free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Tidying

This commit is contained in:
Bob Mottram 2016-10-16 19:50:56 +01:00
parent ff8efe0dec
commit 607d4bdc95
61 changed files with 817 additions and 852 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/freedombone-addcert
View File

@ -186,7 +186,11 @@ function add_cert_letsencrypt {
if [ ! $MY_EMAIL_ADDRESS ]; then
if [ -f $COMPLETION_FILE ]; then
if grep -q "Admin user:" $COMPLETION_FILE; then
ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
function_check get_completion_param
ADMIN_USER=$(get_completion_param "Admin user")
if [ ${#ADMIN_USER} -eq 0 ]; then
exit 463732
fi
MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME
fi
fi

4
src/freedombone-app-batman
View File

@ -46,7 +46,7 @@ function change_password_batman {
}
function configure_firewall_for_batman {
if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $ENABLE_BATMAN != "yes" ]]; then
@ -55,7 +55,7 @@ function configure_firewall_for_batman {
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function reconfigure_batman {

12
src/freedombone-app-dlna
View File

@ -78,7 +78,7 @@ function upgrade_dlna {
}
function configure_firewall_for_dlna {
if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@ -92,7 +92,7 @@ function configure_firewall_for_dlna {
OPEN_PORTS+=('DLNA 1900')
OPEN_PORTS+=('DLNA 8200')
echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function backup_local_dlna {
@ -168,7 +168,7 @@ function remove_dlna {
}
function install_dlna_main {
if grep -Fxq "install_dlna_main" $COMPLETION_FILE; then
if [[ $(app_is_installed dlna_main) == "1" ]]; then
return
fi
@ -217,11 +217,11 @@ function install_dlna_main {
function_check configure_firewall_for_dlna
configure_firewall_for_dlna
echo 'install_dlna_main' >> $COMPLETION_FILE
install_completed dlna_main
}
function script_for_attaching_usb_drive {
if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
echo '#!/bin/bash' > /usr/bin/attach-music
@ -256,7 +256,7 @@ function script_for_attaching_usb_drive {
ln -s /usr/bin/remove-music /usr/bin/detach-pictures
ln -s /usr/bin/remove-music /usr/bin/remove-pictures
echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function install_dlna {

12
src/freedombone-app-dokuwiki
View File

@ -85,7 +85,8 @@ function backup_local_dokuwiki {
function restore_local_dokuwiki {
if [ -d /var/lib/dokuwiki ]; then
echo $"Restoring Dokuwiki installation"
DOKUWIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "dokuwiki domain" | awk -F ':' '{print $2}')
function_check get_completion_param
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
temp_restore_dir=/root/tempdokuwiki
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir dokuwiki
@ -131,7 +132,8 @@ function backup_remote_dokuwiki {
function restore_remote_dokuwiki {
if [ -d $SERVER_DIRECTORY/backup/dokuwiki ]; then
DOKUWIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "dokuwiki domain" | awk -F ':' '{print $2}')
function_check get_completion_param
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
echo $"Restoring Dokuwiki installation $DOKUWIKI_DOMAIN_NAME"
function_check restore_directory_from_friend
restore_directory_from_friend /root/tempdokuwiki dokuwiki
@ -561,11 +563,7 @@ function install_dokuwiki {
chmod 600 /home/$MY_USERNAME/README
fi
if ! grep -q "dokuwiki domain" $COMPLETION_FILE; then
echo "dokuwiki domain:$DOKUWIKI_DOMAIN_NAME" >> $COMPLETION_FILE
else
sed -i "s|dokuwiki domain.*|dokuwiki domain:$DOKUWIKI_DOMAIN_NAME|g" $COMPLETION_FILE
fi
set_completion_param "dokuwiki domain" "$DOKUWIKI_DOMAIN_NAME"
APP_INSTALLED=1
}

59
src/freedombone-app-gnusocial
View File

@ -74,7 +74,8 @@ gnusocial_variables=(GNUSOCIAL_COMMIT
function remove_user_gnusocial {
remove_username="$1"
GNUSOCIAL_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "gnusocial domain" | head -n 1 | awk -F ':' '{print $2}')
function_check get_completion_param
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
if [ -d /var/www/$GNUSOCIAL_DOMAIN_NAME ]; then
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
php scripts/deleteprofile.php -n $remove_username -y
@ -85,7 +86,7 @@ function add_user_gnusocial {
new_username="$1"
new_user_password="$2"
GNUSOCIAL_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "gnusocial domain" | head -n 1 | awk -F ':' '{print $2}')
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs ]; then
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
php scripts/registeruser.php -n $new_username -w "$new_user_password" -e "$new_username@$HOSTNAME"
@ -231,7 +232,7 @@ function reconfigure_gnusocial {
function upgrade_gnusocial {
if grep -q "gnusocial domain" $COMPLETION_FILE; then
GNUSOCIAL_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "gnusocial domain" | head -n 1 | awk -F ':' '{print $2}')
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
fi
# update to the next commit
@ -246,7 +247,7 @@ function upgrade_gnusocial {
function backup_local_gnusocial {
GNUSOCIAL_DOMAIN_NAME='gnusocial'
if grep -q "gnusocial domain" $COMPLETION_FILE; then
GNUSOCIAL_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "gnusocial domain" | head -n 1 | awk -F ':' '{print $2}')
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
fi
source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
@ -274,7 +275,7 @@ function restore_local_gnusocial {
if ! grep -q "gnusocial domain" $COMPLETION_FILE; then
return
fi
GNUSOCIAL_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "gnusocial domain" | head -n 1 | awk -F ':' '{print $2}')
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
if [ $GNUSOCIAL_DOMAIN_NAME ]; then
echo $"Restoring gnusocial"
temp_restore_dir=/root/tempgnusocial
@ -300,7 +301,7 @@ function restore_local_gnusocial {
function backup_remote_gnusocial {
if grep -q "gnusocial domain" $COMPLETION_FILE; then
GNUSOCIAL_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "gnusocial domain" | head -n 1 | awk -F ':' '{print $2}')
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
temp_backup_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
function_check suspend_site
@ -325,7 +326,7 @@ function backup_remote_gnusocial {
function restore_remote_gnusocial {
if grep -q "gnusocial domain" $COMPLETION_FILE; then
echo $"Restoring gnusocial"
GNUSOCIAL_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "gnusocial domain" | head -n 1 | awk -F ':' '{print $2}')
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
# stop the daemons
cd /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
@ -412,11 +413,7 @@ function install_gnusocial_main {
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
git checkout $GNUSOCIAL_COMMIT -b $GNUSOCIAL_COMMIT
if ! grep -q "gnusocial commit" $COMPLETION_FILE; then
echo "gnusocial commit:$GNUSOCIAL_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/gnusocial commit.*/gnusocial commit:$GNUSOCIAL_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "gnusocial commit" "$GNUSOCIAL_COMMIT"
chmod a+w /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
chown www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
@ -642,11 +639,7 @@ function install_gnusocial_main {
fi
fi
if ! grep -q "gnusocial domain" $COMPLETION_FILE; then
echo "gnusocial domain:$GNUSOCIAL_DOMAIN_NAME" >> $COMPLETION_FILE
else
sed -i "s|gnusocial domain.*|gnusocial domain:$GNUSOCIAL_DOMAIN_NAME|g" $COMPLETION_FILE
fi
set_completion_param "gnusocial domain" "$GNUSOCIAL_DOMAIN_NAME"
install_completed gnusocial_main
}
@ -715,11 +708,7 @@ function install_gnusocial_plugin_sharings {
chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
if ! grep -q "gnusocial sharings plugin commit" $COMPLETION_FILE; then
echo "gnusocial sharings plugin commit:$SHARINGS_COMMIT" >> $COMPLETION_FILE
else
sed -i "s|gnusocial sharings plugin commit.*|gnusocial sharings plugin commit:$SHARINGS_COMMIT|g" $COMPLETION_FILE
fi
set_completion_param gnusocial "sharings plugin commit" "$SHARINGS_COMMIT"
install_completed gnusocial_plugin_sharings
}
@ -761,11 +750,7 @@ function install_gnusocial_plugin_sharings_theme {
chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
if ! grep -q "gnusocial sharings plugin theme commit" $COMPLETION_FILE; then
echo "gnusocial sharings plugin theme commit:$SHARINGS_THEME_COMMIT" >> $COMPLETION_FILE
else
sed -i "s|gnusocial sharings plugin theme commit.*|gnusocial sharings plugin theme commit:$SHARINGS_THEME_COMMIT|g" $COMPLETION_FILE
fi
set_completions_param "gnusocial sharings plugin theme commit" "$SHARINGS_THEME_COMMIT"
install_completed gnusocial_plugin_sharings_theme
}
@ -914,11 +899,7 @@ function install_gnusocial_theme {
fi
fi
if ! grep -q "gnusocial theme commit" $COMPLETION_FILE; then
echo "gnusocial theme commit:$GNUSOCIAL_THEME_COMMIT" >> $COMPLETION_FILE
else
sed -i "s|gnusocial theme commit.*|gnusocial theme commit:$GNUSOCIAL_THEME_COMMIT|g" $COMPLETION_FILE
fi
set_completions_param "gnusocial theme commit" "$GNUSOCIAL_THEME_COMMIT"
chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
@ -957,11 +938,7 @@ function install_gnusocial_markdown {
echo "addPlugin('Markdown');" >> $gnusocial_config_file
fi
if ! grep -q "gnusocial Markdown commit" $COMPLETION_FILE; then
echo "gnusocial Markdown commit:$GNUSOCIAL_MARKDOWN_COMMIT" >> $COMPLETION_FILE
else
sed -i "s|gnusocial Markdown commit.*|gnusocial Markdown commit:$GNUSOCIAL_MARKDOWN_COMMIT|g" $COMPLETION_FILE
fi
set_completions_param "gnusocial markdown commit" "$GNUSOCIAL_MARKDOWN_COMMIT"
chown -R www-data:www-data $GNUSOCIAL_PATH
@ -978,7 +955,7 @@ function install_gnusocial_plugin_nsfw {
function_check set_repo_commit
set_repo_commit /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins "gnusocial NSFW plugin commit" "$GNUSOCIAL_NSFW_COMMIT" $GNUSOCIAL_NSFW_REPO
if grep -Fxq "install_gnusocial_plugin_nsfw" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -1006,11 +983,7 @@ function install_gnusocial_plugin_nsfw {
chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
if ! grep -q "gnusocial NSFW plugin commit" $COMPLETION_FILE; then
echo "gnusocial NSFW plugin commit:$GNUSOCIAL_NSFW_COMMIT" >> $COMPLETION_FILE
else
sed -i "s|gnusocial NSFW plugin commit.*|gnusocial NSFW plugin commit:$GNUSOCIAL_NSFW_COMMIT|g" $COMPLETION_FILE
fi
set_completions_param "gnusocial NSFW plugin commit" "$GNUSOCIAL_NSFW_COMMIT"
install_completed gnusocial_plugin_nsfw
}

4
src/freedombone-app-gogs
View File

@ -128,7 +128,7 @@ function upgrade_gogs {
return
fi
CURR_GOGS_VERSION=$(cat $COMPLETION_FILE | grep "gogs version" | head -n 1 | awk -F ':' '{print $2}')
CURR_GOGS_VERSION=$(get_completion_param "gogs version")
if [[ "${CURR_GOGS_VERSION}" == "${GOGS_VERSION}" ]]; then
return
fi
@ -288,7 +288,7 @@ function backup_remote_gogs {
function restore_remote_gogs {
if grep -q "gogs domain" $COMPLETION_FILE; then
GIT_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "gogs domain" | awk -F ':' '{print $2}')
GIT_DOMAIN_NAME=$(get_completion_param "gogs domain")
function_check gogs_create_database
gogs_create_database

540
src/freedombone-app-htmly
View File

@ -30,18 +30,18 @@
VARIANTS="full full-vim writer"
HYMLY_DOMAIN_NAME=
HYMLY_CODE=
HYMLY_ONION_PORT=8086
HYMLY_REPO="https://github.com/danpros/htmly"
HYMLY_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32'
HTMLY_DOMAIN_NAME=
HTMLY_CODE=
HTMLY_ONION_PORT=8086
HTMLY_REPO="https://github.com/danpros/htmly"
HTMLY_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32'
HTMLY_TITLE="My Htmly"
HTMLY_SUBTITLE="Another ${PROJECT_NAME} Htmly"
htmly_variables=(HYMLY_REPO
HYMLY_COMMIT
HYMLY_DOMAIN_NAME
HYMLY_CODE
htmly_variables=(HTMLY_REPO
HTMLY_COMMIT
HTMLY_DOMAIN_NAME
HTMLY_CODE
HTMLY_TITLE
HTMLY_SUBTITLE
ONION_ONLY
@ -91,8 +91,8 @@ function set_avatar_from_url {
function remove_user_htmly {
remove_username="$1"
if [ -f /var/www/${HYMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini ]; then
rm /var/www/${HYMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini
if [ -f /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini ]; then
rm /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini
fi
}
@ -105,7 +105,7 @@ function add_user_htmly {
new_username="$1"
new_user_password="$2"
if [ ! -d /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users ]; then
if [ ! -d /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users ]; then
echo '2'
return
fi
@ -114,11 +114,11 @@ function add_user_htmly {
echo '3'
return
fi
echo ';Password' > /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo 'encryption = password_hash' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo ';Role' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo 'role = admin' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo '0'
}
@ -152,21 +152,19 @@ function install_interactive_htmly {
if [[ $ONION_ONLY != "no" ]]; then
HTMLY_TITLE='My Htmly'
HYMLY_DOMAIN_NAME='htmly.local'
HTMLY_DOMAIN_NAME='htmly.local'
write_config_param "HTMLY_TITLE" "$HTMLY_TITLE"
write_config_param "HYMLY_DOMAIN_NAME" "$HYMLY_DOMAIN_NAME"
write_config_param "HTMLY_DOMAIN_NAME" "$HTMLY_DOMAIN_NAME"
else
function_check interactive_site_details_with_title
interactive_site_details_with_title "htmly" "HTMLY_TITLE" "HYMLY_DOMAIN_NAME" "HYMLY_CODE"
interactive_site_details_with_title "htmly" "HTMLY_TITLE" "HTMLY_DOMAIN_NAME" "HTMLY_CODE"
fi
APP_INSTALLED=1
}
function change_password_htmly {
if ! grep -q "htmly domain:" $COMPLETION_FILE; then
echo "htmly domain:$HYMLY_DOMAIN_NAME" >> $COMPLETION_FILE
fi
HYMLY_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "htmly domain" | head -n 1 | awk -F ':' '{print $2}')
set_completion_param "htmly domain" "$HTMLY_DOMAIN_NAME"
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
HTMLY_USERNAME="$1"
HTMLY_PASSWORD="$2"
@ -179,7 +177,7 @@ function change_password_htmly {
echo $'Htmly admin password could not be hashed'
exit 625728
fi
sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini
sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini
}
function reconfigure_htmly {
@ -187,25 +185,25 @@ function reconfigure_htmly {
}
function upgrade_htmly {
read_config_param "HYMLY_DOMAIN_NAME"
read_config_param "HTMLY_DOMAIN_NAME"
function_check set_repo_commit
set_repo_commit /var/www/$HYMLY_DOMAIN_NAME/htdocs "htmly commit" "$HYMLY_COMMIT" $HYMLY_REPO
set_repo_commit /var/www/$HTMLY_DOMAIN_NAME/htdocs "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO
}
function backup_local_htmly {
HYMLY_DOMAIN_NAME='htmly'
HTMLY_DOMAIN_NAME='htmly'
if grep -q "htmly domain" $COMPLETION_FILE; then
HYMLY_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "htmly domain" | awk -F ':' '{print $2}')
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
fi
source_directory=/var/www/${HYMLY_DOMAIN_NAME}/htdocs
source_directory=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
if [ -d $source_directory ]; then
dest_directory=htmly
echo $"Backing up $source_directory to $dest_directory"
function_check suspend_site
suspend_site ${HYMLY_DOMAIN_NAME}
suspend_site ${HTMLY_DOMAIN_NAME}
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
@ -218,52 +216,52 @@ function backup_local_htmly {
}
function restore_local_htmly {
HYMLY_DOMAIN_NAME='htmly'
HTMLY_DOMAIN_NAME='htmly'
if grep -q "htmly domain" $COMPLETION_FILE; then
HYMLY_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "htmly domain" | awk -F ':' '{print $2}')
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
fi
if [ $HYMLY_DOMAIN_NAME ]; then
if [ $HTMLY_DOMAIN_NAME ]; then
echo $"Restoring htmly installation"
temp_restore_dir=/root/temphtmly
restore_directory_from_usb $temp_restore_dir htmly
rm -rf /var/www/${HYMLY_DOMAIN_NAME}/htdocs
cp -r $temp_restore_dir/var/www/${HYMLY_DOMAIN_NAME}/htdocs /var/www/${HYMLY_DOMAIN_NAME}/
rm -rf /var/www/${HTMLY_DOMAIN_NAME}/htdocs
cp -r $temp_restore_dir/var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
exit 593
fi
rm -rf $temp_restore_dir
if [ ! -d /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content ]; then
if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then
echo $"No content directory found after restoring htmly"
set_user_permissions
backup_unmount_drive
exit 287
fi
chown -R www-data:www-data /var/www/${HYMLY_DOMAIN_NAME}/htdocs
chown -R www-data:www-data /var/www/${HTMLY_DOMAIN_NAME}/htdocs
# Ensure that the bundled SSL cert is being used
if [ -f /etc/ssl/certs/${HYMLY_DOMAIN_NAME}.bundle.crt ]; then
sed -i "s|${HYMLY_DOMAIN_NAME}.crt|${HYMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HYMLY_DOMAIN_NAME}
if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then
sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}
fi
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
mv /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
fi
fi
done
if [ -d /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME} ]; then
ln -s /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HYMLY_DOMAIN_NAME}.key
ln -s /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HYMLY_DOMAIN_NAME}.pem
if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem
fi
fi
}
function backup_remote_htmly {
if grep -q "htmly domain" $COMPLETION_FILE; then
HYMLY_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "htmly domain" | awk -F ':' '{print $2}')
temp_backup_dir=/var/www/${HYMLY_DOMAIN_NAME}/htdocs
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
temp_backup_dir=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
echo $"Backing up htmly"
backup_directory_to_friend $temp_backup_dir htmly
@ -277,63 +275,63 @@ function backup_remote_htmly {
function restore_remote_htmly {
if [ -d $SERVER_DIRECTORY/backup/htmly ]; then
HYMLY_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "htmly domain" | awk -F ':' '{print $2}')
echo $"Restoring htmly installation $HYMLY_DOMAIN_NAME"
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
echo $"Restoring htmly installation $HTMLY_DOMAIN_NAME"
temp_restore_dir=/root/temphtmly
mkdir $temp_restore_dir
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir htmly
rm -rf /var/www/${HYMLY_DOMAIN_NAME}/htdocs
cp -r $temp_restore_dir/var/www/${HYMLY_DOMAIN_NAME}/htdocs /var/www/${HYMLY_DOMAIN_NAME}/
rm -rf /var/www/${HTMLY_DOMAIN_NAME}/htdocs
cp -r $temp_restore_dir/var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/
if [ ! "$?" = "0" ]; then
exit 593
fi
rm -rf $temp_restore_dir
if [ ! -d /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content ]; then
if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then
echo $"No content directory found after restoring htmly"
exit 287
fi
# Ensure that the bundled SSL cert is being used
if [ -f /etc/ssl/certs/${HYMLY_DOMAIN_NAME}.bundle.crt ]; then
sed -i "s|${HYMLY_DOMAIN_NAME}.crt|${HYMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HYMLY_DOMAIN_NAME}
if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then
sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}
fi
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
mv /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
fi
fi
done
if [ -d /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME} ]; then
ln -s /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HYMLY_DOMAIN_NAME}.key
ln -s /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HYMLY_DOMAIN_NAME}.pem
if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem
fi
echo $"Restore of htmly complete"
fi
}
function remove_htmly {
if [ ${#HYMLY_DOMAIN_NAME} -eq 0 ]; then
if [ ${#HTMLY_DOMAIN_NAME} -eq 0 ]; then
return
fi
read_config_param "HYMLY_DOMAIN_NAME"
nginx_dissite $HYMLY_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME ]; then
rm -f /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
read_config_param "HTMLY_DOMAIN_NAME"
nginx_dissite $HTMLY_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME ]; then
rm -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
fi
if [ -d /var/www/$HYMLY_DOMAIN_NAME ]; then
rm -rf /var/www/$HYMLY_DOMAIN_NAME
if [ -d /var/www/$HTMLY_DOMAIN_NAME ]; then
rm -rf /var/www/$HTMLY_DOMAIN_NAME
fi
if [ $HYMLY_CODE ]; then
if [ $HTMLY_CODE ]; then
if [ -f /usr/bin/dynamicdns ]; then
sed -i "/$HYMLY_DOMAIN_NAME/d" /usr/bin/dynamicdns
sed -i "/$HYMLY_CODE/d" /usr/bin/dynamicdns
sed -i "/$HTMLY_DOMAIN_NAME/d" /usr/bin/dynamicdns
sed -i "/$HTMLY_CODE/d" /usr/bin/dynamicdns
fi
fi
function_check remove_onion_service
remove_onion_service htmly ${HYMLY_ONION_PORT}
remove_onion_service htmly ${HTMLY_ONION_PORT}
sed -i '/install_htmly/d' $COMPLETION_FILE
sed -i '/Htmly .*/d' $COMPLETION_FILE
}
@ -341,254 +339,250 @@ function remove_htmly {
function get_htmly_admin_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Your htmly password is" /home/$MY_USERNAME/README; then
HYMLY_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your htmly password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
HTMLY_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your htmly password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
}
function install_htmly_social_networks {
# set social networks
if grep -q "social.hubzilla" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini; then
sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
if grep -q "social.hubzilla" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then
sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
fi
if grep -q "social.gnusocial" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini; then
sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
if grep -q "social.gnusocial" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then
sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
fi
# clear proprietary social network strings
sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|social.google.*|social.google = ""|g' /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|social.google.*|social.google = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
}
function install_htmly_user {
# create a user password
function_check get_htmly_admin_password
get_htmly_admin_password
if [ ! $HYMLY_ADMIN_PASSWORD ]; then
if [ ! $HTMLY_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
HYMLY_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
HTMLY_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
HYMLY_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
HTMLY_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
fi
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'HTMLy Htmly' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo $"Your htmly username: $MY_USERNAME" >> /home/$MY_USERNAME/README
echo $"Your htmly password is: $HYMLY_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo $"Your htmly password is: $HTMLY_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
if [[ $ONION_ONLY == 'no' ]]; then
echo $"Log into your htmly at https://$HYMLY_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
echo $"Log into your htmly at https://$HTMLY_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
fi
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
# create a user
HYMLY_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HYMLY_ADMIN_PASSWORD")
if [ ${#HYMLY_ADMIN_PASSWORD_HASH} -lt 8 ]; then
HTMLY_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_ADMIN_PASSWORD")
if [ ${#HTMLY_ADMIN_PASSWORD_HASH} -lt 8 ]; then
echo $'Htmly admin password could not be hashed'
exit 625728
fi
echo ';Password' > /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo "password = $HYMLY_ADMIN_PASSWORD_HASH" >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo 'encryption = password_hash' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo ';Role' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo 'role = admin' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo "password = $HTMLY_ADMIN_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
}
function install_htmly_settings {
cp /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|site.url.*|site.url = '/'|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|htmly.title.*|htmly.title = '$HTMLY_TITLE'|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|htmly.tagline.*|htmly.tagline = '$HTMLY_SUBTITLE'|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|Your name|$MY_NAME|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini
cp /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|site.url.*|site.url = '/'|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|htmly.title.*|htmly.title = '$HTMLY_TITLE'|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|htmly.tagline.*|htmly.tagline = '$HTMLY_SUBTITLE'|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|Your name|$MY_NAME|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
}
function install_htmly_website {
function_check nginx_http_redirect
nginx_http_redirect $HYMLY_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " root /var/www/$HYMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " server_name $HYMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " error_log /var/log/nginx/${HYMLY_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
nginx_http_redirect $HTMLY_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " error_log /var/log/nginx/${HTMLY_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
function_check nginx_ssl
nginx_ssl $HYMLY_DOMAIN_NAME
nginx_ssl $HTMLY_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $HYMLY_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
nginx_disable_sniffing $HTMLY_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
function_check nginx_limits
nginx_limits $HYMLY_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
nginx_limits $HTMLY_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
}
function install_htmly_website_onion {
echo 'server {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " listen 127.0.0.1:${HYMLY_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " root /var/www/$HYMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " server_name $HYMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " error_log /var/log/nginx/${HYMLY_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " error_log /var/log/nginx/${HTMLY_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $HYMLY_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
nginx_disable_sniffing $HTMLY_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
function_check nginx_limits
nginx_limits $HYMLY_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
nginx_limits $HTMLY_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
function_check nginx_limits
nginx_limits $HYMLY_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
nginx_limits $HTMLY_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
}
function install_htmly_from_repo {
if [ ! -d /var/www/$HYMLY_DOMAIN_NAME ]; then
mkdir /var/www/$HYMLY_DOMAIN_NAME
if [ ! -d /var/www/$HTMLY_DOMAIN_NAME ]; then
mkdir /var/www/$HTMLY_DOMAIN_NAME
fi
cd /var/www/$HYMLY_DOMAIN_NAME
git_clone $HYMLY_REPO htdocs
cd /var/www/$HTMLY_DOMAIN_NAME
git_clone $HTMLY_REPO htdocs
cd htdocs
git checkout $HYMLY_COMMIT -b $HYMLY_COMMIT
if ! grep -q "htmly commit" $COMPLETION_FILE; then
echo "htmly commit:$HYMLY_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/htmly commit.*/htmly commit:$HYMLY_COMMIT/g" $COMPLETION_FILE
fi
git checkout $HTMLY_COMMIT -b $HTMLY_COMMIT
set_completion_param "htmly commit" "$HTMLY_COMMIT"
}
function install_htmly {
@ -596,7 +590,7 @@ function install_htmly {
ONION_ONLY='no'
fi
if [ ! $HYMLY_DOMAIN_NAME ]; then
if [ ! $HTMLY_DOMAIN_NAME ]; then
echo $'The htmly domain name was not specified'
exit 5062
fi
@ -611,13 +605,13 @@ function install_htmly {
function_check install_htmly_website
install_htmly_website
else
echo -n '' > /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME
echo -n '' > /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
fi
function_check install_htmly_website_onion
install_htmly_website_onion
function_check create_site_certificate
create_site_certificate $HYMLY_DOMAIN_NAME 'yes'
create_site_certificate $HTMLY_DOMAIN_NAME 'yes'
function_check configure_php
configure_php
@ -631,30 +625,28 @@ function install_htmly {
function_check install_htmly_user
install_htmly_user
chown -R www-data:www-data /var/www/$HYMLY_DOMAIN_NAME/htdocs
chown -R www-data:www-data /var/www/$HTMLY_DOMAIN_NAME/htdocs
HYMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HYMLY_ONION_PORT})
HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
function_check nginx_ensite
nginx_ensite $HYMLY_DOMAIN_NAME
nginx_ensite $HTMLY_DOMAIN_NAME
systemctl restart php5-fpm
systemctl restart nginx
if ! grep -q "Htmly onion domain" /home/$MY_USERNAME/README; then
echo $"Htmly onion domain: ${HYMLY_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo $"Log into your htmly at https://${HYMLY_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README
echo $"Htmly onion domain: ${HTMLY_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo $"Log into your htmly at https://${HTMLY_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
function_check add_ddns_domain
add_ddns_domain $HYMLY_DOMAIN_NAME
add_ddns_domain $HTMLY_DOMAIN_NAME
if ! grep -q "htmly domain:" $COMPLETION_FILE; then
echo "htmly domain:$HYMLY_DOMAIN_NAME" >> $COMPLETION_FILE
fi
set_completion_param "htmly domain" "$HTMLY_DOMAIN_NAME"
APP_INSTALLED=1
}

18
src/freedombone-app-hubzilla
View File

@ -59,7 +59,7 @@ function hubzilla_renew_cert {
1) return;;
255) return;;
esac
HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "hubzilla domain" | awk -F ':' '{print $2}')
HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
dialog --title $"Renew SSL certificate" \
--msgbox $"Hubzilla install directory not found" 6 40
@ -80,7 +80,7 @@ function hubzilla_channel_directory_server {
--msgbox $"Hubzilla is not installed on this system" 6 40
return
fi
HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "hubzilla domain" | awk -F ':' '{print $2}')
HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
dialog --title $"Hubzilla channel directory server" \
--msgbox $"Hubzilla install directory not found" 6 40
@ -327,11 +327,7 @@ function install_hubzilla {
function_check git_clone
git_clone $HUBZILLA_REPO hubzilla
git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
if ! grep -q "hubzilla commit" $COMPLETION_FILE; then
echo "hubzilla commit:$HUBZILLA_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/hubzilla commit.*/hubzilla commit:$HUBZILLA_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "hubzilla commit" "$HUBZILLA_COMMIT"
rm -rf $HUBZILLA_PATH
mv hubzilla $HUBZILLA_PATH
@ -339,11 +335,7 @@ function install_hubzilla {
git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
cd $HUBZILLA_PATH/addon
git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
if ! grep -q "hubzilla addons commit" $COMPLETION_FILE; then
echo "hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/hubzilla addons commit.*/hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT"
# some extra themes
git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
@ -599,7 +591,7 @@ function install_hubzilla {
${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
echo "hubzilla domain:${HUBZILLA_DOMAIN_NAME}" >> $COMPLETION_FILE
set_completion_param "hubzilla domain" "${HUBZILLA_DOMAIN_NAME}"
APP_INSTALLED=1
}

20
src/freedombone-app-ipfs
View File

@ -89,7 +89,7 @@ function backup_local_ipfs {
if ! grep -q "Admin user" $COMPLETION_FILE; then
return
fi
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
ADMIN_USERNAME=$(get_completion_param "Admin user")
source_directory=/home/$ADMIN_USERNAME/.ipfs
if [ -d $source_directory ]; then
dest_directory=ipfs
@ -111,7 +111,7 @@ function restore_local_ipfs {
temp_restore_dir=/root/tempipfs
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir ipfs
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
ADMIN_USERNAME=$(get_completion_param "Admin user")
cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
@ -130,7 +130,7 @@ function backup_remote_ipfs {
if ! grep -q "Admin user" $COMPLETION_FILE; then
return
fi
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
ADMIN_USERNAME=$(get_completion_param "Admin user")
if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then
echo $"Backing up IPFS"
backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs
@ -193,7 +193,7 @@ function remove_ipfs {
}
function configure_firewall_for_ipfs {
if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
@ -204,11 +204,11 @@ function configure_firewall_for_ipfs {
save_firewall_settings
OPEN_PORTS+=("IPFS $IPFS_PORT")
echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function mesh_install_ipfs_js {
if grep -Fxq "mesh_install_ipfs_js" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -280,7 +280,7 @@ EOF
chroot ${rootdir} systemctl enable ${IPFS_DAEMON_NAME}
echo 'mesh install_ipfs_js' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function install_ipfs_js {
@ -515,11 +515,7 @@ function install_ipfs_go {
exit 735639
fi
if ! grep -q "ipfs commit" $COMPLETION_FILE; then
echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "ipfs commit" "$IPFS_COMMIT"
make install
if [ ! "$?" = "0" ]; then

16
src/freedombone-app-librevault
View File

@ -120,7 +120,7 @@ function remove_librevault {
}
function configure_firewall_for_librevault {
if grep -Fxq "configure_firewall_for_librevault" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
iptables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
@ -128,7 +128,7 @@ function configure_firewall_for_librevault {
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Librevault $LIBREVAULT_PORT")
echo 'configure_firewall_for_librevault' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function mesh_install_librevault {
@ -263,11 +263,7 @@ function install_librevault {
make install
ldconfig
if ! grep -q "Protobuf commit" $COMPLETION_FILE; then
echo "Protobuf commit:$PROTOBUF_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Protobuf commit.*/Protobuf commit:$PROTOBUF_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "Protobuf commit" "$PROTOBUF_COMMIT"
git_clone $LIBREVAULT_REPO $INSTALL_DIR/librevault
cd $INSTALL_DIR/librevault
@ -286,11 +282,7 @@ function install_librevault {
cmake --build .
make install
if ! grep -q "Librevault commit" $COMPLETION_FILE; then
echo "Librevault commit:$LIBREVAULT_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Librevault commit.*/Librevault commit:$LIBREVAULT_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "Librevault commit" "$LIBREVAULT_COMMIT"
LIBREVAULT_DAEMON=/etc/systemd/system/librevault-daemon.service
echo '[Unit]' > $LIBREVAULT_DAEMON

12
src/freedombone-app-mediagoblin
View File

@ -211,11 +211,7 @@ function install_mediagoblin {
git submodule init
git submodule update
if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then
echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "mediagoblin commit" "$MEDIAGOBLIN_COMMIT"
chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin
@ -497,11 +493,7 @@ function install_mediagoblin {
add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then
echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE
else
sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE
fi
set_completion_param "mediagoblin domain" "$MEDIAGOBLIN_DOMAIN_NAME"
APP_INSTALLED=1
}

4
src/freedombone-app-mumble
View File

@ -178,7 +178,7 @@ function get_mumble_server_password {
}
function configure_firewall_for_mumble {
if grep -Fxq "configure_firewall_for_mumble" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
@ -190,7 +190,7 @@ function configure_firewall_for_mumble {
save_firewall_settings
OPEN_PORTS+=("Mumble $MUMBLE_PORT")
echo 'configure_firewall_for_mumble' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function install_mumble {

14
src/freedombone-app-rss
View File

@ -129,7 +129,7 @@ function upgrade_rss {
function backup_local_rss {
if [ -d /etc/share/tt-rss ]; then
RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "rss reader domain" | awk -F ':' '{print $2}')
RSS_READER_DOMAIN_NAME=$(get_completion_param "rss reader domain")
echo $"Backing up ttrss"
@ -298,9 +298,7 @@ function install_rss_main {
fi
cd $RSS_READER_PATH
git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
if ! grep -q "rss reader commit" $COMPLETION_FILE; then
echo "rss reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE
fi
set_completion_param "rss reader commit" "$RSS_READER_COMMIT"
function_check install_mariadb
install_mariadb
@ -543,9 +541,7 @@ function install_rss_gnusocial {
cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH
cd $RSS_READER_GNUSOCIAL_PATH
git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT
if ! grep -q "rss reader gnusocial commit" $COMPLETION_FILE; then
echo "rss reader gnusocial commit:$RSS_READER_GNUSOCIAL_COMMIT" >> $COMPLETION_FILE
fi
set_completion_param "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT"
chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
install_completed rss_gnusocial
}
@ -584,9 +580,7 @@ function install_rss_mobile_reader {
fi
cd $RSS_MOBILE_READER_PATH
git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
if ! grep -q "rss mobile reader commit" $COMPLETION_FILE; then
echo "rss mobile reader commit:$RSS_MOBILE_READER_COMMIT" >> $COMPLETION_FILE
fi
set_completion_param "rss mobile reader commit" "$RSS_MOBILE_READER_COMMIT"
echo 'define({' > $RSS_MOBILE_READER_PATH/scripts/conf.js
echo ' apiPath: "/tt-rss/"' >> $RSS_MOBILE_READER_PATH/scripts/conf.js

14
src/freedombone-app-searx
View File

@ -69,7 +69,7 @@ function upgrade_searx {
echo ' http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
echo ' https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
fi
SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
SEARX_SECRET_KEY=$(get_completion_param "searx key")
sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
@ -164,11 +164,7 @@ function install_searx {
function_check git_clone
git_clone $SEARX_REPO searx
git checkout $SEARX_COMMIT -b $SEARX_COMMIT
if ! grep -q "Search engine commit" $COMPLETION_FILE; then
echo "Search engine commit:$SEARX_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Search engine commit.*/Search engine commit:$SEARX_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "searx commit" "$SEARX_COMMIT"
# create an onion service
SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})
@ -235,12 +231,10 @@ function install_searx {
echo '}' >> /etc/nginx/sites-available/searx
# replace the secret key
if ! grep "Search engine key" $COMPLETION_FILE; then
if ! grep "searx key" $COMPLETION_FILE; then
SEARX_SECRET_KEY="$(create_password 30)"
echo "Search engine key:${SEARX_SECRET_KEY}" >> $COMPLETION_FILE
else
SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
fi
set_completion_param "searx key" "${SEARX_SECRET_KEY}"
sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml
sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml

8
src/freedombone-app-sip
View File

@ -183,7 +183,7 @@ function remove_sip {
}
function configure_firewall_for_turn {
if grep -Fxq "configure_firewall_for_turn" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
@ -197,12 +197,12 @@ function configure_firewall_for_turn {
OPEN_PORTS+=("TURN $TURN_PORT")
OPEN_PORTS+=("TURN TLS $TURN_TLS_PORT")
echo 'configure_firewall_for_turn' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_firewall_for_sip4 {
if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
@ -217,7 +217,7 @@ function configure_firewall_for_sip4 {
OPEN_PORTS+=("SIP $SIP_PORT")
OPEN_PORTS+=("SIP TLS $SIP_TLS_PORT")
echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function get_sip_server_password {

4
src/freedombone-app-syncthing
View File

@ -476,7 +476,7 @@ function remove_syncthing {
}
function configure_firewall_for_syncthing {
if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -486,7 +486,7 @@ function configure_firewall_for_syncthing {
save_firewall_settings
OPEN_PORTS+=("Syncthing $SYNCTHING_PORT")
echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function install_syncthing {

4
src/freedombone-app-tahoelafs
View File

@ -203,7 +203,7 @@ function remove_tahoelafs {
}
function configure_firewall_for_tahoelafs {
if grep -Fxq "configure_firewall_for_tahoelafs" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
iptables -A INPUT -p udp --dport $TAHOELAFS_PORT -j ACCEPT
@ -211,7 +211,7 @@ function configure_firewall_for_tahoelafs {
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Tahoe-LAFS $TAHOELAFS_PORT")
echo 'configure_firewall_for_tahoelafs' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function tahoelafs_update_script {

10
src/freedombone-app-tox
View File

@ -283,7 +283,7 @@ function remove_tox {
function configure_firewall_for_tox {
if [ ! $INSTALLING_MESH ]; then
if [ -f $COMPLETION_FILE ]; then
if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
fi
@ -312,13 +312,11 @@ function configure_firewall_for_tox {
save_firewall_settings
OPEN_PORTS+=("Tox $TOX_PORT")
if [ -f $COMPLETION_FILE ]; then
echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
fi
mark_completed $FUNCNAME
}
function tox_avahi {
if grep -Fxq "tox_avahi" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -351,7 +349,7 @@ function tox_avahi {
systemctl restart avahi-daemon
echo 'tox_avahi' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function install_tox_node {

6
src/freedombone-app-webmail
View File

@ -163,11 +163,7 @@ function install_webmail {
git_clone $WEBMAIL_REPO webmail
cd $WEBMAIL_PATH
git checkout $WEBMAIL_COMMIT -b $WEBMAIL_COMMIT
if ! grep -q "webmail commit" $COMPLETION_FILE; then
echo "webmail commit:$WEBMAIL_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/webmail commit.*/webmail commit:$WEBMAIL_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "webmail commit" "$WEBMAIL_COMMIT"
fi
if [ ! -f $WEBMAIL_PATH/index.php ]; then
echo $'Did not clone webmail repo'

10
src/freedombone-app-xmpp
View File

@ -238,7 +238,7 @@ function configure_firewall_for_xmpp {
if [ ! -d /etc/prosody ]; then
return
fi
if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@ -257,7 +257,7 @@ function configure_firewall_for_xmpp {
OPEN_PORTS+=('XMPP 5222-5223')
OPEN_PORTS+=('XMPP 5269')
OPEN_PORTS+=('XMPP 5280-5281')
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function remove_xmpp_client {
@ -444,11 +444,7 @@ function install_xmpp_main {
echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q "xmpp onion domain" $COMPLETION_FILE; then
echo "xmpp onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
else
sed -i "s|xmpp onion domain.*|xmpp onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
fi
set_completion_param "xmpp onion domain" "${XMPP_ONION_HOSTNAME}"
if ! grep -q "Your xmpp password is" /home/$MY_USERNAME/README; then
if [ ${#XMPP_PASSWORD} -lt 8 ]; then

22
src/freedombone-app-zeronet
View File

@ -138,7 +138,7 @@ function remove_zeronet {
}
function configure_firewall_for_zeronet {
if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT
@ -151,7 +151,7 @@ function configure_firewall_for_zeronet {
OPEN_PORTS+=("ZeroNet $ZERONET_PORT")
OPEN_PORTS+=("Tracker $TRACKER_PORT")
echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function install_zeronet_blog {
@ -212,11 +212,7 @@ function install_zeronet_blog {
fi
cd $MESH_INSTALL_DIR/zeronet/ZeroBlog
git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
if ! grep -q "ZeroNet Blog commit" $COMPLETION_FILE; then
echo "ZeroNet Blog commit:$ZERONET_BLOG_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/ZeroNet Blog commit.*/ZeroNet Blog commit:$ZERONET_BLOG_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "zeroNet blog commit" "$ZERONET_BLOG_COMMIT"
echo $"ZeroNet Blog address: $ZERONET_BLOG_ADDRESS"
echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY"
@ -313,11 +309,7 @@ function install_zeronet_mail {
fi
cd $MESH_INSTALL_DIR/zeronet/ZeroMail
git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
if ! grep -q "ZeroNet Mail commit" $COMPLETION_FILE; then
echo "ZeroNet Mail commit:$ZERONET_MAIL_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/ZeroNet Mail commit.*/ZeroNet Mail commit:$ZERONET_MAIL_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "zeroNet mail commit" "$ZERONET_MAIL_COMMIT"
echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS"
echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY"
@ -413,11 +405,7 @@ function install_zeronet_forum {
exit 6739
fi
git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
if ! grep -q "ZeroNet Forum commit" $COMPLETION_FILE; then
echo "ZeroNet Forum commit:$ZERONET_FORUM_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/ZeroNet Forum commit.*/ZeroNet Forum commit:$ZERONET_FORUM_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "zeroNet forum commit" "$ZERONET_FORUM_COMMIT"
echo $"Forum address: $ZERONET_FORUM_ADDRESS"
echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY"

2
src/freedombone-backup-remote
View File

@ -57,7 +57,7 @@ SERVER_DIRECTORY=/root/remotebackup
# get the version of Go being used
GO_VERSION=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go | grep 'GO_VERSION=' | head -n 1 | awk -F '=' '{print $2}')
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
ADMIN_USERNAME=$(get_completion_param "Admin user")
ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1)
ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
if [ ! -f /etc/ssl/private/backup.key ]; then

82
src/freedombone-base-email
View File

@ -83,7 +83,7 @@ function backup_email {
}
function configure_firewall_for_email {
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@ -104,7 +104,7 @@ function configure_firewall_for_email {
OPEN_PORTS+=('Email 587')
OPEN_PORTS+=('Email 465')
OPEN_PORTS+=('Email 993')
echo 'configure_firewall_for_email' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function encrypt_incoming_email {
@ -119,7 +119,7 @@ function encrypt_incoming_email {
function_check set_repo_commit
set_repo_commit $INSTALL_DIR/gpgit "gpgit commit" "$GPGIT_COMMIT" $GPGIT_REPO
if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -134,11 +134,7 @@ function encrypt_incoming_email {
git_clone $GPGIT_REPO $INSTALL_DIR/gpgit
cd $INSTALL_DIR/gpgit
git checkout $GPGIT_COMMIT -b $GPGIT_COMMIT
if ! grep -q "gpgit commit" $COMPLETION_FILE; then
echo "gpgit commit:$GPGIT_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/gpgit commit.*/gpgit commit:$GPGIT_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "gpgit commit" "$GPGIT_COMMIT"
cp gpgit.pl /usr/bin
fi
@ -153,7 +149,7 @@ function encrypt_incoming_email {
echo -n '| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $USER@' >> /etc/skel/.procmailrc
echo "$DEFAULT_DOMAIN_NAME" >> /etc/skel/.procmailrc
fi
echo 'encrypt_incoming_email' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function encrypt_outgoing_email {
@ -163,7 +159,7 @@ function encrypt_outgoing_email {
if [ ! -d /etc/exim4 ]; then
return
fi
if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
@ -203,7 +199,7 @@ function encrypt_outgoing_email {
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
fi
echo 'encrypt_outgoing_email' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function encrypt_all_email {
@ -221,7 +217,7 @@ function encrypt_all_email {
fi
chmod +x /usr/bin/encmaildir
if grep -Fxq "encrypt_all_email" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -245,7 +241,7 @@ function encrypt_all_email {
chmod 600 /home/$MY_USERNAME/README
fi
echo 'encrypt_all_email' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function email_client {
@ -370,7 +366,7 @@ function email_client {
chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
fi
echo 'email_client' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function email_archiving {
@ -395,7 +391,7 @@ function email_archiving {
function_check set_repo_commit
set_repo_commit $INSTALL_DIR/cleanup-maildir "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT" $CLEANUP_MAILDIR_REPO
if grep -Fxq "email_archiving" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -407,20 +403,16 @@ function email_archiving {
git_clone $CLEANUP_MAILDIR_REPO $INSTALL_DIR/cleanup-maildir
cd $INSTALL_DIR/cleanup-maildir
git checkout $CLEANUP_MAILDIR_COMMIT -b $CLEANUP_MAILDIR_COMMIT
if ! grep -q "cleanup-maildir commit" $COMPLETION_FILE; then
echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/cleanup-maildir commit.*/cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT"
cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
echo 'email_archiving' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# Ensure that the from field is correct when sending email from Mutt
function email_from_address {
if grep -Fxq "email_from_address" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -433,14 +425,14 @@ function email_from_address {
echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc
fi
echo 'email_from_address' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function create_public_mailing_list {
if [ ! -d /etc/exim4 ]; then
return
fi
if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [ ! $PUBLIC_MAILING_LIST ]; then
@ -530,7 +522,7 @@ function create_public_mailing_list {
${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST"
echo 'create_public_mailing_list' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function create_private_mailing_list {
@ -539,7 +531,7 @@ function create_private_mailing_list {
fi
# This installation doesn't work, results in ruby errors
# There is currently no schleuder package for Debian jessie
if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [ ! $PRIVATE_MAILING_LIST ]; then
@ -590,7 +582,7 @@ function create_private_mailing_list {
adduser Debian-exim schleuder
usermod -a -G mail schleuder
#exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME
echo 'create_private_mailing_list' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function split_gpg_key_into_fragments {
@ -648,7 +640,7 @@ function import_email {
exit 9
fi
fi
echo 'import_email' >> $COMPLETION_FILE
mark_completed $FUNCNAME
if [[ $SYSTEM_TYPE == "mail"* ]]; then
function_check backup_to_friends_servers
backup_to_friends_servers
@ -721,11 +713,7 @@ function install_email {
set_hostname ${EMAIL_ONION_HOSTNAME}
MY_EMAIL_ADDRESS=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}
fi
if ! grep -q "email onion domain" $COMPLETION_FILE; then
echo "email onion domain:${EMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
else
sed -i "s|email onion domain.*|email onion domain:${EMAIL_ONION_HOSTNAME}|g" $COMPLETION_FILE
fi
set_completion_param "email onion domain" "${EMAIL_ONION_HOSTNAME}"
# see https://github.com/petterreinholdtsen/exim4-smtorp
echo '# tor stuff first' > /etc/exim4/conf.d/router/100_exim4-smtorp
@ -904,14 +892,14 @@ function install_email {
function_check configure_firewall_for_email
configure_firewall_for_email
echo 'install_email' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function create_procmail {
if [ ! -d /etc/exim4 ]; then
return
fi
if grep -Fxq "create_procmail" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then
@ -938,7 +926,7 @@ function create_procmail {
chown root:root /etc/skel/.procmailrc
fi
echo 'create_procmail' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function handle_admin_emails {
@ -954,7 +942,7 @@ function spam_filtering {
if [ ! -d /etc/exim4 ]; then
return
fi
if grep -Fxq "spam_filtering" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install exim4-daemon-heavy
@ -1108,14 +1096,14 @@ function spam_filtering {
systemctl restart exim4
systemctl restart cron
echo 'spam_filtering' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_imap {
if [ ! -d /etc/exim4 ]; then
return
fi
if grep -Fxq "configure_imap" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -1194,14 +1182,14 @@ function configure_imap {
fi
systemctl restart dovecot
echo 'configure_imap' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_imap_client_certs {
if [ ! -d /etc/exim4 ]; then
return
fi
if grep -Fxq "configure_imap_client_certs" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
# http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
@ -1276,14 +1264,14 @@ function configure_imap_client_certs {
echo 0001 > /etc/ssl/sslserial
#${PROJECT_NAME}-clientcert -u $MY_USERNAME
systemctl restart dovecot
echo 'configure_imap_client_certs' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function create_gpg_subkey {
if [ ! -d /etc/exim4 ]; then
return
fi
if grep -Fxq "create_gpg_subkey" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install gnupg
@ -1313,7 +1301,7 @@ function create_gpg_subkey {
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
echo 'create_gpg_subkey' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function gpg_key_exists {
@ -1351,7 +1339,7 @@ function configure_gpg {
if [ ! -d /etc/exim4 ]; then
return
fi
if grep -Fxq "configure_gpg" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install gnupg
@ -1369,7 +1357,7 @@ function configure_gpg {
chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
chmod 700 $gpg_dir
chmod 600 $gpg_dir/*
echo 'configure_gpg' >> $COMPLETION_FILE
mark_completed $FUNCNAME
return
fi
@ -1477,7 +1465,7 @@ function configure_gpg {
fi
fi
echo 'configure_gpg' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function refresh_gpg_keys {

4
src/freedombone-base-tripwire
View File

@ -49,7 +49,7 @@ function remove_tripwire {
}
function install_tripwire {
if grep -Fxq "install_tripwire" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install tripwire
@ -99,7 +99,7 @@ function install_tripwire {
' | reset-tripwire
echo 'install_tripwire' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

2
src/freedombone-controlpanel
View File

@ -1746,7 +1746,7 @@ if [ ! -f $COMPLETION_FILE ]; then
exit 1
fi
ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
ADMIN_USER=$(get_completion_param "Admin user")
read_repo_servers
menu_top_level
clear

8
src/freedombone-encrypt-mail
View File

@ -33,7 +33,13 @@ USERNAME=$1
PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
for f in $UTILS_FILES
do
source $f
done
ADMIN_USER=$(get_completion_param "Admin user")
if [ ! $USERNAME ]; then
USERNAME=$ADMIN_USER

4
src/freedombone-restore-local
View File

@ -62,7 +62,7 @@ ADMIN_NAME=
read_config_param USB_DRIVE
if [ -f $COMPLETION_FILE ]; then
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
ADMIN_USERNAME=$(get_completion_param "Admin user")
fi
# MariaDB password
@ -152,7 +152,7 @@ function restore_configuration {
}
function same_admin_user {
PREV_ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
PREV_ADMIN_USERNAME=$(get_completion_param "Admin user")
if [[ "$PREV_ADMIN_USERNAME" != "$ADMIN_USERNAME" ]]; then
echo $"The admin username has changed from $PREV_ADMIN_USERNAME to $ADMIN_USERNAME. To restore you will first need to install a new ${PROJECT_NAME} system with an initial admin user named $PREV_ADMIN_USERNAME"
set_user_permissions

8
src/freedombone-restore-remote
View File

@ -36,7 +36,11 @@ BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
export TEXTDOMAINDIR="/usr/share/locale"
source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
for f in $UTILS_FILES
do
source $f
done
SERVER_NAME=$1
@ -47,7 +51,7 @@ if [ ${2} ]; then
RESTORE_APP=${2}
fi
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | -nawk -F ':' '{print $2}')
ADMIN_USERNAME=$(get_completion_param "Admin user")
ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
# Temporary location for data to be backed up to other servers

2
src/freedombone-rmuser
View File

@ -74,7 +74,7 @@ if ! grep -q "Admin user" $COMPLETION_FILE; then
exit 5
fi
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
ADMIN_USERNAME=$(get_completion_param "Admin user")
if [ ! $ADMIN_USERNAME ]; then
echo $"No admin username specified in $COMPLETION_FILE"
exit 6

14
src/freedombone-syncthing
View File

@ -36,7 +36,11 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=$PROJECT_NAME-syncthing
export TEXTDOMAINDIR="/usr/share/locale"
source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
for f in $UTILS_FILES
do
source $f
done
# File which keeps track of what has already been installed
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
@ -73,7 +77,7 @@ function new_syncthing_id {
function create_syncthing_config {
if grep -q "syncthing ID" $COMPLETION_FILE; then
SYNCTHING_ID=$(cat $COMPLETION_FILE | grep "syncthing ID" | awk -F ':' '{print $2}')
SYNCTHING_ID=$(get_completion_param "syncthing ID")
else
if [ -f $SYNCTHING_CONFIG_FILE ]; then
SYNCTHING_ID=$(cat $SYNCTHING_CONFIG_FILE | grep "device id=" | head -n 1 | awk -F '"' '{print $2}')
@ -82,11 +86,7 @@ function create_syncthing_config {
fi
fi
if ! grep -q "syncthing ID" $COMPLETION_FILE; then
echo "syncthing ID:$SYNCTHING_ID" >> $COMPLETION_FILE
else
sed -i "s|syncthing ID.*|syncthing ID:$SYNCTHING_ID|g" $COMPLETION_FILE
fi
set_completion_param "syncthing ID" "$SYNCTHING_ID"
if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
mkdir -p $SYNCTHING_CONFIG_PATH

4
src/freedombone-utils-avahi
View File

@ -99,7 +99,7 @@ function install_avahi {
mesh_avahi
return
fi
if grep -Fxq "install_avahi" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
# only enable avahi if we're doing mesh networking
@ -123,7 +123,7 @@ function install_avahi {
sed -i "s|host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
fi
echo 'install_avahi' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately there is no "exit 0"

6
src/freedombone-utils-backup
View File

@ -49,7 +49,7 @@ function restart_site {
}
function configure_backup_key {
if grep -Fxq "configure_backup_key" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install gnupg
@ -102,7 +102,7 @@ function configure_backup_key {
shred -zu ${MY_BACKUP_KEY}_public.asc
shred -zu ${MY_BACKUP_KEY}_private.asc
echo 'configure_backup_key' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function backup_to_friends_servers {
@ -122,7 +122,7 @@ function backup_mount_drive {
fi
# get the admin user
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
ADMIN_USERNAME=$(get_completion_param "Admin user")
if [ $2 ]; then
ADMIN_USERNAME=$2
fi

4
src/freedombone-utils-cmake
View File

@ -75,7 +75,7 @@ function install_cmake {
fi
fi
if grep -Fxq "install_cmake" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -95,7 +95,7 @@ function install_cmake {
fi
make install
echo 'install_cmake' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately there is no "exit 0"

85
src/freedombone-utils-config
View File

@ -99,6 +99,91 @@ configuration_variables=(FRIENDS_MIRRORS_SERVER
ENABLE_BATMAN
PUBLIC_MAILING_LIST)
function get_completion_param {
param_name="$1"
if [ ${#param_name} -gt 0 ]; then
if [ $COMPLETION_FILE ]; then
if [ -f $COMPLETION_FILE ]; then
if grep -q "${param_name}:" $COMPLETION_FILE; then
param_value=$(cat $COMPLETION_FILE | grep "${param_name}:" | head -n 1 | awk -F ':' '{print $2}')
echo "$param_value"
return
fi
fi
fi
fi
echo ""
}
function set_completion_param {
param_name="$1"
param_value="$2"
if [ ! $COMPLETION_FILE ]; then
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
fi
if [ ${#COMPLETION_FILE} -eq 0 ]; then
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
fi
if [ ${#param_name} -gt 0 ]; then
if [ ${#param_value} -gt 0 ]; then
if [ -f $COMPLETION_FILE ]; then
if grep -q "${param_name}:" $COMPLETION_FILE; then
sed -i "s|${param_name}:.*|${param_name}:${param_value}|g" $COMPLETION_FILE
else
echo "${param_name}:${param_value}" >> $COMPLETION_FILE
fi
else
echo "${param_name}:${param_value}" > $COMPLETION_FILE
fi
fi
fi
}
function mark_completed {
param_name="$1"
if [ ! $COMPLETION_FILE ]; then
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
fi
if [ ${#COMPLETION_FILE} -eq 0 ]; then
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
fi
if [ ${#param_name} -gt 0 ]; then
if [ -f $COMPLETION_FILE ]; then
if ! grep -Fxq "${param_name}" $COMPLETION_FILE; then
echo "${param_name}" >> $COMPLETION_FILE
fi
else
echo "${param_name}" > $COMPLETION_FILE
fi
fi
}
function is_completed {
param_name="$1"
if [ ! $COMPLETION_FILE ]; then
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
fi
if [ ${#COMPLETION_FILE} -eq 0 ]; then
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
fi
if [ ${#param_name} -gt 0 ]; then
if [ -f $COMPLETION_FILE ]; then
if grep -Fxq "${param_name}" $COMPLETION_FILE; then
echo "1"
return
fi
fi
fi
echo "0"
}
function read_config_param {
param_name="$1"

64
src/freedombone-utils-cron
View File

@ -29,48 +29,48 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function cron_add_mins {
if ! grep -q "${2}" /etc/crontab; then
echo "*/${1} * * * * root ${2}" >> /etc/crontab
systemctl restart cron
fi
if ! grep -q "${2}" /etc/crontab; then
echo "*/${1} * * * * root ${2}" >> /etc/crontab
systemctl restart cron
fi
}
function randomize_cron {
# The predictable default timing of Debian cron jobs might
# be exploitable knowledge. Avoid too much predictability
# by randomizing the times when cron jobs run
if grep -Fxq "randomize_cron" $COMPLETION_FILE; then
return
fi
# The predictable default timing of Debian cron jobs might
# be exploitable knowledge. Avoid too much predictability
# by randomizing the times when cron jobs run
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
# randomize the day on which the weekly cron job runs
randdow=$(($RANDOM%6+1))
sed -i "s|\* \* 7|* * $randdow|g" /etc/crontab
# randomize the day on which the weekly cron job runs
randdow=$(($RANDOM%6+1))
sed -i "s|\* \* 7|* * $randdow|g" /etc/crontab
# randomize the time when the weekly cron job runs
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%3+1))
sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
# randomize the time when the weekly cron job runs
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%3+1))
sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
# randomize the time when the daily cron job runs
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%3+4))
sed -i "s|25 6\t\* \* \*|$randmin $randhr\t* * *|g" /etc/crontab
# randomize the time when the daily cron job runs
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%3+4))
sed -i "s|25 6\t\* \* \*|$randmin $randhr\t* * *|g" /etc/crontab
# randomize the time when the hourly cron job runs
randmin=$(($RANDOM%60))
sed -i "s|17 \*\t|$randmin *\t|g" /etc/crontab
# randomize the time when the hourly cron job runs
randmin=$(($RANDOM%60))
sed -i "s|17 \*\t|$randmin *\t|g" /etc/crontab
# randomize monthly cron job time and day
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%22+1))
randdom=$(($RANDOM%27+1))
sed -i "s|52 6\t|$randmin $randhr\t|g" /etc/crontab
sed -i "s|\t1 \* \*|\t$randdom * *|g" /etc/crontab
# randomize monthly cron job time and day
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%22+1))
randdom=$(($RANDOM%27+1))
sed -i "s|52 6\t|$randmin $randhr\t|g" /etc/crontab
sed -i "s|\t1 \* \*|\t$randdom * *|g" /etc/crontab
systemctl restart cron
systemctl restart cron
echo 'randomize_cron' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately there is no "exit 0"

4
src/freedombone-utils-cryptopp
View File

@ -76,7 +76,7 @@ function install_cryptopp {
fi
fi
if grep -Fxq "install_cryptopp" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -98,7 +98,7 @@ function install_cryptopp {
fi
make install
echo 'install_cryptopp' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately there is no "exit 0"

8
src/freedombone-utils-database
View File

@ -117,7 +117,7 @@ function get_mariadb_password {
}
function install_mariadb {
if grep -Fxq "install_mariadb" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install python-software-properties debconf-utils
@ -160,7 +160,7 @@ function install_mariadb {
fi
mysqladmin -u root password "$MARIADB_PASSWORD"
echo 'install_mariadb' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function backup_databases_script_header {
@ -209,7 +209,7 @@ function repair_databases_script {
sed -i "s|/usr/bin/repairdatabase|${PROJECT_NAME}-repair-database|g" /etc/cron.hourly/repair
fi
if grep -Fxq "repair_databases_script" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -222,7 +222,7 @@ function repair_databases_script {
chmod 600 /etc/cron.hourly/repair
chmod +x /etc/cron.hourly/repair
echo 'repair_databases_script' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function remove_database {

12
src/freedombone-utils-dns
View File

@ -98,7 +98,7 @@ function create_freedns_updater {
fi
# currently inadyn doesn't work as expected with freeDNS, so this is a workaround
if grep -Fxq "create_freedns_updater" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $DDNS_PROVIDER != *"freedns"* ]]; then
@ -114,7 +114,7 @@ function create_freedns_updater {
systemctl restart cron
fi
echo 'create_freedns_updater' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function add_ddns_domain {
@ -152,7 +152,7 @@ function add_ddns_domain {
}
function configure_dns {
if grep -Fxq "configure_dns" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
echo 'domain localdomain' > /etc/resolv.conf
@ -163,7 +163,7 @@ function configure_dns {
# prevent resolv.conf from changing
chattr +i /etc/resolv.conf
echo 'configure_dns' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function set_hostname {
@ -180,14 +180,14 @@ function set_hostname {
}
function set_your_domain_name {
if grep -Fxq "set_your_domain_name" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
function_check set_hostname
set_hostname $DEFAULT_DOMAIN_NAME
echo 'set_your_domain_name' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

10
src/freedombone-utils-filesystem
View File

@ -62,7 +62,7 @@ function install_tomb {
set_repo_commit $INSTALL_DIR/tomb "tomb commit" "$TOMB_COMMIT" $TOMB_REPO
if [ -f $COMPLETION_FILE ]; then
if grep -Fxq "install_tomb" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
fi
@ -77,18 +77,14 @@ function install_tomb {
cd $INSTALL_DIR/tomb
git checkout $TOMB_COMMIT -b $TOMB_COMMIT
if ! grep -q "tomb commit" $COMPLETION_FILE; then
echo "tomb commit:$TOMB_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/tomb commit.*/tomb commit:$TOMB_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "tomb commit" "$TOMB_COMMIT"
make install
if [ ! -f /usr/local/bin/tomb ]; then
exit 93462
fi
echo 'install_tomb' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

4
src/freedombone-utils-final
View File

@ -31,7 +31,7 @@
OPEN_PORTS=()
function install_final {
if grep -Fxq "install_final" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
# unmount any attached usb drive
@ -41,7 +41,7 @@ function install_final {
fi
function_check split_gpg_key_into_fragments
split_gpg_key_into_fragments
echo 'install_final' >> $COMPLETION_FILE
mark_completed $FUNCNAME
clear
echo ''

34
src/freedombone-utils-firewall
View File

@ -64,7 +64,7 @@ function configure_firewall {
# recreate the firewall to remove RELATED
sed -i "/firewall/d" $COMPLETION_FILE
fi
if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@ -98,7 +98,7 @@ function configure_firewall {
# Incoming malformed NULL packets:
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
echo 'configure_firewall' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_firewall_ping {
@ -113,11 +113,11 @@ function configure_firewall_ping {
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_ping' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_firewall_for_avahi {
if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 548 -j ACCEPT
@ -128,11 +128,11 @@ function configure_firewall_for_avahi {
iptables -A INPUT -p udp --dport 5354 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_firewall_for_dns {
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@ -142,11 +142,11 @@ function configure_firewall_for_dns {
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_firewall_for_web_access {
if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@ -161,11 +161,11 @@ function configure_firewall_for_web_access {
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_firewall_for_web_server {
if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@ -182,11 +182,11 @@ function configure_firewall_for_web_server {
OPEN_PORTS+=('HTTP 80')
OPEN_PORTS+=('HTTPS 443')
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_firewall_for_ssh {
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@ -199,11 +199,11 @@ function configure_firewall_for_ssh {
save_firewall_settings
OPEN_PORTS+=("SSH $SSH_PORT")
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_firewall_for_git {
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@ -218,11 +218,11 @@ function configure_firewall_for_git {
save_firewall_settings
OPEN_PORTS+=("Git 9418")
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_internet_protocol {
if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $SYSTEM_TYPE == "mesh"* ]]; then
@ -257,7 +257,7 @@ function configure_internet_protocol {
echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
fi
echo 'configure_internet_protocol' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function mesh_firewall {

9
src/freedombone-utils-git
View File

@ -90,7 +90,7 @@ function commit_has_changed {
repo_commit=$3
if [ -d $repo_dir ]; then
if grep -q "$repo_commit_name" $COMPLETION_FILE; then
CURRENT_REPO_COMMIT=$(grep "$repo_commit_name" $COMPLETION_FILE | awk -F ':' '{print $2}')
CURRENT_REPO_COMMIT=$(get_completion_param "$repo_commit_name")
if [[ "$CURRENT_REPO_COMMIT" != "$repo_commit" ]]; then
echo "1"
fi
@ -131,11 +131,8 @@ function set_repo_commit {
systemctl restart inadyn
fi
if ! grep -q "${repo_commit_name}:" $COMPLETION_FILE; then
echo "${repo_commit_name}:${repo_commit}" >> $COMPLETION_FILE
else
sed -i "s/${repo_commit_name}.*/${repo_commit_name}:$repo_commit/g" $COMPLETION_FILE
fi
function_check set_completion_param
set_completion_param "${repo_commit_name}" "${repo_commit}"
fi
}

2
src/freedombone-utils-go
View File

@ -207,7 +207,7 @@ function upgrade_golang {
systemctl restart gogs
fi
echo "upgrade_golang:$GO_VERSION" >> $COMPLETION_FILE
set_completion_param "$FUNCNAME" "$GO_VERSION"
}
# NOTE: deliberately there is no "exit 0"

4
src/freedombone-utils-international
View File

@ -29,7 +29,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function locale_setup {
if grep -Fxq "locale_setup" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -49,7 +49,7 @@ function locale_setup {
update-locale LC_ALL=${DEFAULT_LANGUAGE}
update-locale LC_CTYPE=${DEFAULT_LANGUAGE}
echo 'locale_setup' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

4
src/freedombone-utils-login
View File

@ -29,7 +29,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function change_login_message {
if grep -Fxq "change_login_message" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -46,7 +46,7 @@ function change_login_message {
echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd
echo $' Freedom in the Cloud' >> /etc/motd
echo '' >> /etc/motd
echo 'change_login_message' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

58
src/freedombone-utils-monkeysphere
View File

@ -29,38 +29,38 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function install_monkeysphere {
if grep -Fxq "install_monkeysphere" $COMPLETION_FILE; then
return
fi
apt-get -y install monkeysphere msva-perl
#su -c "monkeysphere gen-subkey $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
mkdir /home/$MY_USERNAME/.monkeysphere
chmod 755 /home/$MY_USERNAME/.monkeysphere
echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
chmod 644 /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere
monkeysphere-authentication update-users
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install monkeysphere msva-perl
#su -c "monkeysphere gen-subkey $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
mkdir /home/$MY_USERNAME/.monkeysphere
chmod 755 /home/$MY_USERNAME/.monkeysphere
echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
chmod 644 /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere
monkeysphere-authentication update-users
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
echo $'monkeysphere import: ssh host key not found'
exit 76295
fi
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME
SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
echo $'monkeysphere import: ssh host key not found'
exit 76295
fi
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME
SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME
if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $'monkeysphere unable to get GPG key ID for user $MY_USERNAME'
exit 52825
fi
fi
# The admin user is the identity certifier
fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
monkeysphere-authentication add-identity-certifier $fpr
if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $'monkeysphere unable to get GPG key ID for user $MY_USERNAME'
exit 52825
fi
fi
# The admin user is the identity certifier
fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
monkeysphere-authentication add-identity-certifier $fpr
echo 'install_monkeysphere' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

84
src/freedombone-utils-network
View File

@ -41,50 +41,50 @@ ROUTER_IP_ADDRESS="192.168.1.254"
MESH_INSTALL_DIR=/var/lib
function install_static_network {
if grep -Fxq "install_static_network" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLING_ON_BBB == "yes" ]]; then
return
fi
if [ ! $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
return
fi
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLING_ON_BBB == "yes" ]]; then
return
fi
if [ ! $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
return
fi
echo '# The loopback network interface' > /etc/network/interfaces
echo 'auto lo' >> /etc/network/interfaces
echo 'iface lo inet loopback' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The primary network interface' >> /etc/network/interfaces
echo 'auto eth0' >> /etc/network/interfaces
echo 'iface eth0 inet static' >> /etc/network/interfaces
echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces
echo ' netmask 255.255.255.0' >> /etc/network/interfaces
echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces
echo " dns-nameservers $NAMESERVER1 $NAMESERVER2" >> /etc/network/interfaces
echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces
echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The secondary network interface' >> /etc/network/interfaces
echo '#auto eth1' >> /etc/network/interfaces
echo '#iface eth1 inet dhcp' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# WiFi Example' >> /etc/network/interfaces
echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces
echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces
echo '# wpa-ssid "essid"' >> /etc/network/interfaces
echo '# wpa-psk "password"' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces
echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces
echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces
echo '#iface usb0 inet static' >> /etc/network/interfaces
echo '# address 192.168.7.2' >> /etc/network/interfaces
echo '# netmask 255.255.255.0' >> /etc/network/interfaces
echo '# network 192.168.7.0' >> /etc/network/interfaces
echo '# gateway 192.168.7.1' >> /etc/network/interfaces
echo '# The loopback network interface' > /etc/network/interfaces
echo 'auto lo' >> /etc/network/interfaces
echo 'iface lo inet loopback' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The primary network interface' >> /etc/network/interfaces
echo 'auto eth0' >> /etc/network/interfaces
echo 'iface eth0 inet static' >> /etc/network/interfaces
echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces
echo ' netmask 255.255.255.0' >> /etc/network/interfaces
echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces
echo " dns-nameservers $NAMESERVER1 $NAMESERVER2" >> /etc/network/interfaces
echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces
echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The secondary network interface' >> /etc/network/interfaces
echo '#auto eth1' >> /etc/network/interfaces
echo '#iface eth1 inet dhcp' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# WiFi Example' >> /etc/network/interfaces
echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces
echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces
echo '# wpa-ssid "essid"' >> /etc/network/interfaces
echo '# wpa-psk "password"' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces
echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces
echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces
echo '#iface usb0 inet static' >> /etc/network/interfaces
echo '# address 192.168.7.2' >> /etc/network/interfaces
echo '# netmask 255.255.255.0' >> /etc/network/interfaces
echo '# network 192.168.7.0' >> /etc/network/interfaces
echo '# gateway 192.168.7.1' >> /etc/network/interfaces
echo 'install_static_network' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

4
src/freedombone-utils-nodejs
View File

@ -70,7 +70,7 @@ function install_nodejs {
mesh_install_nodejs
return
fi
if grep -Fxq "install_nodejs" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -101,7 +101,7 @@ EOF
fi
rm -f /root/install-nodejs.sh
echo 'install_nodejs' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately there is no "exit 0"

34
src/freedombone-utils-onion
View File

@ -107,13 +107,7 @@ function add_onion_service {
onion_address=$(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
# Record the domain in the completion file
if [ -f $COMPLETION_FILE ]; then
if ! grep "${onion_service_name} onion domain" $COMPLETION_FILE; then
echo "${onion_service_name} onion domain:${onion_address}" >> $COMPLETION_FILE
else
sed -i "s|${onion_service_name} onion domain.*|${onion_service_name} onion domain:${onion_address}|g" $COMPLETION_FILE
fi
fi
set_completion_param "${onion_service_name} onion domain" "${onion_address}"
echo $onion_address
}
@ -179,7 +173,7 @@ function enable_ssh_via_onion {
if [[ $SYSTEM_TYPE == "mesh"* ]]; then
return
fi
if grep -Fxq "enable_ssh_via_onion" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install tor connect-proxy
@ -199,11 +193,11 @@ function enable_ssh_via_onion {
echo 'Host *.onion' >> /root/.ssh/config
echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /root/.ssh/config
fi
echo 'enable_ssh_via_onion' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function configure_ssh_onion {
if grep -Fxq "configure_ssh_onion" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $SYSTEM_TYPE == "mesh"* ]]; then
@ -212,20 +206,16 @@ function configure_ssh_onion {
SSH_ONION_HOSTNAME=$(add_onion_service ssh ${SSH_PORT} ${SSH_PORT})
if ! grep -q "ssh onion domain" $COMPLETION_FILE; then
echo "ssh onion domain:${SSH_ONION_HOSTNAME}" >> $COMPLETION_FILE
else
sed -i "s|ssh onion domain.*|ssh onion domain:${SSH_ONION_HOSTNAME}|g" $COMPLETION_FILE
fi
set_completion_param "ssh onion domain" "${SSH_ONION_HOSTNAME}"
echo 'configure_ssh_onion' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function install_tor {
if [[ $SYSTEM_TYPE == "mesh*" ]]; then
return
fi
if grep -Fxq "install_tor" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install tor
@ -233,14 +223,14 @@ function install_tor {
echo 'Tor failed to install'
exit 38259
fi
echo 'install_tor' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function resolve_dns_via_tor {
if [[ $SYSTEM_TYPE == "mesh"* ]]; then
return
fi
if grep -Fxq "resolve_dns_via_tor" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [ ! -f /etc/tor/torrc ]; then
@ -265,13 +255,13 @@ function resolve_dns_via_tor {
# prevent resolv.conf from changing
chattr +i /etc/resolv.conf
echo 'resolve_dns_via_tor' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
# Local Redirection and Anonymizing Middlebox
function route_outgoing_traffic_through_tor {
if grep -Fxq "route_outgoing_traffic_through_tor" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
@ -364,7 +354,7 @@ function route_outgoing_traffic_through_tor {
echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
fi
echo 'route_outgoing_traffic_through_tor' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

4
src/freedombone-utils-passwords
View File

@ -41,13 +41,13 @@ DEFAULT_PASSWORD_LENGTH=20
function enforce_good_passwords {
# because humans are generally bad at choosing passwords
if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
if [[ $(is_completd $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install libpam-cracklib
sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
echo 'enforce_good_passwords' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function create_password {

12
src/freedombone-utils-repos
View File

@ -39,7 +39,7 @@ FRIENDS_MIRRORS_SERVER=
FRIENDS_MIRRORS_SSH_PORT=2222
function create_repo_sources {
if grep -Fxq "create_repo_sources" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
rm -rf /var/lib/apt/lists/*
@ -60,7 +60,7 @@ function create_repo_sources {
apt-get update
apt-get -y install apt-transport-https
echo 'create_repo_sources' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function read_repo_servers {
@ -105,7 +105,7 @@ function read_repo_servers {
# A command to create a git repository for a project
function create_git_project {
if grep -Fxq "create_git_project" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install git
@ -133,18 +133,18 @@ function create_git_project {
echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'create_git_project' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function create_mirrors {
if [ -d /home/trove ]; then
userdel -r trove
fi
if grep -Fxq "create_mirrors" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
${PROJECT_NAME}-mirrors
echo 'create_mirrors' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

198
src/freedombone-utils-rng
View File

@ -42,126 +42,126 @@ ONERNG_PACKAGE_HASH='78f1c2f52ae573e3b398a695ece7ab9f41868252657ea269f0d5cf0bd4f
ONERNG_DEVICE='ttyACM0'
function check_hwrng {
if [[ $HWRNG_TYPE == "beaglebone" ]]; then
# If hardware random number generation was enabled then make sure that the device exists.
# if /dev/hwrng is not found then any subsequent cryptographic key generation would
# suffer from low entropy and might be insecure
if [ ! -e /dev/hwrng ]; then
ls /dev/hw*
echo $'The hardware random number generator is enabled but could not be detected on'
echo $'/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.'
exit 75
fi
fi
if [[ $HWRNG_TYPE == "beaglebone" ]]; then
# If hardware random number generation was enabled then make sure that the device exists.
# if /dev/hwrng is not found then any subsequent cryptographic key generation would
# suffer from low entropy and might be insecure
if [ ! -e /dev/hwrng ]; then
ls /dev/hw*
echo $'The hardware random number generator is enabled but could not be detected on'
echo $'/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.'
exit 75
fi
fi
# If a OneRNG device was installed then verify its firmware
#check_onerng_verification
# If a OneRNG device was installed then verify its firmware
#check_onerng_verification
}
function check_onerng_verification {
if grep -Fxq "check_onerng_verification" $COMPLETION_FILE; then
return
fi
if [[ $HWRNG_TYPE != "onerng" ]]; then
return
fi
echo $'Checking OneRNG firmware verification'
last_onerng_validation=$(cat /var/log/syslog.1 | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
if [[ $last_onerng_validation != *"passed OK"* ]]; then
last_onerng_validation=$(cat /var/log/syslog | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
if [[ $last_onerng_validation != *"passed OK"* ]]; then
echo $last_onerng_validation
echo $'OneRNG firmware verification failed'
exit 735026
fi
fi
echo $'OneRNG firmware verification passed'
# if haveged was previously installed then remove it
apt-get -y remove haveged
echo 'check_onerng_verification' >> $COMPLETION_FILE
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $HWRNG_TYPE != "onerng" ]]; then
return
fi
echo $'Checking OneRNG firmware verification'
last_onerng_validation=$(cat /var/log/syslog.1 | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
if [[ $last_onerng_validation != *"passed OK"* ]]; then
last_onerng_validation=$(cat /var/log/syslog | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
if [[ $last_onerng_validation != *"passed OK"* ]]; then
echo $last_onerng_validation
echo $'OneRNG firmware verification failed'
exit 735026
fi
fi
echo $'OneRNG firmware verification passed'
# if haveged was previously installed then remove it
apt-get -y remove haveged
mark_completed $FUNCNAME
}
function install_onerng {
apt-get -y install rng-tools at python-gnupg
apt-get -y install rng-tools at python-gnupg
# Move to the installation directory
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
fi
cd $INSTALL_DIR
# Move to the installation directory
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
fi
cd $INSTALL_DIR
# Download the package
if [ ! -f $ONERNG_PACKAGE ]; then
wget $ONERNG_PACKAGE_DOWNLOAD
mv "$ONERNG_PACKAGE?raw=true" $ONERNG_PACKAGE
fi
if [ ! -f $ONERNG_PACKAGE ]; then
echo $"OneRNG package could not be downloaded"
exit 59249
fi
# Download the package
if [ ! -f $ONERNG_PACKAGE ]; then
wget $ONERNG_PACKAGE_DOWNLOAD
mv "$ONERNG_PACKAGE?raw=true" $ONERNG_PACKAGE
fi
if [ ! -f $ONERNG_PACKAGE ]; then
echo $"OneRNG package could not be downloaded"
exit 59249
fi
# Check the hash
hash=$(sha256sum $ONERNG_PACKAGE | awk -F ' ' '{print $1}')
if [[ $hash != $ONERNG_PACKAGE_HASH ]]; then
echo $"OneRNG package: $ONERNG_PACKAGE"
echo $"Hash does not match. This could indicate that the package has been tampered with."
echo $"OneRNG expected package hash: $ONERNG_PACKAGE_HASH"
echo $"OneRNG actual hash: $hash"
exit 25934
fi
# Check the hash
hash=$(sha256sum $ONERNG_PACKAGE | awk -F ' ' '{print $1}')
if [[ $hash != $ONERNG_PACKAGE_HASH ]]; then
echo $"OneRNG package: $ONERNG_PACKAGE"
echo $"Hash does not match. This could indicate that the package has been tampered with."
echo $"OneRNG expected package hash: $ONERNG_PACKAGE_HASH"
echo $"OneRNG actual hash: $hash"
exit 25934
fi
# install the package
dpkg -i $ONERNG_PACKAGE
# install the package
dpkg -i $ONERNG_PACKAGE
# Check that the install worked
if [ ! -f /etc/onerng.conf ]; then
echo $'OneRNG configuration file not found. The package may not have installed successfully.'
exit 42904
fi
# Check that the install worked
if [ ! -f /etc/onerng.conf ]; then
echo $'OneRNG configuration file not found. The package may not have installed successfully.'
exit 42904
fi
dialog --title $"OneRNG Device" \
--msgbox $"Please plug in the OneRNG device" 6 40
dialog --title $"OneRNG Device" \
--msgbox $"Please plug in the OneRNG device" 6 40
# check rng-tools configuration
if ! grep -q "/dev/$ONERNG_DEVICE" /etc/default/rng-tools; then
echo "HRNGDEVICE=/dev/$ONERNG_DEVICE" >> /etc/default/rng-tools
fi
# check rng-tools configuration
if ! grep -q "/dev/$ONERNG_DEVICE" /etc/default/rng-tools; then
echo "HRNGDEVICE=/dev/$ONERNG_DEVICE" >> /etc/default/rng-tools
fi
systemctl restart rng-tools
systemctl restart rng-tools
}
function random_number_generator {
if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# it is assumed that docker uses the random number
# generator of the host system
return
fi
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# it is assumed that docker uses the random number
# generator of the host system
return
fi
# if the hrng type has not been set but /dev/hwrng is detected
if [[ $HWRNG_TYPE != "beaglebone" ]]; then
if [ -e /dev/hwrng ]; then
HWRNG_TYPE="beaglebone"
fi
fi
# if the hrng type has not been set but /dev/hwrng is detected
if [[ $HWRNG_TYPE != "beaglebone" ]]; then
if [ -e /dev/hwrng ]; then
HWRNG_TYPE="beaglebone"
fi
fi
case $HWRNG_TYPE in
beaglebone)
apt-get -y install rng-tools
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
;;
onerng)
function_check install_onerng
install_onerng
;;
*)
apt-get -y install haveged
;;
esac
case $HWRNG_TYPE in
beaglebone)
apt-get -y install rng-tools
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
;;
onerng)
function_check install_onerng
install_onerng
;;
*)
apt-get -y install haveged
;;
esac
echo 'random_number_generator' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

4
src/freedombone-utils-selector
View File

@ -230,7 +230,9 @@ function install_completed {
if [ ! ${1} ]; then
exit 673935
fi
echo "install_${1}" >> $COMPLETION_FILE
if ! grep -Fxq "install_${1}" $COMPLETION_FILE; then
echo "install_${1}" >> $COMPLETION_FILE
fi
}
# populates an array of "0" or "1" for whether apps are installed

10
src/freedombone-utils-setup
View File

@ -82,7 +82,7 @@ CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/
DH_KEYLENGTH=2048
function initial_setup {
if grep -Fxq "initial_setup" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -104,7 +104,7 @@ function initial_setup {
mkdir -p $INSTALL_DIR
fi
echo 'initial_setup' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function search_for_attached_usb_drive {
@ -210,13 +210,11 @@ function search_for_attached_usb_drive {
fi
echo $'No USB drive attached'
fi
echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function mark_admin_user_account {
if ! grep -q "Admin user:" $COMPLETION_FILE; then
echo "Admin user:$MY_USERNAME" >> $COMPLETION_FILE
fi
set_completion_param "Admin user" "$MY_USERNAME"
}
function remove_instructions_from_motd {

12
src/freedombone-utils-ssh
View File

@ -37,7 +37,7 @@ SSH_KEX="diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie
SSH_HOST_KEY_ALGORITHMS="ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-ed25519,ssh-rsa"
function configure_ssh {
if grep -Fxq "configure_ssh" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
sed -i "s/Port .*/Port $SSH_PORT/g" /etc/ssh/sshd_config
@ -82,7 +82,7 @@ function configure_ssh {
function_check configure_firewall_for_ssh
configure_firewall_for_ssh
echo 'configure_ssh' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# see https://stribika.github.io/2015/01/04/secure-secure-shell.html
@ -92,7 +92,7 @@ function ssh_remove_small_moduli {
}
function configure_ssh_client {
if grep -Fxq "configure_ssh_client" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
#sed -i 's/# PasswordAuthentication.*/ PasswordAuthentication no/g' /etc/ssh/ssh_config
@ -122,11 +122,11 @@ function configure_ssh_client {
function_check ssh_remove_small_moduli
ssh_remove_small_moduli
echo 'configure_ssh_client' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function regenerate_ssh_keys {
if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
rm -f /etc/ssh/ssh_host_*
@ -136,7 +136,7 @@ function regenerate_ssh_keys {
ssh_remove_small_moduli
systemctl restart ssh
echo 'regenerate_ssh_keys' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

4
src/freedombone-utils-tracker
View File

@ -65,7 +65,7 @@ function install_tracker {
return
fi
if grep -Fxq "install_tracker" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -97,7 +97,7 @@ function install_tracker {
systemctl enable tracker.service
systemctl start tracker.service
echo 'install_tracker' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

8
src/freedombone-utils-upgrade
View File

@ -38,20 +38,20 @@ function create_upgrade_script {
cp /usr/bin/${PROJECT_NAME}-upgrade /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
fi
if grep -Fxq "create_upgrade_script" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install unattended-upgrades
echo 'create_upgrade_script' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function upgrade_installation_from_previous_versions {
if [ ! -f $COMPLETION_FILE ]; then
return
fi
if grep -Fxq "upgrade_installation_from_previous_versions" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -84,7 +84,7 @@ function upgrade_installation_from_previous_versions {
rm /usr/local/bin/zeronetavahi
fi
echo 'upgrade_installation_from_previous_versions' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

4
src/freedombone-utils-watchdog
View File

@ -34,7 +34,7 @@
WATCHDOG_SCRIPT_NAME="keepon"
function install_watchdog_script {
if grep -Fxq "install_watchdog_script" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME
@ -46,7 +46,7 @@ function install_watchdog_script {
function_check cron_add_mins
cron_add_mins 1 "/usr/bin/$WATCHDOG_SCRIPT_NAME"
echo 'install_watchdog_script' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function add_watchdog_daemon {

25
src/freedombone-utils-web
View File

@ -336,7 +336,7 @@ function install_dynamicdns {
function_check set_repo_commit
set_repo_commit $INSTALL_DIR/inadyn "inadyn commit" "$INADYN_COMMIT" $INADYN_REPO
if grep -Fxq "install_dynamicdns" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -357,11 +357,7 @@ function install_dynamicdns {
fi
cd $INSTALL_DIR/inadyn
git checkout $INADYN_COMMIT -b $INADYN_COMMIT
if ! grep -q "inadyn commit" $COMPLETION_FILE; then
echo "inadyn commit:$INADYN_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/inadyn commit.*/inadyn commit:$INADYN_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "inadyn commit" "$INADYN_COMMIT"
./configure
if [ ! "$?" = "0" ]; then
@ -403,11 +399,11 @@ function install_dynamicdns {
systemctl start inadyn
systemctl daemon-reload
echo 'install_dynamicdns' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function install_command_line_browser {
if grep -Fxq "install_command_line_browser" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -y install elinks
@ -421,7 +417,7 @@ function install_command_line_browser {
fi
fi
echo 'install_command_line_browser' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
function mesh_web_server {
@ -448,7 +444,7 @@ function install_web_server {
function_check set_repo_commit
set_repo_commit $INSTALL_DIR/nginx_ensite "nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO
if grep -Fxq "install_web_server" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
# remove apache
@ -562,11 +558,8 @@ function install_web_server {
git_clone $NGINX_ENSITE_REPO $INSTALL_DIR/nginx_ensite
cd $INSTALL_DIR/nginx_ensite
git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT
if ! grep -q "nginx-ensite commit" $COMPLETION_FILE; then
echo "nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/nginx-ensite commit.*/nginx-ensite commit:$NGINX_ENSITE_COMMIT/g" $COMPLETION_FILE
fi
set_completion_param "nginx-ensite commit" "$NGINX_ENSITE_COMMIT"
make install
nginx_dissite default
@ -574,7 +567,7 @@ function install_web_server {
function_check configure_firewall_for_web_access
configure_firewall_for_web_access
echo 'install_web_server' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

11
src/freedombone-utils-wifi
View File

@ -49,7 +49,8 @@ function setup_wifi {
if [ ${#WIFI_SSID} -lt 2 ]; then
return
fi
if grep -Fxq "setup_wifi" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -60,7 +61,7 @@ function setup_wifi {
if [ -f $WIFI_NETWORKS_FILE ]; then
${PROJECT_NAME}-wifi -i $WIFI_INTERFACE --networks $WIFI_NETWORKS_FILE
echo 'setup_wifi' >> $COMPLETION_FILE
mark_completed $FUNCNAME
return
fi
@ -77,12 +78,12 @@ function setup_wifi {
else
${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE --hotspot $HOTSPOT --networks $WIFI_NETWORKS_FILE
fi
echo 'setup_wifi' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# ath9k_htc driver
function install_atheros_wifi {
if grep -Fxq "install_atheros_wifi" $COMPLETION_FILE; then
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [ $INSTALLING_ON_BBB != "yes" ]; then
@ -127,7 +128,7 @@ function install_atheros_wifi {
if [ ! "$?" = "0" ]; then
exit 74681
fi
echo 'install_atheros_wifi' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

18
src/freedombone-utils-zram
View File

@ -29,18 +29,18 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function enable_zram {
if grep -Fxq "enable_zram" $COMPLETION_FILE; then
return
fi
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
${PROJECT_NAME}-zram off
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
${PROJECT_NAME}-zram off
return
fi
${PROJECT_NAME}-zram on
${PROJECT_NAME}-zram on
echo 'enable_zram' >> $COMPLETION_FILE
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0