Merge branch 'stretch' of https://github.com/bashrc/freedombone
This commit is contained in:
commit
22c6cf43cf
|
@ -53,3 +53,6 @@ Destination: 10 0 8448 [yourmatrixsubdomain]
|
|||
#+end_src
|
||||
|
||||
You may also want to make another entry with the same settings but replacing *tcp* with *udp*.
|
||||
|
||||
* Mobile app
|
||||
If you're using the Riot mobile app to access your Matrix homeserver then you can significantly improve battery performance by going to the settings and changing *Sync request timeout* to 30 seconds and *Delay between two sync requests* to 600 seconds.
|
||||
|
|
|
@ -35,3 +35,10 @@ Select *Add/Remove Apps* then *pleroma*. You will then be asked for a domain nam
|
|||
The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
|
||||
|
||||
Once you have done that then you can disable further registrations from the *Administrator control panel* by going to *App Settings* then *pleroma* then *Disable new account registrations*. This may take a while because the app gets recompiled afterwards.
|
||||
|
||||
* Mastodon user interface
|
||||
If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to */yourpleromadomainname/web* and log in.
|
||||
|
||||
#+BEGIN_CENTER
|
||||
[[file:images/pleromamastodon.jpg]]
|
||||
#+END_CENTER
|
||||
|
|
|
@ -23,7 +23,7 @@ The following apps are available:
|
|||
<table style="width:80%; border:0">
|
||||
<tr>
|
||||
<td><center><b><a href="ssb.apk"><img src="images/ssb.png"/></a></b><br><a href="ssb.apk">Secure Scuttlebutt</a></center></td>
|
||||
<td><center><b><h3></h3></b><br></center></td>
|
||||
<td><center><b><a href="trifa.apk"><img src="images/trifa.png"/></a></b><br><a href="trifa.apk">Tox</a></center></td>
|
||||
</tr>
|
||||
</table>
|
||||
</center>
|
||||
|
|
|
@ -82,6 +82,8 @@ Even with free software apps it's not difficult to get into a situation where yo
|
|||
|
||||
If you have Syncthing installed then change the settings so that it only syncs when charging and when on wifi. Avoid any apps which might be continuously polling and preventing the device from going into sleep mode when it's not used.
|
||||
|
||||
If you're using the Riot mobile app to access a Matrix homeserver then you can significantly improve battery performance by going to the settings and changing *Sync request timeout* to 30 seconds and *Delay between two sync requests* to 600 seconds.
|
||||
|
||||
* Blocking bad domains
|
||||
You can block known bad domains by editing the */system/etc/hosts* file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better.
|
||||
|
||||
|
|
Binary file not shown.
Binary file not shown.
Before Width: | Height: | Size: 66 KiB After Width: | Height: | Size: 22 KiB |
Binary file not shown.
After Width: | Height: | Size: 75 KiB |
Binary file not shown.
After Width: | Height: | Size: 12 KiB |
|
@ -218,7 +218,7 @@ function add_cert_letsencrypt {
|
|||
fi
|
||||
|
||||
if [ ! -f /usr/bin/certbot ]; then
|
||||
apt-get -yq install certbot
|
||||
apt-get -yq -t stretch-backports install certbot
|
||||
groupadd ssl-cert
|
||||
if [ ! -f /usr/bin/certbot ]; then
|
||||
echo $'LetsEncrypt certbot failed to install'
|
||||
|
|
|
@ -51,7 +51,7 @@ MATRIX_PORT=8009
|
|||
MATRIX_FEDERATION_ONION_PORT=8111
|
||||
MATRIX_ONION_PORT=8109
|
||||
MATRIX_REPO="https://github.com/matrix-org/synapse"
|
||||
MATRIX_COMMIT='77ea8cbdd7202d75538623c79b3d33119221d02b'
|
||||
MATRIX_COMMIT='552f123bea1014680ab798b7e34cd1b23424a189'
|
||||
REPORT_STATS="no"
|
||||
MATRIX_SECRET=
|
||||
MATRIX_EXPIRE_MONTHS=1
|
||||
|
@ -409,6 +409,7 @@ function upgrade_matrix {
|
|||
chown -R matrix:matrix $MATRIX_DATA_DIR
|
||||
|
||||
pip install --upgrade --force "pynacl==0.3.0"
|
||||
pip install --upgrade --force "phonenumbers>=8.2.0"
|
||||
|
||||
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
|
||||
chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
|
||||
|
@ -755,6 +756,7 @@ function install_matrix {
|
|||
pip install --upgrade pip
|
||||
pip install --upgrade python-ldap
|
||||
pip install --upgrade lxml
|
||||
pip install --upgrade --force "phonenumbers>=8.2.0"
|
||||
|
||||
function_check matrix_nginx
|
||||
matrix_nginx
|
||||
|
|
|
@ -39,7 +39,7 @@ PLEROMA_CODE=
|
|||
PLEROMA_PORT=4000
|
||||
PLEROMA_ONION_PORT=8011
|
||||
PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
|
||||
PLEROMA_COMMIT='7252f6b054dfdfac1f9bac77c442c5a1ebd898af'
|
||||
PLEROMA_COMMIT='5fc6e9d467f69af155627cccaa27616fe7ffc61f'
|
||||
PLEROMA_ADMIN_PASSWORD=
|
||||
PLEROMA_DIR=/etc/pleroma
|
||||
PLEROMA_SECRET_KEY=""
|
||||
|
@ -64,6 +64,7 @@ pleroma_variables=(ONION_ONLY
|
|||
|
||||
function pleroma_recompile {
|
||||
# necessary after parameter changes
|
||||
chown -R pleroma:pleroma $PLEROMA_DIR
|
||||
sudo -u pleroma mix clean
|
||||
sudo -u pleroma mix deps.compile
|
||||
sudo -u pleroma mix compile
|
||||
|
@ -208,7 +209,7 @@ function pleroma_create_database {
|
|||
run_system_query_postgresql "GRANT ALL ON ALL tables IN SCHEMA public TO pleroma;"
|
||||
run_system_query_postgresql "GRANT ALL ON ALL sequences IN SCHEMA public TO pleroma;"
|
||||
run_system_query_postgresql "CREATE EXTENSION citext;"
|
||||
run_system_query_postgresql "set statement_timeout to 20000;"
|
||||
run_system_query_postgresql "set statement_timeout to 40000;"
|
||||
|
||||
read_config_param "PLEROMA_SECRET_KEY"
|
||||
if [ ${#PLEROMA_SECRET_KEY} -lt 64 ]; then
|
||||
|
@ -520,6 +521,8 @@ function upgrade_pleroma {
|
|||
function_check set_repo_commit
|
||||
set_repo_commit $PLEROMA_DIR "pleroma commit" "$PLEROMA_COMMIT" $PLEROMA_REPO
|
||||
chown -R pleroma:pleroma $PLEROMA_DIR
|
||||
|
||||
sudo -u pleroma mix deps.get
|
||||
pleroma_recompile
|
||||
}
|
||||
|
||||
|
@ -639,7 +642,7 @@ function remove_pleroma {
|
|||
rm /etc/systemd/system/pleroma.service
|
||||
|
||||
userdel pleroma
|
||||
apt-get -yq remove esl-erlang elixir erlang-xmerl erlang-dev erlang-parsetools
|
||||
#apt-get -yq remove esl-erlang elixir erlang-xmerl erlang-dev erlang-parsetools
|
||||
|
||||
function_check remove_nodejs
|
||||
remove_nodejs pleroma-backend
|
||||
|
@ -865,6 +868,19 @@ function install_pleroma {
|
|||
|
||||
set_completion_param "pleroma domain" "$PLEROMA_DOMAIN_NAME"
|
||||
|
||||
# We need to set up the url option again because it somehow gets
|
||||
# lost during mix compile
|
||||
pleroma_secret=$PLEROMA_DIR/config/dev.secret.exs
|
||||
if ! grep -q 'watchers: [],' $pleroma_secret; then
|
||||
sed -i 's|watchers: []|watchers: [],|g' $pleroma_secret
|
||||
fi
|
||||
if ! grep -q 'url:' $pleroma_secret; then
|
||||
if [[ $ONION_ONLY == 'no' ]]; then
|
||||
sed -i "/watchers: []/a url: [host: \"$PLEROMA_DOMAIN_NAME\", scheme: \"https\", port: 443]" $pleroma_secret
|
||||
else
|
||||
sed -i "/watchers: []/a url: [host: \"$PLEROMA_ONION_HOSTNAME\", scheme: \"http\", port: 80]" $pleroma_secret
|
||||
fi
|
||||
fi
|
||||
|
||||
# daemon
|
||||
echo '[Unit]' > /etc/systemd/system/pleroma.service
|
||||
|
|
|
@ -33,9 +33,9 @@ VARIANTS='full full-vim chat'
|
|||
IN_DEFAULT_INSTALL=0
|
||||
SHOW_ON_ABOUT=1
|
||||
|
||||
RIOT_VERSION='0.12.2'
|
||||
RIOT_VERSION='0.13.0'
|
||||
RIOT_FILENAME="riot-v${RIOT_VERSION}"
|
||||
RIOT_HASH='d0de730cb3e688040ba5c23680a676dabc94386830582842a4728767ed6dcd7f'
|
||||
RIOT_HASH='b65535c4c3bfe6407b491f55df238847884ab83a9d5cbdd1f8b4d6e31cbb5870'
|
||||
RIOT_DOWNLOAD_URL="https://github.com/vector-im/riot-web/releases/download/v${RIOT_VERSION}"
|
||||
RIOT_ONION_PORT=8115
|
||||
RIOT_ONION_HOSTNAME=
|
||||
|
|
|
@ -0,0 +1,376 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# .---. . .
|
||||
# | | |
|
||||
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
|
||||
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
|
||||
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
|
||||
#
|
||||
# Freedom in the Cloud
|
||||
#
|
||||
# Smilodon ActivityPub app
|
||||
#
|
||||
# License
|
||||
# =======
|
||||
#
|
||||
# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
VARIANTS='full full-vim social'
|
||||
|
||||
IN_DEFAULT_INSTALL=0
|
||||
SHOW_ON_ABOUT=1
|
||||
SHOW_ICANN_ADDRESS_ON_ABOUT=0
|
||||
|
||||
SMILODON_REPO="https://github.com/bashrc/smilodon"
|
||||
SMILODON_COMMIT='e17dad10f9d4c00516b9c93a587e4298b3639af3'
|
||||
SMILODON_ADMIN_PASSWORD=
|
||||
SMILODON_ONION_PORT=8054
|
||||
SMILODON_PATH=/etc/smilodon
|
||||
SMILODON_SECRET_KEY=
|
||||
|
||||
smilodon_variables=(SMILODON_REPO
|
||||
SMILODON_ADMIN_PASSWORD
|
||||
USB_MOUNT
|
||||
SMILODON_SECRET_KEY
|
||||
MY_EMAIL_ADDRESS
|
||||
MY_USERNAME)
|
||||
|
||||
function logging_on_smilodon {
|
||||
echo -n ''
|
||||
}
|
||||
|
||||
function logging_off_smilodon {
|
||||
echo -n ''
|
||||
}
|
||||
|
||||
function remove_user_smilodon {
|
||||
remove_username="$1"
|
||||
}
|
||||
|
||||
function add_user_smilodon {
|
||||
new_username="$1"
|
||||
new_user_password="$2"
|
||||
echo '0'
|
||||
}
|
||||
|
||||
function install_interactive_smilodon {
|
||||
echo -n ''
|
||||
APP_INSTALLED=1
|
||||
}
|
||||
|
||||
function change_password_smilodon {
|
||||
curr_username="$1"
|
||||
new_user_password="$2"
|
||||
|
||||
#${PROJECT_NAME}-pass -u "$curr_username" -a smilodon -p "$new_user_password"
|
||||
}
|
||||
|
||||
function smilodon_create_database {
|
||||
if [ ! $SMILODON_ADMIN_PASSWORD ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
function_check create_database_mongodb
|
||||
create_database_mongodb smilodon "$SMILODON_ADMIN_PASSWORD" smilodon
|
||||
}
|
||||
|
||||
function reconfigure_smilodon {
|
||||
echo -n ''
|
||||
}
|
||||
|
||||
function upgrade_smilodon {
|
||||
CURR_SMILODON_COMMIT=$(get_completion_param "smilodon commit")
|
||||
if [[ "$CURR_SMILODON_COMMIT" == "$SMILODON_COMMIT" ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [[ $(app_is_installed smilodon) == "1" ]]; then
|
||||
systemctl stop smilodon
|
||||
function_check set_repo_commit
|
||||
set_repo_commit $SMILODON_PATH "smilodon commit" "$SMILODON_COMMIT" $SMILODON_REPO
|
||||
chown -R smilodon:smilodon $SMILODON_PATH
|
||||
systemctl start smilodon
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
function backup_local_smilodon {
|
||||
if [ -d $SMILODON_PATH ]; then
|
||||
systemctl stop smilodon
|
||||
|
||||
USE_MONGODB=1
|
||||
function_check backup_database_to_usb
|
||||
backup_database_to_usb smilodon
|
||||
|
||||
backup_directory_to_usb $SMILODON_PATH smilodon
|
||||
|
||||
systemctl start smilodon
|
||||
fi
|
||||
}
|
||||
|
||||
function restore_local_smilodon {
|
||||
temp_restore_dir=/root/tempsmilodon
|
||||
|
||||
systemctl stop smilodon
|
||||
|
||||
function_check smilodon_create_database
|
||||
smilodon_create_database
|
||||
|
||||
USE_MONGODB=1
|
||||
restore_database smilodon
|
||||
|
||||
if [ -d ${SMILODON_PATH} ]; then
|
||||
if [ -d $temp_restore_dir${SMILODON_PATH} ]; then
|
||||
if [ -d $temp_restore_dir${SMILODON_PATH} ]; then
|
||||
rm -rf ${SMILODON_PATH}
|
||||
mv $temp_restore_dir$SMILODON_PATH ${SMILODON_PATH}/
|
||||
else
|
||||
cp -r $temp_restore_dir/* ${SMILODON_PATH}/
|
||||
fi
|
||||
if [ ! "$?" = "0" ]; then
|
||||
function_check backup_unmount_drive
|
||||
backup_unmount_drive
|
||||
systemctl start smilodon
|
||||
exit 528823
|
||||
fi
|
||||
chown -R smilodon:smilodon ${SMILODON_PATH}
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -d $USB_MOUNT/backup/smilodon ]; then
|
||||
chown -R smilodon:smilodon ${SMILODON_PATH}
|
||||
if [ -d $temp_restore_dir ]; then
|
||||
rm -rf $temp_restore_dir
|
||||
fi
|
||||
fi
|
||||
|
||||
systemctl start smilodon
|
||||
}
|
||||
|
||||
function backup_remote_smilodon {
|
||||
if [ -d $SMILODON_PATH ]; then
|
||||
function_check suspend_site
|
||||
suspend_site smilodon
|
||||
|
||||
systemctl stop smilodon
|
||||
|
||||
USE_MONGODB=1
|
||||
function_check backup_database_to_friend
|
||||
backup_database_to_friend smilodon
|
||||
|
||||
function_check backup_directory_to_friend
|
||||
backup_directory_to_friend $SMILODON_PATH smilodon
|
||||
|
||||
systemctl start smilodon
|
||||
|
||||
function_check restart_site
|
||||
restart_site
|
||||
else
|
||||
echo $"Smilodon domain specified but not found in $SMILODON_PATH"
|
||||
fi
|
||||
}
|
||||
|
||||
function restore_remote_smilodon {
|
||||
temp_restore_dir=/root/tempsmilodon
|
||||
if grep -q "smilodon domain" $COMPLETION_FILE; then
|
||||
echo $"Restoring smilodon"
|
||||
systemctl stop smilodon
|
||||
|
||||
function_check restore_database_from_friend
|
||||
|
||||
function_check smilodon_create_database
|
||||
smilodon_create_database
|
||||
|
||||
USE_MONGODB=1
|
||||
restore_database_from_friend smilodon
|
||||
|
||||
if [ -d $SMILODON_PATH ]; then
|
||||
if [ -d $temp_restore_dir$SMILODON_PATH ]; then
|
||||
rm -rf $SMILODON_PATH
|
||||
mv $temp_restore_dir$SMILODON_PATH ${SMILODON_PATH}/
|
||||
else
|
||||
cp -r $temp_restore_dir/* ${SMILODON_PATH}/
|
||||
fi
|
||||
if [ ! "$?" = "0" ]; then
|
||||
systemctl start smilodon
|
||||
exit 6391643
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -d $SERVER_DIRECTORY/backup/smilodon ]; then
|
||||
chown -R smilodon:smilodon ${SMILODON_PATH}
|
||||
fi
|
||||
if [ -d /root/tempsmilodon ]; then
|
||||
rm -rf /root/tempsmilodon
|
||||
fi
|
||||
|
||||
systemctl start smilodon
|
||||
|
||||
echo $"Restore of smilodon complete"
|
||||
fi
|
||||
}
|
||||
|
||||
function remove_smilodon {
|
||||
nginx_dissite smilodon
|
||||
|
||||
systemctl stop smilodon
|
||||
systemctl disable smilodon
|
||||
rm /etc/systemd/system/smilodon.service
|
||||
|
||||
function_check remove_onion_service
|
||||
remove_onion_service smilodon ${SMILODON_ONION_PORT}
|
||||
if [ -f /etc/nginx/sites-available/smilodon ]; then
|
||||
rm /etc/nginx/sites-available/smilodon
|
||||
fi
|
||||
|
||||
groupdel -f smilodon
|
||||
userdel -r smilodon
|
||||
|
||||
if [ -d $SMILODON_PATH ]; then
|
||||
rm -rf $SMILODON_PATH
|
||||
fi
|
||||
|
||||
function_check remove_mongodb_user
|
||||
remove_mongodb_user smilodon
|
||||
|
||||
function_check drop_database_mongodb
|
||||
drop_database_mongodb smilodon
|
||||
|
||||
function_check remove_mongodb
|
||||
remove_mongodb smilodon
|
||||
|
||||
remove_completion_param install_smilodon
|
||||
sed -i '/smilodon/d' $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function install_smilodon {
|
||||
apt-get -yq install python3-pip
|
||||
|
||||
if [ -d $SMILODON_PATH ]; then
|
||||
rm -rf $SMILODON_PATH
|
||||
fi
|
||||
|
||||
if [ -d /repos/smilodon ]; then
|
||||
mkdir $SMILODON_PATH
|
||||
cp -r -p /repos/smilodon/. $SMILODON_PATH
|
||||
cd $SMILODON_PATH
|
||||
git pull
|
||||
else
|
||||
function_check git_clone
|
||||
git_clone $SMILODON_REPO $SMILODON_PATH
|
||||
fi
|
||||
|
||||
if [ ! -d $SMILODON_PATH ]; then
|
||||
echo $'Could not clone smilodon repo'
|
||||
exit 6784783
|
||||
fi
|
||||
cd $SMILODON_PATH
|
||||
git checkout $SMILODON_COMMIT -b $SMILODON_COMMIT
|
||||
set_completion_param "smilodon commit" "$SMILODON_COMMIT"
|
||||
|
||||
groupadd smilodon
|
||||
useradd -c "Smilodon system account" -d $SMILODON_PATH -m -r -g smilodon smilodon
|
||||
|
||||
SMILODON_ONION_HOSTNAME=$(add_onion_service smilodon 80 ${SMILODON_ONION_PORT})
|
||||
|
||||
if [ ! $SMILODON_SECRET_KEY ]; then
|
||||
SMILODON_SECRET_KEY="$(create_password 30)$(create_password 30)$(create_password 30)$(create_password 30)"
|
||||
fi
|
||||
|
||||
if [ -f $IMAGE_PASSWORD_FILE ]; then
|
||||
SMILODON_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
|
||||
else
|
||||
if [ ! $SMILODON_ADMIN_PASSWORD ]; then
|
||||
SMILODON_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
|
||||
fi
|
||||
fi
|
||||
|
||||
export smilodon_domain_name=$SMILODON_ONION_HOSTNAME
|
||||
export secret_key="$SMILODON_SECRET_KEY"
|
||||
export mongodb_username='smilodon'
|
||||
export mongodb_password="$SMILODON_ADMIN_PASSWORD"
|
||||
export smilodon_admin_address=$MY_EMAIL_ADDRESS
|
||||
export MAIL_SERVER='localhost'
|
||||
export MAIL_PORT=25
|
||||
|
||||
function_check install_mongodb
|
||||
install_mongodb smilodon
|
||||
|
||||
smilodon_create_database
|
||||
|
||||
pip3 install -r requirements.txt
|
||||
if [ ! "$?" = "0" ]; then
|
||||
echo $'Unable to install smilodon dependencies'
|
||||
exit 87352835
|
||||
fi
|
||||
|
||||
echo 'server {' > /etc/nginx/sites-available/smilodon
|
||||
echo " listen 127.0.0.1:${SMILODON_ONION_PORT} default_server;" >> /etc/nginx/sites-available/smilodon
|
||||
echo " server_name $SMILODON_ONION_HOSTNAME;" >> /etc/nginx/sites-available/smilodon
|
||||
echo '' >> /etc/nginx/sites-available/smilodon
|
||||
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/smilodon
|
||||
echo ' error_log /dev/null;' >> /etc/nginx/sites-available/smilodon
|
||||
echo '' >> /etc/nginx/sites-available/smilodon
|
||||
echo ' location / {' >> /etc/nginx/sites-available/smilodon
|
||||
echo ' proxy_pass http://localhost:5000;' >> /etc/nginx/sites-available/smilodon
|
||||
echo ' }' >> /etc/nginx/sites-available/smilodon
|
||||
echo '}' >> /etc/nginx/sites-available/smilodon
|
||||
|
||||
nginx_ensite smilodon
|
||||
systemctl enable mongodb
|
||||
systemctl restart mongodb
|
||||
|
||||
chown -R smilodon:smilodon ${SMILODON_PATH}
|
||||
|
||||
echo '#!/bin/bash' > ${SMILODON_PATH}/run_smilodon.sh
|
||||
echo "cd ${SMILODON_PATH}" >> ${SMILODON_PATH}/run_smilodon.sh
|
||||
echo "export smilodon_domain_name=$SMILODON_ONION_HOSTNAME" >> ${SMILODON_PATH}/run_smilodon.sh
|
||||
echo "export secret_key='$SMILODON_SECRET_KEY'" >> ${SMILODON_PATH}/run_smilodon.sh
|
||||
echo "export mongodb_username='smilodon'" >> ${SMILODON_PATH}/run_smilodon.sh
|
||||
echo "export mongodb_password='$SMILODON_ADMIN_PASSWORD'" >> ${SMILODON_PATH}/run_smilodon.sh
|
||||
echo "export smilodon_admin_address=$MY_EMAIL_ADDRESS" >> ${SMILODON_PATH}/run_smilodon.sh
|
||||
echo "export MAIL_SERVER='localhost'" >> ${SMILODON_PATH}/run_smilodon.sh
|
||||
echo "export MAIL_PORT=25" >> ${SMILODON_PATH}/run_smilodon.sh
|
||||
echo "python3 run.py" >> ${SMILODON_PATH}/run_smilodon.sh
|
||||
chmod +x ${SMILODON_PATH}/run_smilodon.sh
|
||||
chown smilodon:smilodon ${SMILODON_PATH}/run_smilodon.sh
|
||||
|
||||
echo '[Unit]' > /etc/systemd/system/smilodon.service
|
||||
echo 'Description=Smilodon ActivityPub messenger' >> /etc/systemd/system/smilodon.service
|
||||
echo 'After=network.target mongodb.service' >> /etc/systemd/system/smilodon.service
|
||||
echo 'After=tor.service' >> /etc/systemd/system/smilodon.service
|
||||
echo '' >> /etc/systemd/system/smilodon.service
|
||||
echo '[Service]' >> /etc/systemd/system/smilodon.service
|
||||
echo 'User=smilodon' >> /etc/systemd/system/smilodon.service
|
||||
echo 'Group=smilodon' >> /etc/systemd/system/smilodon.service
|
||||
echo "WorkingDirectory=${SMILODON_PATH}/" >> /etc/systemd/system/smilodon.service
|
||||
echo "ExecStart=${SMILODON_PATH}/run_smilodon.sh" >> /etc/systemd/system/smilodon.service
|
||||
echo 'Restart=on-failure' >> /etc/systemd/system/smilodon.service
|
||||
echo 'RestartSec=10' >> /etc/systemd/system/smilodon.service
|
||||
echo '' >> /etc/systemd/system/smilodon.service
|
||||
echo '[Install]' >> /etc/systemd/system/smilodon.service
|
||||
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/smilodon.service
|
||||
systemctl enable smilodon
|
||||
systemctl daemon-reload
|
||||
systemctl start smilodon
|
||||
systemctl restart nginx
|
||||
|
||||
${PROJECT_NAME}-pass -u $MY_USERNAME -a smilodon -p "$SMILODON_ADMIN_PASSWORD"
|
||||
|
||||
APP_INSTALLED=1
|
||||
}
|
||||
|
||||
# NOTE: deliberately no exit 0
|
|
@ -31,6 +31,7 @@
|
|||
PROJECT_NAME='freedombone'
|
||||
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
|
||||
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
|
||||
MONGODB_APPS_FILE=$HOME/.mongodbapps
|
||||
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
|
||||
ENABLE_BACKUP_VERIFICATION="no"
|
||||
|
||||
|
@ -296,6 +297,9 @@ function backup_configfiles {
|
|||
if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
|
||||
cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
|
||||
fi
|
||||
if [ -f $MONGODB_APPS_FILE ]; then
|
||||
cp -f $MONGODB_APPS_FILE $temp_backup_dir
|
||||
fi
|
||||
# nginx password hashes
|
||||
if [ -f /etc/nginx/.htpasswd ]; then
|
||||
cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
PROJECT_NAME='freedombone'
|
||||
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
|
||||
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
|
||||
MONGODB_APPS_FILE=$HOME/.mongodbapps
|
||||
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
|
||||
ENABLE_VERIFICATION="no"
|
||||
|
||||
|
@ -142,6 +143,9 @@ function backup_configfiles {
|
|||
if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
|
||||
cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
|
||||
fi
|
||||
if [ -f $MONGODB_APPS_FILE ]; then
|
||||
cp -f $MONGODB_APPS_FILE $temp_backup_dir
|
||||
fi
|
||||
# nginx password hashes
|
||||
if [ -f /etc/nginx/.htpasswd ]; then
|
||||
cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd
|
||||
|
|
|
@ -685,6 +685,9 @@ initialise_mesh() {
|
|||
# install tor as a possible way of routing traffic between internet gateways
|
||||
chroot "$rootdir" apt-get -yq install tor
|
||||
|
||||
# dhcp daemon for hotspot on secondary wifi adapter
|
||||
chroot "$rootdir" apt-get -yq install dnsmasq
|
||||
|
||||
configure_firewall
|
||||
install_avahi
|
||||
install_batman
|
||||
|
@ -1256,7 +1259,7 @@ EOF
|
|||
chroot "$rootdir" /bin/chown -R ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/help
|
||||
|
||||
# Tox user interface
|
||||
enable_tox_repo
|
||||
#enable_tox_repo
|
||||
mesh_tox_qtox
|
||||
# copy the default qtox ini file
|
||||
if [ ! -d ${rootdir}/home/${MY_USERNAME}/.config/tox ]; then
|
||||
|
|
|
@ -101,7 +101,7 @@ function get_ipv4_wlan {
|
|||
}
|
||||
|
||||
function mesh_hotspot_ip_address {
|
||||
echo $(ip -o -f inet addr show dev "$BRIDGE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
|
||||
echo $(ip -o -f inet addr show dev "${BRIDGE}" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
|
||||
}
|
||||
|
||||
function global_rate_limit {
|
||||
|
@ -122,6 +122,10 @@ function stop {
|
|||
echo 'error: unable to find wifi interface, not enabling batman-adv mesh'
|
||||
return
|
||||
fi
|
||||
|
||||
systemctl stop dnsmasq
|
||||
systemctl disable dnsmasq
|
||||
|
||||
if [ "$EIFACE" ]; then
|
||||
brctl delif $BRIDGE bat0
|
||||
ifconfig $BRIDGE down || true
|
||||
|
@ -280,6 +284,9 @@ function mesh_create_app_downloads_page {
|
|||
if [ ! -f /var/www/html/ssb.apk ]; then
|
||||
cp /root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk /var/www/html/ssb.apk
|
||||
fi
|
||||
if [ ! -f /var/www/html/trifa.apk ]; then
|
||||
cp /root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk /var/www/html/trifa.apk
|
||||
fi
|
||||
if [ ! -d /var/www/html/images ]; then
|
||||
mkdir /var/www/html/images
|
||||
fi
|
||||
|
@ -289,6 +296,9 @@ function mesh_create_app_downloads_page {
|
|||
if [ ! -f /var/www/html/images/ssb.png ]; then
|
||||
cp /root/$PROJECT_NAME/img/icon_patchwork.png /var/www/html/images/ssb.png
|
||||
fi
|
||||
if [ ! -f /var/www/html/images/trifa.png ]; then
|
||||
cp /root/$PROJECT_NAME/img/trifa.png /var/www/html/images/trifa.png
|
||||
fi
|
||||
if [ ! -f /var/www/html/freedombone.css ]; then
|
||||
cp /root/$PROJECT_NAME/website/freedombone.css /var/www/html/freedombone.css
|
||||
fi
|
||||
|
@ -296,6 +306,8 @@ function mesh_create_app_downloads_page {
|
|||
}
|
||||
|
||||
function start {
|
||||
update_wifi_adaptors
|
||||
|
||||
if [ -z "$IFACE" ] ; then
|
||||
echo 'error: unable to find wifi interface, not enabling batman-adv mesh'
|
||||
exit 723657
|
||||
|
@ -305,6 +317,9 @@ function start {
|
|||
systemctl stop network-manager
|
||||
sleep 5
|
||||
|
||||
systemctl stop dnsmasq
|
||||
systemctl disable dnsmasq
|
||||
|
||||
# remove an avahi service which isn't used
|
||||
if [ -f /etc/avahi/services/udisks.service ]; then
|
||||
sudo rm /etc/avahi/services/udisks.service
|
||||
|
@ -340,6 +355,7 @@ function start {
|
|||
brctl addbr $BRIDGE
|
||||
brctl addif $BRIDGE bat0
|
||||
ifconfig bat0 0.0.0.0
|
||||
ethernet_connected='0'
|
||||
if [ "$EIFACE" ] ; then
|
||||
ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
|
||||
if [[ "$ethernet_connected" != "0" ]]; then
|
||||
|
@ -358,25 +374,43 @@ function start {
|
|||
if [ $secondary_wifi_available ]; then
|
||||
sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
|
||||
|
||||
echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
|
||||
echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf
|
||||
echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
|
||||
echo "country_code=UK" >> /etc/hostapd/hostapd.conf
|
||||
echo "ssid=${WIFI_SSID}-$(mesh_hotspot_ip_address)" >> /etc/hostapd/hostapd.conf
|
||||
echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
|
||||
echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
|
||||
echo 'wpa=2' >> /etc/hostapd/hostapd.conf
|
||||
echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
|
||||
echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
|
||||
echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
|
||||
echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
|
||||
echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
|
||||
echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
|
||||
mesh_hotspot_address=$(mesh_hotspot_ip_address)
|
||||
if [[ "$mesh_hotspot_address" == *'.'* ]]; then
|
||||
echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
|
||||
echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf
|
||||
echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
|
||||
echo "country_code=UK" >> /etc/hostapd/hostapd.conf
|
||||
echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}" >> /etc/hostapd/hostapd.conf
|
||||
echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
|
||||
echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
|
||||
echo 'wpa=2' >> /etc/hostapd/hostapd.conf
|
||||
echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
|
||||
echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
|
||||
echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
|
||||
echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
|
||||
echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
|
||||
echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
|
||||
|
||||
sed -i "s|#interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
|
||||
sed -i "s|interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
|
||||
sed -i "s|listen-address=.*|listen-address=127.0.0.1,$mesh_hotspot_address|g" /etc/dnsmasq.conf
|
||||
sed -i 's|#listen-address|listen-address|g' /etc/dnsmasq.conf
|
||||
systemctl enable dnsmasq
|
||||
systemctl restart dnsmasq
|
||||
|
||||
systemctl enable hostapd
|
||||
systemctl restart hostapd
|
||||
mesh_create_app_downloads_page
|
||||
else
|
||||
secondary_wifi_available=
|
||||
echo $'WARNING: No IP address could be obtained for the hotspot'
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! $secondary_wifi_available ]; then
|
||||
systemctl stop hostapd
|
||||
systemctl disable hostapd
|
||||
|
||||
systemctl enable hostapd
|
||||
systemctl restart hostapd
|
||||
mesh_create_app_downloads_page
|
||||
else
|
||||
# Recreate the cryptpad symlink
|
||||
if [ -f /etc/nginx/sites-available/cryptpad ]; then
|
||||
if [ -L /etc/nginx/sites-enabled/cryptpad ]; then
|
||||
|
@ -420,21 +454,22 @@ function start {
|
|||
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 8010 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
|
||||
# vpn over the internet
|
||||
iptables -A INPUT -p tcp --dport 653 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 653 -j ACCEPT
|
||||
iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
|
||||
iptables -A INPUT -i tun+ -j ACCEPT
|
||||
iptables -A FORWARD -i tun+ -j ACCEPT
|
||||
iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
|
||||
iptables -A OUTPUT -o tun+ -j ACCEPT
|
||||
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
|
||||
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
|
||||
sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
|
||||
if [[ "$ethernet_connected" != "0" ]]; then
|
||||
# vpn over the internet
|
||||
iptables -A INPUT -p tcp --dport 653 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 653 -j ACCEPT
|
||||
iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
|
||||
iptables -A INPUT -i tun+ -j ACCEPT
|
||||
iptables -A FORWARD -i tun+ -j ACCEPT
|
||||
iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
|
||||
iptables -A OUTPUT -o tun+ -j ACCEPT
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
|
||||
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
|
||||
sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
|
||||
fi
|
||||
|
||||
systemctl restart avahi-daemon
|
||||
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
|
||||
PROJECT_NAME='freedombone'
|
||||
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
|
||||
MONGODB_APPS_FILE=$HOME/.mongodbapps
|
||||
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
|
||||
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
|
||||
|
||||
|
@ -184,6 +185,16 @@ function restore_configfiles {
|
|||
# fi
|
||||
#fi
|
||||
|
||||
if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
|
||||
cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
|
||||
if [ ! "$?" = "0" ]; then
|
||||
set_user_permissions
|
||||
backup_unmount_drive
|
||||
rm -rf $temp_restore_dir
|
||||
exit 859034853
|
||||
fi
|
||||
fi
|
||||
|
||||
#if [ -f $CONFIGURATION_FILE ]; then
|
||||
# # install according to the config file
|
||||
# freedombone -c $CONFIGURATION_FILE
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
PROJECT_NAME='freedombone'
|
||||
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
|
||||
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
|
||||
MONGODB_APPS_FILE=$HOME/.mongodbapps
|
||||
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
|
||||
|
||||
export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
|
||||
|
@ -172,6 +173,15 @@ function restore_configfiles {
|
|||
# fi
|
||||
#fi
|
||||
|
||||
if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
|
||||
cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
|
||||
if [ ! "$?" = "0" ]; then
|
||||
unmount_drive
|
||||
rm -rf $temp_restore_dir
|
||||
exit 7835335
|
||||
fi
|
||||
fi
|
||||
|
||||
#if [ -f $CONFIGURATION_FILE ]; then
|
||||
# # install according to the config file
|
||||
# freedombone -c $CONFIGURATION_FILE
|
||||
|
|
|
@ -93,6 +93,7 @@ if [ -d $PROJECT_DIR ]; then
|
|||
exit 453536
|
||||
fi
|
||||
|
||||
apt-get -yq -t stretch-backports install certbot
|
||||
email_install_tls
|
||||
defrag_filesystem
|
||||
fi
|
||||
|
|
|
@ -236,15 +236,29 @@ function backup_database_local_usb {
|
|||
mkdir -p ${local_database_dir}
|
||||
fi
|
||||
echo $"Obtaining ${1} database backup"
|
||||
if [ ! $USE_POSTGRESQL ]; then
|
||||
keep_database_running
|
||||
mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql
|
||||
else
|
||||
database_file_extension='sql'
|
||||
if [ $USE_MONGODB ]; then
|
||||
database_file_extension='mdb'
|
||||
USE_POSTGRESQL=
|
||||
sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.sql
|
||||
fi
|
||||
if [ -f ${local_database_dir}/${1}.sql ]; then
|
||||
if [ ! -s ${local_database_dir}/${1}.sql ]; then
|
||||
if [ ! $USE_POSTGRESQL ]; then
|
||||
if [ ! $USE_MONGODB ]; then
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
keep_database_running
|
||||
mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.${database_file_extension}
|
||||
else
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
mongodump --db ${1} --archive=${local_database_dir}/${1}.${database_file_extension} --gzip
|
||||
fi
|
||||
else
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.${database_file_extension}
|
||||
fi
|
||||
if [ -f ${local_database_dir}/${1}.${database_file_extension} ]; then
|
||||
if [ ! -s ${local_database_dir}/${1}.${database_file_extension} ]; then
|
||||
echo $"${1} database could not be saved"
|
||||
shred -zu ${local_database_dir}/*
|
||||
rm -rf ${local_database_dir}
|
||||
|
@ -552,16 +566,30 @@ function backup_database_remote {
|
|||
fi
|
||||
|
||||
echo "Obtaining ${1} database backup"
|
||||
if [ ! $USE_POSTGRESQL ]; then
|
||||
keep_database_running
|
||||
mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql
|
||||
else
|
||||
database_file_extension='sql'
|
||||
if [ $USE_MONGODB ]; then
|
||||
database_file_extension='mdb'
|
||||
USE_POSTGRESQL=
|
||||
sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.sql
|
||||
fi
|
||||
if [ ! $USE_POSTGRESQL ]; then
|
||||
if [ ! $USE_MONGODB ]; then
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
keep_database_running
|
||||
mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.${database_file_extension}
|
||||
else
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
mongodump --db ${1} --archive=${local_database_dir}/${1}.${database_file_extension} --gzip
|
||||
fi
|
||||
else
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.${database_file_extension}
|
||||
fi
|
||||
|
||||
if [ -f ${local_database_dir}/${1}.sql ]; then
|
||||
if [ ! -s ${local_database_dir}/${1}.sql ]; then
|
||||
if [ -f ${local_database_dir}/${1}.${database_file_extension} ]; then
|
||||
if [ ! -s ${local_database_dir}/${1}.${database_file_extension} ]; then
|
||||
echo $"${1} database could not be saved"
|
||||
shred -zu ${local_database_dir}/*
|
||||
rm -rf ${local_database_dir}
|
||||
|
@ -569,7 +597,7 @@ function backup_database_remote {
|
|||
echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
|
||||
function_check restart_site
|
||||
restart_site
|
||||
exit 5738
|
||||
exit 57386728
|
||||
fi
|
||||
else
|
||||
echo $"${1} database could not be dumped"
|
||||
|
@ -578,7 +606,7 @@ function backup_database_remote {
|
|||
echo $"Unable to dump ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
|
||||
function_check restart_site
|
||||
restart_site
|
||||
exit 3687
|
||||
exit 36874289
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -642,33 +670,47 @@ function restore_database_from_friend {
|
|||
RESTORE_SUBDIR="root"
|
||||
|
||||
if [ -d $SERVER_DIRECTORY/backup/${1} ]; then
|
||||
database_file_extension='sql'
|
||||
if [ $USE_MONGODB ]; then
|
||||
database_file_extension='mdb'
|
||||
USE_POSTGRESQL=
|
||||
fi
|
||||
echo $"Restoring ${1} database"
|
||||
local_database_dir=/root/temp${1}data
|
||||
restore_directory_from_friend ${local_database_dir} ${1}data
|
||||
database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.sql
|
||||
database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension}
|
||||
if [ ! -f $database_file ]; then
|
||||
database_file=${local_database_dir}/${restore_app_name}.sql
|
||||
database_file=${local_database_dir}/${restore_app_name}.${database_file_extension}
|
||||
fi
|
||||
if [ ! -f $database_file ]; then
|
||||
echo $"Unable to restore ${1} database"
|
||||
rm -rf ${local_database_dir}
|
||||
exit 503
|
||||
exit 5289252
|
||||
fi
|
||||
if [ ! $USE_POSTGRESQL ]; then
|
||||
keep_database_running
|
||||
mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${1} -o < ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
|
||||
if [ ! $USE_MONGODB ]; then
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
keep_database_running
|
||||
mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < ${database_file})
|
||||
else
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
mongorestore --gzip --archive=${database_file} --db ${restore_app_name}
|
||||
fi
|
||||
else
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
mysqlsuccess=$(sudo -u postgres pg_restore ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
|
||||
mysqlsuccess=$(sudo -u postgres pg_restore ${database_file})
|
||||
fi
|
||||
if [ ! "$?" = "0" ]; then
|
||||
echo "$mysqlsuccess"
|
||||
exit 964
|
||||
exit 8735271
|
||||
fi
|
||||
if [ -d ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data ]; then
|
||||
shred -zu ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/*
|
||||
else
|
||||
shred -zu ${local_database_dir}/*.sql
|
||||
shred -zu ${local_database_dir}/*.${database_file_extension}
|
||||
fi
|
||||
rm -rf ${local_database_dir}
|
||||
echo $"Restoring ${1} installation"
|
||||
|
@ -695,7 +737,7 @@ function restore_database_from_friend {
|
|||
cp -r $restore_from_dir/* /var/www/${2}/htdocs/
|
||||
fi
|
||||
if [ ! "$?" = "0" ]; then
|
||||
exit 683
|
||||
exit 78352682
|
||||
fi
|
||||
if [ -d /etc/letsencrypt/live/${2} ]; then
|
||||
ln -s /etc/letsencrypt/live/${2}/privkey.pem /etc/ssl/private/${2}.key
|
||||
|
@ -725,9 +767,14 @@ function restore_database {
|
|||
fi
|
||||
function_check restore_directory_from_usb
|
||||
restore_directory_from_usb "${local_database_dir}" "${restore_app_name}data"
|
||||
database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.sql
|
||||
database_file_extension='sql'
|
||||
if [ $USE_MONGODB ]; then
|
||||
database_file_extension='mdb'
|
||||
USE_POSTGRESQL=
|
||||
fi
|
||||
database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension}
|
||||
if [ ! -f $database_file ]; then
|
||||
database_file=${local_database_dir}/${restore_app_name}.sql
|
||||
database_file=${local_database_dir}/${restore_app_name}.${database_file_extension}
|
||||
fi
|
||||
if [ ! -f $database_file ]; then
|
||||
echo $"Unable to restore ${restore_app_name} database"
|
||||
|
@ -736,12 +783,21 @@ function restore_database {
|
|||
set_user_permissions
|
||||
function_check backup_unmount_drive
|
||||
backup_unmount_drive
|
||||
exit 503
|
||||
exit 7825235
|
||||
fi
|
||||
if [ ! $USE_POSTGRESQL ]; then
|
||||
keep_database_running
|
||||
mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file)
|
||||
if [ ! $USE_MONGODB ]; then
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
keep_database_running
|
||||
mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file)
|
||||
else
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
mongorestore --gzip --archive=$database_file --db ${restore_app_name}
|
||||
fi
|
||||
else
|
||||
USE_MONGODB=
|
||||
USE_POSTGRESQL=
|
||||
mysqlsuccess=$(sudo -u postgres pg_restore $database_file)
|
||||
fi
|
||||
|
@ -751,12 +807,12 @@ function restore_database {
|
|||
set_user_permissions
|
||||
function_check set_user_permissions
|
||||
backup_unmount_drive
|
||||
exit 964
|
||||
exit 482638995
|
||||
fi
|
||||
if [ -d ${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data ]; then
|
||||
shred -zu ${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/*
|
||||
else
|
||||
shred -zu ${local_database_dir}/*.sql
|
||||
shred -zu ${local_database_dir}/*.${database_file_extension}
|
||||
fi
|
||||
|
||||
rm -rf ${local_database_dir}
|
||||
|
@ -789,7 +845,7 @@ function restore_database {
|
|||
if [ ! "$?" = "0" ]; then
|
||||
set_user_permissions
|
||||
backup_unmount_drive
|
||||
exit 683
|
||||
exit 78252429
|
||||
fi
|
||||
if [ -d /etc/letsencrypt/live/${restore_app_domain} ]; then
|
||||
ln -s /etc/letsencrypt/live/${restore_app_domain}/privkey.pem /etc/ssl/private/${restore_app_domain}.key
|
||||
|
|
|
@ -0,0 +1,176 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# .---. . .
|
||||
# | | |
|
||||
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
|
||||
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
|
||||
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
|
||||
#
|
||||
# Freedom in the Cloud
|
||||
#
|
||||
# mongodb database functions
|
||||
#
|
||||
# License
|
||||
# =======
|
||||
#
|
||||
# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# Set this when calling backup and restore commands
|
||||
USE_MONGODB=
|
||||
MONGODB_APPS_FILE=$HOME/.mongodbapps
|
||||
|
||||
function store_original_mongodb_password {
|
||||
if [ ! -f /root/.mongodboriginal ]; then
|
||||
echo $'Storing original mongodb password'
|
||||
ORIGINAL_MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
|
||||
# We can store this in plaintext because it will soon be of historical interest only
|
||||
echo -n "$ORIGINAL_MONGODB_PASSWORD" > /root/.mongodboriginal
|
||||
fi
|
||||
}
|
||||
|
||||
function get_mongodb_password {
|
||||
MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
|
||||
if [[ "$MONGODB_PASSWORD" == *'failed'* ]]; then
|
||||
echo $'Could not obtain mongodb password'
|
||||
exit 7835272
|
||||
fi
|
||||
}
|
||||
|
||||
function install_mongodb {
|
||||
app_name=$1
|
||||
|
||||
if [[ "$(uname -a)" == *"armv7"* ]]; then
|
||||
echo $'mongodb package is not available for arm 7 architecture'
|
||||
exit 7356272
|
||||
fi
|
||||
|
||||
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
function_check get_mongodb_password
|
||||
get_mongodb_password
|
||||
if [ ! $MONGODB_PASSWORD ]; then
|
||||
if [ -f $IMAGE_PASSWORD_FILE ]; then
|
||||
MONGODB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
|
||||
else
|
||||
MONGODB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
|
||||
fi
|
||||
fi
|
||||
${PROJECT_NAME}-pass -u root -a mongodb -p "$MONGODB_PASSWORD"
|
||||
|
||||
apt-get -yq install mongodb mongo-tools
|
||||
apt-get -yq remove --purge apache2-bin*
|
||||
if [ -d /etc/apache2 ]; then
|
||||
rm -rf /etc/apache2
|
||||
echo $'Removed Apache installation after mongodb install'
|
||||
fi
|
||||
|
||||
if [ ! -d /var/lib/mongodb ]; then
|
||||
echo $"ERROR: mongodb does not appear to have installed. $CHECK_MESSAGE"
|
||||
exit 78352
|
||||
fi
|
||||
|
||||
if [ $app_name ]; then
|
||||
if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
|
||||
echo "$app_name" >> $MONGODB_APPS_FILE
|
||||
fi
|
||||
fi
|
||||
|
||||
mark_completed $FUNCNAME
|
||||
}
|
||||
|
||||
function remove_mongodb {
|
||||
app_name=$1
|
||||
|
||||
if [ ! $app_name ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
removemongo=
|
||||
if [ -f $MONGODB_APPS_FILE ]; then
|
||||
sed -i "/$app_name/d" $MONGODB_APPS_FILE
|
||||
if [ ! -s $MONGODB_APPS_FILE ]; then
|
||||
removemongo=1
|
||||
fi
|
||||
else
|
||||
removemongo=1
|
||||
fi
|
||||
|
||||
if [ $removemongo ]; then
|
||||
systemctl stop mongodb
|
||||
systemctl disable mongodb
|
||||
apt-get -yq remove --purge mongodb mongo-tools
|
||||
apt-get -yq autoremove
|
||||
if [ -d /var/lib/mongodb ]; then
|
||||
rm -rf /var/lib/mongodb
|
||||
fi
|
||||
if [ -f /etc/systemd/system/mongodb.service ]; then
|
||||
rm /etc/systemd/system/mongodb.service
|
||||
systemctl daemon-reload
|
||||
fi
|
||||
if [ -f /etc/init.d/mongodb ]; then
|
||||
rm /etc/init.d/mongodb
|
||||
fi
|
||||
sed -i '/install_mongodb/d' $COMPLETION_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
function add_mongodb_user {
|
||||
mongodb_username=$1
|
||||
mongodb_password=$2
|
||||
|
||||
mongo admin --eval "db.createUser({user: '$mongodb_username', pwd: '$mongodb_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })"
|
||||
}
|
||||
|
||||
function remove_mongodb_user {
|
||||
mongodb_username=$1
|
||||
mongo admin --eval "db.removeUser($mongodb_username)"
|
||||
}
|
||||
|
||||
function drop_database_mongodb {
|
||||
database_name="$1"
|
||||
if [[ "$database_name" == 'admin' ]]; then
|
||||
return
|
||||
fi
|
||||
mongo $database_name --eval "db.runCommand( { dropDatabase: 1 } )"
|
||||
if [ $app_name ]; then
|
||||
if grep -q "$app_name" $MONGODB_APPS_FILE; then
|
||||
sed -i "/$app_name/d" $MONGODB_APPS_FILE
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
function initialise_database_mongodb {
|
||||
database_name=$1
|
||||
database_file=$2
|
||||
mongorestore $database_file
|
||||
if [ ! "$?" = "0" ]; then
|
||||
exit 8358365
|
||||
fi
|
||||
}
|
||||
|
||||
function create_database_mongodb {
|
||||
app_name="$1"
|
||||
app_admin_password="$2"
|
||||
app_admin_username=$3
|
||||
mongo admin --eval "db.createUser({user: '$app_admin_username', pwd: '$app_admin_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })"
|
||||
if [ $app_name ]; then
|
||||
if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
|
||||
echo "$app_name" >> $MONGODB_APPS_FILE
|
||||
fi
|
||||
fi
|
||||
}
|
|
@ -3,10 +3,10 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2017-08-23 Wed 19:23 -->
|
||||
<!-- 2017-11-19 Sun 23:19 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title></title>
|
||||
<title>‎</title>
|
||||
<meta name="generator" content="Org mode" />
|
||||
<meta name="author" content="Bob Mottram" />
|
||||
<meta name="description" content="How to use Matrix"
|
||||
|
@ -264,16 +264,16 @@ Matrix is a federated communications system, typically for multi-user chat, with
|
|||
Another consideration is that since matrix operates on the usual HTTPS port number (443) this may make it difficult for ISPs or governments to censor this type of communications via port blocking without significant blowback.
|
||||
</p>
|
||||
|
||||
<div id="outline-container-orgc78770d" class="outline-2">
|
||||
<h2 id="orgc78770d">Installation</h2>
|
||||
<div class="outline-text-2" id="text-orgc78770d">
|
||||
<div id="outline-container-orgd6cc689" class="outline-2">
|
||||
<h2 id="orgd6cc689">Installation</h2>
|
||||
<div class="outline-text-2" id="text-orgd6cc689">
|
||||
<p>
|
||||
Log into your system with:
|
||||
</p>
|
||||
|
||||
<div class="org-src-container">
|
||||
<pre><code class="src src-bash">ssh myusername@mydomain -p 2222
|
||||
</code></pre>
|
||||
<pre class="src src-bash">ssh myusername@mydomain -p 2222
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p>
|
||||
|
@ -286,9 +286,9 @@ Select <b>Add/Remove Apps</b> then <b>matrix</b>. You will then be asked for a d
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org5262b52" class="outline-2">
|
||||
<h2 id="org5262b52">Initial setup</h2>
|
||||
<div class="outline-text-2" id="text-org5262b52">
|
||||
<div id="outline-container-org3292734" class="outline-2">
|
||||
<h2 id="org3292734">Initial setup</h2>
|
||||
<div class="outline-text-2" id="text-org3292734">
|
||||
<p>
|
||||
Go to the <b>Administrator control panel</b> and select <b>Passwords</b> then <b>matrix</b>. This will give you the password to initially log in to the system and you can change it later from a client app if needed.
|
||||
</p>
|
||||
|
@ -303,19 +303,19 @@ Other client apps are available but are currently mostly only at the alpha stage
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgd8eede9" class="outline-2">
|
||||
<h2 id="orgd8eede9">DNS setup</h2>
|
||||
<div class="outline-text-2" id="text-orgd8eede9">
|
||||
<div id="outline-container-org82239c4" class="outline-2">
|
||||
<h2 id="org82239c4">DNS setup</h2>
|
||||
<div class="outline-text-2" id="text-org82239c4">
|
||||
<p>
|
||||
It's recommended that you add an SRV record for Matrix to your DNS setup. How you do this will depend upon your dynamic DNS provider and their web interface. On FreeDNS on the subdomains settings in addition to the subdomain which you are using for the matrix server create an extra entry as follows:
|
||||
</p>
|
||||
|
||||
<div class="org-src-container">
|
||||
<pre><code class="src src-text">Type: SRV
|
||||
<pre class="src src-text">Type: SRV
|
||||
Subdomain: _matrix._tcp
|
||||
Domain: [youdomain]
|
||||
Destination: 10 0 8448 [yourmatrixsubdomain]
|
||||
</code></pre>
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
<p>
|
||||
|
@ -323,6 +323,15 @@ You may also want to make another entry with the same settings but replacing <b>
|
|||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org9568212" class="outline-2">
|
||||
<h2 id="org9568212">Mobile app</h2>
|
||||
<div class="outline-text-2" id="text-org9568212">
|
||||
<p>
|
||||
If you're using the Riot mobile app to access your Matrix homeserver then you can significantly improve battery performance by going to the settings and changing <b>Sync request timeout</b> to 30 seconds and <b>Delay between two sync requests</b> to 600 seconds.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div id="postamble" class="status">
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2017-11-10 Fri 17:42 -->
|
||||
<!-- 2017-11-12 Sun 18:45 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -264,9 +264,9 @@ Pleroma is an OStatus-compatible social networking server, compatible with GNU S
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org630bbcf" class="outline-2">
|
||||
<h2 id="org630bbcf">Installation</h2>
|
||||
<div class="outline-text-2" id="text-org630bbcf">
|
||||
<div id="outline-container-org39de7d0" class="outline-2">
|
||||
<h2 id="org39de7d0">Installation</h2>
|
||||
<div class="outline-text-2" id="text-org39de7d0">
|
||||
<p>
|
||||
Log into your system with:
|
||||
</p>
|
||||
|
@ -286,9 +286,9 @@ Select <b>Add/Remove Apps</b> then <b>pleroma</b>. You will then be asked for a
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org703cfb4" class="outline-2">
|
||||
<h2 id="org703cfb4">Initial setup</h2>
|
||||
<div class="outline-text-2" id="text-org703cfb4">
|
||||
<div id="outline-container-org35d8b0a" class="outline-2">
|
||||
<h2 id="org35d8b0a">Initial setup</h2>
|
||||
<div class="outline-text-2" id="text-org35d8b0a">
|
||||
<p>
|
||||
The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
|
||||
</p>
|
||||
|
@ -298,6 +298,23 @@ Once you have done that then you can disable further registrations from the <b>A
|
|||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org31f6ea0" class="outline-2">
|
||||
<h2 id="org31f6ea0">Mastodon user interface</h2>
|
||||
<div class="outline-text-2" id="text-org31f6ea0">
|
||||
<p>
|
||||
If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to <b>/yourpleromadomainname/web</b> and log in.
|
||||
</p>
|
||||
|
||||
<div class="org-center">
|
||||
|
||||
<div class="figure">
|
||||
<p><img src="images/pleromamastodon.jpg" alt="pleromamastodon.jpg" />
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div id="postamble" class="status">
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2017-10-05 Thu 11:44 -->
|
||||
<!-- 2017-11-20 Mon 14:33 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -256,7 +256,7 @@ The following apps are available:
|
|||
<table style="width:80%; border:0">
|
||||
<tr>
|
||||
<td><center><b><a href="ssb.apk"><img src="images/ssb.png"/></a></b><br><a href="ssb.apk">Secure Scuttlebutt</a></center></td>
|
||||
<td><center><b><h3></h3></b><br></center></td>
|
||||
<td><center><b><a href="trifa.apk"><img src="images/trifa.png"/></a></b><br><a href="trifa.apk">Tox</a></center></td>
|
||||
</tr>
|
||||
</table>
|
||||
</center>
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2017-09-22 Fri 13:18 -->
|
||||
<!-- 2017-11-19 Sun 23:19 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -277,9 +277,9 @@ Mobile phones are insecure devices, but they're regarded as being so essential t
|
|||
</table>
|
||||
</center>
|
||||
|
||||
<div id="outline-container-org066f7fb" class="outline-2">
|
||||
<h2 id="org066f7fb">Open</h2>
|
||||
<div class="outline-text-2" id="text-org066f7fb">
|
||||
<div id="outline-container-org028bfb1" class="outline-2">
|
||||
<h2 id="org028bfb1">Open</h2>
|
||||
<div class="outline-text-2" id="text-org028bfb1">
|
||||
<p>
|
||||
Use a Linux based phone operating system. Typically this will mean Android, but could also mean LineageOS or Replicant. LineageOS is the most preferable, because you can usually get an up to date image with a recent kernel which will give you better security against exploits. If you're buying a phone then look for a model which is supported by LineageOS. Replicant is the most free (as in freedom) but only runs on a small number of phone models. If you have a phone which runs a full GNU/Linux system then that's fantastic, and you can probably use it in much the same way as a desktop system and the rest of the advice on this page won't apply. If you don't have a phone capable of running a Linux based operating system then consider selling, giving away or bartering your existing one.
|
||||
</p>
|
||||
|
@ -290,45 +290,45 @@ Why is it so important to run Linux on a phone? Aren't <i>iThings</i> supposed t
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org1a24680" class="outline-2">
|
||||
<h2 id="org1a24680">Remove</h2>
|
||||
<div class="outline-text-2" id="text-org1a24680">
|
||||
<div id="outline-container-orgf5a1356" class="outline-2">
|
||||
<h2 id="orgf5a1356">Remove</h2>
|
||||
<div class="outline-text-2" id="text-orgf5a1356">
|
||||
<p>
|
||||
So maybe you're running Android and the phone came with some apps already installed. Almost certainly they'll be proprietary. Go to Settings/Apps and then uninstall or deactivate any apps which you really don't need. Mostly preinstalled apps are intended to send your data to companies who will then sell it to advertisers or governments under the business model of <i>surveillance capital</i>. It's not a good idea to get caught up in that, and to avoid becoming addicted to apps which are surveilling you without consent or installing spyware in the background without your knowledge.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org390d2d0" class="outline-2">
|
||||
<h2 id="org390d2d0">Encrypt</h2>
|
||||
<div class="outline-text-2" id="text-org390d2d0">
|
||||
<div id="outline-container-org8f0466d" class="outline-2">
|
||||
<h2 id="org8f0466d">Encrypt</h2>
|
||||
<div class="outline-text-2" id="text-org8f0466d">
|
||||
<p>
|
||||
Encrypt your phone. This can usually be done via <b>Settings/Security</b> and you may need to fully charge the phone first. Encryption means that if you lose your phone or it gets stolen then there is less chance that anyone who picks it up will get access to your data, photos and so on.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org3d6081e" class="outline-2">
|
||||
<h2 id="org3d6081e">Apps</h2>
|
||||
<div class="outline-text-2" id="text-org3d6081e">
|
||||
<div id="outline-container-orgfec183a" class="outline-2">
|
||||
<h2 id="orgfec183a">Apps</h2>
|
||||
<div class="outline-text-2" id="text-orgfec183a">
|
||||
<p>
|
||||
Installing <b>F-droid</b> and only adding any new apps via F-droid will ensure that you are always using free and open source software. Open source is not a panacea, since bugs can and do still occur, but it will help you to avoid the worst security and privacy pitfalls.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org5a55ec6" class="outline-2">
|
||||
<h2 id="org5a55ec6">Lock</h2>
|
||||
<div class="outline-text-2" id="text-org5a55ec6">
|
||||
<div id="outline-container-org77de138" class="outline-2">
|
||||
<h2 id="org77de138">Lock</h2>
|
||||
<div class="outline-text-2" id="text-org77de138">
|
||||
<p>
|
||||
Add a lock screen, preferably with a password which is not easy for other people to guess or for quicker access with a PIN number. Install an app called <b>Locker</b>, activate it and set the maximum number of password guesses to ten (or whatever you feel comfortable with). If bad people get hold of your phone then they may try to brute force your lock screen password or PIN (i.e. automatically trying millions of common word and number combinations) and the locker app will prevent them from succeeding by resetting the phone back to its factory default condition and wiping the data.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgaf7fb89" class="outline-2">
|
||||
<h2 id="orgaf7fb89">Onion</h2>
|
||||
<div class="outline-text-2" id="text-orgaf7fb89">
|
||||
<div id="outline-container-org4dc0e5b" class="outline-2">
|
||||
<h2 id="org4dc0e5b">Onion</h2>
|
||||
<div class="outline-text-2" id="text-org4dc0e5b">
|
||||
<p>
|
||||
Both governments and corporations want to compile matadata dossiers about you. Who you communicated with, when and how often. They want this so that they can data mine, simulate, predict and then ultimately influence (sometimes also called "nudge") your actions and preferences in the directions they prefer. By routing your connections through a number of proxy servers (Tor routers) you can make it perhaps not <i>theoretically</i> impossible but at least <i>very hard</i> for them to have a complete and accurate list of who your friends are, your religion, politics, likely health issues, sexual orientation and what news sites or books you read.
|
||||
</p>
|
||||
|
@ -339,26 +339,26 @@ In F-droid under the <b>repositories</b> menu you can enable the <b>guardian pro
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgc7a0b9e" class="outline-2">
|
||||
<h2 id="orgc7a0b9e">Email</h2>
|
||||
<div class="outline-text-2" id="text-orgc7a0b9e">
|
||||
<div id="outline-container-org466eb29" class="outline-2">
|
||||
<h2 id="org466eb29">Email</h2>
|
||||
<div class="outline-text-2" id="text-org466eb29">
|
||||
<p>
|
||||
The easiest way to access email is by installing the <a href="./app_mailpile.html">Mailpile</a> app. This keeps your GPG keys off of possibly insecure mobile devices but still enables encrypted email communications in an easy way. You can use K9 mail if you prefer, but that will require installing OpenKeychain and having your GPG keys on the device, which is a lot more risky.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="outline-container-orgfcecdf8" class="outline-2">
|
||||
<h2 id="orgfcecdf8">Services</h2>
|
||||
<div class="outline-text-2" id="text-orgfcecdf8">
|
||||
<div id="outline-container-org978ea8b" class="outline-2">
|
||||
<h2 id="org978ea8b">Services</h2>
|
||||
<div class="outline-text-2" id="text-org978ea8b">
|
||||
<p>
|
||||
For information on configuring various apps to work with Freedombone see the <a href="./usage.html">usage section</a>. Also see advice on chat apps in the <a href="./faq.html">FAQ</a>.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org469e667" class="outline-2">
|
||||
<h2 id="org469e667">Battery preservation</h2>
|
||||
<div class="outline-text-2" id="text-org469e667">
|
||||
<div id="outline-container-org3546225" class="outline-2">
|
||||
<h2 id="org3546225">Battery preservation</h2>
|
||||
<div class="outline-text-2" id="text-org3546225">
|
||||
<p>
|
||||
Even with free software apps it's not difficult to get into a situation where your battery doesn't last for long. To maximize battery life access RSS feeds via the onion-based mobile reader within a Tor-compatible browser and not from a locally installed RSS app.
|
||||
</p>
|
||||
|
@ -366,12 +366,16 @@ Even with free software apps it's not difficult to get into a situation where yo
|
|||
<p>
|
||||
If you have Syncthing installed then change the settings so that it only syncs when charging and when on wifi. Avoid any apps which might be continuously polling and preventing the device from going into sleep mode when it's not used.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If you're using the Riot mobile app to access a Matrix homeserver then you can significantly improve battery performance by going to the settings and changing <b>Sync request timeout</b> to 30 seconds and <b>Delay between two sync requests</b> to 600 seconds.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgcaf0530" class="outline-2">
|
||||
<h2 id="orgcaf0530">Blocking bad domains</h2>
|
||||
<div class="outline-text-2" id="text-orgcaf0530">
|
||||
<div id="outline-container-org6ebc6c4" class="outline-2">
|
||||
<h2 id="org6ebc6c4">Blocking bad domains</h2>
|
||||
<div class="outline-text-2" id="text-org6ebc6c4">
|
||||
<p>
|
||||
You can block known bad domains by editing the <b>/system/etc/hosts</b> file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better.
|
||||
</p>
|
||||
|
|
Loading…
Reference in New Issue