diff --git a/Makefile b/Makefile index cadb591d..e99ffc08 100644 --- a/Makefile +++ b/Makefile @@ -24,7 +24,7 @@ install: mkdir -p ${DESTDIR}/usr/share/${APP}/avatars mkdir -p ${DESTDIR}/etc/${APP} cp src/${APP} ${DESTDIR}${PREFIX}/bin - rm -f ${DESTDIR}/${PREFIX}/bin/${APP}-* + rm -f ${DESTDIR}${PREFIX}/bin/${APP}-* cp -r image_build/* ${DESTDIR}/etc/${APP} cp img/backgrounds/${APP}_*.png ${DESTDIR}${PREFIX}/share cp img/avatars/* ${DESTDIR}/usr/share/${APP}/avatars diff --git a/doc/EN/app_akaunting.org b/doc/EN/app_akaunting.org index 479c5c9a..aeca891e 100644 --- a/doc/EN/app_akaunting.org +++ b/doc/EN/app_akaunting.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Akaunting

-
-#+END_EXPORT +* Akaunting The Freedombone system isn't primarily aimed at companies or institutions, but if you're a one person company or freelancer then having the ability to run your own accounting system and keep the data private and also backed up is useful. Akaunting provides a nice web based system for small business accounts, and is also quite usable within a mobile web browser. @@ -33,14 +28,12 @@ From the *Administrator control panel* select *Passwords* and look up the passwo Now in a browser navigate to your subdomain. You will need to enter some details for the database. The password should be the mariadb one. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/akaunting_setup.jpg]] -#+END_CENTER After that you'll need to enter a company name and an email address. You can make the administrator password anything you prefer, and a suggestion can be found within the *Passwords* section of the *Administrator control panel* under *akaunting*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/akaunting_setup_company.jpg]] -#+END_CENTER From then on the system should be usable. Accounts software can often be quite complex, and so you'll probably want to refer to the [[https://akaunting.com/docs][official documentation]] for details. diff --git a/doc/EN/app_bdsmail.org b/doc/EN/app_bdsmail.org index 8830abd7..93af81e5 100644 --- a/doc/EN/app_bdsmail.org +++ b/doc/EN/app_bdsmail.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

BDS Mail

-
-#+END_EXPORT +* BDS Mail BDS Mail (aka "Brain Dead Simple Mail") is an optional addition to the existing email server which comes installed as default. It creates an extra folder within the Mutt client which allows you to send and receive email using [[https://en.wikipedia.org/wiki/I2P][i2p]] as the transport layer. This solves the problem of being blocked by dubious systems and also the problem of user friendly email encryption. If you're behind a hostile firewall which you don't control and which blocks all ports, this system is still likely to work. You can use GPG as an additional encryption layer if you prefer, but it's not strictly necessary because you already have the i2p public key system to ensure end-to-end security. diff --git a/doc/EN/app_bludit.org b/doc/EN/app_bludit.org new file mode 100644 index 00000000..1ed5ddb3 --- /dev/null +++ b/doc/EN/app_bludit.org @@ -0,0 +1,29 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone, bludit, blog +#+DESCRIPTION: How to use Bludit +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+attr_html: :width 80% :height 10% :align center +[[file:images/logo.png]] + +* Bludit + +This is a databaseless blogging system which uses markdown files. It's not very complex and so there is not much to go wrong, and it should run well on any server hardware. + +* Installation +Log into your system with: + +#+begin_src bash +ssh myusername@mydomain -p 2222 +#+end_src + +Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password. + +Select *Add/Remove Apps* then *bluit*. Enter the subdomain that you which to use, such as *blog.mydomain.net*, and optionally a FreeDNS code. + +Now in a browser navigate to your subdomain. You will need to enter some details for the database. You'll be asked to provide an initial administrator password. + +From there on it's all pretty straightforward. If you need to publish a draft the post status can be changed on a drop down list on the right hand side. diff --git a/doc/EN/app_cryptpad.org b/doc/EN/app_cryptpad.org index f24946a3..b680d530 100644 --- a/doc/EN/app_cryptpad.org +++ b/doc/EN/app_cryptpad.org @@ -6,19 +6,13 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

CryptPad

-
-#+END_EXPORT +* CryptPad -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/cryptpad.jpg]] -#+END_CENTER This is similar to [[./app_etherpad.html][EtherPad]] but with better security and more document types which can be collaboratively edited in real time. It includes not just text editing but also creating presentations, voting and editing source code. diff --git a/doc/EN/app_dlna.org b/doc/EN/app_dlna.org index 705521bf..d7825e88 100644 --- a/doc/EN/app_dlna.org +++ b/doc/EN/app_dlna.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

DLNA

-
-#+END_EXPORT +* DLNA An easy way to play music on any mobile device in your home is to use the DLNA service. Copy your music into a directory called "/Music/" on an unencrypted USB thumb drive and then insert it into a USB socket on the Freedombone system. diff --git a/doc/EN/app_dokuwiki.org b/doc/EN/app_dokuwiki.org index 4bc7839c..47acb5bb 100644 --- a/doc/EN/app_dokuwiki.org +++ b/doc/EN/app_dokuwiki.org @@ -6,19 +6,13 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Dokuwiki

-
-#+END_EXPORT +* Dokuwiki Dokuwiki is a wiki which stores its content in text files. Having no database makes maintaining it simpler, and it's not tied to any particular domain name so you can easily copy the files to a different domain if you need to. - * Installation Log into your system with: diff --git a/doc/EN/app_edith.org b/doc/EN/app_edith.org index bbdeb69f..2352a0d0 100644 --- a/doc/EN/app_edith.org +++ b/doc/EN/app_edith.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Edith Notes

-
-#+END_EXPORT +* Edith Notes Edith notes is the simplest and quickest kind of notes system. It has no complicated user interface. Just enter your domain and a title and a note will be created. Everything typed is saved automatically. @@ -28,8 +23,7 @@ ssh myusername@mydomain.com -p 2222 Select *Administrator controls* then *App Settings* then *edith*. Enter a subdomain name, such as /notes.mydomain.com/, and optionally a freedns code. When the installation is complete you can then look up the password for the site within the *Passwords* section of the *Administrator control panel*, then navigate to the subdomain. Log in, then enter something like /notes.mydomain.com/testnote/ and start typing. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/edith_notes.jpg]] -#+END_CENTER It is possible to turn off the login via *App Settings/edith* if you wish, but this will enable anyone on the internet to view or edit notes on your system, which could have obvious privacy or stability implications. From *App settings/edith* it's also possible to browse through your notes files. diff --git a/doc/EN/app_emacs.org b/doc/EN/app_emacs.org index dbadeb59..1bba2f4a 100644 --- a/doc/EN/app_emacs.org +++ b/doc/EN/app_emacs.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Emacs

-
-#+END_EXPORT +* Emacs Emacs is a text editor popular with software developers or anyone who needs to take notes at high speed or be able to customise their editing environment to a high degree. When installed on Freedombone it can be used together the Mutt email client to edit new emails or if you need to manually edit configuration files. diff --git a/doc/EN/app_etherpad.org b/doc/EN/app_etherpad.org index 707473cb..5aa89d65 100644 --- a/doc/EN/app_etherpad.org +++ b/doc/EN/app_etherpad.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Etherpad

-
-#+END_EXPORT +* Etherpad This is a well known system for real time collaborative editing of documents. Just log in, choose a document title and then edit. Different users will appear in different colours, and can also chat in the sidebar. This is installed as a private system in which only users on your Freedombone server will be able to create and edit documents, so it's not open to any random users on the internet. diff --git a/doc/EN/app_fedwiki.org b/doc/EN/app_fedwiki.org index 9e94bfb1..145cde6e 100644 --- a/doc/EN/app_fedwiki.org +++ b/doc/EN/app_fedwiki.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Federated Wiki

-
-#+END_EXPORT +* Federated Wiki Federated wikis are a relatively new concept. There can be multiple copies of the same page on different servers and it's then easy to pick which version you prefer, or make something new. It's like wiki meets mashup meets federation, and so is different from many previous web paradigms and may take some recalibration of how you think the web should work. diff --git a/doc/EN/app_friendica.org b/doc/EN/app_friendica.org index 350219ec..ad9e79bb 100644 --- a/doc/EN/app_friendica.org +++ b/doc/EN/app_friendica.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Friendica

-
-#+END_EXPORT +* Friendica Friendica is a federated social networking system. It can federate with other popular systems such as GNU Social and Diaspora. Currently Friendica only works on the clearnet and doesn't have an onion address. @@ -37,9 +32,8 @@ If you have just obtained a Lets Encrypt certificate as above then go to *About* On first visiting your Friendica site you'll see the login screen. The first thing you need to do is to select *register* to create a new Friendica administrator user. The first user on the system then becomes its administrator. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/friendicaadmin.jpg]] -#+END_CENTER Friendica has numerous addons which you might want to explore. Select the small icon next to the search box and you will get to the administrator settings. Select *plugins* and you can then configure which ones you want. From the *site* settings you can also force all links to use SSL/TLS for added security. diff --git a/doc/EN/app_ghost.org b/doc/EN/app_ghost.org deleted file mode 100644 index 0acca30a..00000000 --- a/doc/EN/app_ghost.org +++ /dev/null @@ -1,45 +0,0 @@ -#+TITLE: -#+AUTHOR: Bob Mottram -#+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombone, ghost -#+DESCRIPTION: How to use Ghost -#+OPTIONS: ^:nil toc:nil -#+HTML_HEAD: - -#+BEGIN_CENTER -[[file:images/logo.png]] -#+END_CENTER - -#+BEGIN_EXPORT html -
-

Ghost

-
-#+END_EXPORT - -Ghost is a blogging system which uses markdown formatted posts. It's quite simple to use, and also looks nice even on small mobile screens. - -* Installation -Log into your system with: - -#+begin_src bash -ssh myusername@mydomain -p 2222 -#+end_src - -Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password. - -Select *Add/Remove Apps* then *ghost*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /blog.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it. - -After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for Ghost. If you're using the "onion only" version of the system then you don't need to do this. If the certificate is obtained successfully then you will see a congratulations message. - -* Initial setup -If you have just obtained a Lets Encrypt certificate as above then go to *About* on the administrator control panel and you should see your Ghost blog domain listed there along with an onion address. You can then navigate to your site in a browser. - -To see the login password for your site go to *Passwords* on the *Administrator control panel* and select the appropriate username and app. The passwords will be different for each user and may not be the same as the password which you used to originally ssh into the system. - -Navigate to https://yourghostblogdomain/ghost and click on *create your account* - -Enter your email address, password and blog title. - -When prompted to invite users click on *I'll do this later* - -Under *Settings* on the *General* option you can set a description, background image and so on. diff --git a/doc/EN/app_gnusocial.org b/doc/EN/app_gnusocial.org index 3e355064..68032a05 100644 --- a/doc/EN/app_gnusocial.org +++ b/doc/EN/app_gnusocial.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

GNU Social

-
-#+END_EXPORT +* GNU Social GNU Social is typically referred to as a microblogging system, although with a maximum post length much longer than Twitter it's really a sort of federated community blog with a stream-based appearance which also supports markdown formatting. @@ -24,10 +19,8 @@ You should regard anything posted to GNU Social as being /public communication/ Some general advice about life in the fediverse [[./fediverse.html][can be found here]]. - -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/gnusocial_pleroma.jpg]] -#+END_CENTER * Installation @@ -52,16 +45,14 @@ Once you have logged in to GNU Social you may then want to select *Admin* and ch GNU Social has a clutter-free mobile user interface which can be accessed via a Tor compatible browser (make sure to add a NoScript exception). Unlike similar proprietary sites there are no bribed posts. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/gnusocial_mobile.jpg]] -#+END_CENTER * Switching user interfaces A few web based user interfaces are available for GNU SOcial. They are selectable by going to the *Administrator control panel* and choosing *App settings* then *gnusocial*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/gnusocial_settings.jpg]] -#+END_CENTER * *Qvitter*: Looks similar to Twitter during its golden era, before the ads and other antifeatures arrived * *Pleroma*: A modern and lightweight user interface @@ -69,9 +60,8 @@ A few web based user interfaces are available for GNU SOcial. They are selectabl * Using with Emacs -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/gnu-social-mode.jpg]] -#+END_CENTER If you are an Emacs user it's also possible to set up GNU Social mode as follows: @@ -122,9 +112,8 @@ Showing timelines: | CTRL-c CTRL-d | Post direct Message | * Blocking controls -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_blocking.jpg]] -#+END_CENTER The biggest hazard with GNU Social is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "whole known network" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the *Administrator control panel* and selecting *Domain or User Blocking*, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage. diff --git a/doc/EN/app_gogs.org b/doc/EN/app_gogs.org index bb3669a7..09052b62 100644 --- a/doc/EN/app_gogs.org +++ b/doc/EN/app_gogs.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Gogs

-
-#+END_EXPORT +* Gogs Github is ok, but it's proprietary and funded by venture capital. If you been around on the internet for long enough then you know how this story eventually works itself out - i.e. badly for the users. It's really only a question of time. If you're a software developer or do things which involve the Git version control system then it's a good idea to become accustomed to hosting your own repositories, before the inevitable Github shitstorm occurs. diff --git a/doc/EN/app_htmly.org b/doc/EN/app_htmly.org index e3fd5059..9ff77fc4 100644 --- a/doc/EN/app_htmly.org +++ b/doc/EN/app_htmly.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

HTMLy

-
-#+END_EXPORT +* HTMLy HTMLy is a databaseless blogging system. diff --git a/doc/EN/app_hubzilla.org b/doc/EN/app_hubzilla.org index 0a405c26..cb012b92 100644 --- a/doc/EN/app_hubzilla.org +++ b/doc/EN/app_hubzilla.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Hubzilla

-
-#+END_EXPORT +* Hubzilla Hubzilla is a web publishing and social network system which includes wiki, web pages, photo albums and file storage. It also has privacy controls which allow you to define who can see which content. It's possible to write posts and have them visible only to a group of friends (known as "/privacy groups/"), with the encryption being handled automatically. Currently Hubzilla only works on the clearnet and doesn't have an onion address. @@ -37,6 +32,5 @@ If you have just obtained a Lets Encrypt certificate as above then go to *About* On first visiting your Hubzilla site you'll see the login screen. The first thing you need to do is *register* a new user. The first user on the system then becomes its administrator. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/hubzilla_mobile.jpg]] -#+END_CENTER diff --git a/doc/EN/app_icecast.org b/doc/EN/app_icecast.org index bcfe122e..b7684e44 100644 --- a/doc/EN/app_icecast.org +++ b/doc/EN/app_icecast.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Icecast

-
-#+END_EXPORT +* Icecast Icecast enables you to run something like an internet radio station. So if you have multiple audio files and want to be able to stream those in sequence from a web site then this can be useful. diff --git a/doc/EN/app_irc.org b/doc/EN/app_irc.org index a3ede2c0..c7d7935b 100644 --- a/doc/EN/app_irc.org +++ b/doc/EN/app_irc.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

IRC

-
-#+END_EXPORT +* IRC IRC is useful for multi-user chat. The classic use case is for software development where many engineers might need to coordinate their activities, but it's also useful for meetings, parties and general socialising. @@ -56,10 +51,12 @@ Enter first and second nicknames and check *connect to this network on startup*. If you are using the ordinary domain name (clearnet/ICANN) then make sure that *Use SSL* is checked. +#+attr_html: :width 80% :align center [[file:images/hexchat_setup_clearnet.jpg]] If you are using the onion address then *use SSL* should be unchecked and the transport encryption will be handled via the onion address itself. +#+attr_html: :width 80% :align center [[file:images/hexchat_setup.jpg]] Within the *Password* field enter the password which can be found from the IRC menu of the *control panel*. diff --git a/doc/EN/app_kanboard.org b/doc/EN/app_kanboard.org index aee56cf1..15947e5a 100644 --- a/doc/EN/app_kanboard.org +++ b/doc/EN/app_kanboard.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

KanBoard

-
-#+END_EXPORT +* KanBoard Kanbans are one way of managing projects. They're traditionally used in businesses but can also be useful for personal TODO lists or within open source or DIY projects. If you have a list of things which need to be done and want to keep track of progress then this provides a way to do that. diff --git a/doc/EN/app_keyserver.org b/doc/EN/app_keyserver.org index fe663847..b6871716 100644 --- a/doc/EN/app_keyserver.org +++ b/doc/EN/app_keyserver.org @@ -6,23 +6,17 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

OpenPGP Key Server

-
-#+END_EXPORT +* OpenPGP Key Server The /web of trust/ is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would it be for adversaries to get implants onto them? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side. For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to /find out how to communicate with others securely via email/. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/keyserver.jpg]] -#+END_CENTER * Installation diff --git a/doc/EN/app_koel.org b/doc/EN/app_koel.org index 96f6e2a1..21327a8f 100644 --- a/doc/EN/app_koel.org +++ b/doc/EN/app_koel.org @@ -6,21 +6,15 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Koel

-
-#+END_EXPORT +* Koel This enables you to store your music on the Freedombone server and then access it from any internet connected device. If you just want to make music accessible within your home network then [[./app_dlna.html][DLNA]] is usually sufficient, but if you want to be able to play your music from anywhere then [[https://koel.phanan.net][Koel]] is a better option. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/koel.jpg]] -#+END_CENTER * Installation Log into your system with: @@ -37,17 +31,15 @@ Go back to the *Administrator control panel*, select *Passwords* then *koel*. Yo Once logged in go to settings and set the media path to */music*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/koelsettings.jpg]] -#+END_CENTER * Importing music This app doesn't have any way to upload music and instead just expects that there will be a directory on the server containing music files. There are a couple of ways to get new music files onto the system: either by using ssh or by putting them onto a USB drive. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_koel.jpg]] -#+END_CENTER ** Via ssh diff --git a/doc/EN/app_lychee.org b/doc/EN/app_lychee.org index 6cd6b941..2e689294 100644 --- a/doc/EN/app_lychee.org +++ b/doc/EN/app_lychee.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Lychee

-
-#+END_EXPORT +* Lychee Lychee is a simple and lightweight photo album for the web. Whether you're an amateur or professional photographer, or want to publish random holiday pics or cat pictures. Lychee just does what it says it does without any fuss. There is also a photo album feature within [[./app_hubzilla.html][Hubzilla]] if you need more sophisticated social photo sharing with individualised permissions. @@ -36,9 +31,8 @@ If you have just obtained a Lets Encrypt certificate as above then go to *About* Within a browser navigate to your lychee domain name or onion address. It should look like this: -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/lychee_setup.jpg]] -#+END_CENTER Within the *Administrator control panel* select *App Settings* and then *lychee*. This will show the initial login settings which you need to set up the database. To copy the password hold down the shift key, select the password then right click and copy. diff --git a/doc/EN/app_mailpile.org b/doc/EN/app_mailpile.org index efb46330..14781ba8 100644 --- a/doc/EN/app_mailpile.org +++ b/doc/EN/app_mailpile.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Mailpile

-
-#+END_EXPORT +* Mailpile Mailpile provides a nice looking webmail interface suitable for use on desktop or mobile clients. It has good support for email encryption and makes that quite an simple process. At present it's usable but still has a few bugs and limitations. If you need a fully functional email client with comprehensive encryption support then either use Mutt or Thunderbird/Icedove. @@ -56,15 +51,13 @@ Uncheck *Detect Settings* and click *Next*. Under *Sending Mail* select *local* or if you need to proxy outgoing email through your ISP's server select *SMTP/TLS* and enter the details, then click *Next*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mailpile_setup.jpg]] -#+END_CENTER Under *Receiving files* select *IMAP*, the domain as *localhost*, port *143* and your username, then click *Next*. Astute readers may well be concerned that IMAP over port 143 is not encrypted, but since this is only via localhost communication between the Mail Transport Agent and Mailpile doesn't travel over the internet and port 143 is not opened on the firewall so it's not possible to accidentally connect an external mail client insecurely. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mailpile_setup_keys.jpg]] -#+END_CENTER Under *Security and Privacy* either select your existing encryption key or if you only get the option to create a new one then do so, then click *Add* or *Save*. diff --git a/doc/EN/app_matrix.org b/doc/EN/app_matrix.org index 6c414d3d..ae9af7bd 100644 --- a/doc/EN/app_matrix.org +++ b/doc/EN/app_matrix.org @@ -6,19 +6,13 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Matrix

-
-#+END_EXPORT +* Matrix -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/matrix_riotweb.jpg]] -#+END_CENTER Matrix is a federated communications system, typically for multi-user chat, with end-to-end content security features. You can consider it to be like a modernized version of IRC chat where the crypto and access controls have been built in by default. At present Matrix is really only a creature of the clearnet and so there isn't any way to protect the metadata. Despite the talk of security the lack of metadata defenses make this really only suitable for public communications, similar to microblogging or public IRC channels. diff --git a/doc/EN/app_mediagoblin.org b/doc/EN/app_mediagoblin.org index 9fef5ce0..cbfd8fb4 100644 --- a/doc/EN/app_mediagoblin.org +++ b/doc/EN/app_mediagoblin.org @@ -6,20 +6,16 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Mediagoblin

-
-#+END_EXPORT +* Mediagoblin With Mediagoblin you can host video and audio content in a similar manner to the proprietary systems such as YouTube and SoundCloud. This system supports free media formats such as /webm/, /ogv/ and /ogg/. Another similar system which might be better fitted for small servers is [[./app_peertube.html][PeerTube]], since it uses webtorrent to distribute video files. Webtorrent will only work with WebRTC enabled browsers though. When hosting media files you should take into consideration that since anyone on the internet can view your content then this could significantly increase your bandwidth usage and overall strain on the server. Also unless you are just hosting images then hardware such as the Beaglebone Black won't be powerful enough for a good user experience when either uploading or playing back videos. It's recommended that you use one of the more powerful quad (or more) core single board computers or an old laptop if you want to run Mediagoblin on it. +#+attr_html: :width 50% :align center #+BEGIN_CENTER [[file:images/mediagoblin.jpg]] #+END_CENTER diff --git a/doc/EN/app_mumble.org b/doc/EN/app_mumble.org index 2e046792..808af12e 100644 --- a/doc/EN/app_mumble.org +++ b/doc/EN/app_mumble.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Mumble

-
-#+END_EXPORT +* Mumble Mumble is a well known VoIP system originally used for gaming, but which works just as well for any general conference calls or meetings. @@ -32,9 +27,8 @@ Within the software center search for "mumble" and install the client then run i From the menu select *Configure* then *Settings*. Select the *Advanced* checkbox then select *Network*. Select *Force TCP mode* and proxy type *Socks5*. Hostname should be set to *localhost* and port should be *9050*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mumble_config.jpg]] -#+END_CENTER Select *Apply* and *Ok*, then on the menu *Server* and *Connect*. diff --git a/doc/EN/app_nextcloud.org b/doc/EN/app_nextcloud.org index 4920101c..6ecb2c72 100644 --- a/doc/EN/app_nextcloud.org +++ b/doc/EN/app_nextcloud.org @@ -6,19 +6,13 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

NextCloud

-
-#+END_EXPORT +* NextCloud -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/nextcloud.jpg]] -#+END_CENTER NextCloud is a system for file synchronisation and also has many other plugins for calendar, videoconferencing, collaborative document editing and federated file sharing. It's a lot more elaborate than Syncthing, but there may be situations where centralized control of your files on your server is better than a purely peer-to-peer approach (eg. if you need to remove a user's access to files). diff --git a/doc/EN/app_peertube.org b/doc/EN/app_peertube.org new file mode 100644 index 00000000..d8a47e77 --- /dev/null +++ b/doc/EN/app_peertube.org @@ -0,0 +1,47 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone, peertube +#+DESCRIPTION: How to use PeerTube +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+attr_html: :width 80% :height 10% :align center +[[file:images/logo.png]] + +#+attr_html: :width 100% :align center +[[file:images/peertube.jpg]] + +This is a video hosting system similar to Mediagoblin but using webtorrent to help distribute the files to or between clients. This should be more practical for situations where a video becomes popular because the load is then spread across the network, with performance increasing with the number of nodes. However, the torrenting aspect of it only works with WebRTC enabled browsers and so this means it's unlikely to fully work with a Tor browser. Without WebRTC then from a user point of view it's effectively the same thing as Mediagoblin. + +* Installation +Log into your system with: + +#+begin_src bash +ssh myusername@mydomain -p 2222 +#+end_src + +Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password. + +Select *Add/Remove Apps* then *peertube*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /video.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it. + +* Initial setup +Navigate to your site and select *Signup* to create a new account. By default the maximum number of accounts on your system is limited to a small number so that millions of random internet users can't then begin uploading dubious content. After that it's pretty straightforward. + +If you wish it's possible to turn off further signups via the *Administrator control panel* under *App settings* for *peertube*. + +* Importing videos from YouTube/Vimeo/Dailymotion +It's possible to import videos from the main proprietary video hosting sites. /Only do this if they're videos which you made, or if the license is Creative Commons/. Hosting arbitrary videos under nonfree licenses is likely to get you into trouble, and we know how that works out from the P2P wars of the 2000s (i.e. badly). + +Go to the *Administrator control panel*, select *App settings* then *peertube* then *Import videos from YouTube/Vimeo/Dailymotion*. Enter your PeerTube login details and then you may specify either the individual video URL or the channel URL if you want to import a whole channel. + +* Importing videos from your desktop +The most convenient way to add new videos to PeerTube is if you have the *syncthing* app installed. Set up [[./app_syncthing.html][syncthing]] with a folder called ~/Sync in your home directory. Create a subdirectory called *~/Sync/peertube_upload*. Within that directory make a text file called *login.txt*. This will contain your PeerTube login details. + +The first line of login.txt should be your username, the second line should be the password and optionally the third line can contain the words *public* and/or *nsfw*, if you want to make imported videos immediately public or mark them as not suitable for work. + +Prepare your videos in *ogv*, *mp4* or *webm* format. To minimize bandwidth usage try to keep your videos as small as possible. Giant videos with incredibly high resolution tend to result in a bad user experience. Often just converting your videos to *webm* using *ffmpeg* will keep the size down. + +Now copy or drag and drop your videos into the *~/Sync/peertube_upload* directory. Syncthing will sync to the server and automatically add the videos to PeerTube. Depending on how large the videos are this may take some time. + +Imported videos can be seen by logging into PeerTube, selecting *My account* then the *My videos* tab. You can then view them, add a description and select to make them public if you wish. diff --git a/doc/EN/app_pihole.org b/doc/EN/app_pihole.org index 24bf68c9..3c513625 100644 --- a/doc/EN/app_pihole.org +++ b/doc/EN/app_pihole.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

PI-Hole: The Black Hole for Web Adverts

-
-#+END_EXPORT +* PI-Hole: The Black Hole for Web Adverts Idiots who have an inflated sense of self-entitlement will tell you that it's /your moral duty/ to view their mind-numbingly tedious corporate ads on their web site or YouTube channel, or else their kids will starve and the sky will fall because their revenue stream will dry up. But that's bullshit. There is nothing intrinsic or morally mandatory about adverts propping up the livelihoods of netizens, and indeed a web not primarily based on advertising money might have been a much better and more interesting place by now, with a lot less spying. diff --git a/doc/EN/app_pleroma.org b/doc/EN/app_pleroma.org index 1db4e627..af6b1e9f 100644 --- a/doc/EN/app_pleroma.org +++ b/doc/EN/app_pleroma.org @@ -6,13 +6,8 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER - -#+BEGIN_CENTER -[[file:images/pleroma-logo.png]] -#+END_CENTER #+BEGIN_QUOTE "/The way to keep giant companies from sterilizing the Internet is to make their sites irrelevant. If all the cool stuff happens elsewhere, people will follow. We did this with AOL and Prodigy, and we can do it again./" -- Maciej Cegłowski @@ -22,9 +17,8 @@ Pleroma is an OStatus and ActivityPub compatible social networking server, compa Some general advice about life in the fediverse [[./fediverse.html][can be found here]]. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/pleroma.jpg]] -#+END_CENTER * Installation Log into your system with: @@ -45,14 +39,18 @@ Once you have done that then you can disable further registrations from the *Adm * Mastodon user interface If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to */yourpleromadomainname/web* and log in. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/pleromamastodon.jpg]] -#+END_CENTER + +* Mobile apps +It's also possible to use Mastodon apps together with Pleroma, such as Tusky, since it supports the Mastodon API. You may need to install *IcecatMobile* and set it as your default browser (under *Settings/Apps/Menu*) in order for the initial oauth registration process to work. + +#+attr_html: :width 50% :align center +[[file:images/tusky.jpg]] * Blocking controls -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_blocking.jpg]] -#+END_CENTER The biggest hazard with Pleroma is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "whole known network" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the *Administrator control panel* and selecting *Domain or User Blocking*, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage. diff --git a/doc/EN/app_postactiv.org b/doc/EN/app_postactiv.org index 769198f9..7624b81a 100644 --- a/doc/EN/app_postactiv.org +++ b/doc/EN/app_postactiv.org @@ -6,23 +6,17 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

PostActiv

-
-#+END_EXPORT +* PostActiv PostActiv is a fork of [[./app_gnusocial.html][GNU Social]] which includes some extra fixes and optimisations to improve performance. It federates just like GNU Social does and so whether you choose GNU Social or PostActiv is really just down to personal prefernce. Some general advice about life in the fediverse [[./fediverse.html][can be found here]]. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/postactiv_pleroma.jpg]] -#+END_CENTER * Installation Log into your system with: @@ -47,9 +41,8 @@ Navigate to your PostActiv domain name and log in. * Switching user interfaces A few web based user interfaces are available for PostActiv. They are selectable by going to the *Administrator control panel* and choosing *App settings* then *postactiv*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/postactiv_settings.jpg]] -#+END_CENTER * *Qvitter*: Looks similar to Twitter during its golden era, before the ads and other antifeatures arrived * *Pleroma*: A modern and lightweight user interface @@ -57,9 +50,8 @@ A few web based user interfaces are available for PostActiv. They are selectable * Using with Emacs -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/gnu-social-mode.jpg]] -#+END_CENTER If you are an Emacs user it's also possible to set up GNU Social mode, which is compatible with PostActiv. You can do that as follows: @@ -110,9 +102,8 @@ Showing timelines: | CTRL-c CTRL-d | Post direct Message | * Blocking controls -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_blocking.jpg]] -#+END_CENTER The biggest hazard with PostActiv is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "/whole known network/" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the *Administrator control panel* and selecting *Domain or User Blocking*, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage. diff --git a/doc/EN/app_privatebin.org b/doc/EN/app_privatebin.org index eb5d5f3e..2b53c0a7 100644 --- a/doc/EN/app_privatebin.org +++ b/doc/EN/app_privatebin.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

PrivateBin

-
-#+END_EXPORT +* PrivateBin This is an encrypted pastebin, such that the server has zero knowledge of the content. It's intended for small amounts of text less than 32K in length. It's not intended for transfering large files, or for storing pastes for more than a day. diff --git a/doc/EN/app_profanity.org b/doc/EN/app_profanity.org index 938390a8..1f72fa92 100644 --- a/doc/EN/app_profanity.org +++ b/doc/EN/app_profanity.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Profanity

-
-#+END_EXPORT +* Profanity To install this app you will first need to install the [[./app_xmpp.html][XMPP server]]. diff --git a/doc/EN/app_riot.org b/doc/EN/app_riot.org index c0a3ea5a..ef78420b 100644 --- a/doc/EN/app_riot.org +++ b/doc/EN/app_riot.org @@ -6,19 +6,13 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Riot Web

-
-#+END_EXPORT +* Riot Web -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/riotweb.jpg]] -#+END_CENTER Riot Web is a browser based user interface for the [[./app_matrix.html][Matrix]] federated communications system. It allows you to do encrypted one-to-one or group chat, and has some fancy WebRTC features for voice and video conversations. The WebRTC stuff won't work in a Tor browser though. This type of system is fine for general public communications and collaboration on open source projects or gaming groups. For things which require real privacy though stick to XMPP with OMEMO. diff --git a/doc/EN/app_rss.org b/doc/EN/app_rss.org index cbb54951..38b44edd 100644 --- a/doc/EN/app_rss.org +++ b/doc/EN/app_rss.org @@ -6,21 +6,15 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

RSS Reader

-
-#+END_EXPORT +* RSS Reader The way that RSS reading is set up on Freedombone gives you strong reading privacy. Not only is there onion routing between you and the server but also between the server and the source of the RSS feed. The only down side is that many RSS feeds are still http only, and so could be vulnerable to injection attacks, but it's expected that more of this will go to https in the foreseeable future due to a combination of growing recognition of security issues and systems like Let's Encrypt which make obtaining certificates much easier. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/rss_reader_mobile.jpg]] -#+END_CENTER * Finding the onion address See the control panel for the RSS reader onion address. diff --git a/doc/EN/app_searx.org b/doc/EN/app_searx.org index 6c1d4f18..9a539152 100644 --- a/doc/EN/app_searx.org +++ b/doc/EN/app_searx.org @@ -6,24 +6,17 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

SearX

-
-#+END_EXPORT +* SearX SearX is a metasearch engine. That means it returns results from other selected search engines. It's accessible via an onion address and provides a private search ability. Really the only advantage it gives you over searching directly from a Tor browser is the ability to customise your search experience. In terms of security both the connection between you and the server, and the outgoing connection from the server to other search engines are onion routed. This should give you a reasonable level of search privacy. - -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/searx.jpg]] -#+END_CENTER * Installation diff --git a/doc/EN/app_syncthing.org b/doc/EN/app_syncthing.org index 1a1b54b3..d2e97ee2 100644 --- a/doc/EN/app_syncthing.org +++ b/doc/EN/app_syncthing.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Syncthing

-
-#+END_EXPORT +* Syncthing Syncthing provides a similar capability to proprietary systems such as Dropbox, and also is well suited for use with low power single board computers. You can have one or more directories which are synchronized across your various laptops/desktops/devices, and this makes it hard for you to ever lose important files. The manner in which the synchronization is done is pretty secure, such that it would be difficult for passive adversaries (mass surveillance, "/men in the middle/", etc) to know what files you're sharing. Of course, you don't necessarily need to be running a server in order to use Syncthing, but if you do have a server which is always running then there's always at least one place to synchronize your files to or from. @@ -46,17 +41,15 @@ ssh username@domainname -p 2222 Then select *File Synchronization*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_file_sync.jpg]] -#+END_CENTER Select *Show device ID* and copy the long string of letters and numbers shown, using the shift key then select the text followed by right click then select copy. Open a non-Tor browser and enter *http://127.0.0.1:8384* as the URL. You should now see the minimalistic user interface. Under *Remote Devices* select *Add Remote Device*. In the *Device ID* field paste the string you just copied (CTRL+v). The Device name can be anything. Under *Share Folders with Device* check *default* (or whatever folder you created on your local machine), then save. -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/syncthing_browser.jpg]] -#+END_CENTER From the top menu select *Actions* and then *Show ID*, then copy the ID string (usually select then CTRL+c). Go back to the terminal control panel menu and select *Add an ID* then paste what you just copied (CTRL+v). Optionally you can also provide a description so that you later can know what that string corresponds to. diff --git a/doc/EN/app_tahoelafs.org b/doc/EN/app_tahoelafs.org index 19bacaba..e9896ce0 100644 --- a/doc/EN/app_tahoelafs.org +++ b/doc/EN/app_tahoelafs.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Tahoe-LAFS

-
-#+END_EXPORT +* Tahoe-LAFS This is a robust system for encrypted file storage on one or more servers. Files are accessed via a URL which contains the public key with which it was encrypted. @@ -37,8 +32,7 @@ Go to the *About* screen on the *Administrator control panel* and look for the o * Adding more servers You can add more servers to the system to increase its storage capacity. In a typical Tahoe-LAFS new data storage servers are automatically discovered via an introducer node, but that creates a single centralised point of failure. The installation on Freedombone has no introducer node and so details for the servers of your friends need to be entered manually. -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/controlpanel/control_panel_tahoelafs.jpg]] -#+END_CENTER Other servers will typically be Freedombone systems with Tahoe-LAFS installed. Your Tahoe-LAFS server settings can be found on the *About* screen of the *Administrator control panel*. Use an end-to-end encrypted chat app to copy and paste those details and send them to other friends. To add the server details go to *App settings* on the *Administrator control panel* then select *tahoelafs* and *Add server*. diff --git a/doc/EN/app_tox.org b/doc/EN/app_tox.org index 21fd89d5..090bc2b1 100644 --- a/doc/EN/app_tox.org +++ b/doc/EN/app_tox.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Tox

-
-#+END_EXPORT +* Tox Tox is an encrypted peer-to-peer messaging system and so should work without Freedombone. It uses a system of nodes which act as a sort of directory service allowing users to find and connect to each other. The Tox node ID on the Freedombone can be found within *App Settings* under *tox* within the *Administrator control panel*. If you have other users connect to your node then you will be able to continue chatting even when no other nodes are available. @@ -27,6 +22,5 @@ ssh myusername@mydomain -p 2222 Then from the menu select *Run an app* followed by *tox*. Tox is encrypted by default and also routed through Tor, so it should be reasonably secure both in terms of message content and metadata. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/toxic.jpg]] -#+END_CENTER diff --git a/doc/EN/app_turtl.org b/doc/EN/app_turtl.org index c0385a02..ed0a6ecb 100644 --- a/doc/EN/app_turtl.org +++ b/doc/EN/app_turtl.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Turtl

-
-#+END_EXPORT +* Turtl #+begin_quote "/Now is a very important time in history. Every aspect of our lives is moving into the digital world faster than we realize. We use apps like Dropbox or Evernote because of their convenience, but in doing so we sacrifice our privacy. What data isn't sold to advertisers or stolen by hackers is carved up by government surveillance./" @@ -24,10 +19,8 @@ Turtl is a system for privately creating and sharing notes and images, similar t Since the data at rest is stored in PGP encrypted format this is a good system to use in cases where security really is a critical factor. - -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/turtl.jpg]] -#+END_CENTER * Installation Log into your system with: @@ -49,6 +42,5 @@ Run the downloaded native app then at the bottom of the screen select *advanced You should then be able to log in and start using the app. You might also want to invite any other users of your Freedombone system to also sign up using the turtl domain name which you specified during installation. - * Locking it down Once you have created accounts it's a good idea to turn off new turtl signups. This will prevent millions of random users on the interwebs from creating accounts on your system and killing your server, or possibly other nefarious security scenarios. Go to the *administrator control panel* and select *App Settings* then *turtl*. You will then be able to disable new user registrations and also set the data storage limit for users. If you need additional users later you can always temporarily re-enable signups. diff --git a/doc/EN/app_vpn.org b/doc/EN/app_vpn.org index cbf1f2bf..74de7600 100644 --- a/doc/EN/app_vpn.org +++ b/doc/EN/app_vpn.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

OpenVPN

-
-#+END_EXPORT +* OpenVPN #+begin_quote "/The Net interprets censorship as damage and routes around it./" -- John Gilmore diff --git a/doc/EN/app_xmpp.org b/doc/EN/app_xmpp.org index 4dd404ec..dee57a64 100644 --- a/doc/EN/app_xmpp.org +++ b/doc/EN/app_xmpp.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

XMPP/Jabber

-
-#+END_EXPORT +* XMPP/Jabber Most people know XMPP as "/Jabber/" and it's sometimes regarded and an old protocol once used by Google and Facebook but which is no longer relevant. However, it still works and if appropriately configured, as it is on Freedombone, can provide the best chat messaging security currently available. diff --git a/doc/EN/apps.org b/doc/EN/apps.org index 2974036d..46cf9460 100644 --- a/doc/EN/apps.org +++ b/doc/EN/apps.org @@ -6,13 +6,8 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER - -#+begin_export html -

Apps

-#+end_export #+begin_quote "/In times of aggressive corporatization, increasing enclosure of communication spaces, and blanket surveillance, emancipatory communication practices appear to be particularly well suited to offer concrete alternatives to activists and citizens alike/" -- Stefania Milan @@ -20,10 +15,8 @@ The base install of the system just contains an email server and Mutt client, but not much else. In addition from within the *Administrator control panel* under *Add/remove apps* the following are installable. This list only applies on the home server version, with the mesh network version having a different and smaller set of apps. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_apps.jpg]] -#+END_CENTER - * Akaunting A web based accounts system for small businesses or freelancers. @@ -33,6 +26,10 @@ A web based accounts system for small businesses or freelancers. It's like ordinary email, but with [[https://en.wikipedia.org/wiki/I2P][i2p]] as the transport mechanism. [[./app_bdsmail.html][How to use it]] +* Bludit +This is a simple databaseless blogging system which uses markdown files. It should run well on any hardware. + +[[./app_bludit.html][How to use it]] * CryptPad Collaborate on editing documents, presentations and source code, or vote on things. All with a good level of security. @@ -53,6 +50,8 @@ Extremely simple and distraction-free notes system. If you use the Mutt client to read your email then this will set it up to use emacs for composing new mail. [[./app_emacs.html][How to use it]] +* Email Server +Since many apps require email registration an email server is installed by default. You can find advice on using the email system [[./usage_email.html][here]]. * Etherpad Collaborate on creating documents in real time. Maybe you're planning a holiday with other family members or creating documentation for a Free Software project along with other volunteers. Etherpad is hard to beat for simplicity and speed. Only users of the system will be able to access it. @@ -65,10 +64,6 @@ A new approach to creating wiki content. Federated social network system. [[./app_friendica.html][How to use it]] -* Ghost -Modern looking blogging system. - -[[./app_ghost.html][How to use it]] * GNU Social Federated social network based on the OStatus protocol. You can "/remote follow/" other users within the GNU Social federation. @@ -195,3 +190,7 @@ Set up a VPN on your server so that you can bypass local internet censorship. Chat server which can be used together with client such as Gajim or Conversations to provide end-to-end content security and also onion routed metadata security. Includes advanced features such as /client state notification/ to save battery power on your mobile devices, support for seamless roaming between networks and /message carbons/ so that you can receive the same messages while being simultaneously logged in to your account on more than one device. [[./app_xmpp.html][How to use it]] + + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/armbian.org b/doc/EN/armbian.org index 746fee67..a9bbf292 100644 --- a/doc/EN/armbian.org +++ b/doc/EN/armbian.org @@ -1,14 +1,13 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, armbian +#+KEYWORDS: freedombone, debian, armbian, sbc #+DESCRIPTION: Installing Freedombone on Armbian #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER #+begin_export html @@ -43,9 +42,8 @@ ssh root@[local IP address] Using the default Armbian password of *1234*. You should see the Armbian welcome message and will be asked to change the password, then create a new user account. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/armbian_setup.jpg]] -#+END_CENTER When the user account is created type *exit* to leave the ssh session then log back in with your new user account. diff --git a/doc/EN/backups.org b/doc/EN/backups.org index 640fb201..960e1cc7 100644 --- a/doc/EN/backups.org +++ b/doc/EN/backups.org @@ -1,20 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, backup +#+DESCRIPTION: How to make backups on Freedombone #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Backups

-
-#+END_EXPORT +* Backups #+BEGIN_CENTER #+ATTR_HTML: :border -1 diff --git a/doc/EN/beaglebone.org b/doc/EN/beaglebone.org index 574fe4e0..aa08c16a 100644 --- a/doc/EN/beaglebone.org +++ b/doc/EN/beaglebone.org @@ -6,23 +6,17 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Installing Freedombone on a Beaglebone Black

-
-#+END_EXPORT +* Installing Freedombone on a Beaglebone Black The Beaglebone Black is small, cheap, a fully open hardware design, has a hardware random number generator and consumes very little electrical power, making it suitable for all kinds of uses. There is also a wireless version. You can easily use one to run your own internet services from home. -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/bbb_board.jpg]] -#+END_CENTER You will need: @@ -57,9 +51,8 @@ sudo make install freedombone-image --setup parabola #+end_src -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/microsd_reader.jpg]] -#+END_CENTER If you own a domain name and have it linked to a dynamic DNS account (eg. [[https://freedns.afraid.org][freeDNS]]) and want to make a system accessible via an ordinary browser then run: @@ -75,15 +68,13 @@ freedombone-image -t beaglebone --onion-addresses-only yes Onion addresses have the advantage of being difficult to censor and you don't need to buy a domain or have a dynamic DNS account. An onion based system also means you don't need to think about NAT traversal type issues. This *does not* mean that everything gets routed through Tor, it just means that the sites for apps which you install will be available through Tor's address system. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/bbb_back.jpg]] -#+END_CENTER Now follow the [[./homeserver.html][instructions given here to copy the image to the microSD drive]] beginning with running the /freedombone-client/ command. Wherever it says "USB drive" substitute "microSD drive". When the microSD drive is ready plug it into the front of the Beaglebone. The photo below also includes an Atheros wifi USB dongle plugged into the front, but that's not necessary unless you want to set up the system to run on a wifi network. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/bbb_front.jpg]] -#+END_CENTER Connect the power and for the non-wireless versions of the Beaglebone Black also connect the ethernet cable and plug it into your internet router. diff --git a/doc/EN/boards.org b/doc/EN/boards.org index c6f00254..3d57109e 100644 --- a/doc/EN/boards.org +++ b/doc/EN/boards.org @@ -6,22 +6,17 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Supported ARM boards

-
-#+END_EXPORT +* Supported ARM boards The following ARM boards are supported by the build system. If your board isn't listed here then you may still be able to install Freedombone using [[./armbian.html][Armbian]]. - - [[./downloads/current/freedombone-current-beaglebone-armhf.img.xz][beaglebone]] - - [[./downloads/current/freedombone-current-cubieboard2-armhf.img.xz][cubieboard2]] - - [[./downloads/current/freedombone-current-cubietruck-armhf.img.xz][cubietruck]] - - [[./downloads/current/freedombone-current-pcduino3-armhf.img.xz][pcduino3]] + - [[./downloads/v31/freedombone-beaglebone-armhf.img.xz][beaglebone]] + - [[./downloads/v31/freedombone-cubieboard2-armhf.img.xz][cubieboard2]] + - [[./downloads/v31/freedombone-cubietruck-armhf.img.xz][cubietruck]] + - [[./downloads/v31/freedombone-pcduino3-armhf.img.xz][pcduino3]] - a20-olinuxino-lime - a20-olinuxino-lime2 - a20-olinuxino-micro diff --git a/doc/EN/code.org b/doc/EN/code.org index 87a96e54..26112df0 100644 --- a/doc/EN/code.org +++ b/doc/EN/code.org @@ -1,20 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, code +#+DESCRIPTION: Freedombone codebase #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Code

-
-#+END_EXPORT +* Code Freedombone is really just a couple of [[https://www.gnu.org/software/bash][bash]] scripts which install and configure software on a Debian GNU/Linux system. If you're a system administrator, software engineer or Linux hobbyist you'll probably be familiar with command line scripting and be able to make your own modifications or custom variants to suit your needs. Freedombone is licensed under the [[https://www.gnu.org/licenses/agpl.html][GNU Affero General Public License version 3]] (or later). diff --git a/doc/EN/codeofconduct.org b/doc/EN/codeofconduct.org index 68397380..2c837783 100644 --- a/doc/EN/codeofconduct.org +++ b/doc/EN/codeofconduct.org @@ -6,13 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Code of Conduct

-#+end_export +* Code of Conduct * Be respectful @@ -47,3 +44,6 @@ While this code of conduct should be adhered to by participants, we recognize th Serious or persistent offenders will be kicked from chat rooms and any of their subsequent patches will be unlikely to be upstreamed. In this context "serious" means that someone is causing others to feel unsafe or be unable to contribute, for whatever reason. This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG if you can, or XMPP with OpenPGP/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response. + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/controlpanel.org b/doc/EN/controlpanel.org deleted file mode 100644 index 06274865..00000000 --- a/doc/EN/controlpanel.org +++ /dev/null @@ -1,123 +0,0 @@ -#+TITLE: -#+AUTHOR: Bob Mottram -#+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Control Panel -#+OPTIONS: ^:nil toc:nil -#+HTML_HEAD: - -#+BEGIN_CENTER -[[file:images/logo.png]] -#+END_CENTER - -#+BEGIN_EXPORT html -
-

Control panel

-
-#+END_EXPORT - -| [[Main menu]] | -| [[User control panel]] | -| [[About screen]] | -| [[Email filtering rules]] | -| [[Hubzilla menu]] | -| [[IRC menu]] | -| [[Media menu]] | -| [[Repository mirrors]] | -| [[Backup and restore menu]] | -| [[Security menu]] | -| [[User management menu]] | - -* Main menu -You can access the main menu by logging into the system. - -#+BEGIN_SRC bash -ssh myusername@mydomain -p 2222 -#+END_SRC - -Then selecting /Administrator controls/. - -It should look like this: - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel.jpg]] -#+END_CENTER - -To select anythng on the control panel use the *up and down* cursor keys and *space bar* to tag, then press *Enter*. - -* User control panel -When a user initially logs in they will see a version of the control panel with restricted options aimed at the kinds of things which someone who isn't the administrator might wish to do. An expected scenario is that you might have a few friends or family members on the system, and this is who this menu is intended for. - -From this menu checking email or running chat applications is very easy, and they are configured in a safe manner without the user needing to do anything special. Email uses *mutt*, XMPP uses *profanity* and IRC uses *irssi*. - -#+BEGIN_CENTER -[[./images/controlpanel/control_panel_user.jpg]] -#+END_CENTER - -It's also possible for the user to define email filtering rules, add a ssh public key for key based login and also add or remove GPG public keys. They can also do this via the commandline if they prefer, but the menu system may provide an easier user interface. -* About screen -To find out your current domain names select the About screen from the main menu. This is especially useful for finding your onion addresses. For improved security by compartmentalisation, and also simpler implementation, each application has its own onion address. - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel_about.jpg]] -#+END_CENTER - -You can also see the SIP extension numbers for each user and how much disk space each user is consuming (typically this corresponds with email use). - -The Local Mirrors contains mirrored copies of the git repositories used by the system. If they don't have access to default repositories (mostly Github) then you can give these details to other users and then they can set their main repository such that they can pull from your system. Obviously any users doing this need to trust that you havn't modified the mirrored repositories in any way. - -* Email filtering rules -You can add users to mailing lists, or block particular email addresses or subject lines in this menu. - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel_filtering.jpg]] -#+END_CENTER - -* Hubzilla menu -This allows you to set the global directory location and obtain an SSL/TLS certificate if necessary. - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel_hubzilla.jpg]] -#+END_CENTER - -* IRC menu -You can view the current IRC password or change it from here. Currently the IRC server does not work equally well on clrearnet and via Tor, so there is an option to switch from one to the other. Initially the IRC server will be running on clearnet (i.e. no onion routing). - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel_irc.jpg]] -#+END_CENTER - -* Media menu -It's possible to add playable media to a USB drive and plug it into the system, then make it accessible to other devices such as tablets or phones on your local network via DLNA. - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel_media.jpg]] -#+END_CENTER - -* Repository mirrors -If you don't want to use the default repositories, or don't have access to them, then you can obtain them from another Freedombone server (the details can be found on the other server on the *About* screen of the control panel). - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel_mirrors.jpg]] -#+END_CENTER - -* Backup and restore menu -You can create backups or restore from backup here. It's also possible to create keydrives which store the backup key. - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel_backup_restore.jpg]] -#+END_CENTER - -* Security menu -If you need to generate SSL/TLS certificates or change cypher details due to changing recommendations then you can do that here. If you are changing cypher details be extra careful not to make mistakes/typos, which could reduce the security of your system. - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel_security.jpg]] -#+END_CENTER - -* User management menu -Users can be added or removed here. - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel_users.jpg]] -#+END_CENTER diff --git a/doc/EN/debianinstall.org b/doc/EN/debianinstall.org index 423f3e83..4f069d2d 100644 --- a/doc/EN/debianinstall.org +++ b/doc/EN/debianinstall.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

How to install on an existing Debian system

-
-#+END_EXPORT +* How to install on an existing Debian system #+BEGIN_QUOTE "/The antagonism of surveillance is not privacy but the making of communities in struggle/" diff --git a/doc/EN/devguide.org b/doc/EN/devguide.org index 636dccfa..b78e3f1d 100644 --- a/doc/EN/devguide.org +++ b/doc/EN/devguide.org @@ -1,18 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, developers +#+DESCRIPTION: Freedombone developers guide #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Developers Guide

-#+end_export +* Developers Guide * Introduction Freedombone consists of a set of bash scripts. There are a lot of them, but they're not very complicated. If you're familiar with the GNU/Linux commandline and can hack a bash script then you can probably add a new app or fix a bug in the system. There are no trendy development frameworks to learn or to get in your way. You might also want to consult the [[./codeofconduct.html][Code of Conduct]], and there is a Matrix room at *#fbone:matrix.freedombone.net* @@ -96,3 +93,7 @@ Submit your working app to *https://github.com/bashrc/freedombone/issues* or cre If you want to make your own specially branded version of the mesh images, such as for a particular event, then to change the default desktop backgrounds edit the images within *img/backgrounds* and to change the available avatars and desktop icons edit the images within *img/avatars*. Re-create disk images using the instructions shown previously. If you need particular /dconf/ commands to alter desktop appearance or behavior then see the function /mesh_client_startup_applications/ within *src/freedombone-image-customise*. + + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/domains.org b/doc/EN/domains.org index f640b705..b22de245 100644 --- a/doc/EN/domains.org +++ b/doc/EN/domains.org @@ -6,13 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

How to get a domain name

-#+end_export +* How to get a domain name * The domain name itself diff --git a/doc/EN/faq.org b/doc/EN/faq.org index b36b6ae3..3835aaf2 100644 --- a/doc/EN/faq.org +++ b/doc/EN/faq.org @@ -1,25 +1,19 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber +#+KEYWORDS: freedombone, faq #+DESCRIPTION: Frequently asked questions #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Frequently Asked Questions

-
-#+END_EXPORT - -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/surveillanceoptions.jpg]] + /Possible options for dealing with bulk surveillance at The Glass Room exhibition, 2017/ -#+END_CENTER + #+BEGIN_CENTER #+ATTR_HTML: :border -1 @@ -31,6 +25,7 @@ | [[How is Tor integrated with Freedombone?]] | | [[Can I add a clearnet domain to an onion build?]] | | [[Why use Github?]] | +| [[After using nmap or other scanning tool I can no longer log in]] | | [[Should I upload my GPG keys to keybase.io?]] | | [[Keys and emails should not be stored on servers. Why do you do that?]] | | [[Why can't I access my .onion site with a Tor browser?]] | @@ -54,6 +49,7 @@ | [[Tor is censored/blocked in my area. What can I do?]] | | [[I want to block a particular domain from getting its content into my social network sites]] | | [[The mesh system doesn't boot from USB drive]] | +| [[Mesh system doesn't connect to the network]] | #+END_CENTER @@ -119,6 +115,8 @@ At present Github is useful just because of the sheer number of eyeballs and the The source code for this project is experimentally independently hosted, and it is expected that in future the main development will shift over to an independent site, maybe with mirrors on Github if it still exists in a viable form. Currently many of the repositories used for applications which are not yet packaged for Debian are on Github, and to provide some degree of resilliance against depending too much upon that copies of them also exist within disk images. +* After using nmap or other scanning tool I can no longer log in +This system tries to block port scanners. Any other system trying to scan for open ports will have their IP address added to a temporary block list for 24 hours. * Should I upload my GPG keys to keybase.io? It's not recommended unless there exists some compelling reason for you to be on there. That site asks users to upload the *private keys*, and even if the keys are client side encrypted with a passphrase there's always the chance that there will be a data leak in future and letter agencies will then have a full time opportunity to crack the passphrases. @@ -335,9 +333,8 @@ If you can find some details for an obfs4 Tor bridge (its IP address, port numbe ssh into your Freedombone system, go to the *administrator control panel*, select *security settings* then *Tor Bridges* and *Add a bridge*. You can then enter the details. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_bridges.jpg]] -#+END_CENTER Any bridges that you add will also show up on the About screen of the administrator control panel. @@ -357,9 +354,8 @@ If the system doesn't boot and reports an error which includes */dev/mapper/loop After the system has booted successfully the problem should resolve itself on subsequent reboots. +* Mesh system doesn't connect to the network +Sometimes after boot the mesh system won't connect to other peers on the network. If this happens select the *network restart* icon and enter the password, which by default is just "freedombone". Wait for a few minutes to see if it connects. -#+BEGIN_EXPORT html -
-Return to the home page -
-#+END_EXPORT +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/fediverse.org b/doc/EN/fediverse.org index 971bca8b..d4302e4e 100644 --- a/doc/EN/fediverse.org +++ b/doc/EN/fediverse.org @@ -6,20 +6,15 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Homesteading the Fediverse

-
-#+END_EXPORT +* Homesteading the Fediverse Some things you might want to know about the Fediverse: * Federation as a concept -The political definition of a federation is "/a union of partially self-governing states or regions under a central (federal) government/". The fediverse isn't exactly like that, in that there is no federal government. However there are protocols which govern the communication between instances and that might be analogized to being a sort of elemantary constitution or mutual agreement binding all participants together. The protocols are merely ways of moving data around though, and don't impose any sort of moral code. +The political definition of a federation is "/a union of partially self-governing states or regions under a central (federal) government/". The fediverse isn't exactly like that, in that there is no federal government. However there are protocols which govern the communication between instances and that might be analogized to being a sort of elementary constitution or mutual agreement binding all participants together. The protocols are merely ways of moving data around though, and don't impose any sort of moral code. * Keep the number of users on each server small The importance of this can't be overstated. Servers with lots of users always eventually have problems where the interests of the users are not the same as the interests of the server administrator. If you are the server administrator, or if there are only a small squad-size group of people on the server, then it's a lot easier to resolve differences and everyone's interests are likely to be similar. @@ -33,13 +28,12 @@ Especially if other servers are publishing content which may not be legal in you Over time follows and blocking rules come to match the underlying social geography of affinity groups. Blocking will happen and users will move around or start new servers. Drama related to blocking will dissipate. * Keep your follows under the Dunbar number -Keep the number of other users you're following and who are also active to under a couple of hundred. Any more than that and you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will dissolve in a sea of entropy. There are no algorithmic timelines, and even if they're introduced then they create their own problems as an opaque form of censorship. _Real community happens at tribal scale_. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true. +Keep the number of other frequently active users you're following to under a couple of hundred. Your actual number of follows might be larger than this but could include users who rarely post anything. + +Once there are more than a couple of hundred highly active users in your timeline then you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will be drowned in the entropy. There are no algorithmic timelines to hide posts, and even if they're introduced then they create their own problems as an opaque form of censorship. _Real community happens at tribal scale_. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true. * Avoid big public servers It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided. - - -#+BEGIN_CENTER -This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]] -#+END_CENTER +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/homeserver.org b/doc/EN/homeserver.org index 1871ca3b..12a75e6c 100644 --- a/doc/EN/homeserver.org +++ b/doc/EN/homeserver.org @@ -1,19 +1,16 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, home server +#+DESCRIPTION: Freedombone home server setup #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Home Server

-#+end_export +* Home Server The quickest way to get started is as follows. You will need to be running a Debian based system (version 8 or later), have an old but still working laptop or netbook which you can use as a server, and 8GB or larger USB thumb drive and an ethernet cable to connect the laptop to your internet router. @@ -47,9 +44,8 @@ Now prepare your local system to talk to the freedombone by running the followin freedombone-client #+end_src -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/tor_onion.jpg]] -#+END_CENTER The version in which sites are available only via onion addresses is the easiest to get started with, since you can evaluate the system without committing to buying an ICANN domain name or needing to get involved with SSL/TLS certificates at all. However, if you do want your sites to be available typically as subdomains of a domain name which you own then remove the *--onion-addresses-only yes* option from the last command shown above. Also see the [[./domains.html][guide on setting up an ICANN domain name]]. @@ -57,9 +53,8 @@ The *onion-addresses-only* option *does not* mean that everything gets routed th If you want to create images for microSD cards used within various single board computers then replace the *i386* with *beaglebone* / *cubieboard2* / *cubietruck* / *a20-olinuxino-lime* / *a20-olinuxino-lime2* / *a20-olinuxino-micro* or *apu*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/beaglebone_black9.jpg]] -#+END_CENTER This takes a while. Maybe an hour or so, depending on the speed of your system and the internets. The good news though is that once created you can use the resulting image any number of times, and you don't need to trust some pre-built image. @@ -107,9 +102,8 @@ freedombone-client --verify This will show the hash code for the public ssh key of the Freedombone system. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/ssh_key_verify.jpg]] -#+END_CENTER Open another terminal window then run: @@ -120,15 +114,13 @@ ssh myusername@freedombone.local -p 2222 Use the password you wrote down earlier to log in. Select the *administrator control panel* with up and down cursor keys, space bar and enter key. You should see something like this, and you might need to re-enter your password. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel.jpg]] -#+END_CENTER Then select *About*. You'll see a list of sites and their onion addresses. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_about.jpg]] -#+END_CENTER The About screen contains the ssh server public key hashes and you can compare the relevant one with the previous terminal window to verify that they're the same. If they're not then you might have a /machine-in-the-middle/ snooping on you. @@ -136,9 +128,8 @@ You have now confirmed a secure connection. Probably. If you're still sceptical Press any key to exit from the About screen. You can then select *Add/Remove apps* and add whatever applications you wish to run. Note that some apps will only run on x86 systems, but most will install and run on ARM single board computers. More details on particular apps can be [[./apps.html][found here]]. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_apps.jpg]] -#+END_CENTER Once your apps have installed you can go back to the About screen, pick an onion address and try it within a Tor compatible browser. You'll need to know the login passwords and those can be found within the /Passwords/ section of the administrator control panel. An axiom of the Freedombone system is that /if given the choice users will usually use insecure passwords/, so on this system passwords are generated randomly. If you need to then you can transfer the passwords into your favourite password manager and remove them from the server by going to the *Security Settings* section of the administrator control panel and choosing *Export passwords* and *Password storage*. @@ -152,6 +143,5 @@ Of course, this is just one way in which you can install the Freedombone system. man freedombone-image #+end_src -#+BEGIN_CENTER -This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion -#+END_CENTER +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/index.org b/doc/EN/index.org index e88f500c..7cff5d65 100644 --- a/doc/EN/index.org +++ b/doc/EN/index.org @@ -1,47 +1,29 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone +#+DESCRIPTION: Freedombone project #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -[[file:images/bbb3.png]] + +#+BEGIN_CENTER +[[./release31.html][New release 3.1]] #+END_CENTER -#+begin_quote -"/With the increasing move of our computing to cloud infrastructures, we give up the control of our computing to the managers of those infrastructures. Our terminals (laptops, desktops) might now be running entirely on Free Software, but this is increasingly irrelevant given that most of what actually matters gets executed on a remote closed system that we don’t control. The Free Software community needs to work to help users keep the control of all their computing, by developing suitable alternatives and facilitating their deployment./" +So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups, VPN. Freedombone is a home server system which enables you to self-host all of these things. --- Lucas Nussbaum -#+end_quote +You can run Freedombone on an old laptop or a single board computer. See the [[./installmethods.html][list of installation methods]]. You can also use it to [[./mesh.html][set up a mesh network]] in your local area. -So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups, VPN. Freedombone enables you to do all of that in a self-hosted way, where you keep control of your data and it resides in your own home. +Check out the [[./apps.html][list of available apps]] and [[./faq.html][Frequently Asked Questions]] section. Recent developments are also described on [[https://blog.freedombone.net/tag/freedombone][the blog]]. -[[./homeserver.html][Here's how]]. - -And here's how [[./beaglebone.html][on a Beaglebone Black]]. A list of other supported ARM boards [[./boards.html][can be found here]]. - -Or you can install [[./debianinstall.html][onto an existing Debian system]]. - -If you have a single board ARM computer which isn't one of the officially supported ones, such as Raspberry Pi, then you may still be able to install [[./armbian.html][Freedombone with Armbian]]. - -Want to make a community mesh network which can either be fully autonomous or connected to the internet? The [[./mesh.html][Freedombone Mesh]] is a wireless solution for networked communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised, or used as an infrastructural community service similar to [[https://en.wikipedia.org/wiki/Freifunk][Freifunk]]. - -After installation it's possible that you might want some advice on how to run your system and set up apps to work nicely with it. - - * [[./domains.html][How to get a domain name]] - * [[./apps.html][Apps available on the system]] - * [[./usage.html][General usage]] - * [[./faq.html][Frequently Asked Questions]] - * [[./mobile.html][Advice on setting up a mobile phone]] - * [[./support.html][I like this project. How can I help to support it?]] +Disk images which can be cloned straight to USB or microSD drives are [[./downloads/v31][available here]]. If you find bugs, or want to add a new app to this system see the [[./devguide.html][Developers Guide]] and [[./codeofconduct.html][Code of Conduct]]. There is a Matrix chat room available at *#fbone:matrix.freedombone.net*. -Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/current][available here]]. +If you like this project and want to support continued development then [[./support.html][here's what to do]]. -#+BEGIN_CENTER -This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]] -#+END_CENTER +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/installation.org b/doc/EN/installation.org index 3fca1d84..f5d8acf1 100644 --- a/doc/EN/installation.org +++ b/doc/EN/installation.org @@ -1,20 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, installation +#+DESCRIPTION: Freedombone installation #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Installation

-
-#+END_EXPORT +* Installation | [[Building an image for a Single Board Computer or Virtual Machine]] | | [[Checklist]] | diff --git a/doc/EN/installmethods.org b/doc/EN/installmethods.org new file mode 100644 index 00000000..a93226dc --- /dev/null +++ b/doc/EN/installmethods.org @@ -0,0 +1,31 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone, installation +#+DESCRIPTION: Installation methods +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+attr_html: :width 80% :height 10% :align center +[[file:images/logo.png]] + +Most people don't have a static external IP address, so you will need to have an account on a dymanic DNS service. [[https://freedns.afraid.org][FreeDNS]] is the one recommended, but others are available. + +If you want systems to be available within an ordinary web browser, such as Firefox, then you will need to [[./domains.html][obtain a domain name]]. + +A list of other supported ARM boards [[./boards.html][can be found here]], or you can install onto an old laptop or netbook. Some installation instructions for different use cases are: + + * [[./homeserver.html][Typical installation]] + * Installing [[./beaglebone.html][on a Beaglebone Black]] + * Installing on an [[./debianinstall.html][existing Debian system]] + * Installing [[./armbian.html][on Armbian]], for unsupported ARM boards such as Raspberry Pi + * Creating a dedicated [[./socialinstance.html][fediverse instance]] for a single user or to host a community + * Deploying a [[./mesh.html][mesh network]] which can operate with or without the internet + * [[./users.html][Adding or removing users]] + * [[./security.html][Improving security]] + * [[./mobile.html][Advice on setting up a mobile phone]] + * [[./apps.html][Apps available on the system]] + * [[./faq.html][Frequently Asked Questions]] + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/mesh.org b/doc/EN/mesh.org index aab59e7f..9e8d8e97 100644 --- a/doc/EN/mesh.org +++ b/doc/EN/mesh.org @@ -1,18 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, mesh +#+DESCRIPTION: Freedombone mesh network #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Mesh Network

-#+end_export +* Mesh Network The Freedombone Mesh is a wireless solution for autonomous or internet connected communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised. @@ -22,9 +19,8 @@ The Freedombone Mesh is a wireless solution for autonomous or internet connected * [[./mesh_custom.html][Customisation]] * [[./mesh_usage.html][How to use it]] -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/mesh_desktop1.png]] -#+END_CENTER Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small businesses who don't want the overhead of server maintenance, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies. @@ -34,6 +30,5 @@ Systems only need to be within wifi range of each other for the mesh to be creat Like [[https://libremesh.org][LibreMesh]], this system uses a combination of [[https://en.wikipedia.org/wiki/B.A.T.M.A.N.][batman-adv]] on network layer 2 and [[http://bmx6.net][BMX]] on layer 3. Routing protocols [[http://www.olsr.org][OLSR2]] and [[https://www.irif.fr/~jch/software/babel][Babel]] are also selectable. -#+BEGIN_CENTER -This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion -#+END_CENTER +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/mesh_capabilities.org b/doc/EN/mesh_capabilities.org index 5adf8d8e..fb6066da 100644 --- a/doc/EN/mesh_capabilities.org +++ b/doc/EN/mesh_capabilities.org @@ -1,18 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, mesh +#+DESCRIPTION: Freedombone mesh network capabilities #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Mesh Network: Capabilities

-#+end_export +* Mesh Network: Capabilities The mesh system has the following capabilities: @@ -33,3 +30,6 @@ The mesh system has the following capabilities: - Publicly shared data is /content addressable/ This system should be quite scalable. Both qTox and IPFS are based upon distributed hash tables (DHT) so that each peer does not need to store the full index of data for the entire network. Gossiping between SSB peers may be slower, but the [[https://en.wikipedia.org/wiki/Small-world_network][small world effect]] will presumably still make for quite efficient delivery in a large network. Caching or pinning of IPFS data and its content addressability means that if a file or blog becomes popular then performance should improve as the number of downloads increases, which is the opposite of the client/server paradigm. + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/mesh_custom.org b/doc/EN/mesh_custom.org index 29596d8e..82ca14ad 100644 --- a/doc/EN/mesh_custom.org +++ b/doc/EN/mesh_custom.org @@ -1,19 +1,20 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, mesh +#+DESCRIPTION: Freedombone mesh network customisation #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Mesh Network: Customisation

-#+end_export +* Mesh Network: Customisation If you want to make your own specially branded version, such as for a particular event, then to change the default desktop backgrounds edit the images within *img/backgrounds* and to change the available avatars and desktop icons edit the images within *img/avatars*. Re-create disk images using the instructions shown previously. If you need particular /dconf/ commands to alter desktop appearance or behavior then see the function /mesh_client_startup_applications/ within *src/freedombone-image-customise*. + + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/mesh_images.org b/doc/EN/mesh_images.org index 20534c8b..64c16ad8 100644 --- a/doc/EN/mesh_images.org +++ b/doc/EN/mesh_images.org @@ -1,18 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, mesh +#+DESCRIPTION: Freedombone mesh network images #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Mesh Network: Images

-#+end_export +* Mesh Network: Images * Pre-built Disk Images ** Writing many images quickly @@ -33,19 +30,16 @@ sudo apt-get install gnome-multi-writer The MultiWriter tool is also available within mesh client images, so that you can use mesh systems to create more copies of the same system. ** Client images -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/mesh_netbook.jpg]] -#+END_CENTER "Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size. #+begin_src bash sudo apt-get install xz-utils wget -wget https://freedombone.net/downloads/current/freedombone-meshclient-i386.img.xz -wget https://freedombone.net/downloads/current/freedombone-meshclient-i386.img.xz.sig +wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz +wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz.sig gpg --verify freedombone-meshclient-i386.img.xz.sig -sha256sum freedombone-meshclient-i386.img.xz -49391230de6a4f1966db091813deb8f9d93c947677f5483baa52400d7fcba7d3 unxz freedombone-meshclient-i386.img.xz sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8 sudo dd bs=1M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync @@ -57,11 +51,9 @@ If you're in an emergency and don't have Atheros wifi dongles then there is also #+begin_src bash sudo apt-get install xz-utils wget -wget https://freedombone.net/downloads/current/freedombone-meshclient-insecure-i386.img.xz -wget https://freedombone.net/downloads/current/freedombone-meshclient-insecure-i386.img.xz.sig +wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.img.xz +wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.img.xz.sig gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig -sha256sum freedombone-meshclient-insecure-i386.img.xz -c11783741e66df5072ffcbef8d9b04260a2298d84e33c72fefa4bb539d094810 unxz freedombone-meshclient-insecure-i386.img.xz sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8 sudo dd bs=1M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync @@ -70,16 +62,15 @@ sudo dd bs=1M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdata ** Router images Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do. *** Beaglebone Black -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/mesh_router.jpg]] -#+END_CENTER The above picture shows a Beaglebone Black with the image copied onto a microSD card (there's no need to do anything with the internal EMMC). A USB Atheros wifi adaptor with a large antenna is attached and in this case power is from the mains, although it could be from a battery or solar power system capable of supplying 5 volts and maybe 1A (depending upon how active the router is). #+begin_src bash sudo apt-get install xz-utils wget -wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf.img.xz -wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf.img.xz.sig +wget https://freedombone.net/downloads/v31/freedombone-mesh_beaglebone-armhf.img.xz +wget https://freedombone.net/downloads/v31/freedombone-mesh_beaglebone-armhf.img.xz.sig gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig sha256sum freedombone-mesh_beaglebone-armhf.img.xz ad8f22c0d46c98a80aa47b5809402971cf5cf26ebf587c59a667307b2386c3d2 @@ -98,11 +89,9 @@ First you will need to create an image. On a Debian based system (tested on Debi #+begin_src bash sudo apt-get -y install git wget build-essential -wget https://freedombone.net/downloads/current/freedombone.tar.gz -wget https://freedombone.net/downloads/current/freedombone.tar.gz.sig +wget https://freedombone.net/downloads/v31/freedombone.tar.gz +wget https://freedombone.net/downloads/v31/freedombone.tar.gz.sig gpg --verify freedombone.tar.gz.sig -sha256sum freedombone.tar.gz -afbb536564140aa28c6491d45b7474ced5a0b018539ffd3e96b13b242a41792e tar -xzvf freedombone.tar.gz cd freedombone git checkout stretch @@ -147,3 +136,7 @@ freedombone-image -t beaglebone -v mesh #+end_src The resulting image can be copied to a microSD card, inserted into a Beaglebone Black and booted. Don't forget to plug in an Atheros USB wifi dongle. + + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/mesh_philosophic.org b/doc/EN/mesh_philosophic.org index b52f8cef..0bd9d168 100644 --- a/doc/EN/mesh_philosophic.org +++ b/doc/EN/mesh_philosophic.org @@ -1,18 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, mesh -#+DESCRIPTION: Turn any laptop or a Beaglebone Black into an off-the-grid mesh peer +#+KEYWORDS: freedombone, mesh +#+DESCRIPTION: Philosophy of the Freedombone mesh #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Mesh Network: Philosophic

-#+end_export +* Mesh Network: Philosophic #+begin_quote "/I see mesh networks naturally evolving to become the dominant form of network over the next few decades, because it’s the most practical solution to a number of problems that will have to be solved in order to build the VR web as well as to connect the entire world to the internet. Centralized networks are only possible in highly developed countries with existing infrastructures like power and telephone grids, as well as roads. You can’t build a tower where you don’t have either power or access. For vast areas of the world, mesh networks will be the only feasible solution./" -- Valkyrie Ice @@ -49,3 +46,7 @@ While the network will have the capacity to exchange information with Internet u * Evolvable The network should be built with future development in mind. The platform should be flexible enough to support technologies, protocols and modes of usage that have not yet been developed. + + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/mesh_usage.org b/doc/EN/mesh_usage.org index 477c0a69..64cb6590 100644 --- a/doc/EN/mesh_usage.org +++ b/doc/EN/mesh_usage.org @@ -1,18 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: mesh, network, freedombone +#+DESCRIPTION: How to use the Freedombone mesh network #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Mesh Network: How to use it

-#+end_export +* Mesh Network: How to use it * [[Boot trouble]] * [[Set the Date]] @@ -28,9 +25,9 @@ When you first boot from the USB drive the system will create some encryption keys, assign a unique network address to the system and then reboot itself. When that's done you should see a prompt asking for a username. This username just makes it easy for others to initially find you on the mesh and will appear in the list of users. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/mesh_initial_login.jpg]] -#+END_CENTER + After a minute or two if you are within wifi range and there is at least one other user on the network then you should see additional icons appear on the desktop, such as /Other Users/ and /Chat/. @@ -47,17 +44,14 @@ Unlike with ordinary wifi, on the mesh you don't get a signal strength icon and Select the wifi icon on the desktop and enter the password '/freedombone/'. The network configuration will go into a monitoring mode and in the bottom right side of the window you will be able to see signal strength and other parameters. This can help you to locate systems or adjust antennas to get the best wifi performance. - -#+BEGIN_CENTER +#+attr_html: :width 70% :align center [[file:images/mesh_signal.jpg]] -#+END_CENTER When you are finished close the window and then select the /Network Restart/ desktop icon, which will restart the B.A.T.M.A.N. network. You can also use the restart icon if you are within range of the mesh network but the /Chat/ and /Other Users/ icons do not automatically appear after a few minutes. * Connecting to the internet -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/mesh_architecture2.jpg]] -#+END_CENTER If you need to be able to access the internet from the mesh then connect one of the peers to an internet router using an ethernet cable (shown as yellow above), then reboot it. Other peers in the mesh, including any attached mobile devices, will then be able to access the internet using the ethernet attached peer as a gateway. [[https://en.wikipedia.org/wiki/Freifunk][Freifunk]] works in a similar way. @@ -72,17 +66,15 @@ sudo openvpn myclient.ovpn Where /myclient.ovpn/ comes from your VPN provider and with the password "/freedombone/". * Connecting two meshes over the internet via a VPN tunnel -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/mesh_architecture_vpn.jpg]] -#+END_CENTER Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together. In your home directory on a system connected via ethernet to an internet router you'll find a file called *vpn.tar.gz*. If you want another mesh to be able to connect to yours then send them this file and get them to uncompress it into their home directory also on an internet gateway machine. If they have an external IP address or domain name for your router then they will be able to VPN connect using the *Connect Meshes* icon. They should also forward port 653 from their internet router to the mesh gateway machine. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mesh_connect.png]] -#+END_CENTER You should create a new *vpn.tar.gz* file for every other mesh which wants to be able to connect to yours. If you are prompted for a password it is 'freedombone'. @@ -90,52 +82,45 @@ From a deep packet inspection point of view the traffic going over the internet * Mobile devices (phones, etc) -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/mesh_architecture3.jpg]] -#+END_CENTER To allow mobile devices to connect to the mesh you will need a second wifi adapter connected to your laptop/netbook/SBC. Plug in a second wifi adapter then reboot the system. The second adaptor will then create a wifi hotspot (the connection shown in green above) which mobile devices can connect to. The hotspot name also contains its local IP address (eg. "/mesh-192.168.1.83/"). On a typical Android device go to *Settings* then *Security* and ensure that *Unknown sources* is enabled. Also within *Wifi* from the *Settings* screen select the mesh hotspot. The password is "/freedombone/". Open a non-Tor browser and navigate to the IP address showing in the hotspot name. You can then download and install mesh apps. -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/mesh_mobileapps.jpg]] -#+END_CENTER On some android devices you may need to move the downloaded APK file from the *Downloads* directory to your *home* directory before you can install it. * Chat System Ensure that you're within wifi range of at least one other mesh peer (could be a router or client) and then you should see that the /Chat/ and /Other Users/ icons appear. Select the users icon and you should see a list of users on the mesh. -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/mesh_peerslist.png]] -#+END_CENTER Selecting a user followed by the Ok button will copy their Tox ID to the clipboard. Now select the /Chat/ icon and once you are connected you should see the status light turn green. If after a few minutes you don't get the green status light then try closing and re-opening the Tox chat application. Select the plus button to add a friend and then paste in a Tox ID. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mesh_paste_tox_id.jpg]] -#+END_CENTER The other user can then accept or decline your friend request. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mesh_friend_request.jpg]] -#+END_CENTER You can also select an avatar by selecting the grey head and shoulders image. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/mesh_choose_avatar.jpg]] -#+END_CENTER And by selecting the user from the list on the left hand side the chat can begin. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/mesh_text_chat.jpg]] -#+END_CENTER One important point is that by default the microphone is turned off. When doing voice chat you can select the microphone volume with the drop down slider in the top right corner of the screen. @@ -144,15 +129,13 @@ At present video doesn't work reliably, but text and voice chat do work well. * Collaborative document editing The mesh system includes the ability to collaboratively edit various sorts of documents using CryptPad. CryptPad is an almost peer-to-peer system in that it is designed for a client/server environment but that the server aspect of it is very minimal and limited to orchestrating the connected clients. With CryptPad installed on each mesh peer it effectively enables peer-to-peer collaborative editing. Documents are ephemeral and forgotten unless they're exported or copy-pasted to permanent storage. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/mesh_cryptpad1.jpg]] -#+END_CENTER To create a document click on the CryptPad icon. Depending upon the specifications of your system it may take a few seconds to load, so don't be too disturned if the browser contents look blank for a while. Select _Rich Text Pad_ and give yourself a username. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/mesh_cryptpad2.jpg]] -#+END_CENTER If you have the chat system running you can then copy and paste the URL for your pad into the chat, and the other user can then open the link and edit the document with you. You can repeat that for however many other users you wish to be able to edit. @@ -162,44 +145,42 @@ Patchwork is available as a social networking system for the mesh. Like all soci Double click on the "Social" icon to open the app, then add your nickname and optionally a description. If you want to choose an avatar image some can be found within the directory */usr/share/freedombone/avatars*. On older systems or systems without a hardware random number generator, Patchwork sometimes takes a long time (a few minutes) to open for the first time after clicking the icon. This is most likely due to the initial generation of encryption keys, so be patient. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/patchwork_setup.jpg]] -#+END_CENTER Other Patchwork users on the mesh will appear automatically under the *local* list and you can select and follow them if you wish. It's also possible to select the dark theme from *settings* on the drop down menu if you prefer. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/patchwork_public.jpg]] -#+END_CENTER The Secure Scuttlebutt protocol which Patchwork is based upon is intended to be robust to intermittent network connectivity, so you can write posts when out of range and they will sync once you are back in the network. * Sharing Files You can make files publicly available on the network simply by dragging and dropping them into the /Public/ folder on the desktop. To view the files belonging to another user select the desktop icon called /Visit a site/ and enter the username or Tox ID of the other user. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mesh_share_files.jpg]] -#+END_CENTER * Blogging To create a blog post select the /Blog/ icon on the desktop and then select *New blog entry* and *Ok*. Edit the title of the entry and add your text. You can also include photos if you wish - just copy them to the *CreateBlog/content/images* directory and then link to them as shown. -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/mesh_blog.png]] -#+END_CENTER To finish your blog entry just select /Save/ and then close the editor. On older hardware it may take a while to publish the results, and this depends upon the amount of computation needed by IPFS to create file hashes. If you make no changes to the default text then the new blog entry will not be saved. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mesh_new_blog2.jpg]] -#+END_CENTER -#+BEGIN_CENTER + +#+attr_html: :width 80% :align center [[file:images/mesh_view_blog.jpg]] -#+END_CENTER You can also visit other blogs, edit or delete your previous entry and change your blog theme. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mesh_select_blog_theme.png]] -#+END_CENTER + + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/meshindex.org b/doc/EN/meshindex.org index 8fcf23aa..86d10914 100644 --- a/doc/EN/meshindex.org +++ b/doc/EN/meshindex.org @@ -6,16 +6,11 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Welcome to the Freedombone Mesh

-The following apps are available: -
-#+END_EXPORT +* Welcome to the Freedombone Mesh +>>>>>>> 9b2ac0e151a7d39cc6d29d10c465e88e1882efec #+BEGIN_EXPORT html
diff --git a/doc/EN/mirrors.org b/doc/EN/mirrors.org deleted file mode 100644 index f3f47737..00000000 --- a/doc/EN/mirrors.org +++ /dev/null @@ -1,47 +0,0 @@ -#+TITLE: -#+AUTHOR: Bob Mottram -#+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Mirroring git repositories -#+OPTIONS: ^:nil toc:nil -#+HTML_HEAD: - -#+BEGIN_CENTER -[[file:images/logo.png]] -#+END_CENTER - -#+BEGIN_EXPORT html -
-

Mirrors

-
-#+END_EXPORT - -| [[What are mirrors and why do they exist?]] | -| [[What security do mirrors have?]] | -| [[How do I set up mirrors?]] | -| [[Do mirrors include debian package repositories?]] | -| [[What do I need to do to keep the mirrored repositories updated?]] | - -* What are mirrors and why do they exist? -It would be nice if all of the applications used by this project were packaged for Debian, but currently they're not. This means that various upstream git repositories are used and these mostly reside on Github. What if Github were to go away, become paying only or be censored in some manner which was difficult to work around? To guard against this possibility the repositories are mirrored on each install and can then be made available to other users so that new installations or updates could still occur without the original default repos. -* What security do mirrors have? -On each install you have a /mirrors/ user created, whose only purpose is to mirror upstream repositories. A random password is generated for the /mirrors/ user which can be seen within the control panel and so given to other users who may need it. -* How do I set up mirrors? -The interactive installer will ask whether you want to configure the main respositories. Enter the URL, which will typically be an onion address, the ssh port number and the password for the mirrors on that system. -* Do mirrors include debian package repositories? -No. Packages for Debian will still be accessed in the conventional manner. -* Can I change mirrors after the system has been installed -Yes. From the control panel select "/Set the main repository/" - -#+BEGIN_CENTER -[[file:images/controlpanel/control_panel_mirrors.jpg]] -#+END_CENTER - -* What do I need to do to keep the mirrored repositories updated? -Nothing. That happens as part of regular automatic updates. - -#+BEGIN_EXPORT html -
-Return to the home page -
-#+END_EXPORT diff --git a/doc/EN/mobile.org b/doc/EN/mobile.org index 1fb82841..3e5811d1 100644 --- a/doc/EN/mobile.org +++ b/doc/EN/mobile.org @@ -1,20 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, mobile +#+DESCRIPTION: Freedombone mobile setup #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Mobile

-
-#+END_EXPORT +* Mobile Mobile phones are insecure devices, but they're regarded as being so essential to modern life that telling people not to use them isn't a viable option. Here are some recommendations on setting up a mobile phone (aka "smartphone") to work with Freedombone. @@ -79,7 +74,7 @@ In F-droid under the *repositories* menu you can enable the *guardian project*, * Email The easiest way to access email is by installing the [[./app_mailpile.html][Mailpile]] app. This keeps your GPG keys off of possibly insecure mobile devices but still enables encrypted email communications in an easy way. You can use K9 mail if you prefer, but that will require installing OpenKeychain and having your GPG keys on the device, which is a lot more risky. * Services -For information on configuring various apps to work with Freedombone see the [[file:./usage.html][usage section]]. Also see advice on chat apps in the [[file:./faq.html][FAQ]]. +For information on configuring various apps to work with Freedombone see the [[file:./apps.html][apps section]]. Also see advice on chat apps in the [[file:./faq.html][FAQ]]. * Battery Even with free software apps it's not difficult to get into a situation where your battery doesn't last for long. To maximize battery life access RSS feeds via the onion-based mobile reader within a Tor-compatible browser and not from a locally installed RSS app. @@ -145,3 +140,7 @@ Once that's done you may want to set *Root access* on the device back to *Disabl Return to the home page
#+END_EXPORT + + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/related.org b/doc/EN/related.org deleted file mode 100644 index b9a64e93..00000000 --- a/doc/EN/related.org +++ /dev/null @@ -1,49 +0,0 @@ -#+TITLE: -#+AUTHOR: Bob Mottram -#+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server -#+OPTIONS: ^:nil toc:nil -#+HTML_HEAD: - -#+BEGIN_CENTER -[[file:images/logo.png]] -#+END_CENTER - -#+BEGIN_EXPORT html -
-

Related Projects

-
-#+END_EXPORT - -#+BEGIN_EXPORT html -
-The following projects made Freedombone possible.
- - - - - - - - - - - - - - - - - - - - - - - - - -
Nginx
Openssl
Gnupg
Debian
Freedombox
Beagleboard
Dokuwiki
GNU Social
Hubzilla
Tor
Prosody
Syncthing
Tox
Bettercrypto
-
-#+END_EXPORT diff --git a/doc/EN/release3.org b/doc/EN/release3.org index ba8984e7..4c890a59 100644 --- a/doc/EN/release3.org +++ b/doc/EN/release3.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/release3.jpg]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Building an internet run by the users, for the users

-
-#+END_EXPORT +* Building an internet run by the users, for the users The internet may still be mostly in the clutches of a few giant megacorporations and dubious governments with sketchy agendas, but it doesn't have to remain that way. With the third version of the Freedombone system there is now more scope than before to take back your privacy, have ownership of personal data and run your own online communities without undesirable intermediaries. diff --git a/doc/EN/release31.org b/doc/EN/release31.org new file mode 100644 index 00000000..513023f1 --- /dev/null +++ b/doc/EN/release31.org @@ -0,0 +1,70 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone +#+DESCRIPTION: Version 3.1 +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+attr_html: :width 80% :height 10% :align center +[[file:images/logo.png]] + +* *Version 3.1, 2018-04-15* + +Newer and shinier than before, [[./index.html][Freedombone]] 3.1 rests upon the solid foundation of Debian stable and delivers major new self-hosted apps, improved mesh networking and a new logo. It supports version 3 onion addresses and the ability to use [[./usage_email.html][email with onion and I2P addresses]]. New apps are: + + * [[./app_akaunting.html][Akaunting]]: Personal or small business accounts + * [[./app_bdsmail.html][bdsmail]]: Avoid PGP complexity by using email over I2P + * [[./app_bludit.html][Bludit]]: Painless markdown blogging + * [[./app_edith.html][Edith]]: The simplest possible note taking system + * [[./app_icecast.html][Icecast]]: Run your own internet radio station + * [[./app_peertube.html][PeerTube]]: Peer-to-peer video hosting system + * [[./app_pleroma.html][Pleroma]]: Ultra lightweight fediverse instance with Mastodon compatibility + +The [[./mesh.html][mesh version]] now supports BMX6, OLSR2 and Babel routing protocols on layer 3 and so is protocol compatible with [[https://libremesh.org][LibreMesh]]. It also now runs on pure IPv6 and has built in video editor and CryptPad integration for networked collaboration even during times when the internet is not available. + +There is a new [[./socialinstance.html][social instance]] image build option, if you want to be able to rapidly deploy fediverse instances, and a [[./devguide.html][template command]] for quickly adding new apps to the system which automates a lot of the boilerplate. + +According to some narratives the open web is dying with the silo companies comprising 80% of web traffic and what remains being pushed into an increasingly marginal corner. But at the same time these colonial occupiers have come under renewed [[https://www.wired.co.uk/article/open-letter-mark-zuckerberg-congress][public criticism]] as they continue to abuse their monopoly powers in ever more egregious ways. 2017 seemed to be a turning point in attitudes towards Silicon Valley generally and there is room for a new kind of movement to get started which is about reclaiming the internet for the common good. + +This is where we make our stand. If the internet falls then so too does freedom. + +The future is decentralized. + +* Installation + +The simplest way to install is from a pre-made disk image. Images can be [[https://freedombone.net/downloads/v31][downloaded here]]. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere. Or if you don't need clearnet domains and will be using Tor compatible browsers then you can use the "onion only" images where apps will be accessible via an onion address. + +Copy the image to a microSD card or USB thumb drive, replacing sdX with the identifier of the USB thumb drive. Don't include any numbers (so for example use sdc instead of sdc1). + +#+BEGIN_SRC bash +unxz downloadedimagefile.img.xz +dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync +#+END_SRC + +And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store. + +Plug the microSD or USB drive into the target hardware which you want to use as a server and power on. If you're using an old laptop or netbook as the server then you will need to set the BIOS to boot from USB. + +As the system boots for the first time the login is: + +#+BEGIN_SRC bash +username: fbone +password: freedombone +#+END_SRC + +If you're installing from a microSD card on a single board computer without a screen and keyboard attached then you can ssh into it with: + +#+BEGIN_SRC bash +ssh fbone@freedombone.local -p 2222 +#+END_SRC + +Using the initial password "freedombone". If you have trouble accessing the server then make sure you have Avahi installed and [[https://en.wikipedia.org/wiki/Multicast_DNS][mDNS]] enabled. + +You will then be shown a new randomly generated password. It's very important that you write this down somewhere or transfer it to a password manager before going further, because you'll need this to log in later. + +More detailed installation instructions are linked from [[./installmethods.html][the main site]]. + +* Upgrading from a previous install + +To upgrade from version 3 just go to the *administrator control panel* and select *check for updates*. diff --git a/doc/EN/security.org b/doc/EN/security.org new file mode 100644 index 00000000..edcaaf23 --- /dev/null +++ b/doc/EN/security.org @@ -0,0 +1,47 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone, security, ssh, debian, beaglebone +#+DESCRIPTION: Improving security +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+attr_html: :width 80% :height 10% :align center +[[file:images/logo.png]] + +* Authentication with keys +It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running: + +#+begin_src bash +freedombone-client +#+end_src + +On your local system (i.e. whatever you're logging in to the Freedombone system from, typically a laptop). Then: + +#+begin_src +ssh myusername@freedombone.local -p 2222 +#+end_src + +Select *Administrator controls* and re-enter your password, then *Manage Users* and *Change user ssh public key*. Copy and paste the ssh public keys which appeared after the *freedombone-client* command was run. Then go to *Security settings* and select *Allow ssh login with passwords* followed by *no*. + +You'll need to make sure that you have a copy of the ~/.ssh directory on your local system. You could just copy that directory to a USB drive and then keep that somewhere safe so that you can restore the keys if you need to. +* Administrating the system via an onion address (Tor) +You can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following: + +#+BEGIN_SRC bash +ssh username@freedombone.local -p 2222 +#+END_SRC + +Select /Administrator controls/ then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following on your local system: + +#+BEGIN_SRC bash +freedombone-client +#+END_SRC + +This will set up your ssh environment to be able to handle onion addresses. Then you can test ssh with: + +#+BEGIN_SRC bash +ssh username@address.onion -p 2222 +#+END_SRC + +Subsequently even if dynamic DNS isn't working you may still be able to administer your system. Using the onion address also gives you some degree of protection against corporate or government metadata analysis, since it becomes more difficult to passively detect which systems are communicating. diff --git a/doc/EN/socialinstance.org b/doc/EN/socialinstance.org new file mode 100644 index 00000000..a57dd44c --- /dev/null +++ b/doc/EN/socialinstance.org @@ -0,0 +1,83 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone, debian, social, fediverse, instance, pleroma, gnusocial, postactiv +#+DESCRIPTION: Social Instance +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+attr_html: :width 80% :height 10% :align center +[[file:images/logo.png]] + +* Social Instance + +A social instance image allows you to easily set up a fediverse server, which federates using the OStatus or ActivityPub protocol. You will need: + + * An old laptop, capable of booting from USB + * A USB drive, preferably Sandisk and 16GB or larger + * An ethernet patch cable + * A domain name of your own + * A dynamic DNS account + +The installation process is the same as usual, with the only difference being that on initial setup it will go straight to the domain setup details for your instance. In summary: + +* Copy the image to the USB drive + +Substitute *sdX* with the device name for your USB drive. + +#+begin_src bash +sudo apt-get install xz-utils wget +wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz +wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz.sig +gpg --verify freedombone-pleroma-amd64.img.xz.sig +unxz freedombone-pleroma-amd64.img.xz +sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8 +sudo dd bs=1M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync +#+end_src + +Also note that if the laptop has a removable SSD drive it's possible to copy the image directly to that if you have enough equipment. + +* Connect the laptop to your internet router + +Plug the USB drive into the laptop and connect it to your internet router with the ethernet cable. + +#+attr_html: :width 100% :align center +[[file:images/laptop_router.jpg]] + +* Boot the laptop from the USB drive + +You may need to alter the BIOS settings to get this to work reliably. + +#+attr_html: :width 100% :align center +[[file:images/bios_boot_usb.jpg]] + +* Forward ports 80 (HTTP) and 443 (HTTPS) from your internet router to the laptop + +Log into your internet router using a non-Tor browser (usually it's on an address like 192.168.1.1 or 192.168.1.254). Often port forwarding settings are together with firewall settings. + +#+attr_html: :width 100% :align center +[[file:images/port_forwarding.png]] + +* From another machine ssh into the laptop + +#+begin_src bash +ssh fbone@freedombone.local -p 2222 +#+END_SRC + +Or alternatively you can log in directly on the laptop. The initial username is *fbone* and the password is *freedombone*. You should make sure you write down or copy the new password when it is shown. + +* Follow the setup procedure + +Enter your user details, domain name and dynamic DNS settings. + +* When installation is complete + +Navigate to your domain and register a new user. + +#+attr_html: :width 100% :align center +[[file:images/pleroma_register.jpg]] + +More details about setting up and using Pleroma [[./app_pleroma.html][can be found here]]. + +#+attr_html: :width 50% :align center +[[file:images/tusky.jpg]] diff --git a/doc/EN/support.org b/doc/EN/support.org index a8f8a514..33edf7a6 100644 --- a/doc/EN/support.org +++ b/doc/EN/support.org @@ -1,20 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, support +#+DESCRIPTION: How to support the Freedombone project #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Support

-
-#+END_EXPORT +* Support * Contact details @@ -48,9 +43,9 @@ A better design for this website would be nice to have. Photos, icons or other a ** Howto videos If you're good at making videos then a howto for installing Freedombone onto various types of hardware, or testing the mesh system in realistic/exotic scenarios would be good. You could even host videos on PeerTube or Mediagoblin. ** More education and promotion -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[./images/educate.png]] -#+END_CENTER + Many people are unaware that running their own internet services /is even a possibility/. Many also believe that internet services can be provided only if they're supported by advertising or donations, and that only gigantic data centres have enough computing capacity to serve web pages on a worldwide scale. Others may be fearful of encryption due to misrepresentations or misunderstandings of it in the mainstream media. Some may be intimidated by the apparent complexity and think that you need to be some sort of silicon valley genius in order to run a web service on your own. Even many technically-minded folks often believe that they can't run a home server unless they have a static IP address, which isn't true, and others are put off by thinking that any such server will be immediately [[https://en.wikipedia.org/wiki/Pwn][pwned]] by blackhat hackers. Raising awareness beyond the near zero current level, overcoming fear and paranoia and dispelling some of the prevalent myths will definitely help. @@ -61,8 +56,5 @@ To add translations modify the json files within the *locale* subdirectory. Then ** Packaging Helping to package GNU Social and Hubzilla for Debian would be beneficial. -#+BEGIN_EXPORT html -
-Return to the home page -
-#+END_EXPORT +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/usage.org b/doc/EN/usage.org deleted file mode 100644 index 4bc059bd..00000000 --- a/doc/EN/usage.org +++ /dev/null @@ -1,96 +0,0 @@ -#+TITLE: -#+AUTHOR: Bob Mottram -#+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server -#+OPTIONS: ^:nil toc:nil -#+HTML_HEAD: - -#+BEGIN_CENTER -[[file:images/logo.png]] -#+END_CENTER - -#+BEGIN_EXPORT html -
-

Usage

-
-#+END_EXPORT - -| [[Improving security]] | -| [[Administrating the system via an onion address (Tor)]] | -| [[./mobile.html][Mobile advice]] | -| [[./usage_email.html][Using Email]] | -| [[./app_syncthing.html][Syncing to the Cloud]] | -| [[./app_dlna.html][Play Music]] | -| [[./app_gnusocial.html][Microblogging (GNU Social)]] | -| [[./app_postactiv.html][Microblogging (PostActiv)]] | -| [[./app_ghost.html][Blogging with Ghost]] | -| [[./app_htmly.html][Blogging with HTMLy]] | -| [[./app_hubzilla.html][Social Network]] | -| [[./app_lychee.html][Photo albums]] | -| [[./app_mediagoblin.html][Hosting video and audio content]] | -| [[./app_dokuwiki.html][Wiki]] | -| [[./app_etherpad.html][Collaborative document editing]] | -| [[./app_irc.html][Multi-user chat with IRC]] | -| [[./app_xmpp.html][XMPP/Jabber]] | -| [[./app_tox.html][Tox]] | -| [[./app_mumble.html][Mumble]] | -| [[./app_mailpile.jtml][Mailpile]] | -| [[./app_rss.html][RSS Reader]] | -| [[./app_radicale.html][CalDAV calendar server]] | -| [[./app_gogs.html][Git Projects]] | -| [[Adding or removing users]] | -| [[./app_pihole.html][Blocking Ads]] | -| [[./app_turtl.html][Making and sharing notes and images]] | - -* Improving security -It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running: - -#+begin_src bash -freedombone-client -#+end_src - -On your local system (i.e. whatever you're logging in to the Freedombone system from, typically a laptop). Then: - -#+begin_src -ssh myusername@freedombone.local -p 2222 -#+end_src - -Select *Administrator controls* and re-enter your password, then *Manage Users* and *Change user ssh public key*. Copy and paste the ssh public keys which appeared after the *freedombone-client* command was run. Then go to *Security settings* and select *Allow ssh login with passwords* followed by *no*. - -You'll need to make sure that you have a copy of the ~/.ssh directory on your local system. You could just copy that directory to a USB drive and then keep that somewhere safe so that you can restore the keys if you need to. -* Administrating the system via an onion address (Tor) -You can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following: - -#+BEGIN_SRC bash -ssh username@freedombone.local -p 2222 -#+END_SRC - -Select /Administrator controls/ then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following on your local system: - -#+BEGIN_SRC bash -freedombone-client -#+END_SRC - -This will set up your ssh environment to be able to handle onion addresses. Then you can test ssh with: - -#+BEGIN_SRC bash -ssh username@address.onion -p 2222 -#+END_SRC - -Subsequently even if dynamic DNS isn't working you may still be able to administer your system. Using the onion address also gives you some degree of protection against corporate or government metadata analysis, since it becomes more difficult to passively detect which systems are communicating. -* Adding or removing users -Log into the system with: - -#+BEGIN_SRC bash -ssh username@domainname -p 2222 -#+END_SRC - -Select *Administrator controls* then *User Management*. Depending upon the type of installation after selecting administrator controls you might need to enter: - -#+BEGIN_SRC bash -sudo su -control -#+END_SRC - -[[file:images/controlpanel/control_panel_manage_users.jpg]] diff --git a/doc/EN/usage_email.org b/doc/EN/usage_email.org index 4d76b080..b9de785b 100644 --- a/doc/EN/usage_email.org +++ b/doc/EN/usage_email.org @@ -1,20 +1,13 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, email +#+DESCRIPTION: How to use email on Freedombone #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER - -#+BEGIN_EXPORT html -
-

Email

-
-#+END_EXPORT | [[Things to be aware of]] | | [[A technical note about email transport security]] | @@ -22,11 +15,11 @@ | [[Publishing your GPG public key]] | | [[Mutt email client]] | | [[Thunderbird/Icedove]] | -| [[K9 Android client]] | +| [[Android apps]] | | [[Subscribing to mailing lists]] | | [[Adding email addresses to a group/folder]] | | [[Ignoring incoming emails]] | -| [[Your own mailing list]] | +| [[Using I2P for email transport]] | * Things to be aware of Even though this system makes it easy to set up an email server, running your own email system is still not easy and this is mainly due to the huge amount of collatoral damage caused by spammers over a long period of time, which in turn is due to the inherent insecurity of email protocols which enabled spam to become a big problem. Email is still very popular though and most internet services require that you have an email address in order to register. @@ -40,8 +33,10 @@ Port 465 is used for SMTP and this is supposedly deprecated for secure email. Ho From https://motherboard.vice.com/read/email-encryption-is-broken: #+BEGIN_QUOTE -The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor +/The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor/ #+END_QUOTE + +A way to avoid these pitfalls altogether is to use onion addresses (see the section below) or [[./app_bdsmail.html][I2P addresses]] for email. These are not so convenient because they use long random strings which aren't memorable as addresses, but they do give a strong assurance that whoever recieves the message is the intended recipient and that emails can't be read passively during their transport across the internet. * Add a password to your GPG key If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password. @@ -65,10 +60,8 @@ gpg --send-keys username@domainname exit #+END_SRC * Mutt email client - -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[./images/mutt.jpeg]] -#+END_CENTER Mutt is a terminal based email client which comes already installed onto the Freedombone. To access it you'll need to access it via ssh with: @@ -202,232 +195,8 @@ By default you won't be able to see any folders which you may have created earli Make sure that "*show only subscribed folders*" is not checked. Then click the *ok* buttons. Folders will be re-scanned, which may take some time depending upon how much email you have, but your folders will then appear. -* K9 Android client -*** A point about GPG on Android -Before trying to set up email on Android you may want to consider whether you really need to do this. Android (and its variants) is not a particularly secure operating system and whether or not you wish to store GPG keys on it depends on your threat model and in what situations you'll be using your device. - -If you are going to use email on an Android device then ensure that you have full encryption enabled via the security settings, so that if you subsequently lose it, or if it gets stolen, the chances of encryption keys being exposed are minimised. -*** Compiling the development version -To get K9 working with Freedombone you'll need to install development versions of OpenKeychain and K9. At the time of writing the versions available in F-Droid do not support PGP/MIME or the "hidden recipient" feature of GPG. It is hoped that at some stage the patches will be integrated into the mainline or functionally equivalent changes made. Admittedly, this is not at all user friendly, but currently it's the only way to read Freedombone email on Android systems. - -Build script for OpenKeychain: - -#+BEGIN_SRC bash -mkdir ~/develop -cd ~/develop -git clone https://github.com/bashrc/open-keychain -cd open-keychain -git checkout origin/bashrc/hidden-recipient-minimal -git checkout -b bashrc/hidden-recipient-minimal -cd tools -nano build.sh -#+END_SRC - -Then add the following: - -#+BEGIN_SRC bash -#!/bin/bash - -# This script is intended to be used on Debian systems for building -# the project. It has been tested with Debian 8 - -USERNAME=$USER -SIGNING_NAME='openkeychain' -SDK_VERSION='r23.3.4' -SDK_DIR=$HOME/android-sdk - -cd .. - -PROJECT_HOME=$(pwd) - -sudo apt-get install build-essential default-jdk \ - lib32stdc++6 lib32z1 lib32z1-dev - -if [ ! -d $SDK_DIR ]; then - mkdir -p $SDK_DIR -fi -cd $SDK_DIR - -# download the SDK -if [[ ! -f $SDK_DIR/android-sdk_$SDK_VERSION-linux.tgz ]]; then - wget https://dl.google.com/android/android-sdk_$SDK_VERSION-linux.tgz -fi -tar -xzvf android-sdk_$SDK_VERSION-linux.tgz -SDK_DIR=$SDK_DIR/android-sdk-linux - -echo 'Check that you have the SDK tools installed for Android 22, SDK 21.1.2' - -export ANDROID_HOME=$SDK_DIR -echo "sdk.dir=$SDK_DIR" > $ANDROID_HOME/local.properties -export PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools - -cd $SDK_DIR/tools -./android sdk - -if [ ! -f $SDK_DIR/tools/android ]; then - echo "$SDK_DIR/tools/android not found" - exit -1 -fi -cd $SDK_DIR -chmod -R 0755 $SDK_DIR -chmod a+rx $SDK_DIR/tools - -# android sdk -cd $PROJECT_HOME -git submodule init && git submodule update - -if [ ! -f $SDK_DIR/tools/templates/gradle/wrapper/gradlew ]; then - echo "$SDK_DIR/tools/templates/gradle/wrapper/gradlew not found" - exit -2 -fi -. $PROJECT_HOME/gradlew assembleDebug - -# cleaning up -cd $PROJECT_HOME/OpenKeychain/build/outputs/apk -if [ ! -f OpenKeychain-debug.apk ]; then - echo 'OpenKeychain-debug.apk was not found' - exit -3 -fi - -echo 'Build script ended successfully' -echo -n 'apk is available at: ' -echo "$PROJECT_HOME/OpenKeychain/build/outputs/apk/OpenKeychain-debug.apk" -exit 0 -#+END_SRC - -Save and exit with *CTRL-o*, *CTRL-x*. - -#+BEGIN_SRC bash -chmod +x build.sh -./build.sh -#+END_SRC - -Build script for K9: - -#+BEGIN_SRC bash -cd ~/develop -git clone https://github.com/k9mail/k-9 -cd k-9 -cd tools -nano build.sh -#+END_SRC - -Then add the following: - -#+BEGIN_SRC bash -#!/bin/bash - -# This script is intended to be used on Debian systems for building -# the project. It has been tested with Debian 8 - -USERNAME=$USER -SIGNING_NAME='k-9' -SDK_VERSION='r24.3.3' -SDK_DIR=$HOME/android-sdk - -cd .. - -PROJECT_HOME=$(pwd) - -sudo apt-get install build-essential default-jdk \ - lib32stdc++6 lib32z1 lib32z1-dev - -if [ ! -d $SDK_DIR ]; then - mkdir -p $SDK_DIR -fi -cd $SDK_DIR - -# download the SDK -if [ ! -f $SDK_DIR/android-sdk_$SDK_VERSION-linux.tgz ]; then - wget https://dl.google.com/android/android-sdk_$SDK_VERSION-linux.tgz - tar -xzvf android-sdk_$SDK_VERSION-linux.tgz -fi -SDK_DIR=$SDK_DIR/android-sdk-linux - -echo 'Check that you have the SDK tools installed for Android 17, SDK 19.1' -if [ ! -f $SDK_DIR/tools/android ]; then - echo "$SDK_DIR/tools/android not found" - exit -1 -fi -cd $SDK_DIR -chmod -R 0755 $SDK_DIR -chmod a+rx $SDK_DIR/tools - -ANDROID_HOME=$SDK_DIR -echo "sdk.dir=$SDK_DIR" > $ANDROID_HOME/local.properties -PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools - -android sdk -cd $PROJECT_HOME - -if [ ! -f $SDK_DIR/tools/templates/gradle/wrapper/gradlew ]; then - echo "$SDK_DIR/tools/templates/gradle/wrapper/gradlew not found" - exit -2 -fi -. $PROJECT_HOME/gradlew assembleDebug - -# cleaning up -cd $PROJECT_HOME/k9mail/build/outputs/apk -if [ ! -f k9mail-debug.apk ]; then - echo 'k9mail-debug.apk was not found' - exit -3 -fi -echo 'Build script ended successfully' -echo -n 'apk is available at: ' -echo "$PROJECT_HOME/k9mail/build/outputs/apk/k9mail-debug.apk" -exit 0 -#+END_SRC - -Save and exit with *CTRL-o*, *CTRL-x*. - -#+BEGIN_SRC bash -chmod +x build.sh -./build.sh -#+END_SRC - -*** Import your GPG key into OpenKeychain -With your device connected to a laptop via USB cable and with USB debugging enabled on it: - -#+BEGIN_SRC bash -ssh username@domainname -p 2222 -gpg --list-keys username@domainname -gpg --output ~/public_key.gpg --armor --export KEY_ID -gpg --output ~/private_key.gpg --armor --export-secret-key KEY_ID -cat ~/public_key.gpg ~/private_key.gpg > ~/mygpgkey.asc -exit -scp -P 2222 username@domainname:/home/username/mygpgkey.asc ~/ -sudo apt-get install android-tools-adb -push ~/mygpgkey.asc /sdcard/ -shred -zu ~/mygpgkey.asc -#+END_SRC - -Then on your device select OpenKeychain and import your key from file. -*** Incoming server settings - * Select settings/account settings - * Select Fetching mail/incoming server - * Enter your username and password - * IMAP server should be your domain name - * Security: SSL/TLS (always) - * Authentication: Plain - * Port: 993 -*** Outgoing (SMTP) server settings - * Select settings/account settings - * Select Sending mail/outgoing server - * Set SMTP server to your domain name - * Set Security to SSL/TLS (always) - * Set port to 465 - * Set authentication to PLAIN - * Enter your username and password - * Accept the SSL certificate -*** Crypto settings -Select *settings*, *Account settings*, *OpenKeychain* and then select your key and press *Allow*. You should now be able to decrypt emails by entering your GPG passphrase. - -You may also want to change the amount of time for which passwords are remembered, so that you don't need to enter your passphrase very often. -*** Folders -To view any new folders which you may have created using the /mailinglistrule/ script from your inbox press the *K9 icon* at the top left to access folders, then press the *menu button* and select *refresh folder list*. - -If your folder still doesn't show up then press the *menu button*, select *show folders* and select *all folders*. - +* Android apps +Mobile devices have a reputation for being quite insecure, so it's recommended that you don't store emails or GPG keys on your phone. Instead [[./app_mailpile.html][install Mailpile]] and access your email via the webmail interface. * Subscribing to mailing lists To subscribe to a mailing list log in as your user (i.e. not the root user). @@ -452,19 +221,13 @@ ssh username@domainname -p 2222 #+END_SRC Select /Administrator controls/ then *Email filtering rules* then *Block/Unblock and email address* or *Block/Unblock email with subject line*. Also see the manpage for *freedombone-ignore*. -* Your own mailing list -If you want to set up a public mailing list then when installing the system remember to set the *PUBLIC_MAILING_LIST* variable within *freedombone.cfg* to the name of your list. The name should have no spaces in it. Public mailing lists are unencrypted so anyone will be able to read the contents, including non subscribers. +* Using onion email addresses +By default this system comes with the ability to send and receive emails using onion addresses as the domain name. On the *user control panel* if you select *Show your email address* then you should find one ending with /dot onion/. You will also see a QR code for that address, which provides a simple way to transfer it to a mobile phone if necessary. -To subscribe to your list send a cleartext email to: +If you want to give your onion email address to someone else securely then you can use the QR code to transfer it to a phone and copy and paste the address into an encrypted chat app, such as Conversations. Of course they will probably also need to be running Freedombone or some system capable of handling onion email addresses. -#+BEGIN_SRC bash -mymailinglistname+subscribe@domainname -#+END_SRC +When sending email from an onion address it's not strictly necessary to use GPG/PGP. Tor handles the transport security by itself. You can still use it though if you prefer to have an extra layer of message security. You can also still use onion email addresses even if your ISP blocks the typical email ports (25 and 465). -Tip: When using the Mutt email client if you want to send an email in cleartext then press *p* (for PGP) on the sending screen and select *clear*. Unsecure email is treated as being the exception rather than the default. - -#+BEGIN_EXPORT html -
-Return to the home page -
-#+END_EXPORT +If you don't make your onion email address public then it should be fairly resisent to spam, since spammers won't be able to randomly guess onion addresses (there are far too many), whereas it's a lot easier for them to do that with conventional domain names. +* Using I2P for email transport +For the most paranoid use cases it is also possible to use I2P as an email transport mechanism. This will of course require the people you're communicating with to have a similar setup in place. For details see the [[./app_bdsmail.html][bdsmail app]]. An advantage of this is that it's very unlikely that your email will get blocked. The disadvantage is that few others will be capable of receiving email this way, and it's only really usable via the Mutt email client. diff --git a/doc/EN/users.org b/doc/EN/users.org new file mode 100644 index 00000000..611adebc --- /dev/null +++ b/doc/EN/users.org @@ -0,0 +1,24 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone, debian, beaglebone, users +#+DESCRIPTION: Adding or removing users +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+attr_html: :width 80% :height 10% :align center +[[file:images/logo.png]] + +Log into the system with: + +#+BEGIN_SRC bash +ssh username@domainname -p 2222 +#+END_SRC + +Select *Administrator controls* then *User Management*. + +#+attr_html: :width 80% :align center +[[file:images/controlpanel/control_panel_manage_users.jpg]] + +#+attr_html: :width 10% :height 2% :align center +[[file:fdl-1.3.txt][file:images/gfdl.png]] diff --git a/doc/EN/variants.org b/doc/EN/variants.org deleted file mode 100644 index a2bab6ab..00000000 --- a/doc/EN/variants.org +++ /dev/null @@ -1,50 +0,0 @@ -#+TITLE: -#+AUTHOR: Bob Mottram -#+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server -#+OPTIONS: ^:nil toc:nil -#+HTML_HEAD: - -#+BEGIN_CENTER -[[file:images/logo.png]] -#+END_CENTER - -#+BEGIN_EXPORT html -
-

Variants

-
-#+END_EXPORT - -Freedombone may be installed either in its entirety or as different variants with a more specialised purpose. So for example if you just want to run a blog but don't care about any other services then you can do that. The following variants are available: - -#+BEGIN_EXPORT html -
- - - - - - - - - - - - - - - - - -
Mailbox
An email server with GPG encryption
Cloud
Sync and share files. Never lose important files again
Social
Social networking with Hubzilla and GNU Social
Media
Runs media services such as DLNA to play music or videos on your devices
Writer
Host your blog and wiki
Chat
Encrypted IRC, XMPP, Tox and VoIP services for one-to-one and many-to-many chat
Developer
Github-like system to host your software projects
Mesh
A wireless mesh network which is like the internet, but not the internet
-
-#+END_EXPORT - -Non-mesh installs also come with an RSS reader which provides strong reading privacy on desktop and mobile via the use of a Tor onion service. - -#+BEGIN_EXPORT html -
-Return to the home page -
-#+END_EXPORT diff --git a/image_build/prosody-0.10-1nightly382.tar.gz b/image_build/prosody-0.10-1nightly382.tar.gz deleted file mode 100644 index 3d5b5426..00000000 Binary files a/image_build/prosody-0.10-1nightly382.tar.gz and /dev/null differ diff --git a/image_build/prosody-0.10-1nightly410.tar.gz b/image_build/prosody-0.10-1nightly410.tar.gz deleted file mode 100644 index 267e0534..00000000 Binary files a/image_build/prosody-0.10-1nightly410.tar.gz and /dev/null differ diff --git a/image_build/prosody-0.10-1nightly468.tar.gz b/image_build/prosody-0.10-1nightly468.tar.gz new file mode 100644 index 00000000..9b96be66 Binary files /dev/null and b/image_build/prosody-0.10-1nightly468.tar.gz differ diff --git a/image_build/prosody-modules-20180104.tar.gz b/image_build/prosody-modules-20180104.tar.gz deleted file mode 100644 index 3e68cb83..00000000 Binary files a/image_build/prosody-modules-20180104.tar.gz and /dev/null differ diff --git a/image_build/prosody-modules-20180322.tar.gz b/image_build/prosody-modules-20180322.tar.gz new file mode 100644 index 00000000..08089bd7 Binary files /dev/null and b/image_build/prosody-modules-20180322.tar.gz differ diff --git a/img/backgrounds/freedombone_mesh_amnesic_background.png b/img/backgrounds/freedombone_mesh_amnesic_background.png index 561dc7b8..189e5788 100644 Binary files a/img/backgrounds/freedombone_mesh_amnesic_background.png and b/img/backgrounds/freedombone_mesh_amnesic_background.png differ diff --git a/img/backgrounds/freedombone_mesh_initial_background.png b/img/backgrounds/freedombone_mesh_initial_background.png index 6c7fa9b8..ad60df8f 100644 Binary files a/img/backgrounds/freedombone_mesh_initial_background.png and b/img/backgrounds/freedombone_mesh_initial_background.png differ diff --git a/img/bbb3.png b/img/bbb3.png index 4b3132bf..9158429a 100644 Binary files a/img/bbb3.png and b/img/bbb3.png differ diff --git a/img/bios_boot_usb.jpg b/img/bios_boot_usb.jpg new file mode 100644 index 00000000..878a243a Binary files /dev/null and b/img/bios_boot_usb.jpg differ diff --git a/img/controlpanel/control_panel.jpg b/img/controlpanel/control_panel.jpg index 99858df1..602ba789 100644 Binary files a/img/controlpanel/control_panel.jpg and b/img/controlpanel/control_panel.jpg differ diff --git a/img/gfdl.png b/img/gfdl.png new file mode 100644 index 00000000..6afde841 Binary files /dev/null and b/img/gfdl.png differ diff --git a/img/laptop_router.jpg b/img/laptop_router.jpg new file mode 100644 index 00000000..86a622c2 Binary files /dev/null and b/img/laptop_router.jpg differ diff --git a/img/logo.png b/img/logo.png index add0f352..3611698c 100644 Binary files a/img/logo.png and b/img/logo.png differ diff --git a/img/logo_prev.png b/img/logo_prev.png new file mode 100644 index 00000000..add0f352 Binary files /dev/null and b/img/logo_prev.png differ diff --git a/img/mesh_initial_login.jpg b/img/mesh_initial_login.jpg index 8ecfaace..c414a4a0 100644 Binary files a/img/mesh_initial_login.jpg and b/img/mesh_initial_login.jpg differ diff --git a/img/onion.png b/img/onion.png new file mode 100644 index 00000000..dd239f5f Binary files /dev/null and b/img/onion.png differ diff --git a/img/peertube.jpg b/img/peertube.jpg index ea25f89a..a4f4d28a 100644 Binary files a/img/peertube.jpg and b/img/peertube.jpg differ diff --git a/img/pleroma_register.jpg b/img/pleroma_register.jpg new file mode 100644 index 00000000..cdfb7752 Binary files /dev/null and b/img/pleroma_register.jpg differ diff --git a/img/port_forwarding.png b/img/port_forwarding.png new file mode 100644 index 00000000..9e16cf00 Binary files /dev/null and b/img/port_forwarding.png differ diff --git a/img/tusky.jpg b/img/tusky.jpg new file mode 100644 index 00000000..114bc2b7 Binary files /dev/null and b/img/tusky.jpg differ diff --git a/man/freedombone-image.1.gz b/man/freedombone-image.1.gz index 5b33ddc4..008c1afa 100644 Binary files a/man/freedombone-image.1.gz and b/man/freedombone-image.1.gz differ diff --git a/man/freedombone-template.1.gz b/man/freedombone-template.1.gz index e6fd942c..8a2f18f5 100644 Binary files a/man/freedombone-template.1.gz and b/man/freedombone-template.1.gz differ diff --git a/src/freedombone b/src/freedombone index 0549bcf4..f72f075e 100755 --- a/src/freedombone +++ b/src/freedombone @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # This install script is intended for use with Debian Jessie # @@ -77,6 +75,12 @@ if [[ "$command_options" == "menuconfig-postactiv" ]]; then SOCIALINSTANCE='postactiv' fi +if [[ "$command_options" == "menuconfig-pleroma" ]]; then + MINIMAL_INSTALL="yes" + ONION_ONLY="no" + SOCIALINSTANCE='pleroma' +fi + if [ ! "$CONFIGURATION_FILE" ]; then CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg" fi diff --git a/src/freedombone-addcert b/src/freedombone-addcert index 7f23c0c7..dfdee144 100755 --- a/src/freedombone-addcert +++ b/src/freedombone-addcert @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # Create self-signed or Let's Encrypt certificates on Debian diff --git a/src/freedombone-addemail b/src/freedombone-addemail index bf2926a2..4c78962f 100755 --- a/src/freedombone-addemail +++ b/src/freedombone-addemail @@ -1,13 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud -# +# Freedom in the Cloud # Adds an email address rule to the email configuration diff --git a/src/freedombone-addlist b/src/freedombone-addlist index d76d4cd0..a58b6604 100755 --- a/src/freedombone-addlist +++ b/src/freedombone-addlist @@ -1,13 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud -# +# Freedom in the Cloud # Adds a mailing list to the email configuration diff --git a/src/freedombone-addremove b/src/freedombone-addremove index 6f0845b2..d42c3796 100755 --- a/src/freedombone-addremove +++ b/src/freedombone-addremove @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # Add or remove apps # diff --git a/src/freedombone-adduser b/src/freedombone-adduser index be350333..a6e7facb 100755 --- a/src/freedombone-adduser +++ b/src/freedombone-adduser @@ -1,13 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud -# +# Freedom in the Cloud # Adds an user to the system @@ -237,6 +234,7 @@ fi # add user menu on ssh login if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then + echo 'export PS1="\W \$"' >> "/home/$ADD_USERNAME/.bashrc" echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc" fi diff --git a/src/freedombone-app-akaunting b/src/freedombone-app-akaunting index b6a8d7c8..8d00a591 100755 --- a/src/freedombone-app-akaunting +++ b/src/freedombone-app-akaunting @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # Personal or small business accounts # @@ -54,7 +52,7 @@ function akaunting_remove_bad_links { # copy jquery locally jquery_version='1.12.4' if [ ! -f jquery-${jquery_version}.js ]; then - cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3276324 + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 3276324 wget https://code.jquery.com/jquery-${jquery_version}.js jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}') if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then diff --git a/src/freedombone-app-batman b/src/freedombone-app-batman index 22c64170..e4c55a21 100755 --- a/src/freedombone-app-batman +++ b/src/freedombone-app-batman @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # batman adv mesh functions # diff --git a/src/freedombone-app-bdsmail b/src/freedombone-app-bdsmail index 6aa179b8..d587c3ec 100755 --- a/src/freedombone-app-bdsmail +++ b/src/freedombone-app-bdsmail @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # Brain Dead Simple Mail Server for i2p # diff --git a/src/freedombone-app-bludit b/src/freedombone-app-bludit new file mode 100755 index 00000000..ccbd50bf --- /dev/null +++ b/src/freedombone-app-bludit @@ -0,0 +1,336 @@ +#!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| +# +# Freedom in the Cloud +# +# License +# ======= +# +# Copyright (C) 2018 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +VARIANTS='full full-vim' + +IN_DEFAULT_INSTALL=0 +SHOW_ON_ABOUT=1 + +BLUDIT_DOMAIN_NAME= +BLUDIT_CODE= +BLUDIT_ONION_PORT=9844 +BLUDIT_REPO="https://github.com/bludit/bludit" +BLUDIT_COMMIT='0e27e31a84421b3e6bd000a77bc89c2dff3c446a' + +bludit_variables=(ONION_ONLY + BLUDIT_DOMAIN_NAME + BLUDIT_CODE + DDNS_PROVIDER + MY_USERNAME) + +function logging_on_bludit { + echo -n '' +} + +function logging_off_bludit { + echo -n '' +} + +function remove_user_bludit { + remove_username="$1" + + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp bludit +} + +function add_user_bludit { + new_username="$1" + new_user_password="$2" + + "${PROJECT_NAME}-pass" -u "$new_username" -a bludit -p "$new_user_password" + echo '0' +} + +function install_interactive_bludit { + if [ ! "$ONION_ONLY" ]; then + ONION_ONLY='no' + fi + + if [[ "$ONION_ONLY" != "no" ]]; then + BLUDIT_DOMAIN_NAME='bludit.local' + write_config_param "BLUDIT_DOMAIN_NAME" "$BLUDIT_DOMAIN_NAME" + else + interactive_site_details "bludit" "BLUDIT_DOMAIN_NAME" "BLUDIT_CODE" + fi + APP_INSTALLED=1 +} + +function change_password_bludit { + curr_username="$1" + new_user_password="$2" + + read_config_param 'BLUDIT_DOMAIN_NAME' + + "${PROJECT_NAME}-pass" -u "$curr_username" -a bludit -p "$new_user_password" +} + +function reconfigure_bludit { + # This is used if you need to switch identity. Dump old keys and generate new ones + echo -n '' +} + +function upgrade_bludit { + CURR_BLUDIT_COMMIT=$(get_completion_param "bludit commit") + if [[ "$CURR_BLUDIT_COMMIT" == "$BLUDIT_COMMIT" ]]; then + return + fi + + if grep -q "bludit domain" "$COMPLETION_FILE"; then + BLUDIT_DOMAIN_NAME=$(get_completion_param "bludit domain") + fi + + # update to the next commit + set_repo_commit "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" "bludit commit" "$BLUDIT_COMMIT" $BLUDIT_REPO + chown -R www-data:www-data "/var/www/${BLUDIT_DOMAIN_NAME}/htdocs" +} + +function backup_local_bludit { + BLUDIT_DOMAIN_NAME='bludit' + if grep -q "bludit domain" "$COMPLETION_FILE"; then + BLUDIT_DOMAIN_NAME=$(get_completion_param "bludit domain") + fi + + source_directory=/var/www/${BLUDIT_DOMAIN_NAME}/htdocs + + suspend_site "${BLUDIT_DOMAIN_NAME}" + + dest_directory=bludit + backup_directory_to_usb "$source_directory" $dest_directory + + restart_site +} + +function restore_local_bludit { + if ! grep -q "bludit domain" "$COMPLETION_FILE"; then + return + fi + BLUDIT_DOMAIN_NAME=$(get_completion_param "bludit domain") + if [ "$BLUDIT_DOMAIN_NAME" ]; then + temp_restore_dir=/root/tempbludit + bludit_dir=/var/www/${BLUDIT_DOMAIN_NAME}/htdocs + + restore_directory_from_usb $temp_restore_dir bludit + if [ -d $temp_restore_dir ]; then + if [ -d "$temp_restore_dir$bludit_dir" ]; then + cp -rp "$temp_restore_dir$bludit_dir"/* "$bludit_dir"/ + else + if [ ! -d "$bludit_dir" ]; then + mkdir "$bludit_dir" + fi + cp -rp "$temp_restore_dir"/* "$bludit_dir"/ + fi + chown -R www-data:www-data "$bludit_dir" + rm -rf $temp_restore_dir + fi + + fi +} + +function backup_remote_bludit { + BLUDIT_DOMAIN_NAME='bludit' + if grep -q "bludit domain" "$COMPLETION_FILE"; then + BLUDIT_DOMAIN_NAME=$(get_completion_param "bludit domain") + fi + + source_directory=/var/www/${BLUDIT_DOMAIN_NAME}/htdocs + + suspend_site "${BLUDIT_DOMAIN_NAME}" + + dest_directory=bludit + backup_directory_to_friend "$source_directory" $dest_directory + + restart_site +} + +function restore_remote_bludit { + if ! grep -q "bludit domain" "$COMPLETION_FILE"; then + return + fi + BLUDIT_DOMAIN_NAME=$(get_completion_param "bludit domain") + if [ "$BLUDIT_DOMAIN_NAME" ]; then + temp_restore_dir=/root/tempbludit + bludit_dir=/var/www/${BLUDIT_DOMAIN_NAME}/htdocs + + restore_directory_from_friend $temp_restore_dir bludit + if [ -d $temp_restore_dir ]; then + if [ -d "$temp_restore_dir$bludit_dir" ]; then + cp -rp "$temp_restore_dir$bludit_dir"/* "$bludit_dir"/ + else + if [ ! -d "$bludit_dir" ]; then + mkdir "$bludit_dir" + fi + cp -rp $temp_restore_dir/* "$bludit_dir"/ + fi + chown -R www-data:www-data "$bludit_dir" + rm -rf $temp_restore_dir + fi + + fi +} + +function remove_bludit { + nginx_dissite "$BLUDIT_DOMAIN_NAME" + remove_certs "$BLUDIT_DOMAIN_NAME" + + + if [ -d "/var/www/$BLUDIT_DOMAIN_NAME" ]; then + rm -rf "/var/www/$BLUDIT_DOMAIN_NAME" + fi + if [ -f "/etc/nginx/sites-available/$BLUDIT_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$BLUDIT_DOMAIN_NAME" + fi + remove_onion_service bludit ${BLUDIT_ONION_PORT} + if grep -q "bludit" /etc/crontab; then + sed -i "/bludit/d" /etc/crontab + fi + remove_app bludit + remove_completion_param install_bludit + sed -i '/bludit/d' "$COMPLETION_FILE" + + remove_ddns_domain "$BLUDIT_DOMAIN_NAME" +} + +function install_bludit { + apt-get -yq install php-gettext php-curl php-gd php-mysql git curl + apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl + + if [ ! "$BLUDIT_DOMAIN_NAME" ]; then + echo $'No domain name was given' + exit 3568356 + fi + + if [ -d "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" ]; then + rm -rf "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" + fi + if [ -d /repos/bludit ]; then + mkdir "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" + cp -r -p /repos/bludit/. "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" + cd "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" || exit 324687356 + git pull + else + git_clone $BLUDIT_REPO "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" + fi + + if [ ! -d "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" ]; then + echo $'Unable to clone bludit repo' + exit 87525 + fi + + cd "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" || exit 36587356 + git checkout $BLUDIT_COMMIT -b $BLUDIT_COMMIT + set_completion_param "bludit commit" "$BLUDIT_COMMIT" + + chmod g+w "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" + chown -R www-data:www-data "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" + + add_ddns_domain "$BLUDIT_DOMAIN_NAME" + + BLUDIT_ONION_HOSTNAME=$(add_onion_service bludit 80 ${BLUDIT_ONION_PORT}) + + bludit_nginx_site=/etc/nginx/sites-available/$BLUDIT_DOMAIN_NAME + if [[ "$ONION_ONLY" == "no" ]]; then + nginx_http_redirect "$BLUDIT_DOMAIN_NAME" "index index.php" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $BLUDIT_DOMAIN_NAME;"; + echo ''; } >> "$bludit_nginx_site" + nginx_compress "$BLUDIT_DOMAIN_NAME" + echo '' >> "$bludit_nginx_site" + echo ' # Security' >> "$bludit_nginx_site" + nginx_ssl "$BLUDIT_DOMAIN_NAME" + + nginx_security_options "$BLUDIT_DOMAIN_NAME" + + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$BLUDIT_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$bludit_nginx_site" + nginx_limits "$BLUDIT_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ /index.php?\$args;"; + echo ' }'; + echo '}'; } >> "$bludit_nginx_site" + else + echo -n '' > "$bludit_nginx_site" + fi + { echo 'server {'; + echo " listen 127.0.0.1:$BLUDIT_ONION_PORT default_server;"; + echo " server_name $BLUDIT_ONION_HOSTNAME;"; + echo ''; } >> "$bludit_nginx_site" + nginx_compress "$BLUDIT_DOMAIN_NAME" + echo '' >> "$bludit_nginx_site" + nginx_security_options "$BLUDIT_DOMAIN_NAME" + { echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$BLUDIT_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$bludit_nginx_site" + nginx_limits "$BLUDIT_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ index.php?\$args;"; + echo ' }'; + echo '}'; } >> "$bludit_nginx_site" + + configure_php + + create_site_certificate "$BLUDIT_DOMAIN_NAME" 'yes' + + nginx_ensite "$BLUDIT_DOMAIN_NAME" + + systemctl restart php7.0-fpm + systemctl restart nginx + + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bludit -p "$BLUDIT_ADMIN_PASSWORD" + set_completion_param "bludit domain" "$BLUDIT_DOMAIN_NAME" + + APP_INSTALLED=1 +} + +# NOTE: deliberately there is no "exit 0" diff --git a/src/freedombone-app-cryptpad b/src/freedombone-app-cryptpad index 090bc875..f2cec38c 100755 --- a/src/freedombone-app-cryptpad +++ b/src/freedombone-app-cryptpad @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # cryptpad application # @@ -368,7 +366,7 @@ function mesh_install_cryptpad { cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad { echo 'server {'; - echo " listen 80 default_server;"; + echo ' listen [::]:80 default_server;'; echo " server_name P${PEER_ID}.local;"; echo ''; echo ' # Logs'; @@ -389,7 +387,7 @@ function mesh_install_cryptpad { echo ' }'; echo ''; echo ' location = /cryptpad_websocket {'; - echo " proxy_pass http://localhost:$CRYPTPAD_PORT;"; + echo " proxy_pass http://[::]:$CRYPTPAD_PORT;"; echo " proxy_set_header X-Real-IP \$remote_addr;"; echo " proxy_set_header Host \$host;"; echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; diff --git a/src/freedombone-app-datserver b/src/freedombone-app-datserver new file mode 100755 index 00000000..11d4cb9b --- /dev/null +++ b/src/freedombone-app-datserver @@ -0,0 +1,377 @@ +#!/bin/bash +# +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| +# +# Freedom in the Cloud +# +# The main issue here is bootstrapping. What is running +# on the bootstrap server publicbits.org port 6881 ? +# +# Also it appears that users trying to clone have to +# register an account on datbase.org or another datbase +# server +# +# License +# ======= +# +# Copyright (C) 2018 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +VARIANTS='full full-vim' + +IN_DEFAULT_INSTALL=0 +SHOW_ON_ABOUT=0 + +DATSERVER_DOMAIN_NAME= +DATSERVER_CODE= +DATSERVER_HYPERCORED_VERSION='1.4.1' +DATSERVER_DIRECTORY=/etc/datserver +DATSERVER_PORT=3282 + +# bootstrap servers are specified here +DATSERVER_BOOTSTRAP_FILE=$DATSERVER_DIRECTORY/node_modules/datland-swarm-defaults/index.js + +DATSERVER_DISCOVERY1='discovery1.publicbits.org' +DATSERVER_DISCOVERY2='discovery2.publicbits.org' +DATSERVER_BOOTSTRAP1='bootstrap1.publicbits.org:6881' +DATSERVER_BOOTSTRAP2='bootstrap2.publicbits.org:6881' +DATSERVER_BOOTSTRAP3='bootstrap3.publicbits.org:6881' +DATSERVER_BOOTSTRAP4='bootstrap4.publicbits.org:6881' + +datserver_variables=(MY_USERNAME + DATSERVER_DISCOVERY1 + DATSERVER_DISCOVERY2 + DATSERVER_BOOTSTRAP1 + DATSERVER_BOOTSTRAP2 + DATSERVER_BOOTSTRAP3 + DATSERVER_BOOTSTRAP4) + +function datserver_generate_bootstraps { + { echo "var extend = require('xtend')"; + echo ''; + echo "var DAT_DOMAIN = 'dat.local'"; + echo 'var DEFAULT_DISCOVERY = ['; + echo " '$DATSERVER_DISCOVERY1',"; + echo " '$DATSERVER_DISCOVERY2'"; + echo ']'; + echo 'var DEFAULT_BOOTSTRAP = ['; + echo " '$DATSERVER_BOOTSTRAP1',"; + echo " '$DATSERVER_BOOTSTRAP2',"; + echo " '$DATSERVER_BOOTSTRAP3',"; + echo " '$DATSERVER_BOOTSTRAP4'"; + echo ']'; + echo ''; + echo 'var DEFAULT_OPTS = {'; + echo ' dns: {server: DEFAULT_DISCOVERY, domain: DAT_DOMAIN},'; + echo ' dht: {bootstrap: DEFAULT_BOOTSTRAP}'; + echo '}'; + echo ''; + echo 'module.exports = function (opts) {'; + echo ' return extend(DEFAULT_OPTS, opts) // opts takes priority'; + echo '}'; } > $DATSERVER_BOOTSTRAP_FILE + + chown datserver:datserver $DATSERVER_BOOTSTRAP_FILE +} + +function datserver_configure_bootstraps { + read_config_param DATSERVER_DISCOVERY1 + read_config_param DATSERVER_DISCOVERY2 + + read_config_param DATSERVER_BOOTSTRAP1 + read_config_param DATSERVER_BOOTSTRAP2 + read_config_param DATSERVER_BOOTSTRAP3 + read_config_param DATSERVER_BOOTSTRAP4 + + data=$(mktemp 2>/dev/null) + dialog --backtitle $"Freedombone Control Panel" \ + --title $"dat bootstrap servers" \ + --form $"Specify discovery and bootstrap servers:\\n" 14 68 6 \ + $"Discovery 1:" 1 1 "$DATSERVER_DISCOVERY1" 1 15 50 99 \ + $"Discovery 2:" 2 1 "$DATSERVER_DISCOVERY2" 2 15 50 99 \ + $"Bootstrap 1:" 3 1 "$DATSERVER_BOOTSTRAP1" 3 15 50 99 \ + $"Bootstrap 2:" 4 1 $"$DATSERVER_BOOTSTRAP2" 4 15 50 99 \ + $"Bootstrap 3:" 5 1 $"$DATSERVER_BOOTSTRAP3" 5 15 50 99 \ + $"Bootstrap 4:" 6 1 $"$DATSERVER_BOOTSTRAP4" 6 15 50 99 \ + 2> "$data" + sel=$? + case $sel in + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; + esac + DATSERVER_DISCOVERY1=$(sed -n 1p < "$data") + DATSERVER_DISCOVERY2=$(sed -n 2p < "$data") + DATSERVER_BOOTSTRAP1=$(sed -n 3p < "$data") + DATSERVER_BOOTSTRAP2=$(sed -n 4p < "$data") + DATSERVER_BOOTSTRAP3=$(sed -n 4p < "$data") + DATSERVER_BOOTSTRAP4=$(sed -n 4p < "$data") + rm "$data" + + write_config_param DATSERVER_DISCOVERY1 + write_config_param DATSERVER_DISCOVERY2 + + write_config_param DATSERVER_BOOTSTRAP1 + write_config_param DATSERVER_BOOTSTRAP2 + write_config_param DATSERVER_BOOTSTRAP3 + write_config_param DATSERVER_BOOTSTRAP4 + + datserver_generate_bootstraps + systemctl restart datserver +} + +function logging_on_datserver { + echo -n '' +} + +function logging_off_datserver { + echo -n '' +} + +function remove_user_datserver { + echo -n '' +} + +function add_user_datserver { + echo -n '' + echo '0' +} + +function change_password_datserver { + echo -n '' +} + +function install_interactive_datserver { + echo -n '' + APP_INSTALLED=1 +} + +function reconfigure_datserver { + # This is used if you need to switch identity. Dump old keys and generate new ones + echo -n '' +} + +function datserver_add_dat { + data=$(mktemp 2>/dev/null) + dialog --title $"Add a dat" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"dat link:" 8 70 2>"$data" + sel=$? + case $sel in + 0) + dat_link=$(<"$data") + if [ "$dat_link" ]; then + if [ ${#dat_link} -gt 5 ]; then + if ! grep -q "$dat_link" $DATSERVER_DIRECTORY/feeds; then + echo "$dat_link" >> $DATSERVER_DIRECTORY/feeds + chown -R datserver:datserver $DATSERVER_DIRECTORY/feeds + systemctl restart datserver + fi + fi + fi + ;; + esac + rm -f "$data" +} + +function configure_interactive_datserver { + W=(1 $"Add a dat" + 2 $"Browse or edit feeds" + 3 $"Bootstrap servers") + + while true + do + # shellcheck disable=SC2068 + selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"dat server" --menu $"Choose an operation, or ESC for main menu:" 11 70 4 "${W[@]}" 3>&2 2>&1 1>&3) + + if [ ! "$selection" ]; then + break + fi + case $selection in + 1) datserver_add_dat + ;; + 2) cd $DATSERVER_DIRECTORY || break + editor feeds + chown -R datserver:datserver $DATSERVER_DIRECTORY/feeds + systemctl restart datserver + ;; + 3) datserver_configure_bootstraps + ;; + esac + done +} + +function upgrade_datserver { + CURR_DATSERVER_HYPERCORED_VERSION=$(get_completion_param "datserver hypercored version") + if [[ "$CURR_DATSERVER_HYPERCORED_VERSION" != "$DATSERVER_HYPERCORED_VERSION" ]]; then + cd $DATSERVER_DIRECTORY || exit 254274 + systemctl stop datserver + if npm update hypercored@$DATSERVER_HYPERCORED_VERSION; then + set_completion_param "datserver hypercored version" "$DATSERVER_HYPERCORED_VERSION" + fi + datserver_generate_bootstraps + chown -R datserver:datserver "$DATSERVER_DIRECTORY" + systemctl restart datserver + fi +} + +function backup_local_datserver { + source_directory=$DATSERVER_DIRECTORY + + systemctl stop datserver + + dest_directory=datserver + backup_directory_to_usb "$source_directory" $dest_directory + + systemctl start datserver +} + +function restore_local_datserver { + systemctl stop datserver + + temp_restore_dir=/root/tempdatserver + datserver_dir=$DATSERVER_DIRECTORY + + restore_directory_from_usb $temp_restore_dir datserver + if [ -d $temp_restore_dir ]; then + if [ -d "$temp_restore_dir$datserver_dir" ]; then + cp -rp "$temp_restore_dir$datserver_dir"/* "$datserver_dir"/ + else + if [ ! -d "$datserver_dir" ]; then + mkdir "$datserver_dir" + fi + cp -rp "$temp_restore_dir"/* "$datserver_dir"/ + fi + chown -R datserver:datserver "$datserver_dir" + rm -rf $temp_restore_dir + fi + systemctl start datserver + +} + +function backup_remote_datserver { + source_directory=$DATSERVER_DIRECTORY + systemctl stop datserver + + dest_directory=datserver + backup_directory_to_friend "$source_directory" $dest_directory + + systemctl start datserver +} + +function restore_remote_datserver { + systemctl stop datserver + + temp_restore_dir=/root/tempdatserver + datserver_dir=$DATSERVER_DIRECTORY + + restore_directory_from_friend $temp_restore_dir datserver + if [ -d $temp_restore_dir ]; then + if [ -d "$temp_restore_dir$datserver_dir" ]; then + cp -rp "$temp_restore_dir$datserver_dir"/* "$datserver_dir"/ + else + if [ ! -d "$datserver_dir" ]; then + mkdir "$datserver_dir" + fi + cp -rp $temp_restore_dir/* "$datserver_dir"/ + fi + chown -R datserver:datserver "$datserver_dir" + rm -rf $temp_restore_dir + fi + systemctl start datserver + +} + +function remove_datserver { + if [ -f /etc/systemd/system/datserver.service ]; then + systemctl stop datserver + systemctl disable datserver + rm /etc/systemd/system/datserver.service + fi + userdel -r datserver + + remove_nodejs datserver + + if [ -d $DATSERVER_DIRECTORY ]; then + rm -rf $DATSERVER_DIRECTORY + fi + + remove_app datserver + remove_completion_param install_datserver + sed -i '/datserver/d' "$COMPLETION_FILE" + firewall_remove $DATSERVER_PORT +} + +function install_datserver { + apt-get -yq install wget + + install_nodejs datserver + + if [ -d $DATSERVER_DIRECTORY ]; then + rm -rf $DATSERVER_DIRECTORY + fi + mkdir $DATSERVER_DIRECTORY + cd $DATSERVER_DIRECTORY || exit 3658356 + + if ! npm install hypercored@$DATSERVER_HYPERCORED_VERSION; then + echo $'hypercored was not installed' + exit 4635439 + fi + + if ! npm install lil-pids@2.6.1; then + echo $'lil-pids was not installed' + exit 36483463 + fi + + echo "$DATSERVER_DIRECTORY/node_modules/.bin/hypercored --cwd $DATSERVER_DIRECTORY" > $DATSERVER_DIRECTORY/services + + set_completion_param "datserver hypercored version" "$DATSERVER_HYPERCORED_VERSION" + + adduser --system --home="$DATSERVER_DIRECTORY" --group datserver + if [ ! -d $DATSERVER_DIRECTORY ]; then + echo $'dat directory was not created' + exit 9568356 + fi + + datserver_generate_bootstraps + + chown -R datserver:datserver "$DATSERVER_DIRECTORY" + + firewall_add datserver $DATSERVER_PORT + + { echo '[Unit]'; + echo 'After=syslog.target network.target remote-fs.target nss-lookup.target'; + echo ''; + echo '[Service]'; + echo 'User=datserver'; + echo 'Group=datserver'; + echo "ExecStart=$DATSERVER_DIRECTORY/node_modules/.bin/lil-pids $DATSERVER_DIRECTORY/services $DATSERVER_DIRECTORY/pids"; + echo 'Restart=always'; + echo "WorkingDirectory=$DATSERVER_DIRECTORY"; + echo 'StandardError=syslog'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/datserver.service + + systemctl enable datserver + systemctl start datserver + + APP_INSTALLED=1 +} + +# NOTE: deliberately there is no "exit 0" diff --git a/src/freedombone-app-dlna b/src/freedombone-app-dlna index c3218fd5..a2366390 100755 --- a/src/freedombone-app-dlna +++ b/src/freedombone-app-dlna @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # DLNA application # @@ -47,29 +45,22 @@ function logging_off_dlna { } function configure_interactive_dlna { + W=(1 $"Attach a drive containing playable media" + 2 $"Remove a drive containing playable media") + while true do - data=$(mktemp 2>/dev/null) - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Media Menu" \ - --radiolist $"Choose an operation:" 13 70 3 \ - 1 $"Attach a drive containing playable media" off \ - 2 $"Remove a drive containing playable media" off \ - 3 $"Exit" on 2> "$data" - sel=$? - case $sel in - 1) rm -f "$data" - break;; - 255) rm -f "$data" - break;; - esac - case $(cat "$data") in + # shellcheck disable=SC2068 + selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Media Menu" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3) + + if [ ! "$selection" ]; then + break + fi + + case $selection in 1) attach-music;; 2) remove-music;; - 3) rm -f "$data" - break;; esac - rm -f "$data" done } diff --git a/src/freedombone-app-dokuwiki b/src/freedombone-app-dokuwiki index d0abd68a..b92ef3bb 100755 --- a/src/freedombone-app-dokuwiki +++ b/src/freedombone-app-dokuwiki @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # Dokuwiki application # diff --git a/src/freedombone-app-edith b/src/freedombone-app-edith index 29590dc1..a399d660 100755 --- a/src/freedombone-app-edith +++ b/src/freedombone-app-edith @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # Edith: an ultra simple notes application # @@ -131,29 +129,22 @@ function edith_browse { } function configure_interactive_edith { + W=(1 $"Enable login" + 2 $"Browse notes") + while true do - data=$(mktemp 2>/dev/null) - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Edith" \ - --radiolist $"Choose an operation:" 10 50 3 \ - 1 $"Enable login" off \ - 2 $"Browse notes" off \ - 3 $"Exit" on 2> "$data" - sel=$? - case $sel in - 1) rm -f "$data" - break;; - 255) rm -f "$data" - break;; - esac - case $(cat "$data") in + # shellcheck disable=SC2068 + selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Edith" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3) + + if [ ! "$selection" ]; then + break + fi + + case $selection in 1) edith_enable_login;; 2) edith_browse;; - 3) rm -f "$data" - break;; esac - rm -f "$data" done } @@ -460,7 +451,7 @@ function install_interactive_edith { fi if [[ "$ONION_ONLY" != "no" ]]; then - GHOST_DOMAIN_NAME='edith.local' + EDITH_DOMAIN_NAME='edith.local' write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME" else function_check interactive_site_details diff --git a/src/freedombone-app-emacs b/src/freedombone-app-emacs index f3418378..cdd54103 100755 --- a/src/freedombone-app-emacs +++ b/src/freedombone-app-emacs @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # Emacs application # diff --git a/src/freedombone-app-etherpad b/src/freedombone-app-etherpad index 3502e507..807c8f79 100755 --- a/src/freedombone-app-etherpad +++ b/src/freedombone-app-etherpad @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # Etherpad app # @@ -269,29 +267,22 @@ function etherpad_set_welcome_message { } function configure_interactive_etherpad { + W=(1 $"Set Title" + 2 $"Set a welcome message") + while true do - data=$(mktemp 2>/dev/null) - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Etherpad Settings" \ - --radiolist $"Choose an operation:" 12 70 3 \ - 1 $"Set Title" off \ - 2 $"Set a welcome message" off \ - 3 $"Exit" on 2> "$data" - sel=$? - case $sel in - 1) rm -f "$data" - return;; - 255) rm -f "$data" - return;; - esac - case $(cat "$data") in + # shellcheck disable=SC2068 + selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Etherpad" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3) + + if [ ! "$selection" ]; then + break + fi + + case $selection in 1) etherpad_set_title;; 2) etherpad_set_welcome_message;; - 3) rm -f "$data" - break;; esac - rm -f "$data" done } diff --git a/src/freedombone-app-fedwiki b/src/freedombone-app-fedwiki index 3dd45819..da0f5fbb 100755 --- a/src/freedombone-app-fedwiki +++ b/src/freedombone-app-fedwiki @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # Federated wiki # @@ -55,50 +53,50 @@ fedwiki_variables=(FEDWIKI_DOMAIN_NAME function fedwiki_remove_bad_links { if [[ $ONION_ONLY == 'no' ]]; then - sed -i "s|link[href='https://maxcdn.bootstrapcdn.com.*|link[href='https://${FEDWIKI_DOMAIN_NAME}/fonts-font-awesome/css/font-awesome.min.css']\").length) {|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js + sed -i "s|link\\[href='https://maxcdn.bootstrapcdn.com.*|link\\[href='https://${FEDWIKI_DOMAIN_NAME}/fonts-font-awesome/css/font-awesome.min.css']\").length) {|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js - sed -i "s|\$('').appendTo(\"head\");|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js + sed -i "s|\$('').appendTo(\"head\");|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js else FEDWIKI_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_fedwiki/hostname) - sed -i "s|link[href='https://maxcdn.bootstrapcdn.com.*|link[href='http://${FEDWIKI_ONION_HOSTNAME}/fonts-font-awesome/css/font-awesome.min.css']\").length) {|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js + sed -i "s|link\\[href='https://maxcdn.bootstrapcdn.com.*|link\\[href='http://${FEDWIKI_ONION_HOSTNAME}/fonts-font-awesome/css/font-awesome.min.css']\").length) {|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js - sed -i "s|\$('').appendTo(\"head\");|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js + sed -i "s|\$('').appendTo(\"head\");|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js fi - if [ -f /usr/local/lib/node_modules/wiki/node_modules/localforage/docs/theme/style.css ]; then - sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/localforage/docs/theme/style.css + if [ -f /var/lib/wiki/node_modules/localforage/docs/theme/style.css ]; then + sed -i '/googleapi/d' /var/lib/wiki/node_modules/localforage/docs/theme/style.css fi - if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html ]; then - sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html + if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html ]; then + sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html fi - if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/done.html ]; then - sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/done.html + if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/done.html ]; then + sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/done.html fi - if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html ]; then - sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html + if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html ]; then + sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html fi - if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html ]; then - sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html + if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html ]; then + sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html fi - if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-google-oauth20 ]; then - rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-google-oauth20 + if [ -d /var/lib/wiki/node_modules/passport-google-oauth20 ]; then + rm -rf /var/lib/wiki/node_modules/passport-google-oauth20 fi - if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-oauth2 ]; then - rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-oauth2 + if [ -d /var/lib/wiki/node_modules/passport-oauth2 ]; then + rm -rf /var/lib/wiki/node_modules/passport-oauth2 fi - if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-twitter ]; then - rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-twitter + if [ -d /var/lib/wiki/node_modules/passport-twitter ]; then + rm -rf /var/lib/wiki/node_modules/passport-twitter fi - if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-github ]; then - rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-github + if [ -d /var/lib/wiki/node_modules/passport-github ]; then + rm -rf /var/lib/wiki/node_modules/passport-github fi } @@ -168,7 +166,13 @@ function upgrade_fedwiki { systemctl stop fedwiki npm upgrade -g wiki@$FEDWIKI_VERSION + + cp -r /root/.npm-global/lib/node_modules/wiki/* /var/lib/wiki/ + cp /root/.npm-global/bin/wiki /var/lib/wiki/wiki + chown -R fedwiki:fedwiki /var/lib/wiki + fedwiki_remove_bad_links + chown -R fedwiki:fedwiki $FEDWIKI_DATA systemctl start fedwiki @@ -302,6 +306,9 @@ function remove_fedwiki { if [ -d "/var/www/$FEDWIKI_DOMAIN_NAME" ]; then rm -rf "/var/www/$FEDWIKI_DOMAIN_NAME" fi + if [ -d /var/lib/wiki ]; then + rm -rf /var/lib/wiki + fi remove_config_param FEDWIKI_DOMAIN_NAME remove_config_param FEDWIKI_CODE function_check remove_onion_service @@ -437,13 +444,13 @@ function install_fedwiki { exit 783533 fi - if [ ! -f /usr/local/bin/wiki ]; then + if [ ! -f /root/.npm-global/bin/wiki ]; then echo $'wiki was not installed' exit 5293524 fi - if [ ! -d /usr/local/lib/node_modules/wiki ]; then - echo $'wiki directory not found /usr/local/lib/node_modules/wiki' + if [ ! -d /root/.npm-global/lib/node_modules/wiki ]; then + echo $'wiki directory not found /root/.npm-global/lib/node_modules/wiki' exit 6285324 fi @@ -453,6 +460,10 @@ function install_fedwiki { FEDWIKI_COOKIE="$(create_password 20)" fi + cp -r /root/.npm-global/lib/node_modules/wiki /var/lib + cp /root/.npm-global/bin/wiki /var/lib/wiki + chown -R fedwiki:fedwiki /var/lib/wiki + { echo '[Unit]'; echo 'Description=Fedwiki federated wiki'; echo 'After=syslog.target'; @@ -461,8 +472,8 @@ function install_fedwiki { echo '[Service]'; echo 'User=fedwiki'; echo 'Group=fedwiki'; - echo "WorkingDirectory=/usr/local/lib/node_modules/wiki"; - echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'"; + echo "WorkingDirectory=/var/lib/wiki"; + echo "ExecStart=/var/lib/wiki/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'"; echo 'StandardOutput=syslog'; echo 'StandardError=syslog'; echo 'SyslogIdentifier=fedwiki'; diff --git a/src/freedombone-app-friendica b/src/freedombone-app-friendica index 0d3447bb..b03a1eeb 100755 --- a/src/freedombone-app-friendica +++ b/src/freedombone-app-friendica @@ -1,12 +1,10 @@ #!/bin/bash +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud +# Freedom in the Cloud # # Friendica application # @@ -152,31 +150,26 @@ function friendica_allow_registrations { } function configure_interactive_friendica { + W=(1 $"Set channel directory server" + 2 $"Renew SSL certificate" + 3 $"Close new account registrations" + 4 $"Allow new account registrations") + while true do - data=$(mktemp 2>/dev/null) - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Friendica" \ - --radiolist $"Choose an operation:" 15 70 6 \ - 1 $"Set channel directory server" off \ - 2 $"Renew SSL certificate" off \ - 3 $"Close new account registrations" off \ - 4 $"Allow new account registrations" off \ - 5 $"Back to main menu" on 2> "$data" - sel=$? - case $sel in - 1) break;; - 255) break;; - esac - case $(cat "$data") in + # shellcheck disable=SC2068 + selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Friendica" --menu $"Choose an operation, or ESC to exit:" 14 60 4 "${W[@]}" 3>&2 2>&1 1>&3) + + if [ ! "$selection" ]; then + break + fi + + case $selection in 1) friendica_channel_directory_server;; 2) friendica_renew_cert;; 3) friendica_close_registrations;; 4) friendica_allow_registrations;; - 5) rm -f "$data" - break;; esac - rm -f "$data" done } diff --git a/src/freedombone-app-ghost b/src/freedombone-app-ghost deleted file mode 100755 index 6f5f348e..00000000 --- a/src/freedombone-app-ghost +++ /dev/null @@ -1,603 +0,0 @@ -#!/bin/bash -# -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud -# -# Ghost blog -# -# License -# ======= -# -# Copyright (C) 2016-2018 Bob Mottram -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . - -VARIANTS="full full-vim writer" - -IN_DEFAULT_INSTALL=0 -SHOW_ON_ABOUT=1 - -GHOST_VERSION=1.19.0 -GHOST_DOMAIN_NAME= -GHOST_CODE= -GHOST_ONION_PORT=8104 -GHOST_PORT=2368 - -ghost_variables=(GHOST_DOMAIN_NAME - GHOST_CODE - GHOST_ADMIN_PASSWORD - ONION_ONLY - DDNS_PROVIDER - MY_USERNAME) - -function ghost_bust { - # kill the started ghost process - kill_pid=$(pgrep "ghost run" | head -n 1) - kill -9 "$kill_pid" - - kill_pid=$(pgrep "ghost" | head -n 1) - kill -9 "$kill_pid" - - kill_pid=$(pgrep "ghost" | head -n 1) - kill -9 "$kill_pid" -} - -function logging_on_ghost { - echo -n '' -} - -function logging_off_ghost { - echo -n '' -} - -function ghost_replace_jquery { - curr_domain="https://$GHOST_DOMAIN_NAME" - if [[ "$ONION_ONLY" != 'no' ]]; then - curr_domain="http://$GHOST_ONION_HOSTNAME" - fi - - sed -i "s|src=\"https://code.jquery.com/jquery-.*|src=\"$curr_domain/jquery-${jquery_version}.js\"|g" current/content/themes/casper/default.hbs - sed -i "s|src=\"https://code.jquery.com/jquery-.*|src=\"$curr_domain/jquery-${jquery_version}.js\">|g" current/node_modules/gscan/app/tpl/layouts/default.hbs - sed -i "s|http://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md - sed -i "s|https://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md - - cd "/var/www/${GHOST_DOMAIN_NAME}/htdocs/current" || exit 3468368 - find ./ -type f -exec sed -i -e "s|https://code.jquery.com|$curr_domain|g" {} \; - find ./ -type f -exec sed -i -e "s|http://code.jquery.com|$curr_domain|g" {} \; -} - -function ghost_rss_button { - # remove feedly -aaargh! - sed -i 's|http://cloud.feedly.com/#subscription/feed/{{@blog.url}}/rss/|{{@blog.url}}/rss/|g' /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/content/themes/casper/partials/site-nav.hbs - sed -i 's|http://cloud.feedly.com/#subscription/feed/{{url absolute="true"}}/rss/|{{url absolute="true"}}rss/|g' /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/content/themes/casper/author.hbs - -} - -function ghost_remove_offsite_links { - curr_domain="$GHOST_DOMAIN_NAME" - if [[ "$ONION_ONLY" != 'no' ]]; then - curr_domain="$GHOST_ONION_HOSTNAME" - fi - - ghost_rss_button - - # remove google font links - cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 246872424 - find ./ -type f -exec sed -i -e "s/fonts.googleapis.com/$curr_domain/g" {} \; - - # copy jquery locally - previous_jquery_version='1.12.0' - jquery_version='1.12.4' - if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/jquery-${jquery_version}.js ]; then - cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468746824 - wget https://code.jquery.com/jquery-${jquery_version}.js - jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}') - if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then - echo $'Unexpected jquery hash value' - exit 258442 - fi - fi - ghost_replace_jquery - previous_jquery_version='1.11.3' - ghost_replace_jquery -} - -function ghost_replace_proprietary_services { - replace_file="$1" - - sed -i 's|Twitter Profile|GNU Social Profile|g' "$replace_file" - sed -i 's|Twitter profile|GNU Social Profile|g' "$replace_file" - sed -i 's|Twitter Username|GNU Social Username|g' "$replace_file" - sed -i 's|twitter.com|quitter.se|g' "$replace_file" - sed -i 's|Facebook Page|Hubzilla Channel|g' "$replace_file" - sed -i 's|Facebook Profile|Hubzilla Channel|g' "$replace_file" - sed -i 's|Facebook profile|Hubzilla Channel|g' "$replace_file" - sed -i 's|www.facebook.com/username|hubzilladomain/username|g' "$replace_file" - sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' "$replace_file" - sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' "$replace_file" - sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' "$replace_file" - sed -i 's|www.facebook.com/test|hubzilladomain/username|g' "$replace_file" - sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' "$replace_file" - sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' "$replace_file" - sed -i 's|Facebook Username|Hubzilla Channel|g' "$replace_file" - sed -i 's|www.facebook.com|hubzilladomain|g' "$replace_file" - sed -i 's|facebook value|hubzilla value|g' "$replace_file" - - sed -i '/