This commit is contained in:
Bob Mottram 2017-11-24 13:35:26 +00:00
commit 22c6cf43cf
26 changed files with 867 additions and 131 deletions

View File

@ -53,3 +53,6 @@ Destination: 10 0 8448 [yourmatrixsubdomain]
#+end_src
You may also want to make another entry with the same settings but replacing *tcp* with *udp*.
* Mobile app
If you're using the Riot mobile app to access your Matrix homeserver then you can significantly improve battery performance by going to the settings and changing *Sync request timeout* to 30 seconds and *Delay between two sync requests* to 600 seconds.

View File

@ -35,3 +35,10 @@ Select *Add/Remove Apps* then *pleroma*. You will then be asked for a domain nam
The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
Once you have done that then you can disable further registrations from the *Administrator control panel* by going to *App Settings* then *pleroma* then *Disable new account registrations*. This may take a while because the app gets recompiled afterwards.
* Mastodon user interface
If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to */yourpleromadomainname/web* and log in.
#+BEGIN_CENTER
[[file:images/pleromamastodon.jpg]]
#+END_CENTER

View File

@ -23,7 +23,7 @@ The following apps are available:
<table style="width:80%; border:0">
<tr>
<td><center><b><a href="ssb.apk"><img src="images/ssb.png"/></a></b><br><a href="ssb.apk">Secure Scuttlebutt</a></center></td>
<td><center><b><h3></h3></b><br></center></td>
<td><center><b><a href="trifa.apk"><img src="images/trifa.png"/></a></b><br><a href="trifa.apk">Tox</a></center></td>
</tr>
</table>
</center>

View File

@ -82,6 +82,8 @@ Even with free software apps it's not difficult to get into a situation where yo
If you have Syncthing installed then change the settings so that it only syncs when charging and when on wifi. Avoid any apps which might be continuously polling and preventing the device from going into sleep mode when it's not used.
If you're using the Riot mobile app to access a Matrix homeserver then you can significantly improve battery performance by going to the settings and changing *Sync request timeout* to 30 seconds and *Delay between two sync requests* to 600 seconds.
* Blocking bad domains
You can block known bad domains by editing the */system/etc/hosts* file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better.

Binary file not shown.

Binary file not shown.

Before

Width:  |  Height:  |  Size: 66 KiB

After

Width:  |  Height:  |  Size: 22 KiB

BIN
img/pleromamastodon.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 75 KiB

BIN
img/trifa.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 12 KiB

View File

@ -218,7 +218,7 @@ function add_cert_letsencrypt {
fi
if [ ! -f /usr/bin/certbot ]; then
apt-get -yq install certbot
apt-get -yq -t stretch-backports install certbot
groupadd ssl-cert
if [ ! -f /usr/bin/certbot ]; then
echo $'LetsEncrypt certbot failed to install'

View File

@ -51,7 +51,7 @@ MATRIX_PORT=8009
MATRIX_FEDERATION_ONION_PORT=8111
MATRIX_ONION_PORT=8109
MATRIX_REPO="https://github.com/matrix-org/synapse"
MATRIX_COMMIT='77ea8cbdd7202d75538623c79b3d33119221d02b'
MATRIX_COMMIT='552f123bea1014680ab798b7e34cd1b23424a189'
REPORT_STATS="no"
MATRIX_SECRET=
MATRIX_EXPIRE_MONTHS=1
@ -409,6 +409,7 @@ function upgrade_matrix {
chown -R matrix:matrix $MATRIX_DATA_DIR
pip install --upgrade --force "pynacl==0.3.0"
pip install --upgrade --force "phonenumbers>=8.2.0"
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
@ -755,6 +756,7 @@ function install_matrix {
pip install --upgrade pip
pip install --upgrade python-ldap
pip install --upgrade lxml
pip install --upgrade --force "phonenumbers>=8.2.0"
function_check matrix_nginx
matrix_nginx

View File

@ -39,7 +39,7 @@ PLEROMA_CODE=
PLEROMA_PORT=4000
PLEROMA_ONION_PORT=8011
PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
PLEROMA_COMMIT='7252f6b054dfdfac1f9bac77c442c5a1ebd898af'
PLEROMA_COMMIT='5fc6e9d467f69af155627cccaa27616fe7ffc61f'
PLEROMA_ADMIN_PASSWORD=
PLEROMA_DIR=/etc/pleroma
PLEROMA_SECRET_KEY=""
@ -64,6 +64,7 @@ pleroma_variables=(ONION_ONLY
function pleroma_recompile {
# necessary after parameter changes
chown -R pleroma:pleroma $PLEROMA_DIR
sudo -u pleroma mix clean
sudo -u pleroma mix deps.compile
sudo -u pleroma mix compile
@ -208,7 +209,7 @@ function pleroma_create_database {
run_system_query_postgresql "GRANT ALL ON ALL tables IN SCHEMA public TO pleroma;"
run_system_query_postgresql "GRANT ALL ON ALL sequences IN SCHEMA public TO pleroma;"
run_system_query_postgresql "CREATE EXTENSION citext;"
run_system_query_postgresql "set statement_timeout to 20000;"
run_system_query_postgresql "set statement_timeout to 40000;"
read_config_param "PLEROMA_SECRET_KEY"
if [ ${#PLEROMA_SECRET_KEY} -lt 64 ]; then
@ -520,6 +521,8 @@ function upgrade_pleroma {
function_check set_repo_commit
set_repo_commit $PLEROMA_DIR "pleroma commit" "$PLEROMA_COMMIT" $PLEROMA_REPO
chown -R pleroma:pleroma $PLEROMA_DIR
sudo -u pleroma mix deps.get
pleroma_recompile
}
@ -639,7 +642,7 @@ function remove_pleroma {
rm /etc/systemd/system/pleroma.service
userdel pleroma
apt-get -yq remove esl-erlang elixir erlang-xmerl erlang-dev erlang-parsetools
#apt-get -yq remove esl-erlang elixir erlang-xmerl erlang-dev erlang-parsetools
function_check remove_nodejs
remove_nodejs pleroma-backend
@ -865,6 +868,19 @@ function install_pleroma {
set_completion_param "pleroma domain" "$PLEROMA_DOMAIN_NAME"
# We need to set up the url option again because it somehow gets
# lost during mix compile
pleroma_secret=$PLEROMA_DIR/config/dev.secret.exs
if ! grep -q 'watchers: [],' $pleroma_secret; then
sed -i 's|watchers: []|watchers: [],|g' $pleroma_secret
fi
if ! grep -q 'url:' $pleroma_secret; then
if [[ $ONION_ONLY == 'no' ]]; then
sed -i "/watchers: []/a url: [host: \"$PLEROMA_DOMAIN_NAME\", scheme: \"https\", port: 443]" $pleroma_secret
else
sed -i "/watchers: []/a url: [host: \"$PLEROMA_ONION_HOSTNAME\", scheme: \"http\", port: 80]" $pleroma_secret
fi
fi
# daemon
echo '[Unit]' > /etc/systemd/system/pleroma.service

View File

@ -33,9 +33,9 @@ VARIANTS='full full-vim chat'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
RIOT_VERSION='0.12.2'
RIOT_VERSION='0.13.0'
RIOT_FILENAME="riot-v${RIOT_VERSION}"
RIOT_HASH='d0de730cb3e688040ba5c23680a676dabc94386830582842a4728767ed6dcd7f'
RIOT_HASH='b65535c4c3bfe6407b491f55df238847884ab83a9d5cbdd1f8b4d6e31cbb5870'
RIOT_DOWNLOAD_URL="https://github.com/vector-im/riot-web/releases/download/v${RIOT_VERSION}"
RIOT_ONION_PORT=8115
RIOT_ONION_HOSTNAME=

376
src/freedombone-app-smilodon Executable file
View File

@ -0,0 +1,376 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Smilodon ActivityPub app
#
# License
# =======
#
# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim social'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
SHOW_ICANN_ADDRESS_ON_ABOUT=0
SMILODON_REPO="https://github.com/bashrc/smilodon"
SMILODON_COMMIT='e17dad10f9d4c00516b9c93a587e4298b3639af3'
SMILODON_ADMIN_PASSWORD=
SMILODON_ONION_PORT=8054
SMILODON_PATH=/etc/smilodon
SMILODON_SECRET_KEY=
smilodon_variables=(SMILODON_REPO
SMILODON_ADMIN_PASSWORD
USB_MOUNT
SMILODON_SECRET_KEY
MY_EMAIL_ADDRESS
MY_USERNAME)
function logging_on_smilodon {
echo -n ''
}
function logging_off_smilodon {
echo -n ''
}
function remove_user_smilodon {
remove_username="$1"
}
function add_user_smilodon {
new_username="$1"
new_user_password="$2"
echo '0'
}
function install_interactive_smilodon {
echo -n ''
APP_INSTALLED=1
}
function change_password_smilodon {
curr_username="$1"
new_user_password="$2"
#${PROJECT_NAME}-pass -u "$curr_username" -a smilodon -p "$new_user_password"
}
function smilodon_create_database {
if [ ! $SMILODON_ADMIN_PASSWORD ]; then
return
fi
function_check create_database_mongodb
create_database_mongodb smilodon "$SMILODON_ADMIN_PASSWORD" smilodon
}
function reconfigure_smilodon {
echo -n ''
}
function upgrade_smilodon {
CURR_SMILODON_COMMIT=$(get_completion_param "smilodon commit")
if [[ "$CURR_SMILODON_COMMIT" == "$SMILODON_COMMIT" ]]; then
return
fi
if [[ $(app_is_installed smilodon) == "1" ]]; then
systemctl stop smilodon
function_check set_repo_commit
set_repo_commit $SMILODON_PATH "smilodon commit" "$SMILODON_COMMIT" $SMILODON_REPO
chown -R smilodon:smilodon $SMILODON_PATH
systemctl start smilodon
fi
}
function backup_local_smilodon {
if [ -d $SMILODON_PATH ]; then
systemctl stop smilodon
USE_MONGODB=1
function_check backup_database_to_usb
backup_database_to_usb smilodon
backup_directory_to_usb $SMILODON_PATH smilodon
systemctl start smilodon
fi
}
function restore_local_smilodon {
temp_restore_dir=/root/tempsmilodon
systemctl stop smilodon
function_check smilodon_create_database
smilodon_create_database
USE_MONGODB=1
restore_database smilodon
if [ -d ${SMILODON_PATH} ]; then
if [ -d $temp_restore_dir${SMILODON_PATH} ]; then
if [ -d $temp_restore_dir${SMILODON_PATH} ]; then
rm -rf ${SMILODON_PATH}
mv $temp_restore_dir$SMILODON_PATH ${SMILODON_PATH}/
else
cp -r $temp_restore_dir/* ${SMILODON_PATH}/
fi
if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive
backup_unmount_drive
systemctl start smilodon
exit 528823
fi
chown -R smilodon:smilodon ${SMILODON_PATH}
fi
fi
if [ -d $USB_MOUNT/backup/smilodon ]; then
chown -R smilodon:smilodon ${SMILODON_PATH}
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
fi
systemctl start smilodon
}
function backup_remote_smilodon {
if [ -d $SMILODON_PATH ]; then
function_check suspend_site
suspend_site smilodon
systemctl stop smilodon
USE_MONGODB=1
function_check backup_database_to_friend
backup_database_to_friend smilodon
function_check backup_directory_to_friend
backup_directory_to_friend $SMILODON_PATH smilodon
systemctl start smilodon
function_check restart_site
restart_site
else
echo $"Smilodon domain specified but not found in $SMILODON_PATH"
fi
}
function restore_remote_smilodon {
temp_restore_dir=/root/tempsmilodon
if grep -q "smilodon domain" $COMPLETION_FILE; then
echo $"Restoring smilodon"
systemctl stop smilodon
function_check restore_database_from_friend
function_check smilodon_create_database
smilodon_create_database
USE_MONGODB=1
restore_database_from_friend smilodon
if [ -d $SMILODON_PATH ]; then
if [ -d $temp_restore_dir$SMILODON_PATH ]; then
rm -rf $SMILODON_PATH
mv $temp_restore_dir$SMILODON_PATH ${SMILODON_PATH}/
else
cp -r $temp_restore_dir/* ${SMILODON_PATH}/
fi
if [ ! "$?" = "0" ]; then
systemctl start smilodon
exit 6391643
fi
fi
if [ -d $SERVER_DIRECTORY/backup/smilodon ]; then
chown -R smilodon:smilodon ${SMILODON_PATH}
fi
if [ -d /root/tempsmilodon ]; then
rm -rf /root/tempsmilodon
fi
systemctl start smilodon
echo $"Restore of smilodon complete"
fi
}
function remove_smilodon {
nginx_dissite smilodon
systemctl stop smilodon
systemctl disable smilodon
rm /etc/systemd/system/smilodon.service
function_check remove_onion_service
remove_onion_service smilodon ${SMILODON_ONION_PORT}
if [ -f /etc/nginx/sites-available/smilodon ]; then
rm /etc/nginx/sites-available/smilodon
fi
groupdel -f smilodon
userdel -r smilodon
if [ -d $SMILODON_PATH ]; then
rm -rf $SMILODON_PATH
fi
function_check remove_mongodb_user
remove_mongodb_user smilodon
function_check drop_database_mongodb
drop_database_mongodb smilodon
function_check remove_mongodb
remove_mongodb smilodon
remove_completion_param install_smilodon
sed -i '/smilodon/d' $COMPLETION_FILE
}
function install_smilodon {
apt-get -yq install python3-pip
if [ -d $SMILODON_PATH ]; then
rm -rf $SMILODON_PATH
fi
if [ -d /repos/smilodon ]; then
mkdir $SMILODON_PATH
cp -r -p /repos/smilodon/. $SMILODON_PATH
cd $SMILODON_PATH
git pull
else
function_check git_clone
git_clone $SMILODON_REPO $SMILODON_PATH
fi
if [ ! -d $SMILODON_PATH ]; then
echo $'Could not clone smilodon repo'
exit 6784783
fi
cd $SMILODON_PATH
git checkout $SMILODON_COMMIT -b $SMILODON_COMMIT
set_completion_param "smilodon commit" "$SMILODON_COMMIT"
groupadd smilodon
useradd -c "Smilodon system account" -d $SMILODON_PATH -m -r -g smilodon smilodon
SMILODON_ONION_HOSTNAME=$(add_onion_service smilodon 80 ${SMILODON_ONION_PORT})
if [ ! $SMILODON_SECRET_KEY ]; then
SMILODON_SECRET_KEY="$(create_password 30)$(create_password 30)$(create_password 30)$(create_password 30)"
fi
if [ -f $IMAGE_PASSWORD_FILE ]; then
SMILODON_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
if [ ! $SMILODON_ADMIN_PASSWORD ]; then
SMILODON_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
fi
fi
export smilodon_domain_name=$SMILODON_ONION_HOSTNAME
export secret_key="$SMILODON_SECRET_KEY"
export mongodb_username='smilodon'
export mongodb_password="$SMILODON_ADMIN_PASSWORD"
export smilodon_admin_address=$MY_EMAIL_ADDRESS
export MAIL_SERVER='localhost'
export MAIL_PORT=25
function_check install_mongodb
install_mongodb smilodon
smilodon_create_database
pip3 install -r requirements.txt
if [ ! "$?" = "0" ]; then
echo $'Unable to install smilodon dependencies'
exit 87352835
fi
echo 'server {' > /etc/nginx/sites-available/smilodon
echo " listen 127.0.0.1:${SMILODON_ONION_PORT} default_server;" >> /etc/nginx/sites-available/smilodon
echo " server_name $SMILODON_ONION_HOSTNAME;" >> /etc/nginx/sites-available/smilodon
echo '' >> /etc/nginx/sites-available/smilodon
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/smilodon
echo ' error_log /dev/null;' >> /etc/nginx/sites-available/smilodon
echo '' >> /etc/nginx/sites-available/smilodon
echo ' location / {' >> /etc/nginx/sites-available/smilodon
echo ' proxy_pass http://localhost:5000;' >> /etc/nginx/sites-available/smilodon
echo ' }' >> /etc/nginx/sites-available/smilodon
echo '}' >> /etc/nginx/sites-available/smilodon
nginx_ensite smilodon
systemctl enable mongodb
systemctl restart mongodb
chown -R smilodon:smilodon ${SMILODON_PATH}
echo '#!/bin/bash' > ${SMILODON_PATH}/run_smilodon.sh
echo "cd ${SMILODON_PATH}" >> ${SMILODON_PATH}/run_smilodon.sh
echo "export smilodon_domain_name=$SMILODON_ONION_HOSTNAME" >> ${SMILODON_PATH}/run_smilodon.sh
echo "export secret_key='$SMILODON_SECRET_KEY'" >> ${SMILODON_PATH}/run_smilodon.sh
echo "export mongodb_username='smilodon'" >> ${SMILODON_PATH}/run_smilodon.sh
echo "export mongodb_password='$SMILODON_ADMIN_PASSWORD'" >> ${SMILODON_PATH}/run_smilodon.sh
echo "export smilodon_admin_address=$MY_EMAIL_ADDRESS" >> ${SMILODON_PATH}/run_smilodon.sh
echo "export MAIL_SERVER='localhost'" >> ${SMILODON_PATH}/run_smilodon.sh
echo "export MAIL_PORT=25" >> ${SMILODON_PATH}/run_smilodon.sh
echo "python3 run.py" >> ${SMILODON_PATH}/run_smilodon.sh
chmod +x ${SMILODON_PATH}/run_smilodon.sh
chown smilodon:smilodon ${SMILODON_PATH}/run_smilodon.sh
echo '[Unit]' > /etc/systemd/system/smilodon.service
echo 'Description=Smilodon ActivityPub messenger' >> /etc/systemd/system/smilodon.service
echo 'After=network.target mongodb.service' >> /etc/systemd/system/smilodon.service
echo 'After=tor.service' >> /etc/systemd/system/smilodon.service
echo '' >> /etc/systemd/system/smilodon.service
echo '[Service]' >> /etc/systemd/system/smilodon.service
echo 'User=smilodon' >> /etc/systemd/system/smilodon.service
echo 'Group=smilodon' >> /etc/systemd/system/smilodon.service
echo "WorkingDirectory=${SMILODON_PATH}/" >> /etc/systemd/system/smilodon.service
echo "ExecStart=${SMILODON_PATH}/run_smilodon.sh" >> /etc/systemd/system/smilodon.service
echo 'Restart=on-failure' >> /etc/systemd/system/smilodon.service
echo 'RestartSec=10' >> /etc/systemd/system/smilodon.service
echo '' >> /etc/systemd/system/smilodon.service
echo '[Install]' >> /etc/systemd/system/smilodon.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/smilodon.service
systemctl enable smilodon
systemctl daemon-reload
systemctl start smilodon
systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a smilodon -p "$SMILODON_ADMIN_PASSWORD"
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0

View File

@ -31,6 +31,7 @@
PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
MONGODB_APPS_FILE=$HOME/.mongodbapps
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
ENABLE_BACKUP_VERIFICATION="no"
@ -296,6 +297,9 @@ function backup_configfiles {
if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
fi
if [ -f $MONGODB_APPS_FILE ]; then
cp -f $MONGODB_APPS_FILE $temp_backup_dir
fi
# nginx password hashes
if [ -f /etc/nginx/.htpasswd ]; then
cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd

View File

@ -31,6 +31,7 @@
PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
MONGODB_APPS_FILE=$HOME/.mongodbapps
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
ENABLE_VERIFICATION="no"
@ -142,6 +143,9 @@ function backup_configfiles {
if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
fi
if [ -f $MONGODB_APPS_FILE ]; then
cp -f $MONGODB_APPS_FILE $temp_backup_dir
fi
# nginx password hashes
if [ -f /etc/nginx/.htpasswd ]; then
cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd

View File

@ -685,6 +685,9 @@ initialise_mesh() {
# install tor as a possible way of routing traffic between internet gateways
chroot "$rootdir" apt-get -yq install tor
# dhcp daemon for hotspot on secondary wifi adapter
chroot "$rootdir" apt-get -yq install dnsmasq
configure_firewall
install_avahi
install_batman
@ -1256,7 +1259,7 @@ EOF
chroot "$rootdir" /bin/chown -R ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/help
# Tox user interface
enable_tox_repo
#enable_tox_repo
mesh_tox_qtox
# copy the default qtox ini file
if [ ! -d ${rootdir}/home/${MY_USERNAME}/.config/tox ]; then

View File

@ -101,7 +101,7 @@ function get_ipv4_wlan {
}
function mesh_hotspot_ip_address {
echo $(ip -o -f inet addr show dev "$BRIDGE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
echo $(ip -o -f inet addr show dev "${BRIDGE}" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
}
function global_rate_limit {
@ -122,6 +122,10 @@ function stop {
echo 'error: unable to find wifi interface, not enabling batman-adv mesh'
return
fi
systemctl stop dnsmasq
systemctl disable dnsmasq
if [ "$EIFACE" ]; then
brctl delif $BRIDGE bat0
ifconfig $BRIDGE down || true
@ -280,6 +284,9 @@ function mesh_create_app_downloads_page {
if [ ! -f /var/www/html/ssb.apk ]; then
cp /root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk /var/www/html/ssb.apk
fi
if [ ! -f /var/www/html/trifa.apk ]; then
cp /root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk /var/www/html/trifa.apk
fi
if [ ! -d /var/www/html/images ]; then
mkdir /var/www/html/images
fi
@ -289,6 +296,9 @@ function mesh_create_app_downloads_page {
if [ ! -f /var/www/html/images/ssb.png ]; then
cp /root/$PROJECT_NAME/img/icon_patchwork.png /var/www/html/images/ssb.png
fi
if [ ! -f /var/www/html/images/trifa.png ]; then
cp /root/$PROJECT_NAME/img/trifa.png /var/www/html/images/trifa.png
fi
if [ ! -f /var/www/html/freedombone.css ]; then
cp /root/$PROJECT_NAME/website/freedombone.css /var/www/html/freedombone.css
fi
@ -296,6 +306,8 @@ function mesh_create_app_downloads_page {
}
function start {
update_wifi_adaptors
if [ -z "$IFACE" ] ; then
echo 'error: unable to find wifi interface, not enabling batman-adv mesh'
exit 723657
@ -305,6 +317,9 @@ function start {
systemctl stop network-manager
sleep 5
systemctl stop dnsmasq
systemctl disable dnsmasq
# remove an avahi service which isn't used
if [ -f /etc/avahi/services/udisks.service ]; then
sudo rm /etc/avahi/services/udisks.service
@ -340,6 +355,7 @@ function start {
brctl addbr $BRIDGE
brctl addif $BRIDGE bat0
ifconfig bat0 0.0.0.0
ethernet_connected='0'
if [ "$EIFACE" ] ; then
ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
if [[ "$ethernet_connected" != "0" ]]; then
@ -358,25 +374,43 @@ function start {
if [ $secondary_wifi_available ]; then
sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf
echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
echo "country_code=UK" >> /etc/hostapd/hostapd.conf
echo "ssid=${WIFI_SSID}-$(mesh_hotspot_ip_address)" >> /etc/hostapd/hostapd.conf
echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
echo 'wpa=2' >> /etc/hostapd/hostapd.conf
echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
mesh_hotspot_address=$(mesh_hotspot_ip_address)
if [[ "$mesh_hotspot_address" == *'.'* ]]; then
echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf
echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
echo "country_code=UK" >> /etc/hostapd/hostapd.conf
echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}" >> /etc/hostapd/hostapd.conf
echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
echo 'wpa=2' >> /etc/hostapd/hostapd.conf
echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
sed -i "s|#interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
sed -i "s|interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
sed -i "s|listen-address=.*|listen-address=127.0.0.1,$mesh_hotspot_address|g" /etc/dnsmasq.conf
sed -i 's|#listen-address|listen-address|g' /etc/dnsmasq.conf
systemctl enable dnsmasq
systemctl restart dnsmasq
systemctl enable hostapd
systemctl restart hostapd
mesh_create_app_downloads_page
else
secondary_wifi_available=
echo $'WARNING: No IP address could be obtained for the hotspot'
fi
fi
if [ ! $secondary_wifi_available ]; then
systemctl stop hostapd
systemctl disable hostapd
systemctl enable hostapd
systemctl restart hostapd
mesh_create_app_downloads_page
else
# Recreate the cryptpad symlink
if [ -f /etc/nginx/sites-available/cryptpad ]; then
if [ -L /etc/nginx/sites-enabled/cryptpad ]; then
@ -420,21 +454,22 @@ function start {
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -A INPUT -p udp --dport 8010 -j ACCEPT
iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
# vpn over the internet
iptables -A INPUT -p tcp --dport 653 -j ACCEPT
iptables -A INPUT -p udp --dport 653 -j ACCEPT
iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
if [[ "$ethernet_connected" != "0" ]]; then
# vpn over the internet
iptables -A INPUT -p tcp --dport 653 -j ACCEPT
iptables -A INPUT -p udp --dport 653 -j ACCEPT
iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
fi
systemctl restart avahi-daemon

View File

@ -30,6 +30,7 @@
PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
MONGODB_APPS_FILE=$HOME/.mongodbapps
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
@ -184,6 +185,16 @@ function restore_configfiles {
# fi
#fi
if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
rm -rf $temp_restore_dir
exit 859034853
fi
fi
#if [ -f $CONFIGURATION_FILE ]; then
# # install according to the config file
# freedombone -c $CONFIGURATION_FILE

View File

@ -31,6 +31,7 @@
PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
MONGODB_APPS_FILE=$HOME/.mongodbapps
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
@ -172,6 +173,15 @@ function restore_configfiles {
# fi
#fi
if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
if [ ! "$?" = "0" ]; then
unmount_drive
rm -rf $temp_restore_dir
exit 7835335
fi
fi
#if [ -f $CONFIGURATION_FILE ]; then
# # install according to the config file
# freedombone -c $CONFIGURATION_FILE

View File

@ -93,6 +93,7 @@ if [ -d $PROJECT_DIR ]; then
exit 453536
fi
apt-get -yq -t stretch-backports install certbot
email_install_tls
defrag_filesystem
fi

View File

@ -236,15 +236,29 @@ function backup_database_local_usb {
mkdir -p ${local_database_dir}
fi
echo $"Obtaining ${1} database backup"
if [ ! $USE_POSTGRESQL ]; then
keep_database_running
mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql
else
database_file_extension='sql'
if [ $USE_MONGODB ]; then
database_file_extension='mdb'
USE_POSTGRESQL=
sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.sql
fi
if [ -f ${local_database_dir}/${1}.sql ]; then
if [ ! -s ${local_database_dir}/${1}.sql ]; then
if [ ! $USE_POSTGRESQL ]; then
if [ ! $USE_MONGODB ]; then
USE_MONGODB=
USE_POSTGRESQL=
keep_database_running
mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.${database_file_extension}
else
USE_MONGODB=
USE_POSTGRESQL=
mongodump --db ${1} --archive=${local_database_dir}/${1}.${database_file_extension} --gzip
fi
else
USE_MONGODB=
USE_POSTGRESQL=
sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.${database_file_extension}
fi
if [ -f ${local_database_dir}/${1}.${database_file_extension} ]; then
if [ ! -s ${local_database_dir}/${1}.${database_file_extension} ]; then
echo $"${1} database could not be saved"
shred -zu ${local_database_dir}/*
rm -rf ${local_database_dir}
@ -552,16 +566,30 @@ function backup_database_remote {
fi
echo "Obtaining ${1} database backup"
if [ ! $USE_POSTGRESQL ]; then
keep_database_running
mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql
else
database_file_extension='sql'
if [ $USE_MONGODB ]; then
database_file_extension='mdb'
USE_POSTGRESQL=
sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.sql
fi
if [ ! $USE_POSTGRESQL ]; then
if [ ! $USE_MONGODB ]; then
USE_MONGODB=
USE_POSTGRESQL=
keep_database_running
mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.${database_file_extension}
else
USE_MONGODB=
USE_POSTGRESQL=
mongodump --db ${1} --archive=${local_database_dir}/${1}.${database_file_extension} --gzip
fi
else
USE_MONGODB=
USE_POSTGRESQL=
sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.${database_file_extension}
fi
if [ -f ${local_database_dir}/${1}.sql ]; then
if [ ! -s ${local_database_dir}/${1}.sql ]; then
if [ -f ${local_database_dir}/${1}.${database_file_extension} ]; then
if [ ! -s ${local_database_dir}/${1}.${database_file_extension} ]; then
echo $"${1} database could not be saved"
shred -zu ${local_database_dir}/*
rm -rf ${local_database_dir}
@ -569,7 +597,7 @@ function backup_database_remote {
echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
function_check restart_site
restart_site
exit 5738
exit 57386728
fi
else
echo $"${1} database could not be dumped"
@ -578,7 +606,7 @@ function backup_database_remote {
echo $"Unable to dump ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
function_check restart_site
restart_site
exit 3687
exit 36874289
fi
}
@ -642,33 +670,47 @@ function restore_database_from_friend {
RESTORE_SUBDIR="root"
if [ -d $SERVER_DIRECTORY/backup/${1} ]; then
database_file_extension='sql'
if [ $USE_MONGODB ]; then
database_file_extension='mdb'
USE_POSTGRESQL=
fi
echo $"Restoring ${1} database"
local_database_dir=/root/temp${1}data
restore_directory_from_friend ${local_database_dir} ${1}data
database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.sql
database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension}
if [ ! -f $database_file ]; then
database_file=${local_database_dir}/${restore_app_name}.sql
database_file=${local_database_dir}/${restore_app_name}.${database_file_extension}
fi
if [ ! -f $database_file ]; then
echo $"Unable to restore ${1} database"
rm -rf ${local_database_dir}
exit 503
exit 5289252
fi
if [ ! $USE_POSTGRESQL ]; then
keep_database_running
mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${1} -o < ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
if [ ! $USE_MONGODB ]; then
USE_MONGODB=
USE_POSTGRESQL=
keep_database_running
mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < ${database_file})
else
USE_MONGODB=
USE_POSTGRESQL=
mongorestore --gzip --archive=${database_file} --db ${restore_app_name}
fi
else
USE_MONGODB=
USE_POSTGRESQL=
mysqlsuccess=$(sudo -u postgres pg_restore ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
mysqlsuccess=$(sudo -u postgres pg_restore ${database_file})
fi
if [ ! "$?" = "0" ]; then
echo "$mysqlsuccess"
exit 964
exit 8735271
fi
if [ -d ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data ]; then
shred -zu ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/*
else
shred -zu ${local_database_dir}/*.sql
shred -zu ${local_database_dir}/*.${database_file_extension}
fi
rm -rf ${local_database_dir}
echo $"Restoring ${1} installation"
@ -695,7 +737,7 @@ function restore_database_from_friend {
cp -r $restore_from_dir/* /var/www/${2}/htdocs/
fi
if [ ! "$?" = "0" ]; then
exit 683
exit 78352682
fi
if [ -d /etc/letsencrypt/live/${2} ]; then
ln -s /etc/letsencrypt/live/${2}/privkey.pem /etc/ssl/private/${2}.key
@ -725,9 +767,14 @@ function restore_database {
fi
function_check restore_directory_from_usb
restore_directory_from_usb "${local_database_dir}" "${restore_app_name}data"
database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.sql
database_file_extension='sql'
if [ $USE_MONGODB ]; then
database_file_extension='mdb'
USE_POSTGRESQL=
fi
database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension}
if [ ! -f $database_file ]; then
database_file=${local_database_dir}/${restore_app_name}.sql
database_file=${local_database_dir}/${restore_app_name}.${database_file_extension}
fi
if [ ! -f $database_file ]; then
echo $"Unable to restore ${restore_app_name} database"
@ -736,12 +783,21 @@ function restore_database {
set_user_permissions
function_check backup_unmount_drive
backup_unmount_drive
exit 503
exit 7825235
fi
if [ ! $USE_POSTGRESQL ]; then
keep_database_running
mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file)
if [ ! $USE_MONGODB ]; then
USE_MONGODB=
USE_POSTGRESQL=
keep_database_running
mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file)
else
USE_MONGODB=
USE_POSTGRESQL=
mongorestore --gzip --archive=$database_file --db ${restore_app_name}
fi
else
USE_MONGODB=
USE_POSTGRESQL=
mysqlsuccess=$(sudo -u postgres pg_restore $database_file)
fi
@ -751,12 +807,12 @@ function restore_database {
set_user_permissions
function_check set_user_permissions
backup_unmount_drive
exit 964
exit 482638995
fi
if [ -d ${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data ]; then
shred -zu ${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/*
else
shred -zu ${local_database_dir}/*.sql
shred -zu ${local_database_dir}/*.${database_file_extension}
fi
rm -rf ${local_database_dir}
@ -789,7 +845,7 @@ function restore_database {
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
exit 683
exit 78252429
fi
if [ -d /etc/letsencrypt/live/${restore_app_domain} ]; then
ln -s /etc/letsencrypt/live/${restore_app_domain}/privkey.pem /etc/ssl/private/${restore_app_domain}.key

176
src/freedombone-utils-mongodb Executable file
View File

@ -0,0 +1,176 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# mongodb database functions
#
# License
# =======
#
# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Set this when calling backup and restore commands
USE_MONGODB=
MONGODB_APPS_FILE=$HOME/.mongodbapps
function store_original_mongodb_password {
if [ ! -f /root/.mongodboriginal ]; then
echo $'Storing original mongodb password'
ORIGINAL_MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
# We can store this in plaintext because it will soon be of historical interest only
echo -n "$ORIGINAL_MONGODB_PASSWORD" > /root/.mongodboriginal
fi
}
function get_mongodb_password {
MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
if [[ "$MONGODB_PASSWORD" == *'failed'* ]]; then
echo $'Could not obtain mongodb password'
exit 7835272
fi
}
function install_mongodb {
app_name=$1
if [[ "$(uname -a)" == *"armv7"* ]]; then
echo $'mongodb package is not available for arm 7 architecture'
exit 7356272
fi
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
function_check get_mongodb_password
get_mongodb_password
if [ ! $MONGODB_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
MONGODB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
MONGODB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
fi
fi
${PROJECT_NAME}-pass -u root -a mongodb -p "$MONGODB_PASSWORD"
apt-get -yq install mongodb mongo-tools
apt-get -yq remove --purge apache2-bin*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo $'Removed Apache installation after mongodb install'
fi
if [ ! -d /var/lib/mongodb ]; then
echo $"ERROR: mongodb does not appear to have installed. $CHECK_MESSAGE"
exit 78352
fi
if [ $app_name ]; then
if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
echo "$app_name" >> $MONGODB_APPS_FILE
fi
fi
mark_completed $FUNCNAME
}
function remove_mongodb {
app_name=$1
if [ ! $app_name ]; then
return
fi
removemongo=
if [ -f $MONGODB_APPS_FILE ]; then
sed -i "/$app_name/d" $MONGODB_APPS_FILE
if [ ! -s $MONGODB_APPS_FILE ]; then
removemongo=1
fi
else
removemongo=1
fi
if [ $removemongo ]; then
systemctl stop mongodb
systemctl disable mongodb
apt-get -yq remove --purge mongodb mongo-tools
apt-get -yq autoremove
if [ -d /var/lib/mongodb ]; then
rm -rf /var/lib/mongodb
fi
if [ -f /etc/systemd/system/mongodb.service ]; then
rm /etc/systemd/system/mongodb.service
systemctl daemon-reload
fi
if [ -f /etc/init.d/mongodb ]; then
rm /etc/init.d/mongodb
fi
sed -i '/install_mongodb/d' $COMPLETION_FILE
fi
}
function add_mongodb_user {
mongodb_username=$1
mongodb_password=$2
mongo admin --eval "db.createUser({user: '$mongodb_username', pwd: '$mongodb_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })"
}
function remove_mongodb_user {
mongodb_username=$1
mongo admin --eval "db.removeUser($mongodb_username)"
}
function drop_database_mongodb {
database_name="$1"
if [[ "$database_name" == 'admin' ]]; then
return
fi
mongo $database_name --eval "db.runCommand( { dropDatabase: 1 } )"
if [ $app_name ]; then
if grep -q "$app_name" $MONGODB_APPS_FILE; then
sed -i "/$app_name/d" $MONGODB_APPS_FILE
fi
fi
}
function initialise_database_mongodb {
database_name=$1
database_file=$2
mongorestore $database_file
if [ ! "$?" = "0" ]; then
exit 8358365
fi
}
function create_database_mongodb {
app_name="$1"
app_admin_password="$2"
app_admin_username=$3
mongo admin --eval "db.createUser({user: '$app_admin_username', pwd: '$app_admin_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })"
if [ $app_name ]; then
if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
echo "$app_name" >> $MONGODB_APPS_FILE
fi
fi
}

View File

@ -3,10 +3,10 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-08-23 Wed 19:23 -->
<!-- 2017-11-19 Sun 23:19 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
<title>&lrm;</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" />
<meta name="description" content="How to use Matrix"
@ -264,16 +264,16 @@ Matrix is a federated communications system, typically for multi-user chat, with
Another consideration is that since matrix operates on the usual HTTPS port number (443) this may make it difficult for ISPs or governments to censor this type of communications via port blocking without significant blowback.
</p>
<div id="outline-container-orgc78770d" class="outline-2">
<h2 id="orgc78770d">Installation</h2>
<div class="outline-text-2" id="text-orgc78770d">
<div id="outline-container-orgd6cc689" class="outline-2">
<h2 id="orgd6cc689">Installation</h2>
<div class="outline-text-2" id="text-orgd6cc689">
<p>
Log into your system with:
</p>
<div class="org-src-container">
<pre><code class="src src-bash">ssh myusername@mydomain -p 2222
</code></pre>
<pre class="src src-bash">ssh myusername@mydomain -p 2222
</pre>
</div>
<p>
@ -286,9 +286,9 @@ Select <b>Add/Remove Apps</b> then <b>matrix</b>. You will then be asked for a d
</div>
</div>
<div id="outline-container-org5262b52" class="outline-2">
<h2 id="org5262b52">Initial setup</h2>
<div class="outline-text-2" id="text-org5262b52">
<div id="outline-container-org3292734" class="outline-2">
<h2 id="org3292734">Initial setup</h2>
<div class="outline-text-2" id="text-org3292734">
<p>
Go to the <b>Administrator control panel</b> and select <b>Passwords</b> then <b>matrix</b>. This will give you the password to initially log in to the system and you can change it later from a client app if needed.
</p>
@ -303,19 +303,19 @@ Other client apps are available but are currently mostly only at the alpha stage
</div>
</div>
<div id="outline-container-orgd8eede9" class="outline-2">
<h2 id="orgd8eede9">DNS setup</h2>
<div class="outline-text-2" id="text-orgd8eede9">
<div id="outline-container-org82239c4" class="outline-2">
<h2 id="org82239c4">DNS setup</h2>
<div class="outline-text-2" id="text-org82239c4">
<p>
It's recommended that you add an SRV record for Matrix to your DNS setup. How you do this will depend upon your dynamic DNS provider and their web interface. On FreeDNS on the subdomains settings in addition to the subdomain which you are using for the matrix server create an extra entry as follows:
</p>
<div class="org-src-container">
<pre><code class="src src-text">Type: SRV
<pre class="src src-text">Type: SRV
Subdomain: _matrix._tcp
Domain: [youdomain]
Destination: 10 0 8448 [yourmatrixsubdomain]
</code></pre>
</pre>
</div>
<p>
@ -323,6 +323,15 @@ You may also want to make another entry with the same settings but replacing <b>
</p>
</div>
</div>
<div id="outline-container-org9568212" class="outline-2">
<h2 id="org9568212">Mobile app</h2>
<div class="outline-text-2" id="text-org9568212">
<p>
If you're using the Riot mobile app to access your Matrix homeserver then you can significantly improve battery performance by going to the settings and changing <b>Sync request timeout</b> to 30 seconds and <b>Delay between two sync requests</b> to 600 seconds.
</p>
</div>
</div>
</div>
<div id="postamble" class="status">

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-11-10 Fri 17:42 -->
<!-- 2017-11-12 Sun 18:45 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -264,9 +264,9 @@ Pleroma is an OStatus-compatible social networking server, compatible with GNU S
</div>
</div>
<div id="outline-container-org630bbcf" class="outline-2">
<h2 id="org630bbcf">Installation</h2>
<div class="outline-text-2" id="text-org630bbcf">
<div id="outline-container-org39de7d0" class="outline-2">
<h2 id="org39de7d0">Installation</h2>
<div class="outline-text-2" id="text-org39de7d0">
<p>
Log into your system with:
</p>
@ -286,9 +286,9 @@ Select <b>Add/Remove Apps</b> then <b>pleroma</b>. You will then be asked for a
</div>
</div>
<div id="outline-container-org703cfb4" class="outline-2">
<h2 id="org703cfb4">Initial setup</h2>
<div class="outline-text-2" id="text-org703cfb4">
<div id="outline-container-org35d8b0a" class="outline-2">
<h2 id="org35d8b0a">Initial setup</h2>
<div class="outline-text-2" id="text-org35d8b0a">
<p>
The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
</p>
@ -298,6 +298,23 @@ Once you have done that then you can disable further registrations from the <b>A
</p>
</div>
</div>
<div id="outline-container-org31f6ea0" class="outline-2">
<h2 id="org31f6ea0">Mastodon user interface</h2>
<div class="outline-text-2" id="text-org31f6ea0">
<p>
If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to <b>/yourpleromadomainname/web</b> and log in.
</p>
<div class="org-center">
<div class="figure">
<p><img src="images/pleromamastodon.jpg" alt="pleromamastodon.jpg" />
</p>
</div>
</div>
</div>
</div>
</div>
<div id="postamble" class="status">

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-10-05 Thu 11:44 -->
<!-- 2017-11-20 Mon 14:33 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -256,7 +256,7 @@ The following apps are available:
<table style="width:80%; border:0">
<tr>
<td><center><b><a href="ssb.apk"><img src="images/ssb.png"/></a></b><br><a href="ssb.apk">Secure Scuttlebutt</a></center></td>
<td><center><b><h3></h3></b><br></center></td>
<td><center><b><a href="trifa.apk"><img src="images/trifa.png"/></a></b><br><a href="trifa.apk">Tox</a></center></td>
</tr>
</table>
</center>

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-09-22 Fri 13:18 -->
<!-- 2017-11-19 Sun 23:19 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -277,9 +277,9 @@ Mobile phones are insecure devices, but they're regarded as being so essential t
</table>
</center>
<div id="outline-container-org066f7fb" class="outline-2">
<h2 id="org066f7fb">Open</h2>
<div class="outline-text-2" id="text-org066f7fb">
<div id="outline-container-org028bfb1" class="outline-2">
<h2 id="org028bfb1">Open</h2>
<div class="outline-text-2" id="text-org028bfb1">
<p>
Use a Linux based phone operating system. Typically this will mean Android, but could also mean LineageOS or Replicant. LineageOS is the most preferable, because you can usually get an up to date image with a recent kernel which will give you better security against exploits. If you're buying a phone then look for a model which is supported by LineageOS. Replicant is the most free (as in freedom) but only runs on a small number of phone models. If you have a phone which runs a full GNU/Linux system then that's fantastic, and you can probably use it in much the same way as a desktop system and the rest of the advice on this page won't apply. If you don't have a phone capable of running a Linux based operating system then consider selling, giving away or bartering your existing one.
</p>
@ -290,45 +290,45 @@ Why is it so important to run Linux on a phone? Aren't <i>iThings</i> supposed t
</div>
</div>
<div id="outline-container-org1a24680" class="outline-2">
<h2 id="org1a24680">Remove</h2>
<div class="outline-text-2" id="text-org1a24680">
<div id="outline-container-orgf5a1356" class="outline-2">
<h2 id="orgf5a1356">Remove</h2>
<div class="outline-text-2" id="text-orgf5a1356">
<p>
So maybe you're running Android and the phone came with some apps already installed. Almost certainly they'll be proprietary. Go to Settings/Apps and then uninstall or deactivate any apps which you really don't need. Mostly preinstalled apps are intended to send your data to companies who will then sell it to advertisers or governments under the business model of <i>surveillance capital</i>. It's not a good idea to get caught up in that, and to avoid becoming addicted to apps which are surveilling you without consent or installing spyware in the background without your knowledge.
</p>
</div>
</div>
<div id="outline-container-org390d2d0" class="outline-2">
<h2 id="org390d2d0">Encrypt</h2>
<div class="outline-text-2" id="text-org390d2d0">
<div id="outline-container-org8f0466d" class="outline-2">
<h2 id="org8f0466d">Encrypt</h2>
<div class="outline-text-2" id="text-org8f0466d">
<p>
Encrypt your phone. This can usually be done via <b>Settings/Security</b> and you may need to fully charge the phone first. Encryption means that if you lose your phone or it gets stolen then there is less chance that anyone who picks it up will get access to your data, photos and so on.
</p>
</div>
</div>
<div id="outline-container-org3d6081e" class="outline-2">
<h2 id="org3d6081e">Apps</h2>
<div class="outline-text-2" id="text-org3d6081e">
<div id="outline-container-orgfec183a" class="outline-2">
<h2 id="orgfec183a">Apps</h2>
<div class="outline-text-2" id="text-orgfec183a">
<p>
Installing <b>F-droid</b> and only adding any new apps via F-droid will ensure that you are always using free and open source software. Open source is not a panacea, since bugs can and do still occur, but it will help you to avoid the worst security and privacy pitfalls.
</p>
</div>
</div>
<div id="outline-container-org5a55ec6" class="outline-2">
<h2 id="org5a55ec6">Lock</h2>
<div class="outline-text-2" id="text-org5a55ec6">
<div id="outline-container-org77de138" class="outline-2">
<h2 id="org77de138">Lock</h2>
<div class="outline-text-2" id="text-org77de138">
<p>
Add a lock screen, preferably with a password which is not easy for other people to guess or for quicker access with a PIN number. Install an app called <b>Locker</b>, activate it and set the maximum number of password guesses to ten (or whatever you feel comfortable with). If bad people get hold of your phone then they may try to brute force your lock screen password or PIN (i.e. automatically trying millions of common word and number combinations) and the locker app will prevent them from succeeding by resetting the phone back to its factory default condition and wiping the data.
</p>
</div>
</div>
<div id="outline-container-orgaf7fb89" class="outline-2">
<h2 id="orgaf7fb89">Onion</h2>
<div class="outline-text-2" id="text-orgaf7fb89">
<div id="outline-container-org4dc0e5b" class="outline-2">
<h2 id="org4dc0e5b">Onion</h2>
<div class="outline-text-2" id="text-org4dc0e5b">
<p>
Both governments and corporations want to compile matadata dossiers about you. Who you communicated with, when and how often. They want this so that they can data mine, simulate, predict and then ultimately influence (sometimes also called "nudge") your actions and preferences in the directions they prefer. By routing your connections through a number of proxy servers (Tor routers) you can make it perhaps not <i>theoretically</i> impossible but at least <i>very hard</i> for them to have a complete and accurate list of who your friends are, your religion, politics, likely health issues, sexual orientation and what news sites or books you read.
</p>
@ -339,26 +339,26 @@ In F-droid under the <b>repositories</b> menu you can enable the <b>guardian pro
</div>
</div>
<div id="outline-container-orgc7a0b9e" class="outline-2">
<h2 id="orgc7a0b9e">Email</h2>
<div class="outline-text-2" id="text-orgc7a0b9e">
<div id="outline-container-org466eb29" class="outline-2">
<h2 id="org466eb29">Email</h2>
<div class="outline-text-2" id="text-org466eb29">
<p>
The easiest way to access email is by installing the <a href="./app_mailpile.html">Mailpile</a> app. This keeps your GPG keys off of possibly insecure mobile devices but still enables encrypted email communications in an easy way. You can use K9 mail if you prefer, but that will require installing OpenKeychain and having your GPG keys on the device, which is a lot more risky.
</p>
</div>
</div>
<div id="outline-container-orgfcecdf8" class="outline-2">
<h2 id="orgfcecdf8">Services</h2>
<div class="outline-text-2" id="text-orgfcecdf8">
<div id="outline-container-org978ea8b" class="outline-2">
<h2 id="org978ea8b">Services</h2>
<div class="outline-text-2" id="text-org978ea8b">
<p>
For information on configuring various apps to work with Freedombone see the <a href="./usage.html">usage section</a>. Also see advice on chat apps in the <a href="./faq.html">FAQ</a>.
</p>
</div>
</div>
<div id="outline-container-org469e667" class="outline-2">
<h2 id="org469e667">Battery preservation</h2>
<div class="outline-text-2" id="text-org469e667">
<div id="outline-container-org3546225" class="outline-2">
<h2 id="org3546225">Battery preservation</h2>
<div class="outline-text-2" id="text-org3546225">
<p>
Even with free software apps it's not difficult to get into a situation where your battery doesn't last for long. To maximize battery life access RSS feeds via the onion-based mobile reader within a Tor-compatible browser and not from a locally installed RSS app.
</p>
@ -366,12 +366,16 @@ Even with free software apps it's not difficult to get into a situation where yo
<p>
If you have Syncthing installed then change the settings so that it only syncs when charging and when on wifi. Avoid any apps which might be continuously polling and preventing the device from going into sleep mode when it's not used.
</p>
<p>
If you're using the Riot mobile app to access a Matrix homeserver then you can significantly improve battery performance by going to the settings and changing <b>Sync request timeout</b> to 30 seconds and <b>Delay between two sync requests</b> to 600 seconds.
</p>
</div>
</div>
<div id="outline-container-orgcaf0530" class="outline-2">
<h2 id="orgcaf0530">Blocking bad domains</h2>
<div class="outline-text-2" id="text-orgcaf0530">
<div id="outline-container-org6ebc6c4" class="outline-2">
<h2 id="org6ebc6c4">Blocking bad domains</h2>
<div class="outline-text-2" id="text-org6ebc6c4">
<p>
You can block known bad domains by editing the <b>/system/etc/hosts</b> file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better.
</p>