Merge branch 'stretch' of https://github.com/bashrc/freedombone
This commit is contained in:
commit
801aab4f9f
|
@ -24,6 +24,8 @@ NextCloud is a system for file synchronisation and also has many other plugins f
|
|||
|
||||
The videoconferencing plugin requires a browser with WebRTC support and so is unlikely to work in a Tor browser, but may still be a better option than using proprietary systems.
|
||||
|
||||
* Operational considerations
|
||||
If your ISP or the government in your area is part of your threat model then NextCloud may not be the best choice for hosting files and [[./app_syncthing.html][Syncthing]] could be preferable. In the past the NextCloud company is known to have remotely scanned servers without permission and reported server admins who don't immediately update to the latest version of the software to their ISPs or to questionable government agencies. Depending upon where you are located such activities by the developer, which are not really in the spirit of independent self-hosting, could have very undesirable results.
|
||||
* Installation
|
||||
Log into your system with:
|
||||
|
||||
|
|
Binary file not shown.
|
@ -299,6 +299,7 @@ function gnusocial_set_expire_months {
|
|||
}
|
||||
|
||||
function configure_interactive_gnusocial {
|
||||
read_config_param GNUSOCIAL_EXPIRE_MONTHS
|
||||
while true
|
||||
do
|
||||
data=$(tempfile 2>/dev/null)
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# License
|
||||
# =======
|
||||
#
|
||||
# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
|
||||
# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
|
@ -37,7 +37,7 @@ MAILPILE_DOMAIN_NAME=
|
|||
MAILPILE_CODE=
|
||||
MAILPILE_ONION_PORT=8103
|
||||
MAILPILE_REPO="https://github.com/mailpile/Mailpile"
|
||||
MAILPILE_COMMIT='6f56fe4ad736c8e385bea658454bed110d08c60d'
|
||||
MAILPILE_COMMIT='88ae8e5831dddc628c827c44224166dbdbed91f1'
|
||||
MAILPILE_PORT=33411
|
||||
|
||||
mailpile_variables=(MAILPILE_REPO
|
||||
|
@ -45,6 +45,7 @@ mailpile_variables=(MAILPILE_REPO
|
|||
MAILPILE_CODE
|
||||
ONION_ONLY
|
||||
DDNS_PROVIDER
|
||||
DEFAULT_DOMAIN_NAME
|
||||
MY_USERNAME)
|
||||
|
||||
function logging_on_mailpile {
|
||||
|
@ -109,118 +110,19 @@ function upgrade_mailpile {
|
|||
}
|
||||
|
||||
function backup_local_mailpile {
|
||||
if [ ! -f /etc/systemd/system/mailpile.service ]; then
|
||||
return
|
||||
fi
|
||||
MAILPILE_DOMAIN_NAME='mailpile.local'
|
||||
if grep -q "mailpile domain" $COMPLETION_FILE; then
|
||||
MAILPILE_DOMAIN_NAME=$(get_completion_param "mailpile domain")
|
||||
fi
|
||||
source_directory=/var/www/${MAILPILE_DOMAIN_NAME}/mail/.local
|
||||
if [ -d $source_directory ]; then
|
||||
systemctl stop mailpile
|
||||
|
||||
function_check backup_directory_to_usb
|
||||
backup_directory_to_usb $source_directory mailpile
|
||||
|
||||
systemctl start mailpile
|
||||
fi
|
||||
echo -n ''
|
||||
}
|
||||
|
||||
function restore_local_mailpile {
|
||||
if [ ! -f /etc/systemd/system/mailpile.service ]; then
|
||||
return
|
||||
fi
|
||||
MAILPILE_DOMAIN_NAME='mailpile.local'
|
||||
if grep -q "mailpile domain" $COMPLETION_FILE; then
|
||||
MAILPILE_DOMAIN_NAME=$(get_completion_param "mailpile domain")
|
||||
fi
|
||||
if [ $MAILPILE_DOMAIN_NAME ]; then
|
||||
systemctl stop mailpile
|
||||
|
||||
temp_restore_dir=/root/tempmailpile
|
||||
restore_directory_from_usb $temp_restore_dir mailpile
|
||||
if [ -d /var/www/${MAILPILE_DOMAIN_NAME}/mail/.local ]; then
|
||||
mv /var/www/${MAILPILE_DOMAIN_NAME}/mail/.local /var/www/${MAILPILE_DOMAIN_NAME}/mail/.previous
|
||||
fi
|
||||
temp_source_dir=$(find ${temp_restore_dir} -name ".local")
|
||||
cp -r ${temp_source_dir} /var/www/${MAILPILE_DOMAIN_NAME}/mail/
|
||||
if [ ! "$?" = "0" ]; then
|
||||
if [ -d mv /var/www/${MAILPILE_DOMAIN_NAME}/mail/.previous ]; then
|
||||
if [ -d /var/www/${MAILPILE_DOMAIN_NAME}/mail/.previous ]; then
|
||||
rm -rf /var/www/${MAILPILE_DOMAIN_NAME}/mail/.previous
|
||||
fi
|
||||
mv /var/www/${MAILPILE_DOMAIN_NAME}/mail/.previous /var/www/${MAILPILE_DOMAIN_NAME}/mail/.local
|
||||
fi
|
||||
backup_unmount_drive
|
||||
exit 3685
|
||||
fi
|
||||
rm -rf ${temp_restore_dir}
|
||||
chown -R mailpile: /var/www/$MAILPILE_DOMAIN_NAME/mail/
|
||||
|
||||
if [ -d /etc/letsencrypt/live/${MAILPILE_DOMAIN_NAME} ]; then
|
||||
ln -s /etc/letsencrypt/live/${MAILPILE_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${MAILPILE_DOMAIN_NAME}.key
|
||||
ln -s /etc/letsencrypt/live/${MAILPILE_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem
|
||||
fi
|
||||
|
||||
systemctl start mailpile
|
||||
fi
|
||||
echo -n ''
|
||||
}
|
||||
|
||||
function backup_remote_mailpile {
|
||||
if [ ! -f /etc/systemd/system/mailpile.service ]; then
|
||||
return
|
||||
fi
|
||||
MAILPILE_DOMAIN_NAME='mailpile.local'
|
||||
if grep -q "mailpile domain" $COMPLETION_FILE; then
|
||||
MAILPILE_DOMAIN_NAME=$(get_completion_param "mailpile domain")
|
||||
fi
|
||||
source_directory=/var/www/${MAILPILE_DOMAIN_NAME}/mail/.local
|
||||
if [ -d $source_directory ]; then
|
||||
systemctl stop mailpile
|
||||
|
||||
function_check backup_directory_to_usb
|
||||
backup_directory_to_friend $source_directory mailpile
|
||||
|
||||
systemctl start mailpile
|
||||
fi
|
||||
echo -n ''
|
||||
}
|
||||
|
||||
function restore_remote_mailpile {
|
||||
if [ ! -f /etc/systemd/system/mailpile.service ]; then
|
||||
return
|
||||
fi
|
||||
MAILPILE_DOMAIN_NAME='mailpile.local'
|
||||
if grep -q "mailpile domain" $COMPLETION_FILE; then
|
||||
MAILPILE_DOMAIN_NAME=$(get_completion_param "mailpile domain")
|
||||
fi
|
||||
if [ $MAILPILE_DOMAIN_NAME ]; then
|
||||
systemctl stop mailpile
|
||||
|
||||
temp_restore_dir=/root/tempmailpile
|
||||
restore_directory_from_friend $temp_restore_dir mailpile
|
||||
if [ -d /var/www/${MAILPILE_DOMAIN_NAME}/mail/.local ]; then
|
||||
mv /var/www/${MAILPILE_DOMAIN_NAME}/mail/.local /var/www/${MAILPILE_DOMAIN_NAME}/mail/.previous
|
||||
fi
|
||||
temp_source_dir=$(find ${temp_restore_dir} -name ".local")
|
||||
cp -r ${temp_source_dir} /var/www/${MAILPILE_DOMAIN_NAME}/mail/
|
||||
if [ ! "$?" = "0" ]; then
|
||||
if [ -d mv /var/www/${MAILPILE_DOMAIN_NAME}/mail/.previous ]; then
|
||||
mv /var/www/${MAILPILE_DOMAIN_NAME}/mail/.previous /var/www/${MAILPILE_DOMAIN_NAME}/mail/.local
|
||||
fi
|
||||
backup_unmount_drive
|
||||
exit 36732
|
||||
fi
|
||||
rm -rf ${temp_restore_dir}
|
||||
chown -R mailpile: /var/www/$MAILPILE_DOMAIN_NAME/mail/
|
||||
|
||||
if [ -d /etc/letsencrypt/live/${MAILPILE_DOMAIN_NAME} ]; then
|
||||
ln -s /etc/letsencrypt/live/${MAILPILE_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${MAILPILE_DOMAIN_NAME}.key
|
||||
ln -s /etc/letsencrypt/live/${MAILPILE_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem
|
||||
fi
|
||||
|
||||
systemctl start mailpile
|
||||
fi
|
||||
echo -n ''
|
||||
}
|
||||
|
||||
function remove_mailpile {
|
||||
|
@ -305,6 +207,11 @@ function install_mailpile {
|
|||
adduser mailpile www-data
|
||||
adduser mailpile mail
|
||||
adduser mailpile $MY_USERNAME
|
||||
if [[ $ONION_ONLY == 'no' ]]; then
|
||||
chgrp -R ssl-cert /etc/letsencrypt
|
||||
chmod -R g=rX /etc/letsencrypt
|
||||
usermod -a -G ssl-cert mailpile
|
||||
fi
|
||||
chown -R mailpile: /var/www/$MAILPILE_DOMAIN_NAME/mail/
|
||||
|
||||
# create folders and tags
|
||||
|
@ -440,6 +347,17 @@ function install_mailpile {
|
|||
pip install jinja2==2.9.6
|
||||
pip install pgpdump==1.5
|
||||
|
||||
# turn off ssl in dovecot
|
||||
sed -i 's|#ssl =.*|ssl = no|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|ssl =.*|ssl = no|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
|
||||
# set ssl certs, just in case we want to use them later
|
||||
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i "s|#ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i "s|ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
|
||||
systemctl restart dovecot
|
||||
systemctl enable mailpile
|
||||
systemctl daemon-reload
|
||||
systemctl start mailpile
|
||||
|
|
|
@ -64,7 +64,9 @@ matrix_variables=(ONION_ONLY
|
|||
|
||||
function logging_on_matrix {
|
||||
if [ -f /var/lib/matrix/homeserver.yaml ]; then
|
||||
if ! grep -q "log_file: /etc/matrix/homeserver.log" /var/lib/matrix/homeserver.yaml; then
|
||||
sed -i 's|log_file:.*|log_file: /etc/matrix/homeserver.log|g' /var/lib/matrix/homeserver.yaml
|
||||
fi
|
||||
if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
|
||||
sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
|
||||
fi
|
||||
|
@ -73,7 +75,9 @@ function logging_on_matrix {
|
|||
|
||||
function logging_off_matrix {
|
||||
if [ -f /var/lib/matrix/homeserver.yaml ]; then
|
||||
if ! grep -q "log_file: /dev/null" /var/lib/matrix/homeserver.yaml; then
|
||||
sed -i 's|log_file:.*|log_file: /dev/null|g' /var/lib/matrix/homeserver.yaml
|
||||
fi
|
||||
if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
|
||||
sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
|
||||
fi
|
||||
|
@ -83,6 +87,12 @@ function logging_off_matrix {
|
|||
if [ -f /etc/matrix/homeserver.log.1 ]; then
|
||||
$REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.1
|
||||
fi
|
||||
if [ -f /etc/matrix/homeserver.log.2 ]; then
|
||||
$REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.2
|
||||
fi
|
||||
if [ -f /etc/matrix/homeserver.log.3 ]; then
|
||||
$REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.3
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ NEXTCLOUD_CODE=
|
|||
NEXTCLOUD_ONION_PORT=8112
|
||||
NEXTCLOUD_REPO="https://github.com/nextcloud/server"
|
||||
# Stable 12 branch
|
||||
NEXTCLOUD_COMMIT='5e22b330963d01feb636b24e7b1027b50b46e3c2'
|
||||
NEXTCLOUD_COMMIT='cd095bb0b85eed6a9a9f6f0f7d10f2366c4667a7'
|
||||
NEXTCLOUD_ADMIN_PASSWORD=
|
||||
|
||||
nextcloud_variables=(ONION_ONLY
|
||||
|
@ -209,6 +209,7 @@ function upgrade_nextcloud {
|
|||
set_repo_commit /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs "nextcloud commit" "$NEXTCLOUD_COMMIT" $NEXTCLOUD_REPO
|
||||
|
||||
upgrade_nextcloud_base
|
||||
sudo -u www-data ./occ upgrade
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -315,6 +315,7 @@ function postactiv_set_expire_months {
|
|||
}
|
||||
|
||||
function configure_interactive_postactiv {
|
||||
read_config_param "POSTACTIV_EXPIRE_MONTHS"
|
||||
while true
|
||||
do
|
||||
data=$(tempfile 2>/dev/null)
|
||||
|
|
|
@ -41,8 +41,8 @@ XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+
|
|||
XMPP_ECC_CURVE='"secp384r1"'
|
||||
|
||||
prosody_latest_version='0.10'
|
||||
prosody_nightly=382
|
||||
prosody_nightly_hash='770f1a0466f2361184eebffac9f50c102ad842cd855190db6c7f42f2f09884f5'
|
||||
prosody_nightly=410
|
||||
prosody_nightly_hash='9cf3db6a09895a744d72eb90b4a635758a710afe1a16b78506c7139c4e7211eb'
|
||||
prosody_filename=prosody-${prosody_latest_version}-1nightly${prosody_nightly}
|
||||
prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest/${prosody_filename}.tar.gz"
|
||||
|
||||
|
@ -356,7 +356,9 @@ function update_prosody_modules {
|
|||
mkdir -p /var/lib/prosody/prosody-modules
|
||||
fi
|
||||
cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
|
||||
cp -r $INSTALL_DIR/prosody-modules/* /usr/lib/prosody/modules/
|
||||
chown -R prosody:prosody /var/lib/prosody/prosody-modules
|
||||
chown -R prosody:prosody /usr/lib/prosody/modules
|
||||
systemctl start prosody
|
||||
else
|
||||
echo $'Prosody modules not extracted'
|
||||
|
@ -1019,6 +1021,7 @@ function install_xmpp {
|
|||
if [ -d /etc/letsencrypt ]; then
|
||||
usermod -a -G ssl-cert prosody
|
||||
fi
|
||||
apt-mark -q hold prosody
|
||||
systemctl restart prosody
|
||||
|
||||
if [[ $ONION_ONLY != 'no' ]]; then
|
||||
|
|
|
@ -1345,8 +1345,8 @@ function configure_imap {
|
|||
echo $'Unable to find /etc/dovecot/conf.d/10-ssl.conf'
|
||||
exit 83629
|
||||
fi
|
||||
sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|#ssl =.*|ssl = no|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i 's|ssl =.*|ssl = no|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i "s|#ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g" /etc/dovecot/conf.d/10-ssl.conf
|
||||
|
|
|
@ -124,6 +124,13 @@ function install_tripwire {
|
|||
if ! grep -q '!/usr/local/lib/node_modules' /etc/tripwire/twpol.txt; then
|
||||
sed -i '\|/etc\t\t->.*|a\ !/usr/local/lib/node_modules ;' /etc/tripwire/twpol.txt
|
||||
fi
|
||||
# Events here are likely due to USB HRNG activity
|
||||
if ! grep -q '!/dev/char' /etc/tripwire/twpol.txt; then
|
||||
sed -i '\|/dev\t\t->.*|a\ !/dev/char ;' /etc/tripwire/twpol.txt
|
||||
fi
|
||||
if ! grep -q '!/dev/bus/usb' /etc/tripwire/twpol.txt; then
|
||||
sed -i '\|/dev\t\t->.*|a\ !/dev/bus/usb ;' /etc/tripwire/twpol.txt
|
||||
fi
|
||||
|
||||
# Not much is in /usr/local/bin other than project commands and avoiding it removes
|
||||
# problems with updates. This is a tradeoff, but not by much.
|
||||
|
|
|
@ -130,7 +130,42 @@ fi
|
|||
|
||||
function any_key {
|
||||
echo ''
|
||||
read -n1 -r -p $"Press any key to continue..." key
|
||||
read -n1 -rsp $"Press any key to continue..." key
|
||||
}
|
||||
|
||||
function any_key_verify {
|
||||
echo ''
|
||||
read -n1 -rsp $"Press any key to continue or C to check a hash..." key
|
||||
if [[ "$key" != 'c' && "$key" != 'C' ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
data=$(tempfile 2>/dev/null)
|
||||
trap "rm -f $data" 0 1 2 5 15
|
||||
dialog --title $"Check tripwire hash" \
|
||||
--backtitle $"Freedombone Control Panel" \
|
||||
--inputbox $"Paste your tripwire hash below and it will be checked against the current database" 12 60 2>$data
|
||||
sel=$?
|
||||
case $sel in
|
||||
0)
|
||||
GIVEN_HASH=$(<$data)
|
||||
if [ ${#GIVEN_HASH} -gt 8 ]; then
|
||||
if [[ "$GIVEN_HASH" == *' '* ]]; then
|
||||
dialog --title $"Check tripwire" \
|
||||
--msgbox $"\nThe hash should not contain any spaces" 10 40
|
||||
else
|
||||
DBHASH=$(sha512sum /var/lib/tripwire/${HOSTNAME}.twd | awk -F ' ' '{print $1}')
|
||||
if [[ "$DBHASH" == "$GIVEN_HASH" ]]; then
|
||||
dialog --title $"Check tripwire" \
|
||||
--msgbox $"\nSuccess\n\nThe hash you gave matches the current tripwire database" 10 40
|
||||
else
|
||||
dialog --title $"Check tripwire" \
|
||||
--msgbox $"\nFailed\n\nThe hash you gave does not match the current tripwire database. This might be because you reset the tripwire, or there could have been an unauthorised modification of the system" 12 50
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
function get_app_icann_address {
|
||||
|
@ -2182,7 +2217,7 @@ function menu_top_level {
|
|||
3) menu_backup_restore;;
|
||||
4) show_firewall;;
|
||||
5) show_tripwire_verification_code
|
||||
any_key;;
|
||||
any_key_verify;;
|
||||
6) reset_tripwire;;
|
||||
7) menu_app_settings;;
|
||||
8) /usr/local/bin/addremove
|
||||
|
|
|
@ -741,6 +741,9 @@ function expire_gnusocial_posts {
|
|||
|
||||
expire_days=$((expire_months * 30))
|
||||
|
||||
# files are what take up most of the backup time, so don't keep them for very long
|
||||
expire_days_files=7
|
||||
|
||||
# To prevent the database size from growing endlessly this script expires posts
|
||||
# after a number of months
|
||||
if [ ! -d /var/www/${domain_name}/htdocs ]; then
|
||||
|
@ -788,15 +791,16 @@ function expire_gnusocial_posts {
|
|||
echo '$rowaff1 notices, $rowaff2 conversations, $rowaff3 replies, and $rowaff4 qvitter notifications deleted from database.\n";' >> $gnusocial_expire_posts_script
|
||||
chmod +x $gnusocial_expire_posts_script
|
||||
|
||||
gnusocial_expire_script=/usr/bin/${gnusocial_type}-expire
|
||||
gnusocial_expire_script=/etc/cron.daily/${gnusocial_type}-expire
|
||||
echo '#!/bin/bash' > $gnusocial_expire_script
|
||||
echo "find /var/www/${domain_name}/htdocs/file/* -mtime +${expire_days} -exec rm {} +" >> $gnusocial_expire_script
|
||||
echo "find /var/www/${domain_name}/htdocs/file/* -mtime +${expire_days_files} -exec rm {} +" >> $gnusocial_expire_script
|
||||
echo "/usr/bin/php $gnusocial_expire_posts_script" >> $gnusocial_expire_script
|
||||
chmod +x $gnusocial_expire_script
|
||||
|
||||
# Add a cron job
|
||||
if ! grep -q "${gnusocial_expire_script}" /etc/crontab; then
|
||||
echo "10 3 5 * * root /usr/bin/timeout 500 ${gnusocial_expire_script}" >> /etc/crontab
|
||||
# remove any old cron job
|
||||
if grep -q "${gnusocial_type}-expire" /etc/crontab; then
|
||||
sed -i "/${gnusocial_type}-expire/d" /etc/crontab
|
||||
rm /usr/bin/${gnusocial_type}-expire
|
||||
fi
|
||||
|
||||
# remove old expire script
|
||||
|
|
|
@ -286,10 +286,22 @@ function initial_setup {
|
|||
mark_completed $FUNCNAME
|
||||
}
|
||||
|
||||
function turn_off_magic_sysrq {
|
||||
if grep -q 'kernel.sysrq = 0' /etc/sysctl.conf; then
|
||||
return
|
||||
fi
|
||||
if grep -q 'kernel.sysrq' /etc/sysctl.conf; then
|
||||
sed -i 's|#kernel.sysrq.*|kernel.sysrq = 0|g' /etc/sysctl.conf
|
||||
sed -i 's|kernel.sysrq.*|kernel.sysrq = 0|g' /etc/sysctl.conf
|
||||
else
|
||||
echo 'kernel.sysrq = 0' >> /etc/sysctl.conf
|
||||
fi
|
||||
}
|
||||
|
||||
function setup_grub {
|
||||
if [[ $ARCHITECTURE == 'qemu'* || $ARCHITECTURE == 'amd64' || $ARCHITECTURE == 'x86_64' || $ARCHITECTURE == 'i686' || $ARCHITECTURE == 'i386' ]]; then
|
||||
if ! grep -q 'ifnames=0' /etc/default/grub; then
|
||||
sed -i 's|GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT="quiet ifnames=0 slub_debug=FZP slab_nomerge page_poison=1"|g' /etc/default/grub
|
||||
sed -i 's|GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT="quiet ifnames=0 slub_debug=FZP slab_nomerge page_poison=1 panic=0"|g' /etc/default/grub
|
||||
update-grub
|
||||
fi
|
||||
fi
|
||||
|
@ -782,6 +794,9 @@ function setup_utils {
|
|||
function_check enable_predictable_device_names
|
||||
enable_predictable_device_names
|
||||
|
||||
function_check turn_off_magic_sysrq
|
||||
turn_off_magic_sysrq
|
||||
|
||||
function_check separate_tmp_filesystem
|
||||
separate_tmp_filesystem 150
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2017-05-08 Mon 23:45 -->
|
||||
<!-- 2017-08-08 Tue 17:39 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title></title>
|
||||
|
@ -264,9 +264,17 @@ NextCloud is a system for file synchronisation and also has many other plugins f
|
|||
The videoconferencing plugin requires a browser with WebRTC support and so is unlikely to work in a Tor browser, but may still be a better option than using proprietary systems.
|
||||
</p>
|
||||
|
||||
<div id="outline-container-orge6cdeb1" class="outline-2">
|
||||
<h2 id="orge6cdeb1">Installation</h2>
|
||||
<div class="outline-text-2" id="text-orge6cdeb1">
|
||||
<div id="outline-container-orgb096beb" class="outline-2">
|
||||
<h2 id="orgb096beb">Operational considerations</h2>
|
||||
<div class="outline-text-2" id="text-orgb096beb">
|
||||
<p>
|
||||
If your ISP or the government in your area is part of your threat model then NextCloud may not be the best choice for hosting files and <a href="./app_syncthing.html">Syncthing</a> could be preferable. In the past the NextCloud company is known to have remotely scanned servers without permission and reported server admins who don't immediately update to the latest version of the software to their ISPs or to questionable government agencies. Depending upon where you are located such activities by the developer, which are not really in the spirit of independent self-hosting, could have very undesirable results.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="outline-container-orgcac5c6a" class="outline-2">
|
||||
<h2 id="orgcac5c6a">Installation</h2>
|
||||
<div class="outline-text-2" id="text-orgcac5c6a">
|
||||
<p>
|
||||
Log into your system with:
|
||||
</p>
|
||||
|
@ -286,9 +294,9 @@ Select <b>Add/Remove Apps</b> then <b>nextcloud</b>. You will then be asked for
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgdf0be0a" class="outline-2">
|
||||
<h2 id="orgdf0be0a">Initial setup</h2>
|
||||
<div class="outline-text-2" id="text-orgdf0be0a">
|
||||
<div id="outline-container-org87dcfbd" class="outline-2">
|
||||
<h2 id="org87dcfbd">Initial setup</h2>
|
||||
<div class="outline-text-2" id="text-org87dcfbd">
|
||||
<p>
|
||||
Go to the <b>Administrator control panel</b> and select <b>Passwords</b> then <b>nextcloud</b>. This will give you the password to initially log in to the system and you can change it later from a client app if needed.
|
||||
</p>
|
||||
|
|
Loading…
Reference in New Issue