIN_NAME /htdocs
mv redmatrix /var/www/$REDMATRIX_DOMAIN_NAME /htdocs
chown -R www-data:www-data /var/www/$REDMATRIX_DOMAIN_NAME /htdocs
2014-09-27 14:47:23 +02:00
git clone $REDMATRIX_ADDONS_REPO /var/www/$REDMATRIX_DOMAIN_NAME /htdocs/addon
2014-09-27 14:40:17 +02:00
fi
get_mariadb_redmatrix_admin_password
if [ ! $REDMATRIX_ADMIN_PASSWORD ] ; then
REDMATRIX_ADMIN_PASSWORD = $( openssl rand -base64 32)
echo '' >> /home/$MY_USERNAME /README
2014-10-02 20:32:12 +02:00
echo '' >> /home/$MY_USERNAME /README
echo 'Red Matrix' >> /home/$MY_USERNAME /README
echo '==========' >> /home/$MY_USERNAME /README
2014-09-27 14:40:17 +02:00
echo " Your MariaDB Red Matrix admin password is: $REDMATRIX_ADMIN_PASSWORD " >> /home/$MY_USERNAME /README
echo '' >> /home/$MY_USERNAME /README
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
fi
echo " create database redmatrix;
CREATE USER 'redmatrixadmin' @'localhost' IDENTIFIED BY '$REDMATRIX_ADMIN_PASSWORD' ;
GRANT ALL PRIVILEGES ON redmatrix.* TO 'redmatrixadmin' @'localhost' ;
quit" > $INSTALL_DIR /batch.sql
chmod 600 $INSTALL_DIR /batch.sql
mysql -u root --password= " $MARIADB_PASSWORD " < $INSTALL_DIR /batch.sql
shred -zu $INSTALL_DIR /batch.sql
if ! grep -q " /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs " /etc/crontab; then
echo " 12,22,32,42,52 * * * * root cd /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs; /usr/bin/timeout 240 /usr/bin/php include/poller.php " >> /etc/crontab
fi
2014-09-26 22:18:43 +02:00
2014-09-27 10:59:02 +02:00
# update the dynamic DNS
2014-09-27 14:40:17 +02:00
if [ $REDMATRIX_FREEDNS_SUBDOMAIN_CODE ] ; then
if [ [ $REDMATRIX_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ] ] ; then
if ! grep -q " $REDMATRIX_DOMAIN_NAME " /usr/bin/dynamicdns; then
echo " # $REDMATRIX_DOMAIN_NAME " >> /usr/bin/dynamicdns
echo " wget -O - https://freedns.afraid.org/dynamic/update.php? $REDMATRIX_FREEDNS_SUBDOMAIN_CODE == >> /dev/null 2>&1 " >> /usr/bin/dynamicdns
fi
2014-09-27 10:59:02 +02:00
fi
2014-09-27 14:47:23 +02:00
else
2014-09-27 17:57:32 +02:00
echo 'WARNING: No freeDNS code given for Red Matrix. It is assumed that you are using some other dynamic DNS provider.'
2014-09-27 10:59:02 +02:00
fi
2014-09-27 15:01:37 +02:00
echo 'server {' > /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " server_name $REDMATRIX_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " root /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs; " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " error_log /var/www/ $REDMATRIX_DOMAIN_NAME /error.log; " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " root /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs; " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " server_name $REDMATRIX_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " error_log /var/www/ $REDMATRIX_DOMAIN_NAME /error_ssl.log; " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/ $REDMATRIX_DOMAIN_NAME .crt; " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/ $REDMATRIX_DOMAIN_NAME .key; " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/ $REDMATRIX_DOMAIN_NAME .dhparam; " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
2014-09-27 17:57:32 +02:00
echo " ssl_protocols $SSL_PROTOCOLS ; # not possible to do exclusive " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
2014-09-27 16:05:18 +02:00
echo " ssl_ciphers ' $SSL_CIPHERS '; " >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
2014-09-27 15:01:37 +02:00
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
2014-09-27 17:47:52 +02:00
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
2014-09-27 15:01:37 +02:00
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
configure_php
if [ ! -f /etc/ssl/private/$REDMATRIX_DOMAIN_NAME .key ] ; then
makecert $REDMATRIX_DOMAIN_NAME
fi
2014-09-27 15:56:47 +02:00
if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME /htdocs/view/tpl/smarty3 ] ; then
2014-09-27 23:28:33 +02:00
mkdir /var/www/$REDMATRIX_DOMAIN_NAME /htdocs/view/tpl/smarty3
2014-09-27 15:56:47 +02:00
fi
2014-10-04 16:31:57 +02:00
if [ ! -d " /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs/store/[data] " ] ; then
mkdir " /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs/store/[data] "
2014-09-27 15:56:47 +02:00
fi
2014-10-04 16:31:57 +02:00
if [ ! -d " /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs/store/[data]/smarty3 " ] ; then
mkdir " /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs/store/[data]/smarty3 "
chmod 777 " /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs/store/[data]/smarty3 "
2014-09-27 15:56:47 +02:00
fi
chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME /htdocs/view/tpl
chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME /htdocs/view/tpl/smarty3
2014-10-02 23:32:27 +02:00
# Ensure that the database gets backed up locally, if remote
# backups are not being used
backup_databases_script_header
echo '' >> /usr/bin/backupdatabases
echo '# Backup the Red Matrix database' >> /usr/bin/backupdatabases
echo 'TEMPFILE=/root/redmatrix.sql' >> /usr/bin/backupdatabases
echo 'DAILYFILE=/var/backups/redmatrix_daily.sql' >> /usr/bin/backupdatabases
2014-10-10 23:19:07 +02:00
echo 'mysqldump --password="$MYSQL_PASSWORD" redmatrix > $TEMPFILE' >> /usr/bin/backupdatabases
2014-10-02 23:32:27 +02:00
echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases
echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
2014-10-10 23:19:07 +02:00
echo ' mysql -u root --password="$MYSQL_PASSWORD" redmatrix -o < $DAILYFILE' >> /usr/bin/backupdatabases
2014-10-02 23:32:27 +02:00
echo '' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the Red Matrix database. Attempted to restore from yesterdays backup" | mail -s "Red Matrix backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' else' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the Red Matrix database." | mail -s "Red Matrix backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' fi' >> /usr/bin/backupdatabases
echo 'else' >> /usr/bin/backupdatabases
echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
2014-10-02 23:50:44 +02:00
echo '' >> /etc/cron.weekly/backupdatabasesweekly
echo '# Red Matrix' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/redmatrix_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/redmatrix_weekly.sql /var/backups/redmatrix_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/redmatrix_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/redmatrix_daily.sql /var/backups/redmatrix_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
2014-10-02 23:59:31 +02:00
echo '' >> /etc/cron.monthly/backupdatabasesmonthly
echo '# Red Matrix' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/redmatrix_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/redmatrix_monthly.sql /var/backups/redmatrix_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/redmatrix_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/redmatrix_weekly.sql /var/backups/redmatrix_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
2014-10-03 00:13:13 +02:00
echo '/usr/bin/repairdatabase redmatrix' >> /etc/cron.hourly/repair
2014-09-27 15:01:37 +02:00
nginx_ensite $REDMATRIX_DOMAIN_NAME
service php5-fpm restart
service nginx restart
2014-09-27 14:40:17 +02:00
service cron restart
2014-09-27 18:20:17 +02:00
# some post-install instructions for the user
if ! grep -q "To set up your Red Matrix" /home/$MY_USERNAME /README; then
echo '' >> /home/$MY_USERNAME /README
echo "To set up your Red Matrix site go to" >> /home/$MY_USERNAME /README
echo " https:// $REDMATRIX_DOMAIN_NAME " >> /home/$MY_USERNAME /README
2014-09-27 23:28:33 +02:00
echo 'You will need to have a non self-signed SSL certificate in order' >> /home/$MY_USERNAME /README
echo " to use Red Matrix. Put the public certificate in /etc/ssl/certs/ $REDMATRIX_DOMAIN_NAME .crt " >> /home/$MY_USERNAME /README
echo " and the private certificate in /etc/ssl/private/ $REDMATRIX_DOMAIN_NAME .key. " >> /home/$MY_USERNAME /README
echo 'If there is an intermediate certificate needed (such as with StartSSL) then' >> /home/$MY_USERNAME /README
2014-09-27 18:20:17 +02:00
echo 'this will need to be concatenated onto the end of the crt file, like this:' >> /home/$MY_USERNAME /README
2014-09-27 23:28:33 +02:00
echo '' >> /home/$MY_USERNAME /README
2014-09-27 18:20:17 +02:00
echo " cat /etc/ssl/certs/ $REDMATRIX_DOMAIN_NAME .crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/ $REDMATRIX_DOMAIN_NAME .bundle.crt " >> /home/$MY_USERNAME /README
2014-09-27 23:28:33 +02:00
echo '' >> /home/$MY_USERNAME /README
echo " Then change ssl_certificate to /etc/ssl/certs/ $REDMATRIX_DOMAIN_NAME .bundle.crt " >> /home/$MY_USERNAME /README
echo " within /etc/nginx/sites-available/ $REDMATRIX_DOMAIN_NAME " >> /home/$MY_USERNAME /README
2014-09-27 18:20:17 +02:00
echo '' >> /home/$MY_USERNAME /README
chown $MY_USERNAME :$MY_USERNAME /home/$MY_USERNAME /README
fi
2014-09-26 22:18:43 +02:00
echo 'install_redmatrix' >> $COMPLETION_FILE
}
2014-09-28 20:29:07 +02:00
function script_for_attaching_usb_drive {
if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE ; then
return
fi
echo '#!/bin/bash' > /usr/bin/attach-music
2014-09-28 22:00:51 +02:00
echo " if [ -d $USB_MOUNT ]; then " >> /usr/bin/attach-music
echo " umount $USB_MOUNT " >> /usr/bin/attach-music
2014-09-28 20:29:07 +02:00
echo 'fi' >> /usr/bin/attach-music
2014-09-28 22:00:51 +02:00
echo " if [ ! -d $USB_MOUNT ]; then " >> /usr/bin/attach-music
echo " mkdir $USB_MOUNT " >> /usr/bin/attach-music
2014-09-28 20:29:07 +02:00
echo 'fi' >> /usr/bin/attach-music
2014-09-28 22:00:51 +02:00
echo " mount /dev/sda1 $USB_MOUNT " >> /usr/bin/attach-music
echo " chown root:root $USB_MOUNT " >> /usr/bin/attach-music
echo " chown -R minidlna:minidlna $USB_MOUNT /* " >> /usr/bin/attach-music
2014-09-28 20:29:07 +02:00
echo 'minidlnad -R' >> /usr/bin/attach-music
chmod +x /usr/bin/attach-music
ln -s /usr/bin/attach-music /usr/bin/attach-usb
ln -s /usr/bin/attach-music /usr/bin/attach-videos
ln -s /usr/bin/attach-music /usr/bin/attach-pictures
ln -s /usr/bin/attach-music /usr/bin/attach-media
2014-09-28 21:26:44 +02:00
echo '#!/bin/bash' > /usr/bin/remove-music
2014-09-28 22:00:51 +02:00
echo " if [ -d $USB_MOUNT ]; then " >> /usr/bin/remove-music
echo " umount $USB_MOUNT " >> /usr/bin/remove-music
echo " rm -rf $USB_MOUNT " >> /usr/bin/remove-music
2014-09-28 21:26:44 +02:00
echo 'fi' >> /usr/bin/remove-music
chmod +x /usr/bin/remove-music
ln -s /usr/bin/remove-music /usr/bin/detach-music
ln -s /usr/bin/remove-music /usr/bin/detach-usb
ln -s /usr/bin/remove-music /usr/bin/remove-usb
ln -s /usr/bin/remove-music /usr/bin/detach-media
ln -s /usr/bin/remove-music /usr/bin/remove-media
ln -s /usr/bin/remove-music /usr/bin/detach-videos
ln -s /usr/bin/remove-music /usr/bin/remove-videos
ln -s /usr/bin/remove-music /usr/bin/detach-pictures
ln -s /usr/bin/remove-music /usr/bin/remove-pictures
2014-09-28 20:29:07 +02:00
echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
}
function install_dlna_server {
if grep -Fxq "install_dlna_server" $COMPLETION_FILE ; then
return
fi
if [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_MAILBOX " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " ] ] ; then
return
fi
apt-get -y --force-yes install minidlna
2014-09-29 12:04:49 +02:00
if [ ! -f /etc/minidlna.conf ] ; then
echo " ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE "
exit 55
fi
2014-09-28 20:29:07 +02:00
sed -i " s|media_dir=/var/lib/minidlna|media_dir=A,/home/ $MY_USERNAME /Music|g " /etc/minidlna.conf
if ! grep -q " /home/ $MY_USERNAME /Pictures " /etc/minidlna.conf; then
echo " media_dir=P,/home/ $MY_USERNAME /Pictures " >> /etc/minidlna.conf
fi
if ! grep -q " /home/ $MY_USERNAME /Videos " /etc/minidlna.conf; then
2014-09-28 22:00:51 +02:00
echo " media_dir=V,/home/ $MY_USERNAME /Videos " >> /etc/minidlna.conf
2014-09-28 20:29:07 +02:00
fi
2014-09-28 22:00:51 +02:00
if ! grep -q " $USB_MOUNT /Music " /etc/minidlna.conf; then
echo " media_dir=A, $USB_MOUNT /Music " >> /etc/minidlna.conf
2014-09-28 20:29:07 +02:00
fi
2014-09-28 22:00:51 +02:00
if ! grep -q " $USB_MOUNT /Pictures " /etc/minidlna.conf; then
echo " media_dir=P, $USB_MOUNT /Pictures " >> /etc/minidlna.conf
2014-09-28 20:29:07 +02:00
fi
2014-09-28 22:00:51 +02:00
if ! grep -q " $USB_MOUNT /Videos " /etc/minidlna.conf; then
echo " media_dir=V, $USB_MOUNT /Videos " >> /etc/minidlna.conf
2014-09-28 20:29:07 +02:00
fi
sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
sed -i 's/#friendly_name=/friendly_name="Freedombone Media"/g' /etc/minidlna.conf
sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
service minidlna force-reload
service minidlna reload
echo 'install_dlna_server' >> $COMPLETION_FILE
}
2014-09-28 12:33:41 +02:00
function install_mediagoblin {
2014-09-28 20:29:07 +02:00
# These instructions don't work and need fixing
return
2014-09-28 12:33:41 +02:00
if grep -Fxq "install_mediagoblin" $COMPLETION_FILE ; then
return
fi
if [ [ $SYSTEM_TYPE = = " $VARIANT_CLOUD " || $SYSTEM_TYPE = = " $VARIANT_MAILBOX " || $SYSTEM_TYPE = = " $VARIANT_CHAT " || $SYSTEM_TYPE = = " $VARIANT_WRITER " || $SYSTEM_TYPE = = " $VARIANT_SOCIAL " ] ] ; then
return
fi
# if this is exclusively a writer setup
if [ [ $SYSTEM_TYPE = = " $VARIANT_MEDIA " ] ] ; then
MEDIAGOBLIN_DOMAIN_NAME = $DOMAIN_NAME
MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE = $FREEDNS_SUBDOMAIN_CODE
fi
if [ ! $MEDIAGOBLIN_DOMAIN_NAME ] ; then
return
fi
apt-get -y --force-yes install git-core python python-dev python-lxml python-imaging python-virtualenv
apt-get -y --force-yes install python-gst-1.0 libjpeg8-dev sqlite3 libapache2-mod-fcgid gstreamer1.0-plugins-base gstreamer1.0-plugins-bad gstreamer1.0-plugins-good gstreamer1.0-plugins-ugly gstreamer1.0-libav python-numpy python-scipy libsndfile1-dev
2014-09-28 14:48:28 +02:00
apt-get -y --force-yes install postgresql postgresql-client python-psycopg2 python-pip autotools-dev automake
2014-09-28 12:33:41 +02:00
sudo -u postgres createuser -A -D mediagoblin
sudo -u postgres createdb -E UNICODE -O mediagoblin mediagoblin
adduser --system mediagoblin
MEDIAGOBLIN_DOMAIN_ROOT = " /srv/ $MEDIAGOBLIN_DOMAIN_NAME "
MEDIAGOBLIN_PATH = " $MEDIAGOBLIN_DOMAIN_ROOT /mediagoblin "
2014-09-28 13:55:15 +02:00
MEDIAGOBLIN_PATH_BIN = " $MEDIAGOBLIN_PATH /mediagoblin/bin "
2014-09-28 12:33:41 +02:00
if [ ! -d $MEDIAGOBLIN_DOMAIN_ROOT ] ; then
mkdir -p $MEDIAGOBLIN_DOMAIN_ROOT
fi
cd $MEDIAGOBLIN_DOMAIN_ROOT
2014-09-28 14:48:28 +02:00
chown -hR mediagoblin: $MEDIAGOBLIN_DOMAIN_ROOT
2014-09-28 13:59:02 +02:00
su -c " cd $MEDIAGOBLIN_DOMAIN_ROOT ; git clone git://gitorious.org/mediagoblin/mediagoblin.git " - mediagoblin
2014-09-28 13:21:05 +02:00
su -c " cd $MEDIAGOBLIN_PATH ; git submodule init " - mediagoblin
su -c " cd $MEDIAGOBLIN_PATH ; git submodule update " - mediagoblin
2014-09-28 13:55:15 +02:00
2014-09-28 14:48:28 +02:00
#su -c 'cd $MEDIAGOBLIN_PATH; ./experimental-bootstrap.sh' - mediagoblin
#su -c 'cd $MEDIAGOBLIN_PATH; ./configure' - mediagoblin
#su -c 'cd $MEDIAGOBLIN_PATH; make' - mediagoblin
2014-09-28 13:55:15 +02:00
2014-09-28 14:48:28 +02:00
su -c " cd $MEDIAGOBLIN_PATH ; virtualenv --system-site-packages . " - mediagoblin
su -c " cd $MEDIAGOBLIN_PATH_BIN ; python setup.py develop " - mediagoblin
2014-09-28 13:55:15 +02:00
2014-09-28 12:33:41 +02:00
su -c " cp $MEDIAGOBLIN_PATH /mediagoblin.ini $MEDIAGOBLIN_PATH /mediagoblin_local.ini " - mediagoblin
su -c " cp $MEDIAGOBLIN_PATH /paste.ini $MEDIAGOBLIN_PATH /paste_local.ini " - mediagoblin
# update the dynamic DNS
if [ $MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE ] ; then
if [ [ $MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ] ] ; then
if ! grep -q " $MEDIAGOBLIN_DOMAIN_NAME " /usr/bin/dynamicdns; then
echo " # $MEDIAGOBLIN_DOMAIN_NAME " >> /usr/bin/dynamicdns
echo " wget -O - https://freedns.afraid.org/dynamic/update.php? $MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE == >> /dev/null 2>&1 " >> /usr/bin/dynamicdns
fi
fi
else
echo 'WARNING: No freeDNS subdomain code given for mediagoblin. It is assumed that you are using some other dynamic DNS provider.'
fi
# see https://wiki.mediagoblin.org/Deployment / uwsgi with configs
apt-get -y --force-yes install uwsgi uwsgi-plugin-python nginx-full supervisor
echo 'server {' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' default_type application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' # Gzip' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' gzip_types text/plain text/html application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " server_name $MEDIAGOBLIN_DOMAIN_NAME ; " >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' access_log /var/log/nginx/mg.access.log;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' error_log /var/log/nginx/mg.error.log error;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' #include global/common.conf;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' client_max_body_size 100m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " root $MEDIAGOBLIN_PATH /; " >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
2014-09-28 13:21:05 +02:00
echo " alias $MEDIAGOBLIN_PATH /static/; " >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
2014-09-28 12:33:41 +02:00
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " alias $MEDIAGOBL_PATH /media/public/; " >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' uwsgi_pass unix:///tmp/mg.uwsgi.sock;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' uwsgi_param SCRIPT_NAME "/";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' include uwsgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo 'uwsgi:' > /etc/uwsgi/apps-available/mg.yaml
echo ' uid: mediagoblin' >> /etc/uwsgi/apps-available/mg.yaml
echo ' gid: mediagoblin' >> /etc/uwsgi/apps-available/mg.yaml
echo ' socket: /tmp/mg.uwsgi.sock' >> /etc/uwsgi/apps-available/mg.yaml
echo ' chown-socket: www-data:www-data' >> /etc/uwsgi/apps-available/mg.yaml
echo ' plugins: python' >> /etc/uwsgi/apps-available/mg.yaml
echo " home: $MEDIAGOBLIN_PATH / " >> /etc/uwsgi/apps-available/mg.yaml
echo " chdir: $MEDIAGOBLIN_PATH / " >> /etc/uwsgi/apps-available/mg.yaml
echo " ini-paste: $MEDIAGOBLIN_PATH /paste_local.ini " >> /etc/uwsgi/apps-available/mg.yaml
echo '[program:celery]' > /etc/supervisor/conf.d/mediagoblin.conf
2014-09-28 13:18:02 +02:00
echo " command= $MEDIAGOBLIN_PATH_BIN /celery worker -l debug " >> /etc/supervisor/conf.d/mediagoblin.conf
2014-09-28 12:33:41 +02:00
echo '' >> /etc/supervisor/conf.d/mediagoblin.conf
echo '; Set PYTHONPATH to the directory containing celeryconfig.py' >> /etc/supervisor/conf.d/mediagoblin.conf
echo " environment=PYTHONPATH=' $MEDIAGOBLIN_PATH ',MEDIAGOBLIN_CONFIG=' $MEDIAGOBLIN_PATH /mediagoblin_local.ini',CELERY_CONFIG_MODULE='mediagoblin.init.celery.from_celery' " >> /etc/supervisor/conf.d/mediagoblin.conf
echo '' >> /etc/supervisor/conf.d/mediagoblin.conf
echo " directory= $MEDIAGOBLIN_PATH / " >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'user=mediagoblin' >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'numprocs=1' >> /etc/supervisor/conf.d/mediagoblin.conf
echo '; uncomment below to enable logs saving' >> /etc/supervisor/conf.d/mediagoblin.conf
echo ";stdout_logfile=/var/log/nginx/celeryd_stdout.log" >> /etc/supervisor/conf.d/mediagoblin.conf
echo ";stderr_logfile=/var/log/nginx/celeryd_stderr.log" >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'autostart=true' >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'autorestart=false' >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'startsecs=10' >> /etc/supervisor/conf.d/mediagoblin.conf
echo '' >> /etc/supervisor/conf.d/mediagoblin.conf
echo '; Need to wait for currently executing tasks to finish at shutdown.' >> /etc/supervisor/conf.d/mediagoblin.conf
echo '; Increase this if you have very long running tasks.' >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'stopwaitsecs = 600' >> /etc/supervisor/conf.d/mediagoblin.conf
ln -s /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME /etc/nginx/sites-enabled/
ln -s /etc/uwsgi/apps-available/mg.yaml /etc/uwsgi/apps-enabled/
# change settings
2014-10-10 22:32:46 +02:00
sed -i " s/notice@mediagoblin.example.org/ $MY_EMAIL_ADDRESS /g " $MEDIAGOBLIN_PATH /mediagoblin_local.ini
2014-09-28 13:18:02 +02:00
sed -i 's/email_debug_mode = true/email_debug_mode = false/g' $MEDIAGOBLIN_PATH /mediagoblin_local.ini
sed -i 's|# sql_engine = postgresql:///mediagoblin|sql_engine = postgresql:///mediagoblin|g' $MEDIAGOBLIN_PATH /mediagoblin_local.ini
2014-09-28 12:33:41 +02:00
# add extra media types
2014-09-28 13:18:02 +02:00
if grep -q "media_types.audio" $MEDIAGOBLIN_PATH /mediagoblin_local.ini; then
echo '[[mediagoblin.media_types.audio]]' >> $MEDIAGOBLIN_PATH /mediagoblin_local.ini
fi
if grep -q "media_types.video" $MEDIAGOBLIN_PATH /mediagoblin_local.ini; then
echo '[[mediagoblin.media_types.video]]' >> $MEDIAGOBLIN_PATH /mediagoblin_local.ini
fi
if grep -q "media_types.stl" $MEDIAGOBLIN_PATH /mediagoblin_local.ini; then
echo '[[mediagoblin.media_types.stl]]' >> $MEDIAGOBLIN_PATH /mediagoblin_local.ini
fi
su -c " cd $MEDIAGOBLIN_PATH_BIN ; pip install scikits.audiolab " - mediagoblin
su -c " cd $MEDIAGOBLIN_PATH_BIN ; gmg dbupdate " - mediagoblin
# systemd init scripts
echo '[Unit]' > /etc/systemd/system/gmg.service
echo 'Description=Mediagoblin' >> /etc/systemd/system/gmg.service
echo '' >> /etc/systemd/system/gmg.service
echo '[Service]' >> /etc/systemd/system/gmg.service
echo 'Type=forking' >> /etc/systemd/system/gmg.service
echo 'User=mediagoblin' >> /etc/systemd/system/gmg.service
echo 'Group=mediagoblin' >> /etc/systemd/system/gmg.service
echo '#Environment=CELERY_ALWAYS_EAGER=true' >> /etc/systemd/system/gmg.service
echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/gmg.service
echo " WorkingDirectory= $MEDIAGOBLIN_PATH " >> /etc/systemd/system/gmg.service
echo " ExecStart= $MEDIAGOBLIN_PATH_BIN /paster serve $MEDIAGOBLIN_PATH /paste_local.ini --pid-file=/var/run/mediagoblin/paster.pid --log-file=/var/log/nginx/mediagoblin_paster.log --daemon --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543 " >> /etc/systemd/system/gmg.service
echo " ExecStop= $MEDIAGOBLIN_PATH_BIN /paster serve --pid-file=/var/run/mediagoblin/paster.pid $MEDIAGOBLIN_PATH /paste_local.ini stop " >> /etc/systemd/system/gmg.service
echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/gmg.service
echo '' >> /etc/systemd/system/gmg.service
echo '[Install]' >> /etc/systemd/system/gmg.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gmg.service
echo '[Unit]' > /etc/systemd/system/gmg-celeryd.service
echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/gmg-celeryd.service
echo '' >> /etc/systemd/system/gmg-celeryd.service
echo '[Service]' >> /etc/systemd/system/gmg-celeryd.service
echo 'User=mediagoblin' >> /etc/systemd/system/gmg-celeryd.service
echo 'Group=mediagoblin' >> /etc/systemd/system/gmg-celeryd.service
echo 'Type=simple' >> /etc/systemd/system/gmg-celeryd.service
echo " WorkingDirectory= $MEDIAGOBLIN_PATH " >> /etc/systemd/system/gmg-celeryd.service
echo " Environment='MEDIAGOBLIN_CONFIG= $MEDIAGOBLIN_PATH /mediagoblin_local.ini' CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery " >> /etc/systemd/system/gmg-celeryd.service
echo " ExecStart= $MEDIAGOBLIN_PATH_BIN /celeryd " >> /etc/systemd/system/gmg-celeryd.service
echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/gmg-celeryd.service
echo '' >> /etc/systemd/system/gmg-celeryd.service
echo '[Install]' >> /etc/systemd/system/gmg-celeryd.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gmg-celeryd.service
systemctl start gmg.service
systemctl start gmg-celeryd.service
2014-09-28 12:33:41 +02:00
echo 'install_mediagoblin' >> $COMPLETION_FILE
}
2014-10-10 22:25:58 +02:00
function create_upgrade_script {
if grep -Fxq "create_upgrade_script" $COMPLETION_FILE ; then
return
fi
echo '#!/bin/bash' > /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'apt-get -y update' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'apt-get -y --force-yes upgrade' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
2014-10-11 13:07:05 +02:00
if grep -Fxq "install_redmatrix" $COMPLETION_FILE ; then
2014-10-10 22:25:58 +02:00
echo " cd /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs " >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo " cd /var/www/ $REDMATRIX_DOMAIN_NAME /htdocs/addon " >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
fi
2014-10-11 13:07:05 +02:00
if grep -Fxq "install_gnu_social" $COMPLETION_FILE ; then
2014-10-10 22:25:58 +02:00
echo " cd /var/www/ $MICROBLOG_DOMAIN_NAME /htdocs " >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
fi
2014-10-11 13:07:05 +02:00
if grep -Fxq "install_blog" $COMPLETION_FILE ; then
2014-10-11 19:19:33 +02:00
echo " cd /var/www/ $FULLBLOG_DOMAIN_NAME /htdocs " >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
2014-10-11 13:07:05 +02:00
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
fi
2014-10-10 22:25:58 +02:00
echo 'exit 0' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
chmod +x /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'create_upgrade_script' >> $COMPLETION_FILE
}
2014-10-11 16:12:48 +02:00
function intrusion_detection {
if grep -Fxq "intrusion_detection" $COMPLETION_FILE ; then
return
fi
2014-10-11 16:58:20 +02:00
apt-get -y --force-yes install tripwire
2014-10-11 16:12:48 +02:00
apt-get -y --force-yes autoremove
cd /etc/tripwire
cp site.key $DOMAIN_NAME -site.key
echo ''
echo ''
2014-10-11 17:36:43 +02:00
echo '*** Installing intrusion detection. Press Enter when asked for the local and site passphrases. ***'
2014-10-11 16:12:48 +02:00
echo ''
echo ''
tripwire --init
2014-10-11 16:50:42 +02:00
# make a script for easy resetting of the tripwire
echo '#!/bin/sh' > /usr/bin/reset-tripwire
echo 'tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt' >> /usr/bin/reset-tripwire
chmod +x /usr/bin/reset-tripwire
2014-10-11 16:12:48 +02:00
2014-10-11 17:07:07 +02:00
reset-tripwire
sed -i 's/SYSLOGREPORTING =true/#SYSLOGREPORTING =false/g' /etc/tripwire/twcfg.txt
2014-10-11 18:02:38 +02:00
sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt
2014-10-11 17:07:07 +02:00
reset-tripwire
2014-10-11 16:12:48 +02:00
echo 'intrusion_detection' >> $COMPLETION_FILE
}
2014-09-21 12:14:31 +02:00
function install_final {
if grep -Fxq "install_final" $COMPLETION_FILE ; then
2014-09-23 17:10:46 +02:00
return
2014-09-21 12:14:31 +02:00
fi
2014-09-23 22:31:31 +02:00
# unmount any attached usb drive
2014-09-28 22:00:51 +02:00
if [ -d $USB_MOUNT ] ; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
2014-09-23 22:31:31 +02:00
fi
2014-09-21 12:14:31 +02:00
echo 'install_final' >> $COMPLETION_FILE
echo ''
echo ' *** Freedombone installation is complete. Rebooting... ***'
echo ''
2014-09-26 20:53:10 +02:00
if [ -f " /home/ $MY_USERNAME /README " ] ; then
2014-09-26 23:48:08 +02:00
echo " See /home/ $MY_USERNAME /README for post-installation instructions. "
echo ''
2014-09-26 20:53:10 +02:00
fi
2014-09-21 12:14:31 +02:00
reboot
}
2014-10-04 12:21:43 +02:00
read_configuration
2014-09-20 21:51:50 +02:00
argument_checks
2014-09-29 12:36:34 +02:00
remove_default_user
2014-09-22 10:17:21 +02:00
configure_firewall
configure_firewall_for_ssh
configure_firewall_for_dns
2014-09-22 10:35:25 +02:00
configure_firewall_for_ftp
2014-09-24 18:22:08 +02:00
configure_firewall_for_web_access
2014-09-20 21:52:15 +02:00
remove_proprietary_repos
2014-09-22 15:48:38 +02:00
change_debian_repos
enable_backports
2014-09-21 13:15:25 +02:00
configure_dns
2014-09-20 09:32:52 +02:00
initial_setup
2014-09-29 13:03:00 +02:00
enforce_good_passwords
2014-09-20 09:32:52 +02:00
install_editor
2014-09-21 12:45:57 +02:00
change_login_message
2014-09-20 09:32:52 +02:00
update_the_kernel
enable_zram
2014-09-21 00:41:20 +02:00
random_number_generator
2014-09-20 09:32:52 +02:00
set_your_domain_name
time_synchronisation
configure_internet_protocol
2014-09-21 12:22:11 +02:00
configure_ssh
2014-09-30 20:01:07 +02:00
check_hwrng
2014-09-23 19:52:24 +02:00
search_for_attached_usb_drive
2014-09-21 12:22:11 +02:00
regenerate_ssh_keys
2014-09-20 09:32:52 +02:00
script_to_make_self_signed_certificates
2014-10-10 22:25:58 +02:00
create_upgrade_script
2014-09-20 09:32:52 +02:00
configure_email
2014-09-30 22:51:29 +02:00
create_procmail
2014-09-23 22:41:45 +02:00
#spam_filtering
2014-09-20 20:12:33 +02:00
configure_imap
2014-09-20 20:34:21 +02:00
configure_gpg
2014-09-30 16:38:02 +02:00
encrypt_incoming_email
2014-10-02 00:49:10 +02:00
#encrypt_outgoing_email
2014-09-20 20:55:20 +02:00
email_client
2014-09-22 10:35:25 +02:00
configure_firewall_for_email
2014-09-20 21:43:32 +02:00
folders_for_mailing_lists
folders_for_email_addresses
2014-09-23 12:50:40 +02:00
dynamic_dns_freedns
2014-10-01 13:32:34 +02:00
create_public_mailing_list
2014-09-24 18:07:17 +02:00
#create_private_mailing_list
2014-10-03 12:40:51 +02:00
encrypt_all_email
2014-09-23 19:11:22 +02:00
import_email
2014-09-28 19:59:06 +02:00
script_for_attaching_usb_drive
2014-09-24 18:17:04 +02:00
install_web_server
2014-09-24 18:22:08 +02:00
configure_firewall_for_web_server
2014-09-24 20:05:40 +02:00
install_owncloud
2014-09-25 15:06:33 +02:00
install_xmpp
configure_firewall_for_xmpp
2014-09-25 17:22:27 +02:00
install_irc_server
configure_firewall_for_irc
2014-09-26 14:17:22 +02:00
install_wiki
2014-09-26 15:16:08 +02:00
install_blog
2014-09-26 21:41:48 +02:00
install_gnu_social
2014-09-26 22:18:43 +02:00
install_redmatrix
2014-09-28 17:29:39 +02:00
install_dlna_server
2014-09-27 19:59:57 +02:00
install_mediagoblin
2014-10-02 14:42:03 +02:00
create_backup_script
create_restore_script
2014-10-02 14:22:30 +02:00
backup_to_friends_servers
2014-10-02 22:13:59 +02:00
restore_from_friend
2014-10-11 16:12:48 +02:00
intrusion_detection
2014-09-21 12:14:31 +02:00
install_final
2014-09-21 12:06:08 +02:00
echo 'Freedombone installation is complete'
2014-09-23 23:07:35 +02:00
exit 0