This commit is contained in:
Bob Mottram 2018-01-22 18:51:01 +00:00
commit 079fb21212
30 changed files with 501 additions and 207 deletions

View File

@ -49,8 +49,8 @@ Search for and install Plumble.
Press the plus button to add a Mumble server.
Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the *About* screen of the *Administrator control panel*, your username (which can also be anything) and the mumble password which can be found in the *Passwords* section of the *Administrator control panel*.
Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the *About* screen of the *Administrator control panel*, your username (which can also be anything) and the mumble password which can be found in the *Passwords* section of the *Administrator control panel*. Leave the port number unchanged.
Open the settings. Select General, then Connect via Tor. This will provide better protection, making it more difficult for adversaries to know who is talking to who.
Open the settings. Select *General*, then *Connect via Tor*. This will provide better protection, making it more difficult for adversaries to know who is talking to who. If connecting through Tor is unreliable and causes crashes then unselect *Connect via Tor* on the *General settings* and then just use your ordinary domain name.
Selecting the server by pressing on it then connects you to the server so that you can chat with other connected users.

View File

@ -39,5 +39,5 @@ It may seem like a good idea and it may seem like you're doing a service to the
#+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
#+END_CENTER

View File

@ -153,5 +153,5 @@ man freedombone-image
#+end_src
#+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion
#+END_CENTER

View File

@ -42,5 +42,5 @@ If you find bugs, or want to add a new app to this system see the [[./devguide.h
Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/current][available here]].
#+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
#+END_CENTER

View File

@ -35,5 +35,5 @@ Systems only need to be within wifi range of each other for the mesh to be creat
Like [[https://libremesh.org][LibreMesh]], this system uses a combination of [[https://en.wikipedia.org/wiki/B.A.T.M.A.N.][batman-adv]] on network layer 2 and [[http://bmx6.net][BMX]] on layer 3. Routing protocols [[http://www.olsr.org][OLSR2]] and [[https://www.irif.fr/~jch/software/babel][Babel]] are also selectable.
#+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion
#+END_CENTER

View File

@ -37,7 +37,7 @@ The MultiWriter tool is also available within mesh client images, so that you ca
[[file:images/mesh_netbook.jpg]]
#+END_CENTER
"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size.
"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
#+begin_src bash
sudo apt-get install xz-utils wget

View File

@ -18,13 +18,11 @@
* Contact details
This site can also be accessed via a Tor browser at *http://pazyv7nkllp76hqr.onion*
This site can also be accessed via a Tor browser at *http://7ec7btgr6m7c5r3h.onion*
*Email:* bob@freedombone.net
*PGP/GPG Key ID:* EA982E38
*PGP/GPG Fingerprint:* D538 1159 CD7A 2F80 2F06 ABA0 0452 CC7C EA98 2E38
*PGP/GPG Fingerprint:* 9ABB82C00ABF39F82680487DCC2536191FA7C33F
*XMPP:* bob@freedombone.net with OMEMO or OTR

View File

@ -228,14 +228,21 @@ function backup_local_ghost {
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi
ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
if [ -d $ghost_path ]; then
suspend_site ${GHOST_DOMAIN_NAME}
systemctl stop ghost
ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
if [ -d $ghost_path ]; then
backup_directory_to_usb $ghost_path ghostcontent
fi
ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
if [ -d $ghost_path ]; then
backup_directory_to_usb $ghost_path ghostcurrent
fi
systemctl start ghost
restart_site
fi
}
function restore_local_ghost {
@ -254,12 +261,31 @@ function restore_local_ghost {
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
fi
chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content
rm -rf $temp_restore_dir
fi
temp_restore_dir=/root/tempghostcurrent
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir ghostcurrent
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
fi
chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
rm -rf $temp_restore_dir
fi
systemctl start ghost
restart_site
fi
@ -271,15 +297,27 @@ function backup_remote_ghost {
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi
suspend_site ${GHOST_DOMAIN_NAME}
temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
if [ -d $temp_backup_dir ]; then
suspend_site ${GHOST_DOMAIN_NAME}
backup_directory_to_friend $temp_backup_dir ghostcontent
restart_site
else
restart_site
echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
exit 2578
fi
temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
if [ -d $temp_backup_dir ]; then
backup_directory_to_friend $temp_backup_dir ghostcurrent
else
restart_site
echo $"Ghost domain specified but not found in $temp_backup_dir"
exit 78353
fi
restart_site
}
function restore_remote_ghost {
@ -298,12 +336,31 @@ function restore_remote_ghost {
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
fi
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
rm -rf $temp_restore_dir
fi
temp_restore_dir=/root/tempghostcurrent
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir ghostcurrent
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
fi
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
rm -rf $temp_restore_dir
fi
systemctl start ghost
restart_site
}

View File

@ -39,7 +39,7 @@ KOEL_CODE=
KOEL_ONION_PORT=8118
KOEL_PORT=9002
KOEL_REPO="https://github.com/phanan/koel"
KOEL_COMMIT='70464a'
KOEL_COMMIT='8e9b021aa09f2b1460977bdd52fff14ea2bc1607'
KOEL_ADMIN_PASSWORD=
koel_variables=(ONION_ONLY

View File

@ -163,11 +163,22 @@ function restore_local_lychee {
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi
if [ $LYCHEE_DOMAIN_NAME ]; then
suspend_site ${LYCHEE_DOMAIN_NAME}
function_check lychee_create_database
lychee_create_database
function_check restore_database
restore_database lychee ${LYCHEE_DOMAIN_NAME}
if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
MARIADB_PASSWORD=
fi
restart_site
chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
fi
}
@ -195,12 +206,21 @@ function restore_remote_lychee {
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi
suspend_site ${LYCHEE_DOMAIN_NAME}
function_check restore_database_from_friend
function_check lychee_create_database
lychee_create_database
restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME}
if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
MARIADB_PASSWORD=
fi
restart_site
chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
}

View File

@ -43,6 +43,7 @@ MUMBLE_DATABASE="mumble-server.sqlite"
MUMBLE_CONFIG_FILE="mumble-server.ini"
mumble_variables=(MY_USERNAME
DEFAULT_DOMAIN_NAME
MUMBLE_PORT
ONION_ONLY
ADMIN_USERNAME)
@ -84,6 +85,21 @@ function upgrade_mumble {
if [ -d /etc/letsencrypt ]; then
usermod -a -G ssl-cert mumble-server
fi
if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
systemctl restart mumble
fi
else
if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
usermod -a -G ssl-cert mumble-server
sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
systemctl restart mumble
fi
fi
}
function backup_local_mumble {
@ -242,7 +258,7 @@ function install_mumble {
if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
fi
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
fi
@ -265,7 +281,7 @@ function install_mumble {
# Make an ssl cert for the server
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
function_check check_certificates
@ -307,12 +323,12 @@ function install_mumble {
echo 'allowping=False' >> /etc/mumble-server.ini
fi
sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
else
sed -i "s|#sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
sed -i "s|#sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
sed -i "s|#sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
sed -i "s|#sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
fi
sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
sed -i 's|users=100|users=10|g' /etc/mumble-server.ini

View File

@ -58,6 +58,8 @@ PLEROMA_TITLE='Pleroma Server'
# Number of months after which posts expire
PLEROMA_EXPIRE_MONTHS=3
pleroma_expire_posts_script=/usr/bin/pleroma-expire-posts
blocking_script_file=/usr/bin/pleroma-blocking
pleroma_variables=(ONION_ONLY
PLEROMA_DOMAIN_NAME
@ -70,6 +72,81 @@ pleroma_variables=(ONION_ONLY
MY_EMAIL_ADDRESS
MY_USERNAME)
function create_pleroma_blocklist {
echo '#!/bin/bash' > $blocking_script_file
echo "if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then" >> $blocking_script_file
echo ' exit 0' >> $blocking_script_file
echo 'fi' >> $blocking_script_file
echo 'cd /etc/postgresql' >> $blocking_script_file
echo 'while read blocked; do' >> $blocking_script_file
echo ' if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
echo ' if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
echo " sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
echo " sudo -u postgres psql -d pleroma -c \"DELETE FROM users WHERE nickname ilike '%\${blocked}%'\"" >> $blocking_script_file
echo ' if [[ "$blocked" != *"@"* ]]; then' >> $blocking_script_file
echo " sudo -u postgres psql -d pleroma -c \"DELETE FROM websub_server_subscriptions WHERE callback like '%\${blocked}%'\"" >> $blocking_script_file
echo ' fi' >> $blocking_script_file
echo ' fi' >> $blocking_script_file
echo ' fi' >> $blocking_script_file
echo "done </root/${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file
chmod +x $blocking_script_file
if ! grep -q "$blocking_script_file" /etc/crontab; then
echo "*/2 * * * * root $blocking_script_file > /dev/null" >> /etc/crontab
fi
}
function expire_pleroma_posts {
domain_name=$1
expire_months=$3
if [ ! $expire_months ]; then
expire_months=3
fi
expire_days=$((expire_months * 30))
# files are what take up most of the backup time, so don't keep them for very long
expire_days_files=7
# To prevent the database size from growing endlessly this script expires posts
# after a number of months
if [ ! -d /etc/pleroma ]; then
return
fi
echo '#!/bin/bash' > $pleroma_expire_posts_script
echo "plmonths=\"$PLEROMA_EXPIRE_MONTHS\"" >> $pleroma_expire_posts_script
echo 'if [ ${#plmonths} -eq 0 ]; then' >> $pleroma_expire_posts_script
echo ' exit 1' >> $pleroma_expire_posts_script
echo 'fi' >> $pleroma_expire_posts_script
echo 'if [[ "$plmonths" == "0" ]]; then' >> $pleroma_expire_posts_script
echo ' exit 2' >> $pleroma_expire_posts_script
echo 'fi' >> $pleroma_expire_posts_script
echo 'oldate=$(date +%Y-%m-%d --date="$plmonths months ago")' >> $pleroma_expire_posts_script
echo 'cd /etc/postgresql' >> $pleroma_expire_posts_script
echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
chmod +x $pleroma_expire_posts_script
pleroma_expire_script=/etc/cron.daily/pleroma-expire
echo '#!/bin/bash' > $pleroma_expire_script
echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script
echo "$pleroma_expire_posts_script 2> /dev/null" >> $pleroma_expire_script
chmod +x $pleroma_expire_script
# remove any old cron job
if grep -q "pleroma-expire" /etc/crontab; then
sed -i "/pleroma-expire/d" /etc/crontab
rm /usr/bin/pleroma-expire
fi
# remove old expire script
if [ -f /etc/cron.weekly/clear-pleroma-database ]; then
rm /etc/cron.weekly/clear-pleroma-database
fi
}
function pleroma_recompile {
# necessary after parameter changes
chown -R pleroma:pleroma $PLEROMA_DIR
@ -80,6 +157,7 @@ function pleroma_recompile {
if [ -f /etc/systemd/system/pleroma.service ]; then
systemctl restart pleroma
fi
}
function logging_on_pleroma {
@ -353,6 +431,7 @@ function pleroma_set_title {
function pleroma_set_expire_months {
PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
read_config_param "PLEROMA_DOMAIN_NAME"
read_config_param "PLEROMA_EXPIRE_MONTHS"
data=$(tempfile 2>/dev/null)
@ -378,7 +457,8 @@ function pleroma_set_expire_months {
PLEROMA_EXPIRE_MONTHS=$new_expiry_months
write_config_param "PLEROMA_EXPIRE_MONTHS" "$PLEROMA_EXPIRE_MONTHS"
# TODO
expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
create_pleroma_blocklist
dialog --title $"Set Pleroma post expiry period" \
--msgbox $"Expiry period set to $PLEROMA_EXPIRE_MONTHS months" 6 60
@ -499,6 +579,7 @@ function pleroma_add_emoji {
}
function configure_interactive_pleroma {
read_config_param PLEROMA_DOMAIN_NAME
read_config_param PLEROMA_EXPIRE_MONTHS
while true
do
@ -531,6 +612,16 @@ function configure_interactive_pleroma {
}
function upgrade_pleroma {
read_config_param PLEROMA_DOMAIN_NAME
read_config_param PLEROMA_EXPIRE_MONTHS
if [ ! -f $pleroma_expire_posts_script ]; then
expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
fi
if [ ! -f $blocking_script_file ]; then
create_pleroma_blocklist
fi
CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit")
if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then
return
@ -542,6 +633,9 @@ function upgrade_pleroma {
sudo -u pleroma mix deps.get
pleroma_recompile
expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
create_pleroma_blocklist
}
function backup_local_pleroma {
@ -688,6 +782,7 @@ function remove_pleroma {
remove_completion_param install_pleroma
sed -i '/pleroma domain/d' $COMPLETION_FILE
sed -i '/pleroma commit/d' $COMPLETION_FILE
sed -i "/$blocking_script_file/d" /etc/crontab
function_check remove_ddns_domain
remove_ddns_domain $PLEROMA_DOMAIN_NAME
@ -900,6 +995,8 @@ function install_pleroma {
fi
fi
create_pleroma_blocklist
# daemon
echo '[Unit]' > /etc/systemd/system/pleroma.service
echo 'Description=Pleroma social network' >> /etc/systemd/system/pleroma.service

View File

@ -65,6 +65,10 @@ function add_user_riot {
echo '0'
}
function riot_remove_bad_links {
sed -i '/riot.im/d' /var/www/$RIOT_DOMAIN_NAME/htdocs/home.html
}
function install_interactive_riot {
if [[ $ONION_ONLY != "no" ]]; then
RIOT_DOMAIN_NAME='riot.local'
@ -177,6 +181,7 @@ function upgrade_riot {
riot_download
sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE}
riot_remove_bad_links
systemctl restart nginx
}
@ -246,23 +251,25 @@ function install_riot {
riot_download
cd /var/www/$RIOT_DOMAIN_NAME/htdocs
cp config.sample.json config.json
if [[ $ONION_ONLY == 'no' ]]; then
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json
sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," config.json
riot_config_file="config.${RIOT_DOMAIN_NAME}.json"
cp config.sample.json $riot_config_file
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file
sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file
else
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json
sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" config.json
sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," config.json
riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
cp config.sample.json $riot_config_file
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file
sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file
fi
sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file
sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file
sed -i 's|https://piwik.riot.im/||g' $riot_config_file
RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
@ -340,6 +347,7 @@ function install_riot {
function_check add_ddns_domain
add_ddns_domain $RIOT_DOMAIN_NAME
riot_remove_bad_links
chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
systemctl restart nginx

View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -318,14 +318,6 @@ function restore_local_syncthing {
mkdir -p $SYNCTHING_SHARED_DATA
fi
cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
systemctl start syncthing
systemctl start cron
exit 37904
fi
rm -rf ${temp_restore_dir}shared
fi
@ -340,9 +332,17 @@ function restore_local_syncthing {
restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME
if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then
cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/Sync ]; then
mkdir /home/$USERNAME/Sync
fi
if [ -d /root/Sync ]; then
cp -r /root/Sync/* /home/$USERNAME/Sync/
rm -rf /root/Sync
else
cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
fi
fi
if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir}
set_user_permissions
@ -425,7 +425,7 @@ function restore_remote_syncthing {
if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
mkdir -p $SYNCTHING_CONFIG_PATH
fi
cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/
cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/
if [ ! "$?" = "0" ]; then
systemctl start syncthing
systemctl start cron
@ -439,17 +439,11 @@ function restore_remote_syncthing {
temp_restore_dir=/root/tempsyncthingshared
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir syncthingshared
#cp -r $temp_restore_dir/* /
if [ ! -d $SYNCTHING_SHARED_DATA ]; then
mkdir -p $SYNCTHING_SHARED_DATA
fi
cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/
if [ ! "$?" = "0" ]; then
systemctl start syncthing
systemctl start cron
exit 37904
fi
rm -rf $temp_restore_dir
cp -r ${temp_restore_dir}/* $SYNCTHING_SHARED_DATA/
rm -rf ${temp_restore_dir}
fi
if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
@ -466,7 +460,15 @@ function restore_remote_syncthing {
if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then
cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
else
cp -r $temp_restore_dir/* /home/$USERNAME/Sync/
if [ ! -d /home/$USERNAME/Sync ]; then
mkdir /home/$USERNAME/Sync
fi
if [ -d /root/Sync ]; then
cp -r /root/Sync/* /home/$USERNAME/Sync/
rm -rf /root/Sync
else
cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
fi
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir

View File

@ -407,6 +407,25 @@ function upgrade_xmpp {
update_prosody_modules
xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
if grep -q "/etc/ssl/certs/xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
chown prosody:prosody /etc/prosody/xmpp.dhparam
sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if grep -q "/etc/ssl/private/xmpp.key" /etc/prosody/prosody.cfg.lua; then
if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem ]; then
sed -i "s|/etc/ssl/private/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
fi
fi
if grep -q "/etc/ssl/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
sed -i "s|/etc/ssl/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
fi
fi
curr_prosody_filename=$(cat $COMPLETION_FILE | grep "prosody_filename" | awk -F ':' '{print $2}')
if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then
if [ -d ${INSTALL_DIR}/${prosody_filename} ]; then
@ -1051,9 +1070,28 @@ function install_xmpp {
chmod -R 700 /etc/prosody/conf.d
usermod -a -G www-data prosody
# Avoid STIG failures
if [ -f /usr/lib/ssl/private/xmpp.key ]; then
chown root:root /usr/lib/ssl/private/xmpp.key
fi
if [ -f /usr/lib/ssl/certs/xmpp.crt ]; then
chown root:root /usr/lib/ssl/certs/xmpp.crt
fi
if [ -f /usr/lib/ssl/certs/xmpp.dhparam ]; then
chown root:root /usr/lib/ssl/certs/xmpp.dhparam
fi
if [ -d /etc/letsencrypt ]; then
usermod -a -G ssl-cert prosody
fi
if [ -f /etc/ssl/certs/xmpp.dhparam ]; then
cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
chown prosody:prosody /etc/prosody/xmpp.dhparam
sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
apt-mark -q hold prosody
systemctl restart prosody

View File

@ -1326,10 +1326,15 @@ function reset_tripwire {
return
fi
if [ ! -f /etc/tripwire/${HOSTNAME}-local.key ]; then
if [ -f /etc/tripwire/${PROJECT_NAME}-local.key ]; then
mv /etc/tripwire/${PROJECT_NAME}-local.key /etc/tripwire/${HOSTNAME}-local.key
mv /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/${HOSTNAME}-site.key
else
echo $'Error: missing local key'
any_key
return
fi
fi
clear
echo $'Turing off logging...'
${PROJECT_NAME}-logging off
@ -1921,7 +1926,7 @@ function domain_blocking_add {
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Block a domain or user" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the domain name or GNU Social/postActiv nick@domain that you wish to block" 8 60 "" 2>$data
--inputbox $"Enter the domain name or GNU Social/postActiv/Pleroma nick@domain that you wish to block" 8 60 "" 2>$data
sel=$?
case $sel in
0)
@ -1933,7 +1938,7 @@ function domain_blocking_add {
dialog --title $"Block a domain" \
--msgbox $"The domain $blocked_domain has been blocked" 6 40
else
dialog --title $"Block a GNU Social/postActiv nickname" \
dialog --title $"Block a GNU Social/postActiv/Pleroma nickname" \
--msgbox $"$blocked_domain has been blocked" 6 40
fi
fi

View File

@ -547,7 +547,7 @@ if [[ $VARIANT == 'meshclient' || $VARIANT == 'meshusb' ]]; then
fi
if [ ! $IMAGE_SIZE_SPECIFIED ]; then
IMAGE_SIZE=7.9G
IMAGE_SIZE=15.0G
fi
fi

View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -464,6 +464,9 @@ function restore_gpg {
if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then
cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.gnupg ]; then
mkdir /home/$USERNAME/.gnupg
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/
fi
if [ ! "$?" = "0" ]; then
@ -543,6 +546,9 @@ function restore_spamassassin {
if [ -d $temp_restore_dir/home/$USERNAME ]; then
cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.spamassassin ]; then
mkdir /home/$USERNAME/.spamassassin
fi
cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
fi
if [ ! "$?" = "0" ]; then
@ -611,6 +617,9 @@ function restore_user_ssh_keys {
if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.ssh ]; then
mkdir /home/$USERNAME/.ssh
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
fi
if [ ! "$?" = "0" ]; then
@ -644,6 +653,9 @@ function restore_user_config {
if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then
cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.config ]; then
mkdir /home/$USERNAME/.config
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.config/
fi
if [ ! "$?" = "0" ]; then
@ -677,6 +689,9 @@ function restore_user_monkeysphere {
if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.monkeysphere ]; then
mkdir /home/$USERNAME/.monkeysphere
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere
fi
if [ ! "$?" = "0" ]; then
@ -718,6 +733,9 @@ function restore_user_fin {
if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.fin ]; then
mkdir /home/$USERNAME/.fin
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
fi
if [ ! "$?" = "0" ]; then
@ -751,6 +769,9 @@ function restore_user_local {
if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.local ]; then
mkdir /home/$USERNAME/.local
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.local/
fi
if [ ! "$?" = "0" ]; then
@ -837,6 +858,9 @@ function restore_personal_settings {
if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
else
if [ ! -d /home/$USERNAME/personal ]; then
mkdir /home/$USERNAME/personal
fi
cp -r $temp_restore_dir/* /home/$USERNAME/personal/
fi
if [ ! "$?" = "0" ]; then

View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -419,6 +419,9 @@ function restore_gpg {
if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then
cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.gnupg ]; then
mkdir /home/$USERNAME/.gnupg
fi
cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/
fi
if [ ! "$?" = "0" ]; then
@ -488,6 +491,9 @@ function restore_spamassassin {
if [ -d $temp_restore_dir/home/$USERNAME ]; then
cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.spamassassin ]; then
mkdir /home/$USERNAME/.spamassassin
fi
cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
fi
if [ ! "$?" = "0" ]; then
@ -542,6 +548,9 @@ function restore_ssh_keys {
if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.ssh ]; then
mkdir /home/$USERNAME/.ssh
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
fi
if [ ! "$?" = "0" ]; then
@ -573,6 +582,9 @@ function restore_user_config {
if [ -d $temp_restore_dir/home/$USERNAME ]; then
cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.config ]; then
mkdir /home/$USERNAME/.config
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.config/
fi
if [ ! "$?" = "0" ]; then
@ -604,6 +616,9 @@ function restore_user_monkeysphere {
if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.monkeysphere ]; then
mkdir /home/$USERNAME/.monkeysphere
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/
fi
if [ ! "$?" = "0" ]; then
@ -643,6 +658,9 @@ function restore_user_fin {
if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.fin ]; then
mkdir /home/$USERNAME/.fin
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
fi
if [ ! "$?" = "0" ]; then
@ -674,6 +692,9 @@ function restore_user_local {
if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.local ]; then
mkdir /home/$USERNAME/.local
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.local/
fi
if [ ! "$?" = "0" ]; then
@ -754,6 +775,9 @@ function restore_personal_settings {
fi
mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
else
if [ ! -d /home/$USERNAME/personal ]; then
mkdir /home/$USERNAME/personal
fi
cp -r $temp_restore_dir/* /home/$USERNAME/personal/
fi
if [ ! "$?" = "0" ]; then

View File

@ -547,6 +547,9 @@ function firewall_block_domain {
if [ -f /usr/bin/postactiv-firewall ]; then
/usr/bin/postactiv-firewall
fi
if [ -f /usr/bin/pleroma-blocking ]; then
/usr/bin/pleroma-blocking
fi
fi
}

View File

@ -107,12 +107,12 @@ function mesh_protocol_init {
fi
}
function get_ipv4_wlan {
echo $(ip -o -f inet addr show dev "$IFACE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
function get_ipv6_wlan {
echo $(ifconfig ${IFACE} | grep inet6 | awk -F ' ' '{print $2}')
}
function mesh_hotspot_ip_address {
echo $(ip -o -f inet addr show dev "${BRIDGE}" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
echo $(ifconfig ${BRIDGE} | grep inet6 | awk -F ' ' '{print $2}')
}
function global_rate_limit {
@ -368,7 +368,7 @@ function enable_mesh_scuttlebot {
if [ -f /etc/scuttlebot/.ssb/config ]; then
ethernet_connected=$(cat /sys/class/net/eth0/carrier)
if [[ "$ethernet_connected" != "0" ]]; then
sed -i "s|\"host\": .*|\"host\": \"$(get_ipv4_wlan)\",|g" /etc/scuttlebot/.ssb/config
sed -i "s|\"host\": .*|\"host\": \"$(get_ipv6_wlan)\",|g" /etc/scuttlebot/.ssb/config
systemctl restart scuttlebot
else
if [ ! -f /etc/nginx/sites-available/git_ssb ]; then

View File

@ -59,8 +59,8 @@ function configure_ssh {
if ! grep -q 'HostbasedAuthentication' /etc/ssh/sshd_config; then
echo 'HostbasedAuthentication no' >> /etc/ssh/sshd_config
fi
sed 's|#HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
sed 's|HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
sed -i 's|#HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
sed -i 's|HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
sed -i 's|#PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config
sed -i 's|PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config
sed -i 's|#IgnoreRhosts.*|IgnoreRhosts yes|g' /etc/ssh/sshd_config

View File

@ -756,81 +756,85 @@ function configure_firewall_for_web_access {
function update_default_domain {
echo $'Updating default domain'
if [[ $ONION_ONLY == 'no' ]]; then
if [ -d /etc/prosody ]; then
if [ -f /etc/mumble-server.ini ]; then
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
systemctl restart mumble
fi
else
if ! grep -q "${DEFAULT_DOMAIN_NAME}.pem" /etc/mumble-server.ini; then
if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
usermod -a -G ssl-cert mumble-server
sed -i "s|sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
sed -i "s|sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
systemctl restart mumble
fi
fi
fi
if [ -d /etc/prosody ]; then
if [ ! -d /etc/prosody/certs ]; then
mkdir /etc/prosody/certs
fi
cp /etc/ssl/private/xmpp* /etc/prosody/certs
cp /etc/ssl/certs/xmpp* /etc/prosody/certs
if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
usermod -a -G ssl-cert prosody
if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/prosody.cfg.lua; then
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
fi
if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
fi
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
fi
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
fi
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
fi
fi
chown -R prosody:default /etc/prosody
chmod -R 700 /etc/prosody/certs/*
chmod 600 /etc/prosody/prosody.cfg.lua
if [ -d $INSTALL_DIR/prosody-modules ]; then
cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
cp -r $INSTALL_DIR/prosody-modules/* /usr/lib/prosody/modules/
fi
chown -R prosody:prosody /var/lib/prosody/prosody-modules
chown -R prosody:prosody /usr/lib/prosody/modules
systemctl reload prosody
fi
if [ -d /home/znc/.znc ]; then
echo $'znc found'
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
pkill znc
cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem
chown znc:znc /home/znc/.znc/znc.pem
chmod 700 /home/znc/.znc/znc.pem
sed -i "s|CertFile =.*|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/ngircd/ngircd.conf
sed -i "s|CertFile =.*|CertFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/ngircd/ngircd.conf
sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf
sed -i "s|KeyFile =.*|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" /etc/ngircd/ngircd.conf
sed -i "s|KeyFile =.*|KeyFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem" /etc/ngircd/ngircd.conf
echo $'irc certificates updated'
systemctl restart ngircd
@ -839,16 +843,17 @@ function update_default_domain {
fi
if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if [ -d /etc/dovecot ]; then
if ! grep -q "ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
if ! grep -q "ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/dovecot/conf.d/10-ssl.conf; then
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
systemctl restart dovecot
fi
fi
if [ -d /etc/exim4 ]; then
# Unfortunately there doesn't appear to be any other way than copying certs here
cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem /etc/exim4/
chown root:Debian-exim /etc/exim4/*.pem
chmod 640 /etc/exim4/*.pem

View File

@ -3,10 +3,10 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-12-10 Sat 15:19 -->
<!-- 2018-01-21 Sun 11:01 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
<title>&lrm;</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" />
<meta name="description" content="How to use Mumble"
@ -71,6 +71,7 @@
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
@ -188,7 +189,7 @@
@licstart The following is the entire license notice for the
JavaScript code in this tag.
Copyright (C) 2012-2013 Free Software Foundation, Inc.
Copyright (C) 2012-2017 Free Software Foundation, Inc.
The JavaScript code in this tag is free software: you can
redistribute it and/or modify it under the terms of the GNU
@ -251,18 +252,18 @@ for the JavaScript code in this tag.
Mumble is a well known VoIP system originally used for gaming, but which works just as well for any general conference calls or meetings.
</p>
<div id="outline-container-orgb69e7cf" class="outline-2">
<h2 id="orgb69e7cf">Text chat</h2>
<div class="outline-text-2" id="text-orgb69e7cf">
<div id="outline-container-org208d455" class="outline-2">
<h2 id="org208d455">Text chat</h2>
<div class="outline-text-2" id="text-org208d455">
<p>
In addition to voice it is also possible to do text chat via mumble. The security of this is pretty good provided that you do it via Plumble and Orbot on mobile, but compared to other options such as XMPP/Conversations or Tox the security is not as good, since the mumble server currently doesn't support forward secrecy.
</p>
</div>
</div>
<div id="outline-container-orgd3559d7" class="outline-2">
<h2 id="orgd3559d7">Using with Ubuntu</h2>
<div class="outline-text-2" id="text-orgd3559d7">
<div id="outline-container-orge57116e" class="outline-2">
<h2 id="orge57116e">Using with Ubuntu</h2>
<div class="outline-text-2" id="text-orge57116e">
<p>
First ensure that tor is installed. Within a terminal:
</p>
@ -298,9 +299,9 @@ Click on "add new" to add a new server and enter the <b>default domain name</b>
</div>
</div>
<div id="outline-container-org0e1c0da" class="outline-2">
<h2 id="org0e1c0da">Using with Android</h2>
<div class="outline-text-2" id="text-org0e1c0da">
<div id="outline-container-orgb9f0d9d" class="outline-2">
<h2 id="orgb9f0d9d">Using with Android</h2>
<div class="outline-text-2" id="text-orgb9f0d9d">
<p>
Install <a href="https://f-droid.org/">F-Droid</a>
</p>
@ -318,11 +319,11 @@ Press the plus button to add a Mumble server.
</p>
<p>
Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the <b>About</b> screen of the <b>Administrator control panel</b>, your username (which can also be anything) and the mumble password which can be found in the <b>Passwords</b> section of the <b>Administrator control panel</b>.
Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the <b>About</b> screen of the <b>Administrator control panel</b>, your username (which can also be anything) and the mumble password which can be found in the <b>Passwords</b> section of the <b>Administrator control panel</b>. Leave the port number unchanged.
</p>
<p>
Open the settings. Select General, then Connect via Tor. This will provide better protection, making it more difficult for adversaries to know who is talking to who.
Open the settings. Select <b>General</b>, then <b>Connect via Tor</b>. This will provide better protection, making it more difficult for adversaries to know who is talking to who. If connecting through Tor is unreliable and causes crashes then unselect <b>Connect via Tor</b> on the <b>General settings</b> and then just use your ordinary domain name.
</p>
<p>

View File

@ -3,10 +3,10 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-06-27 Tue 13:17 -->
<!-- 2018-01-21 Sun 11:13 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
<title>&lrm;</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" />
<meta name="description" content="Homesteading the Fediverse"
@ -252,54 +252,54 @@ for the JavaScript code in this tag.
Some things you might want to know about the Fediverse:
</p>
<div id="outline-container-orgdcdb846" class="outline-2">
<h2 id="orgdcdb846">Keep the number of users on each server small</h2>
<div class="outline-text-2" id="text-orgdcdb846">
<div id="outline-container-org7ef0ae3" class="outline-2">
<h2 id="org7ef0ae3">Keep the number of users on each server small</h2>
<div class="outline-text-2" id="text-org7ef0ae3">
<p>
The importance of this can't be overstated. Servers with lots of users always eventually have problems where the interests of the users are not the same as the interests of the server administrator. If you are the server administrator, or if there are only a small squad-size group of people on the server, then it's a lot easier to resolve differences and everyone's interests are likely to be similar.
</p>
</div>
</div>
<div id="outline-container-org51ce16d" class="outline-2">
<h2 id="org51ce16d">Drama will happen</h2>
<div class="outline-text-2" id="text-org51ce16d">
<div id="outline-container-orgb78d10c" class="outline-2">
<h2 id="orgb78d10c">Drama will happen</h2>
<div class="outline-text-2" id="text-orgb78d10c">
<p>
It's inevitable in any social network, but fortunately your options for dealing with it are better than they are in the giant proprietary monoliths. In the proprietary world Google or Facebook don't give a damn about the fate of individual users. On a server with a small number of users if you're getting griefed then the administrator is likely to care and be able to do something about it.
</p>
</div>
</div>
<div id="outline-container-org449c739" class="outline-2">
<h2 id="org449c739">Don't be afraid to block</h2>
<div class="outline-text-2" id="text-org449c739">
<div id="outline-container-orgac5dc10" class="outline-2">
<h2 id="orgac5dc10">Don't be afraid to block</h2>
<div class="outline-text-2" id="text-orgac5dc10">
<p>
Especially if other servers are publishing content which may not be legal in your jurisdiction then don't be afraid to use domain or user blocking from the <b>Administrator control panel</b>. The same applies if users on other servers are trying to harass you. Blocking creates politics and drama but <span class="underline">this is a feature not a bug</span>. It allows you to craft your own distinct community and user experience while also existing in the wider federation. It's hard to do this on sites like Twitter or Facebook. Try to keep blocking to a minimum though and avoid doing it for insubstantial reasons. If you have other users on your server then publish the blocked domains list somewhere they can see. That avoids disappointment and enables you to have a discussion about the validity of blocking decisions.
</p>
</div>
</div>
<div id="outline-container-org3692a0e" class="outline-2">
<h2 id="org3692a0e">Network structure maps on to social structure</h2>
<div class="outline-text-2" id="text-org3692a0e">
<div id="outline-container-orgec4f5cf" class="outline-2">
<h2 id="orgec4f5cf">Network structure maps on to social structure</h2>
<div class="outline-text-2" id="text-orgec4f5cf">
<p>
Over time follows and blocking rules come to match the underlying social geography of affinity groups. Blocking will happen and users will move around or start new servers. Drama related to blocking will dissipate.
</p>
</div>
</div>
<div id="outline-container-org05184eb" class="outline-2">
<h2 id="org05184eb">Keep your follows under the Dunbar number</h2>
<div class="outline-text-2" id="text-org05184eb">
<div id="outline-container-org07b0224" class="outline-2">
<h2 id="org07b0224">Keep your follows under the Dunbar number</h2>
<div class="outline-text-2" id="text-org07b0224">
<p>
Keep the number of other users you're following and who are also active to under a couple of hundred. Any more than that and you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will dissolve in a sea of entropy. There are no algorithmic timelines, and even if they're introduced then they create their own problems as an opaque form of censorship. <span class="underline">Real community happens at tribal scale</span>. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true.
</p>
</div>
</div>
<div id="outline-container-orgfbf8e98" class="outline-2">
<h2 id="orgfbf8e98">Avoid big public servers</h2>
<div class="outline-text-2" id="text-orgfbf8e98">
<div id="outline-container-org07a661a" class="outline-2">
<h2 id="org07a661a">Avoid big public servers</h2>
<div class="outline-text-2" id="text-org07a661a">
<p>
It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided.
</p>
@ -308,7 +308,7 @@ It may seem like a good idea and it may seem like you're doing a service to the
<div class="org-center">
<p>
This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
</p>
</div>
</div>

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-12-28 Thu 21:15 -->
<!-- 2018-01-21 Sun 11:15 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -478,7 +478,7 @@ Of course, this is just one way in which you can install the Freedombone system.
<div class="org-center">
<p>
This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>
This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>
</p>
</div>
</div>

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-12-20 Wed 13:53 -->
<!-- 2018-01-21 Sun 11:15 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -299,7 +299,7 @@ Ready made disk images which can be copied onto USB or microSD drives are <a hre
<div class="org-center">
<p>
This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
</p>
</div>
</div>

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2018-01-17 Wed 23:49 -->
<!-- 2018-01-21 Sun 11:15 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -284,7 +284,7 @@ Like <a href="https://libremesh.org">LibreMesh</a>, this system uses a combinati
<div class="org-center">
<p>
This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>
This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>
</p>
</div>
</div>

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-12-29 Fri 23:16 -->
<!-- 2018-01-18 Thu 18:15 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -246,13 +246,13 @@ for the JavaScript code in this tag.
<center><h1>Mesh Network: Images</h1></center>
<div id="outline-container-org92a36a4" class="outline-2">
<h2 id="org92a36a4">Pre-built Disk Images</h2>
<div class="outline-text-2" id="text-org92a36a4">
<div id="outline-container-orgff89f51" class="outline-2">
<h2 id="orgff89f51">Pre-built Disk Images</h2>
<div class="outline-text-2" id="text-orgff89f51">
</div>
<div id="outline-container-orgf74ea4c" class="outline-3">
<h3 id="orgf74ea4c">Writing many images quickly</h3>
<div class="outline-text-3" id="text-orgf74ea4c">
<div id="outline-container-orgd2bd6dc" class="outline-3">
<h3 id="orgd2bd6dc">Writing many images quickly</h3>
<div class="outline-text-3" id="text-orgd2bd6dc">
<p>
There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>.
</p>
@ -280,9 +280,9 @@ The MultiWriter tool is also available within mesh client images, so that you ca
</p>
</div>
</div>
<div id="outline-container-orgdd8f201" class="outline-3">
<h3 id="orgdd8f201">Client images</h3>
<div class="outline-text-3" id="text-orgdd8f201">
<div id="outline-container-orgaa45ffa" class="outline-3">
<h3 id="orgaa45ffa">Client images</h3>
<div class="outline-text-3" id="text-orgaa45ffa">
<div class="org-center">
<div class="figure">
@ -292,7 +292,7 @@ The MultiWriter tool is also available within mesh client images, so that you ca
</div>
<p>
"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size.
"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
</p>
<div class="org-src-container">
@ -331,16 +331,16 @@ sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-n
</div>
</div>
<div id="outline-container-org231f975" class="outline-3">
<h3 id="org231f975">Router images</h3>
<div class="outline-text-3" id="text-org231f975">
<div id="outline-container-org6ca93ec" class="outline-3">
<h3 id="org6ca93ec">Router images</h3>
<div class="outline-text-3" id="text-org6ca93ec">
<p>
Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
</p>
</div>
<div id="outline-container-orgbe92b46" class="outline-4">
<h4 id="orgbe92b46">Beaglebone Black</h4>
<div class="outline-text-4" id="text-orgbe92b46">
<div id="outline-container-org69b5cfa" class="outline-4">
<h4 id="org69b5cfa">Beaglebone Black</h4>
<div class="outline-text-4" id="text-org69b5cfa">
<div class="org-center">
<div class="figure">
@ -377,9 +377,9 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
</div>
</div>
<div id="outline-container-orgd948176" class="outline-2">
<h2 id="orgd948176">Building Disk Images</h2>
<div class="outline-text-2" id="text-orgd948176">
<div id="outline-container-org6b309a0" class="outline-2">
<h2 id="org6b309a0">Building Disk Images</h2>
<div class="outline-text-2" id="text-org6b309a0">
<p>
It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
</p>

View File

@ -3,10 +3,10 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-06-27 Tue 13:16 -->
<!-- 2018-01-21 Sun 11:14 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
<title>&lrm;</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" />
<meta name="description" content="Turn the Beaglebone Black into a personal communications server"
@ -248,11 +248,11 @@ for the JavaScript code in this tag.
<h1>Support</h1>
</center>
<div id="outline-container-orgb1a7204" class="outline-2">
<h2 id="orgb1a7204">Contact details</h2>
<div class="outline-text-2" id="text-orgb1a7204">
<div id="outline-container-org3dddbf5" class="outline-2">
<h2 id="org3dddbf5">Contact details</h2>
<div class="outline-text-2" id="text-org3dddbf5">
<p>
This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a></b>
This site can also be accessed via a Tor browser at <b><a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a></b>
</p>
<p>
@ -260,11 +260,7 @@ This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkl
</p>
<p>
<b>PGP/GPG Key ID:</b> EA982E38
</p>
<p>
<b>PGP/GPG Fingerprint:</b> D538 1159 CD7A 2F80 2F06 ABA0 0452 CC7C EA98 2E38
<b>PGP/GPG Fingerprint:</b> 9ABB82C00ABF39F82680487DCC2536191FA7C33F
</p>
<p>
@ -277,22 +273,22 @@ This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkl
</div>
</div>
<div id="outline-container-orga7a8570" class="outline-2">
<h2 id="orga7a8570">Things which would be nice to have</h2>
<div class="outline-text-2" id="text-orga7a8570">
<div id="outline-container-org654de23" class="outline-2">
<h2 id="org654de23">Things which would be nice to have</h2>
<div class="outline-text-2" id="text-org654de23">
</div>
<div id="outline-container-orgce3bc4d" class="outline-3">
<h3 id="orgce3bc4d">Ideas</h3>
<div class="outline-text-3" id="text-orgce3bc4d">
<div id="outline-container-org9171145" class="outline-3">
<h3 id="org9171145">Ideas</h3>
<div class="outline-text-3" id="text-org9171145">
<p>
Know of some fabulous web system which could run on Freedombone, but currently doesn't? Contact the above, and be prepared to make a compelling argument for why it should be included.
</p>
</div>
</div>
<div id="outline-container-org1104d91" class="outline-3">
<h3 id="org1104d91">Money</h3>
<div class="outline-text-3" id="text-org1104d91">
<div id="outline-container-org71c7a97" class="outline-3">
<h3 id="org71c7a97">Money</h3>
<div class="outline-text-3" id="text-org71c7a97">
<p>
At the present time this project is not seeking any funding. There is no crowdfunding campaign and no slick marketing video. Those aren't ruled out as future possibilities, but for now they're just not needed.
</p>
@ -303,27 +299,27 @@ If you find this project useful then you may wish to consider donating to <a hre
</div>
</div>
<div id="outline-container-orge4c8d46" class="outline-3">
<h3 id="orge4c8d46">Testing and reporting bugs</h3>
<div class="outline-text-3" id="text-orge4c8d46">
<div id="outline-container-org012655b" class="outline-3">
<h3 id="org012655b">Testing and reporting bugs</h3>
<div class="outline-text-3" id="text-org012655b">
<p>
Testing of the install on different hardware. Also pentesting on test installations to find vulnerabilities.
</p>
</div>
</div>
<div id="outline-container-org3ea4978" class="outline-3">
<h3 id="org3ea4978">Web design and artwork</h3>
<div class="outline-text-3" id="text-org3ea4978">
<div id="outline-container-org2ec5168" class="outline-3">
<h3 id="org2ec5168">Web design and artwork</h3>
<div class="outline-text-3" id="text-org2ec5168">
<p>
A better design for this website would be nice to have. Photos, icons or other artwork are all welcome. I've always liked the cartoon artwork of the <a href="https://www.mediagoblin.org/">Mediagoblin</a> project, and attractive graphics can help to get people initially interested.
</p>
</div>
</div>
<div id="outline-container-orgac92852" class="outline-3">
<h3 id="orgac92852">More education and promotion</h3>
<div class="outline-text-3" id="text-orgac92852">
<div id="outline-container-org76b8351" class="outline-3">
<h3 id="org76b8351">More education and promotion</h3>
<div class="outline-text-3" id="text-org76b8351">
<div class="org-center">
<div class="figure">
@ -341,18 +337,18 @@ Raising awareness beyond the near zero current level, overcoming fear and parano
</div>
</div>
<div id="outline-container-orgf1745de" class="outline-3">
<h3 id="orgf1745de">Translations</h3>
<div class="outline-text-3" id="text-orgf1745de">
<div id="outline-container-org5332549" class="outline-3">
<h3 id="org5332549">Translations</h3>
<div class="outline-text-3" id="text-org5332549">
<p>
To add translations modify the json files within the <b>locale</b> subdirectory. Then make a pull request on the <a href="https://github.com/bashrc/freedombone">Github site</a>.
</p>
</div>
</div>
<div id="outline-container-org6cc7753" class="outline-3">
<h3 id="org6cc7753">Packaging</h3>
<div class="outline-text-3" id="text-org6cc7753">
<div id="outline-container-orgd4e3504" class="outline-3">
<h3 id="orgd4e3504">Packaging</h3>
<div class="outline-text-3" id="text-orgd4e3504">
<p>
Helping to package GNU Social and Hubzilla for Debian would be beneficial.
</p>