From 3856005b723f4d5c97e2cb6906c34eaffc0063ce Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 29 Aug 2016 10:48:49 +0100 Subject: [PATCH] Add a tahoelafs introducer to the full install --- src/freedombone-app-blog | 814 ++++---- src/freedombone-app-emacs | 250 +-- src/freedombone-app-syncthing | 478 ++--- src/freedombone-app-tahoelafs | 64 +- src/freedombone-app-xmpp | 2 +- src/freedombone-archive-mail | 2 +- src/freedombone-backup-local | 544 ++--- src/freedombone-backup-remote | 622 +++--- src/freedombone-base-email | 2544 +++++++++++------------ src/freedombone-controlpanel | 3532 ++++++++++++++++---------------- src/freedombone-restore-local | 22 +- src/freedombone-restore-remote | 22 +- src/freedombone-sec | 4 +- src/freedombone-syncthing | 22 +- src/freedombone-utils-backup | 2 +- 15 files changed, 4492 insertions(+), 4432 deletions(-) diff --git a/src/freedombone-app-blog b/src/freedombone-app-blog index 7cb2c9f7..3f1d2d2f 100755 --- a/src/freedombone-app-blog +++ b/src/freedombone-app-blog @@ -39,481 +39,481 @@ MY_BLOG_TITLE="My Blog" MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog" function reconfigure_blog { - echo -n '' + echo -n '' } function upgrade_blog { - if ! grep -Fxq "install_blog" $COMPLETION_FILE; then - return - fi - function_check set_repo_commit - set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO + if ! grep -Fxq "install_blog" $COMPLETION_FILE; then + return + fi + function_check set_repo_commit + set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO - # update blog avatar - ${PROJECT_NAME}-blog + # update blog avatar + ${PROJECT_NAME}-blog } function backup_local_blog { - FULLBLOG_DOMAIN_NAME='blog' - if grep -q "Blog domain" $COMPLETION_FILE; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') - fi + FULLBLOG_DOMAIN_NAME='blog' + if grep -q "Blog domain" $COMPLETION_FILE; then + FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') + fi - source_directory=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - if [ -d $source_directory ]; then - dest_directory=blog - echo $"Backing up $source_directory to $dest_directory" + source_directory=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs + if [ -d $source_directory ]; then + dest_directory=blog + echo $"Backing up $source_directory to $dest_directory" - function_check suspend_site - suspend_site ${FULLBLOG_DOMAIN_NAME} + function_check suspend_site + suspend_site ${FULLBLOG_DOMAIN_NAME} - function_check backup_directory_to_usb - backup_directory_to_usb $source_directory $dest_directory + function_check backup_directory_to_usb + backup_directory_to_usb $source_directory $dest_directory - function_check restart_site - restart_site + function_check restart_site + restart_site - echo $"Backup to $dest_directory complete" - fi + echo $"Backup to $dest_directory complete" + fi } function restore_local_blog { - FULLBLOG_DOMAIN_NAME='blog' - if grep -q "Blog domain" $COMPLETION_FILE; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') - fi - if [ $FULLBLOG_DOMAIN_NAME ]; then - echo $"Restoring blog installation" - temp_restore_dir=/root/tempblog - restore_directory_from_usb $temp_restore_dir blog - rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ - if [ ! "$?" = "0" ]; then - set_user_permissions - backup_unmount_drive - exit 593 - fi - rm -rf $temp_restore_dir - if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then - echo $"No content directory found after restoring blog" - set_user_permissions - backup_unmount_drive - exit 287 - fi - chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - # Ensure that the bundled SSL cert is being used - if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then - sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} - fi - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then - mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post - fi - fi - done - if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem - fi - fi + FULLBLOG_DOMAIN_NAME='blog' + if grep -q "Blog domain" $COMPLETION_FILE; then + FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') + fi + if [ $FULLBLOG_DOMAIN_NAME ]; then + echo $"Restoring blog installation" + temp_restore_dir=/root/tempblog + restore_directory_from_usb $temp_restore_dir blog + rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs + cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ + if [ ! "$?" = "0" ]; then + set_user_permissions + backup_unmount_drive + exit 593 + fi + rm -rf $temp_restore_dir + if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then + echo $"No content directory found after restoring blog" + set_user_permissions + backup_unmount_drive + exit 287 + fi + chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs + # Ensure that the bundled SSL cert is being used + if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then + sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} + fi + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then + if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then + mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post + fi + fi + done + if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then + ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key + ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem + fi + fi } function backup_remote_blog { - if grep -q "Blog domain" $COMPLETION_FILE; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') - temp_backup_dir=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - if [ -d $temp_backup_dir ]; then - echo $"Backing up blog" - backup_directory_to_friend $temp_backup_dir blog - echo $"Backup of blog complete" - else - echo $"Blog domain specified but not found in $temp_backup_dir" - exit 2578 - fi - fi + if grep -q "Blog domain" $COMPLETION_FILE; then + FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') + temp_backup_dir=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs + if [ -d $temp_backup_dir ]; then + echo $"Backing up blog" + backup_directory_to_friend $temp_backup_dir blog + echo $"Backup of blog complete" + else + echo $"Blog domain specified but not found in $temp_backup_dir" + exit 2578 + fi + fi } function restore_remote_blog { - if [ -d $SERVER_DIRECTORY/backup/blog ]; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') - echo $"Restoring blog installation $FULLBLOG_DOMAIN_NAME" - temp_restore_dir=/root/tempblog - mkdir $temp_restore_dir - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir blog - rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ - if [ ! "$?" = "0" ]; then - exit 593 - fi - rm -rf $temp_restore_dir - if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then - echo $"No content directory found after restoring blog" - exit 287 - fi - # Ensure that the bundled SSL cert is being used - if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then - sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} - fi - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then - mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post - fi - fi - done - if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem - fi - echo $"Restore of blog complete" - fi + if [ -d $SERVER_DIRECTORY/backup/blog ]; then + FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') + echo $"Restoring blog installation $FULLBLOG_DOMAIN_NAME" + temp_restore_dir=/root/tempblog + mkdir $temp_restore_dir + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir blog + rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs + cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ + if [ ! "$?" = "0" ]; then + exit 593 + fi + rm -rf $temp_restore_dir + if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then + echo $"No content directory found after restoring blog" + exit 287 + fi + # Ensure that the bundled SSL cert is being used + if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then + sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} + fi + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then + if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then + mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post + fi + fi + done + if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then + ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key + ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem + fi + echo $"Restore of blog complete" + fi } function remove_blog { - if ! grep -Fxq "install_blog" $COMPLETION_FILE; then - return - fi - if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then - rm -rf /var/www/$FULLBLOG_DOMAIN_NAME - fi - nginx_dissite $FULLBLOG_DOMAIN_NAME - if [ ! -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME ]; then - rm -rf /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - fi - if [ $FULLBLOG_CODE ]; then - if [ -f /usr/bin/dynamicdns ]; then - sed -i "/$FULLBLOG_DOMAIN_NAME/d" /usr/bin/dynamicdns - sed -i "/$FULLBLOG_CODE/d" /usr/bin/dynamicdns - fi - fi - function_check remove_onion_service - remove_onion_service blog ${FULLBLOG_ONION_PORT} - sed -i '/install_blog/d' $COMPLETION_FILE - sed -i '/Blog .*/d' $COMPLETION_FILE + if ! grep -Fxq "install_blog" $COMPLETION_FILE; then + return + fi + if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then + rm -rf /var/www/$FULLBLOG_DOMAIN_NAME + fi + nginx_dissite $FULLBLOG_DOMAIN_NAME + if [ ! -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME ]; then + rm -rf /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + fi + if [ $FULLBLOG_CODE ]; then + if [ -f /usr/bin/dynamicdns ]; then + sed -i "/$FULLBLOG_DOMAIN_NAME/d" /usr/bin/dynamicdns + sed -i "/$FULLBLOG_CODE/d" /usr/bin/dynamicdns + fi + fi + function_check remove_onion_service + remove_onion_service blog ${FULLBLOG_ONION_PORT} + sed -i '/install_blog/d' $COMPLETION_FILE + sed -i '/Blog .*/d' $COMPLETION_FILE } function get_blog_admin_password { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "Your blog password is" /home/$MY_USERNAME/README; then - FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi - fi + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "Your blog password is" /home/$MY_USERNAME/README; then + FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi } function install_blog_social_networks { - # set social networks - if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then - sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - fi - if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then - sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - fi + # set social networks + if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then + sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + fi + if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then + sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + fi - # clear proprietary social network strings - sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + # clear proprietary social network strings + sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini } function install_blog_user { - # create a user password - function_check get_blog_admin_password - get_blog_admin_password - if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - fi - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'HTMLy Blog' >> /home/$MY_USERNAME/README - echo '==========' >> /home/$MY_USERNAME/README - echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README - echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README - if [[ $ONION_ONLY == 'no' ]]; then - echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README - fi - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + # create a user password + function_check get_blog_admin_password + get_blog_admin_password + if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'HTMLy Blog' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README + echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + if [[ $ONION_ONLY == 'no' ]]; then + echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README + fi + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi - # create a user - FULLBLOG_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD") - if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then - echo $'Blog admin password could not be hashed' - exit 625728 - fi - echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + # create a user + FULLBLOG_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD") + if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then + echo $'Blog admin password could not be hashed' + exit 625728 + fi + echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini } function install_blog_settings { - cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini } function install_blog_website { - function_check nginx_http_redirect - nginx_http_redirect $FULLBLOG_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - function_check nginx_limits - nginx_limits $FULLBLOG_DOMAIN_NAME - function_check nginx_ssl - nginx_ssl $FULLBLOG_DOMAIN_NAME - function_check nginx_disable_sniffing - nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + function_check nginx_http_redirect + nginx_http_redirect $FULLBLOG_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + function_check nginx_limits + nginx_limits $FULLBLOG_DOMAIN_NAME + function_check nginx_ssl + nginx_ssl $FULLBLOG_DOMAIN_NAME + function_check nginx_disable_sniffing + nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME } function install_blog_website_onion { - echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - function_check nginx_limits - nginx_limits $FULLBLOG_DOMAIN_NAME - function_check nginx_disable_sniffing - nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + function_check nginx_limits + nginx_limits $FULLBLOG_DOMAIN_NAME + function_check nginx_disable_sniffing + nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME } function install_blog_from_repo { - if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then - mkdir /var/www/$FULLBLOG_DOMAIN_NAME - fi + if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then + mkdir /var/www/$FULLBLOG_DOMAIN_NAME + fi - cd /var/www/$FULLBLOG_DOMAIN_NAME - git_clone $FULLBLOG_REPO htdocs - cd htdocs - git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT - if ! grep -q "Blog commit" $COMPLETION_FILE; then - echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE - fi + cd /var/www/$FULLBLOG_DOMAIN_NAME + git_clone $FULLBLOG_REPO htdocs + cd htdocs + git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT + if ! grep -q "Blog commit" $COMPLETION_FILE; then + echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE + fi } function install_blog { - if [ ! $FULLBLOG_DOMAIN_NAME ]; then - echo $'The blog domain name was not specified' - exit 5062 - fi + if [ ! $FULLBLOG_DOMAIN_NAME ]; then + echo $'The blog domain name was not specified' + exit 5062 + fi - if grep -Fxq "install_blog" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_blog" $COMPLETION_FILE; then + return + fi - # for the avatar changing command - apt-get -y install imagemagick + # for the avatar changing command + apt-get -y install imagemagick - function_check install_blog_from_repo - install_blog_from_repo + function_check install_blog_from_repo + install_blog_from_repo - if [[ $ONION_ONLY == "no" ]]; then - function_check install_blog_website - install_blog_website - else - echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - fi - function_check install_blog_website_onion - install_blog_website_onion + if [[ $ONION_ONLY == "no" ]]; then + function_check install_blog_website + install_blog_website + else + echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + fi + function_check install_blog_website_onion + install_blog_website_onion - function_check create_site_certificate - create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes' + function_check create_site_certificate + create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes' - function_check configure_php - configure_php + function_check configure_php + configure_php - function_check install_blog_settings - install_blog_settings + function_check install_blog_settings + install_blog_settings - function_check install_blog_social_networks - install_blog_social_networks + function_check install_blog_social_networks + install_blog_social_networks - function_check install_blog_user - install_blog_user + function_check install_blog_user + install_blog_user - chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs + chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs - FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT}) + FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT}) - function_check nginx_ensite - nginx_ensite $FULLBLOG_DOMAIN_NAME + function_check nginx_ensite + nginx_ensite $FULLBLOG_DOMAIN_NAME - systemctl restart php5-fpm - systemctl restart nginx + systemctl restart php5-fpm + systemctl restart nginx - if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then - echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README - echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE + if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then + echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README + echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE - function_check add_ddns_domain - add_ddns_domain $FULLBLOG_DOMAIN_NAME + function_check add_ddns_domain + add_ddns_domain $FULLBLOG_DOMAIN_NAME - if ! grep -q "Blog domain:" $COMPLETION_FILE; then - echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE - fi + if ! grep -q "Blog domain:" $COMPLETION_FILE; then + echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE + fi - echo 'install_blog' >> $COMPLETION_FILE + echo 'install_blog' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-emacs b/src/freedombone-app-emacs index bccc3515..d12838c0 100755 --- a/src/freedombone-app-emacs +++ b/src/freedombone-app-emacs @@ -31,154 +31,154 @@ VARIANTS='all' function reconfigure_emacs { - echo -n '' + echo -n '' } function upgrade_emacs { - echo -n '' + echo -n '' } function backup_local_emacs { - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ -d /home/$USERNAME/.emacs.d ]; then - echo $"Backing up Emacs config for $USERNAME" - if [ -f /home/$USERNAME/.emacs ]; then - cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs - fi - function_check backup_directory_to_usb - backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME - fi - fi - done + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then + if [ -d /home/$USERNAME/.emacs.d ]; then + echo $"Backing up Emacs config for $USERNAME" + if [ -f /home/$USERNAME/.emacs ]; then + cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs + fi + function_check backup_directory_to_usb + backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME + fi + fi + done } function restore_local_emacs { - temp_restore_dir=/root/tempemacs - if [ -d $USB_MOUNT/backup/emacs ]; then - for d in $USB_MOUNT/backup/emacs/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ ! -d /home/$USERNAME ]; then - ${PROJECT_NAME}-adduser $USERNAME - fi - echo $"Restoring Emacs config for $USERNAME" - function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir emacs/$USERNAME - cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 664 - fi - cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs - rm -rf $temp_restore_dir - fi - done - fi + temp_restore_dir=/root/tempemacs + if [ -d $USB_MOUNT/backup/emacs ]; then + for d in $USB_MOUNT/backup/emacs/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $6}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then + if [ ! -d /home/$USERNAME ]; then + ${PROJECT_NAME}-adduser $USERNAME + fi + echo $"Restoring Emacs config for $USERNAME" + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir emacs/$USERNAME + cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 664 + fi + cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs + rm -rf $temp_restore_dir + fi + done + fi } function backup_remote_emacs { - echo -n '' + echo -n '' } function restore_remote_emacs { - echo -n '' + echo -n '' } function remove_emacs { - if ! grep -Fxq "install_emacs" $COMPLETION_FILE; then - return - fi - apt-get -y remove --purge emacs24 - update-alternatives --set editor /usr/bin/nano - sed -i '/install_emacs/d' $COMPLETION_FILE + if ! grep -Fxq "install_emacs" $COMPLETION_FILE; then + return + fi + apt-get -y remove --purge emacs24 + update-alternatives --set editor /usr/bin/nano + sed -i '/install_emacs/d' $COMPLETION_FILE } function install_emacs { - if grep -Fxq "install_emacs" $COMPLETION_FILE; then - return - fi - update-alternatives --set editor /usr/bin/emacs24 + if grep -Fxq "install_emacs" $COMPLETION_FILE; then + return + fi + update-alternatives --set editor /usr/bin/emacs24 - # A minimal emacs configuration - #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs - #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs - #echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs - echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs - echo "'goto-line)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs - echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs - echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs - echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs - echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs - echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs - echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs - echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs - echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs - echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs - echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs - cp /home/$MY_USERNAME/.emacs /root/.emacs - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs + # A minimal emacs configuration + #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs + #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs + #echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs + echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs + echo "'goto-line)" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs + echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs + echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs + echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs + echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs + echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs + echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs + echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs + echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs + echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs + echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs + echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs + cp /home/$MY_USERNAME/.emacs /root/.emacs + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs - echo 'install_emacs' >> $COMPLETION_FILE + echo 'install_emacs' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-syncthing b/src/freedombone-app-syncthing index 8e7167aa..ade7f33b 100755 --- a/src/freedombone-app-syncthing +++ b/src/freedombone-app-syncthing @@ -40,295 +40,295 @@ SYNCTHING_SHARED_DATA=/var/lib/syncthing/SyncShared SYNCTHING_USER_IDS_FILE='.syncthingids' function reconfigure_syncthing { - echo -n '' + echo -n '' } function upgrade_syncthing { - echo -n '' + echo -n '' } function backup_local_syncthing { - if [ -d /var/lib/syncthing/SyncShared ]; then - echo $"Backing up syncthing" + if [ -d /var/lib/syncthing/SyncShared ]; then + echo $"Backing up syncthing" - function_check backup_directory_to_usb - backup_directory_to_usb /var/lib/syncthing/SyncShared syncthingshared - backup_directory_to_usb /root/.config/syncthing syncthingconfig + function_check backup_directory_to_usb + backup_directory_to_usb /var/lib/syncthing/SyncShared syncthingshared + backup_directory_to_usb /root/.config/syncthing syncthingconfig - echo $"Backup to syncthing complete" - fi + echo $"Backup to syncthing complete" + fi } function restore_local_syncthing { - if [ -f /etc/systemd/system/syncthing.service ]; then - systemctl stop syncthing - systemctl stop cron - fi + if [ -f /etc/systemd/system/syncthing.service ]; then + systemctl stop syncthing + systemctl stop cron + fi - temp_restore_dir=/root/tempsyncthing - if [ -d $USB_MOUNT/backup/syncthingconfig ]; then - echo $"Restoring syncthing configuration" - function_check restore_directory_from_usb - restore_directory_from_usb ${temp_restore_dir}config syncthingconfig - cp -r ${temp_restore_dir}config/* / - if [ ! "$?" = "0" ]; then - set_user_permissions - backup_unmount_drive - systemctl start syncthing - systemctl start cron - exit 6833 - fi - rm -rf ${temp_restore_dir}config - fi + temp_restore_dir=/root/tempsyncthing + if [ -d $USB_MOUNT/backup/syncthingconfig ]; then + echo $"Restoring syncthing configuration" + function_check restore_directory_from_usb + restore_directory_from_usb ${temp_restore_dir}config syncthingconfig + cp -r ${temp_restore_dir}config/* / + if [ ! "$?" = "0" ]; then + set_user_permissions + backup_unmount_drive + systemctl start syncthing + systemctl start cron + exit 6833 + fi + rm -rf ${temp_restore_dir}config + fi - if [ -d $USB_MOUNT/backup/syncthingshared ]; then - echo $"Restoring syncthing shared files" - restore_directory_from_usb ${temp_restore_dir}shared syncthingshared - cp -r ${temp_restore_dir}shared/* / - if [ ! "$?" = "0" ]; then - set_user_permissions - backup_unmount_drive - systemctl start syncthing - systemctl start cron - exit 37904 - fi - rm -rf ${temp_restore_dir}shared - fi + if [ -d $USB_MOUNT/backup/syncthingshared ]; then + echo $"Restoring syncthing shared files" + restore_directory_from_usb ${temp_restore_dir}shared syncthingshared + cp -r ${temp_restore_dir}shared/* / + if [ ! "$?" = "0" ]; then + set_user_permissions + backup_unmount_drive + systemctl start syncthing + systemctl start cron + exit 37904 + fi + rm -rf ${temp_restore_dir}shared + fi - if [ -d $USB_MOUNT/backup/syncthing ]; then - for d in $USB_MOUNT/backup/syncthing/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ ! -d /home/$USERNAME ]; then - ${PROJECT_NAME}-adduser $USERNAME - fi - echo $"Restoring syncthing files for $USERNAME" - restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME - cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/ - if [ ! "$?" = "0" ]; then - rm -rf ${temp_restore_dir} - set_user_permissions - backup_unmount_drive - systemctl start syncthing - systemctl start cron - exit 68438 - fi - rm -rf ${temp_restore_dir} + if [ -d $USB_MOUNT/backup/syncthing ]; then + for d in $USB_MOUNT/backup/syncthing/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $6}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then + if [ ! -d /home/$USERNAME ]; then + ${PROJECT_NAME}-adduser $USERNAME + fi + echo $"Restoring syncthing files for $USERNAME" + restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME + cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/ + if [ ! "$?" = "0" ]; then + rm -rf ${temp_restore_dir} + set_user_permissions + backup_unmount_drive + systemctl start syncthing + systemctl start cron + exit 68438 + fi + rm -rf ${temp_restore_dir} - # restore device IDs from config settings - if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then - cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id - chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id - fi - if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then - cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids - chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids - fi - fi - done - fi + # restore device IDs from config settings + if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then + cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id + chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id + fi + if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then + cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids + chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids + fi + fi + done + fi - if [ -f /etc/systemd/system/syncthing.service ]; then - systemctl start syncthing - systemctl start cron - fi + if [ -f /etc/systemd/system/syncthing.service ]; then + systemctl start syncthing + systemctl start cron + fi } function backup_remote_syncthing { - if [ -d /root/.config/syncthing ]; then - echo $"Backing up syncthing configuration" - function_check backup_directory_to_friend - backup_directory_to_friend /root/.config/syncthing syncthingconfig - echo $"Backup of syncthing configuration complete" - fi - if [ -d /var/lib/syncthing/SyncShared ]; then - echo $"Backing up syncthing shared files" - function_check backup_directory_to_friend - backup_directory_to_friend /var/lib/syncthing/SyncShared syncthingshared - echo $"Backup of syncthing shared files complete" - fi + if [ -d /root/.config/syncthing ]; then + echo $"Backing up syncthing configuration" + function_check backup_directory_to_friend + backup_directory_to_friend /root/.config/syncthing syncthingconfig + echo $"Backup of syncthing configuration complete" + fi + if [ -d /var/lib/syncthing/SyncShared ]; then + echo $"Backing up syncthing shared files" + function_check backup_directory_to_friend + backup_directory_to_friend /var/lib/syncthing/SyncShared syncthingshared + echo $"Backup of syncthing shared files complete" + fi } function restore_remote_syncthing { - if [ -f /etc/systemd/system/syncthing.service ]; then - systemctl stop syncthing - systemctl stop cron - fi + if [ -f /etc/systemd/system/syncthing.service ]; then + systemctl stop syncthing + systemctl stop cron + fi - if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then - echo $"Restoring syncthing configuration" - temp_restore_dir=/root/tempsyncthingconfig - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir syncthingconfig - cp -r $temp_restore_dir/* / - if [ ! "$?" = "0" ]; then - systemctl start syncthing - systemctl start cron - exit 6833 - fi - rm -rf $temp_restore_dir - fi + if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then + echo $"Restoring syncthing configuration" + temp_restore_dir=/root/tempsyncthingconfig + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir syncthingconfig + cp -r $temp_restore_dir/* / + if [ ! "$?" = "0" ]; then + systemctl start syncthing + systemctl start cron + exit 6833 + fi + rm -rf $temp_restore_dir + fi - if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then - echo $"Restoring syncthing shared files" - temp_restore_dir=/root/tempsyncthingshared - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir syncthingshared - cp -r $temp_restore_dir/* / - if [ ! "$?" = "0" ]; then - systemctl start syncthing - systemctl start cron - exit 37904 - fi - rm -rf $temp_restore_dir - fi + if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then + echo $"Restoring syncthing shared files" + temp_restore_dir=/root/tempsyncthingshared + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir syncthingshared + cp -r $temp_restore_dir/* / + if [ ! "$?" = "0" ]; then + systemctl start syncthing + systemctl start cron + exit 37904 + fi + rm -rf $temp_restore_dir + fi - if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then - for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ ! -d /home/$USERNAME ]; then - ${PROJECT_NAME}-adduser $USERNAME - fi - echo $"Restoring syncthing files for $USERNAME" - temp_restore_dir=/root/tempsyncthing - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME - cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/ - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - systemctl start syncthing - systemctl start cron - exit 68438 - fi - rm -rf $temp_restore_dir + if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then + for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $6}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then + if [ ! -d /home/$USERNAME ]; then + ${PROJECT_NAME}-adduser $USERNAME + fi + echo $"Restoring syncthing files for $USERNAME" + temp_restore_dir=/root/tempsyncthing + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME + cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/ + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + systemctl start syncthing + systemctl start cron + exit 68438 + fi + rm -rf $temp_restore_dir - # restore device IDs from config settings - if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then - cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id - chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id - fi - if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then - cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids - chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids - fi - echo $"Restore of syncthing files for $USERNAME complete" - fi - done - fi + # restore device IDs from config settings + if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then + cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id + chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id + fi + if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then + cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids + chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids + fi + echo $"Restore of syncthing files for $USERNAME complete" + fi + done + fi - if [ -f /etc/systemd/system/syncthing.service ]; then - systemctl start syncthing - systemctl start cron - fi + if [ -f /etc/systemd/system/syncthing.service ]; then + systemctl start syncthing + systemctl start cron + fi } function remove_syncthing { - if ! grep -Fxq "install_syncthing" $COMPLETION_FILE; then - return - fi - iptables -D INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if ! grep -Fxq "install_syncthing" $COMPLETION_FILE; then + return + fi + iptables -D INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - systemctl stop syncthing - systemctl disable syncthing - apt-get -y remove --purge syncthing - rm /etc/systemd/system/syncthing.service - sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab - sed -i '/install_syncthing/d' $COMPLETION_FILE - sed -i '/configure_firewall_for_syncthing/d' $COMPLETION_FILE - systemctl restart cron + systemctl stop syncthing + systemctl disable syncthing + apt-get -y remove --purge syncthing + rm /etc/systemd/system/syncthing.service + sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab + sed -i '/install_syncthing/d' $COMPLETION_FILE + sed -i '/configure_firewall_for_syncthing/d' $COMPLETION_FILE + systemctl restart cron } function configure_firewall_for_syncthing { - if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then - return - fi - iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then + return + fi + iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT + iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("Syncthing $SYNCTHING_PORT") - echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE + OPEN_PORTS+=("Syncthing $SYNCTHING_PORT") + echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE } function mesh_install_syncthing { - chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add - + chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add - - echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list - chroot "$rootdir" apt-get update - chroot "$rootdir" apt-get -y --force-yes install syncthing + echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list + chroot "$rootdir" apt-get update + chroot "$rootdir" apt-get -y --force-yes install syncthing - # This probably does need to run as root so that it can access the Sync directories - # in each user's home directory - echo '[Unit]' > $rootdir/etc/systemd/system/syncthing.service - echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> $rootdir/etc/systemd/system/syncthing.service - echo 'Documentation=man:syncthing(1)' >> $rootdir/etc/systemd/system/syncthing.service - echo 'After=network.target' >> $rootdir/etc/systemd/system/syncthing.service - echo 'Wants=syncthing-inotify@.service' >> $rootdir/etc/systemd/system/syncthing.service - echo '' >> $rootdir/etc/systemd/system/syncthing.service - echo '[Service]' >> $rootdir/etc/systemd/system/syncthing.service - echo 'User=root' >> $rootdir/etc/systemd/system/syncthing.service - echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> $rootdir/etc/systemd/system/syncthing.service - echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/syncthing.service - echo 'SuccessExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service - echo 'RestartForceExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service - echo '' >> $rootdir/etc/systemd/system/syncthing.service - echo '[Install]' >> $rootdir/etc/systemd/system/syncthing.service - echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/syncthing.service - chroot "$rootdir" systemctl enable syncthing + # This probably does need to run as root so that it can access the Sync directories + # in each user's home directory + echo '[Unit]' > $rootdir/etc/systemd/system/syncthing.service + echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> $rootdir/etc/systemd/system/syncthing.service + echo 'Documentation=man:syncthing(1)' >> $rootdir/etc/systemd/system/syncthing.service + echo 'After=network.target' >> $rootdir/etc/systemd/system/syncthing.service + echo 'Wants=syncthing-inotify@.service' >> $rootdir/etc/systemd/system/syncthing.service + echo '' >> $rootdir/etc/systemd/system/syncthing.service + echo '[Service]' >> $rootdir/etc/systemd/system/syncthing.service + echo 'User=root' >> $rootdir/etc/systemd/system/syncthing.service + echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> $rootdir/etc/systemd/system/syncthing.service + echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/syncthing.service + echo 'SuccessExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service + echo 'RestartForceExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service + echo '' >> $rootdir/etc/systemd/system/syncthing.service + echo '[Install]' >> $rootdir/etc/systemd/system/syncthing.service + echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/syncthing.service + chroot "$rootdir" systemctl enable syncthing - echo 'mesh_install_syncthing' + echo 'mesh_install_syncthing' } function install_syncthing { - if [ $INSTALLING_MESH ]; then - mesh_install_syncthing - return - fi + if [ $INSTALLING_MESH ]; then + mesh_install_syncthing + return + fi - if grep -Fxq "install_syncthing" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_syncthing" $COMPLETION_FILE; then + return + fi - apt-get -y install curl + apt-get -y install curl - curl -s https://syncthing.net/release-key.txt | apt-key add - - echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list - apt-get update - apt-get -y install syncthing + curl -s https://syncthing.net/release-key.txt | apt-key add - + echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list + apt-get update + apt-get -y install syncthing - # This probably does need to run as root so that it can access the Sync directories - # in each user's home directory - echo '[Unit]' > /etc/systemd/system/syncthing.service - echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service - echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service - echo 'After=network.target' >> /etc/systemd/system/syncthing.service - echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service - echo '' >> /etc/systemd/system/syncthing.service - echo '[Service]' >> /etc/systemd/system/syncthing.service - echo 'User=root' >> /etc/systemd/system/syncthing.service - echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service - echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service - echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service - echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service - echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service - echo '' >> /etc/systemd/system/syncthing.service - echo '[Install]' >> /etc/systemd/system/syncthing.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service - systemctl enable syncthing - systemctl daemon-reload - systemctl start syncthing + # This probably does need to run as root so that it can access the Sync directories + # in each user's home directory + echo '[Unit]' > /etc/systemd/system/syncthing.service + echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service + echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service + echo 'After=network.target' >> /etc/systemd/system/syncthing.service + echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service + echo '' >> /etc/systemd/system/syncthing.service + echo '[Service]' >> /etc/systemd/system/syncthing.service + echo 'User=root' >> /etc/systemd/system/syncthing.service + echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service + echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service + echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service + echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service + echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service + echo '' >> /etc/systemd/system/syncthing.service + echo '[Install]' >> /etc/systemd/system/syncthing.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service + systemctl enable syncthing + systemctl daemon-reload + systemctl start syncthing - function_check cron_add_mins - cron_add_mins 1 "/usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" + function_check cron_add_mins + cron_add_mins 1 "/usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" - function_check configure_firewall_for_syncthing - configure_firewall_for_syncthing - echo 'install_syncthing' >> $COMPLETION_FILE + function_check configure_firewall_for_syncthing + configure_firewall_for_syncthing + echo 'install_syncthing' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-tahoelafs b/src/freedombone-app-tahoelafs index 8416fa85..5309ce0c 100755 --- a/src/freedombone-app-tahoelafs +++ b/src/freedombone-app-tahoelafs @@ -28,7 +28,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -VARIANTS='mesh' +VARIANTS='full mesh' TAHOELAFS_REPO="https://github.com/tahoe-lafs/tahoe-lafs" TAHOELAFS_COMMIT='30b421d48b3d1dae2ef507bf27a1f3816300cd92' @@ -42,7 +42,7 @@ TAHOE_COMMAND="cd /var/lib/tahoelafs && venv/bin/tahoe" function reconfigure_tahoelafs { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d /home/$USERNAME/.tahoe ]; then su -c "$TAHOE_COMMAND stop" - $USERNAME rm -rf /home/$USERNAME/.tahoe @@ -257,17 +257,65 @@ function install_tahoelafs { apt-get -y install build-essential python-pip python-dev libffi-dev libssl-dev python-virtualenv - git_clone $TAHOELAFS_REPO /var/lib/tahoelafs - cd /var/lib/tahoelafs + # create a user to run the introducer + if [ ! -d /home/tahoelafs ]; then + # add a gogs user account + adduser --disabled-login --gecos 'tahoe-lafs' tahoelafs + fi + + if [ -d /home/tahoelafs/Maildir ]; then + rm -rf /home/tahoelafs/Maildir + fi + + if [ ! -d /home/tahoelafs/.tahoe-introducer ]; then + mkdir /home/tahoelafs/.tahoe-introducer + fi + + git_clone $TAHOELAFS_REPO /home/tahoelafs/tahoelafs + cd /home/tahoelafs/tahoelafs git checkout $TAHOELAFS_COMMIT -b $TAHOELAFS_COMMIT virtualenv venv venv/bin/pip install --editable . configure_firewall_for_tahoelafs - reconfigure_tahoelafs - tahoelafs_update_script /usr/bin/update-tahoelafs - function_check cron_add_mins - cron_add_mins 1 "/usr/bin/update-tahoelafs 2> /dev/null" + su -c "cd $TAHOE_COMMAND create-introducer /home/tahoelafs/.tahoe-introducer" - tahoelafs + TAHOELAFS_CONFIG=/home/tahoelafs/.tahoe-introducer/tahoe.cfg + if [ ! -f $TAHOELAFS_CONFIG ]; then + exit 62831 + fi + + sed -i "s|nickname =.*|nickname = $HOSTNAME|g" $TAHOELAFS_CONFIG + + if ! grep -q "[storage]" $TAHOELAFS_CONFIG; then + echo '' >> $TAHOELAFS_CONFIG + echo '[storage]' >> $TAHOELAFS_CONFIG + echo 'enabled = true' >> $TAHOELAFS_CONFIG + echo "reserved_space = $TAHOELAFS_STORAGE_SPACE" >> $TAHOELAFS_CONFIG + fi + + chown -R tahoelafs:tahoelafs /home/tahoelafs + + TAHOELAFS_DAEMON_FILE=/etc/systemd/system/tahoelafs.service + echo '[Unit]' > $TAHOELAFS_DAEMON_FILE + echo 'Description=Tahoe-LAFS introducer' >> $TAHOELAFS_DAEMON_FILE + echo 'After=syslog.target' >> $TAHOELAFS_DAEMON_FILE + echo 'After=network.target' >> $TAHOELAFS_DAEMON_FILE + echo '' >> $TAHOELAFS_DAEMON_FILE + echo '[Service]' >> $TAHOELAFS_DAEMON_FILE + echo 'Type=simple' >> $TAHOELAFS_DAEMON_FILE + echo "User=tahoelafs" >> $TAHOELAFS_DAEMON_FILE + echo "Group=tahoelafs" >> $TAHOELAFS_DAEMON_FILE + echo "WorkingDirectory=/home/tahoelafs" >> $TAHOELAFS_DAEMON_FILE + echo "ExecStart=venv/bin/tahoe start /home/tahoelafs/.tahoe-introducer" >> $TAHOELAFS_DAEMON_FILE + echo "ExecStop=venv/bin/tahoe stop /home/tahoelafs/.tahoe-introducer" >> $TAHOELAFS_DAEMON_FILE + echo 'Restart=on-failure' >> $TAHOELAFS_DAEMON_FILE + echo "Environment=\"USER=tahoelafs\" \"HOME=/home/tahoelafs\"" >> $TAHOELAFS_DAEMON_FILE + echo '' >> $TAHOELAFS_DAEMON_FILE + echo '[Install]' >> $TAHOELAFS_DAEMON_FILE + echo 'WantedBy=multi-user.target' >> $TAHOELAFS_DAEMON_FILE + systemctl enable tahoelafs + systemctl daemon-reload + systemctl start tahoelafs echo 'install_tahoelafs' >> $COMPLETION_FILE } diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp index ad82854c..0fe85f54 100755 --- a/src/freedombone-app-xmpp +++ b/src/freedombone-app-xmpp @@ -234,7 +234,7 @@ function remove_xmpp { function xmpp_email_headers { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -f /home/$USERNAME/.muttrc ]; then if ! grep -q "Jabber-ID" /home/$USERNAME/.muttrc; then echo "my_hdr Jabber-ID: ${USERNAME}@${HOSTNAME}" >> /home/$USERNAME/.muttrc diff --git a/src/freedombone-archive-mail b/src/freedombone-archive-mail index b9c9c67e..5c8b5c78 100755 --- a/src/freedombone-archive-mail +++ b/src/freedombone-archive-mail @@ -35,7 +35,7 @@ export TEXTDOMAINDIR="/usr/share/locale" for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then # for every user who has a mail directory if [ -d /home/$USERNAME/Maildir ]; then MUTTRC=/home/$USERNAME/.muttrc diff --git a/src/freedombone-backup-local b/src/freedombone-backup-local index bd5ba005..a14cfe3f 100755 --- a/src/freedombone-backup-local +++ b/src/freedombone-backup-local @@ -49,9 +49,9 @@ USB_MOUNT=/mnt/usb # get default USB from config file CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg if [ -f $CONFIG_FILE ]; then - if grep -q "USB_DRIVE=" $CONFIG_FILE; then - USB_DRIVE=$(cat $CONFIG_FILE | grep "USB_DRIVE=" | awk -F '=' '{print $2}') - fi + if grep -q "USB_DRIVE=" $CONFIG_FILE; then + USB_DRIVE=$(cat $CONFIG_FILE | grep "USB_DRIVE=" | awk -F '=' '{print $2}') + fi fi # get the version of Go being used @@ -67,333 +67,333 @@ SUSPENDED_SITE= DATABASE_PASSWORD='' if [ -f /root/dbpass ]; then - DATABASE_PASSWORD=$(cat /root/dbpass) + DATABASE_PASSWORD=$(cat /root/dbpass) fi function make_backup_directory { - # make a backup directory on the drive - if [ ! -d $USB_MOUNT/backup ]; then - mkdir $USB_MOUNT/backup - fi - if [ ! -d $USB_MOUNT/backup ]; then - echo $"There was a problem making the directory $USB_MOUNT/backup." - umount $USB_MOUNT - rm -rf $USB_MOUNT - exit 3 - fi + # make a backup directory on the drive + if [ ! -d $USB_MOUNT/backup ]; then + mkdir $USB_MOUNT/backup + fi + if [ ! -d $USB_MOUNT/backup ]; then + echo $"There was a problem making the directory $USB_MOUNT/backup." + umount $USB_MOUNT + rm -rf $USB_MOUNT + exit 3 + fi } function check_storage_space_remaining { - # Check space remaining on the usb drive - used_percent=$(df -k $USB_MOUNT | tail -n 1 | awk -F ' ' '{print $5}' | awk -F '%' '{print $1}') - if [ $used_percent -gt 95 ]; then - echo $"Less than 5% of space remaining on backup drive" - umount $USB_MOUNT - rm -rf $USB_MOUNT - exit 4 - fi + # Check space remaining on the usb drive + used_percent=$(df -k $USB_MOUNT | tail -n 1 | awk -F ' ' '{print $5}' | awk -F '%' '{print $1}') + if [ $used_percent -gt 95 ]; then + echo $"Less than 5% of space remaining on backup drive" + umount $USB_MOUNT + rm -rf $USB_MOUNT + exit 4 + fi } function backup_users { - # Backup user files - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + # Backup user files + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then - # Backup any gpg keys - if [ -d /home/$USERNAME/.gnupg ]; then - echo $"Backing up gpg keys for $USERNAME" - backup_directory_to_usb /home/$USERNAME/.gnupg gnupg/$USERNAME - fi + # Backup any gpg keys + if [ -d /home/$USERNAME/.gnupg ]; then + echo $"Backing up gpg keys for $USERNAME" + backup_directory_to_usb /home/$USERNAME/.gnupg gnupg/$USERNAME + fi - # Backup any personal settings - if [ -d /home/$USERNAME/personal ]; then - echo $"Backing up personal settings for $USERNAME" - backup_directory_to_usb /home/$USERNAME/personal personal/$USERNAME - fi + # Backup any personal settings + if [ -d /home/$USERNAME/personal ]; then + echo $"Backing up personal settings for $USERNAME" + backup_directory_to_usb /home/$USERNAME/personal personal/$USERNAME + fi - # Backup ssh keys - if [ -d /home/$USERNAME/.ssh ]; then - echo $"Backing up ssh keys for $USERNAME" - backup_directory_to_usb /home/$USERNAME/.ssh ssh/$USERNAME - fi + # Backup ssh keys + if [ -d /home/$USERNAME/.ssh ]; then + echo $"Backing up ssh keys for $USERNAME" + backup_directory_to_usb /home/$USERNAME/.ssh ssh/$USERNAME + fi - # Backup fin database if it exists - if [ -d /home/$USERNAME/.fin ]; then - echo $"Backing up fin files for $USERNAME" - backup_directory_to_usb /home/$USERNAME/.fin fin/$USERNAME - fi + # Backup fin database if it exists + if [ -d /home/$USERNAME/.fin ]; then + echo $"Backing up fin files for $USERNAME" + backup_directory_to_usb /home/$USERNAME/.fin fin/$USERNAME + fi - # Backup syncthing - if [ -d /home/$USERNAME/Sync ]; then - echo $"Backing up syncthing files for $USERNAME" - backup_directory_to_usb /home/$USERNAME/Sync syncthing/$USERNAME - # ensure that device IDs will be backed up as part of user config settings - if [ ! -d /home/$USERNAME/.config/syncthing ]; then - mkdir -p /home/$USERNAME/.config/syncthing - chown -R $USERNAME:$USERNAME /home/$USERNAME/.config - fi - if [ -f /home/$USERNAME/.syncthing-server-id ]; then - cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing - chown -R $USERNAME:$USERNAME /home/$USERNAME/.config - fi - if [ -f /home/$USERNAME/.syncthingids ]; then - cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing - chown -R $USERNAME:$USERNAME /home/$USERNAME/.config - fi - fi + # Backup syncthing + if [ -d /home/$USERNAME/Sync ]; then + echo $"Backing up syncthing files for $USERNAME" + backup_directory_to_usb /home/$USERNAME/Sync syncthing/$USERNAME + # ensure that device IDs will be backed up as part of user config settings + if [ ! -d /home/$USERNAME/.config/syncthing ]; then + mkdir -p /home/$USERNAME/.config/syncthing + chown -R $USERNAME:$USERNAME /home/$USERNAME/.config + fi + if [ -f /home/$USERNAME/.syncthing-server-id ]; then + cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing + chown -R $USERNAME:$USERNAME /home/$USERNAME/.config + fi + if [ -f /home/$USERNAME/.syncthingids ]; then + cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing + chown -R $USERNAME:$USERNAME /home/$USERNAME/.config + fi + fi - # Backup emacs - if [ -d /home/$USERNAME/.emacs.d ]; then - echo $"Backing up Emacs config for $USERNAME" - if [ -f /home/$USERNAME/.emacs ]; then - cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs - fi - backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME - fi + # Backup emacs + if [ -d /home/$USERNAME/.emacs.d ]; then + echo $"Backing up Emacs config for $USERNAME" + if [ -f /home/$USERNAME/.emacs ]; then + cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs + fi + backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME + fi - # Backup user configs - if [ -d /home/$USERNAME/.config ]; then - echo $"Backing up config files for $USERNAME" - backup_directory_to_usb /home/$USERNAME/.config config/$USERNAME - fi + # Backup user configs + if [ -d /home/$USERNAME/.config ]; then + echo $"Backing up config files for $USERNAME" + backup_directory_to_usb /home/$USERNAME/.config config/$USERNAME + fi - # Backup monkeysphere - if [ -d /home/$USERNAME/.monkeysphere ]; then - echo $"Backing up monkeysphere files for $USERNAME" - backup_directory_to_usb /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME - fi + # Backup monkeysphere + if [ -d /home/$USERNAME/.monkeysphere ]; then + echo $"Backing up monkeysphere files for $USERNAME" + backup_directory_to_usb /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME + fi - # Backup user local - if [ -d /home/$USERNAME/.local ]; then - echo $"Backing up local files for $USERNAME" - backup_directory_to_usb /home/$USERNAME/.local local/$USERNAME - fi + # Backup user local + if [ -d /home/$USERNAME/.local ]; then + echo $"Backing up local files for $USERNAME" + backup_directory_to_usb /home/$USERNAME/.local local/$USERNAME + fi - # Backup mutt - if [ -f /home/$USERNAME/.muttrc ]; then - echo $"Backing up Mutt settings for $USERNAME" - if [ ! -d /home/$USERNAME/tempbackup ]; then - mkdir -p /home/$USERNAME/tempbackup - fi - cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup - if [ -f /etc/Muttrc ]; then - cp /etc/Muttrc /home/$USERNAME/tempbackup - fi - backup_directory_to_usb /home/$USERNAME/tempbackup mutt/$USERNAME - fi + # Backup mutt + if [ -f /home/$USERNAME/.muttrc ]; then + echo $"Backing up Mutt settings for $USERNAME" + if [ ! -d /home/$USERNAME/tempbackup ]; then + mkdir -p /home/$USERNAME/tempbackup + fi + cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup + if [ -f /etc/Muttrc ]; then + cp /etc/Muttrc /home/$USERNAME/tempbackup + fi + backup_directory_to_usb /home/$USERNAME/tempbackup mutt/$USERNAME + fi - # Backup email - if [ -d /home/$USERNAME/Maildir ]; then - echo $"Stopping mail server" - systemctl stop exim4 - echo $"Creating an email archive for $USERNAME" - if [ ! -d /root/tempbackupemail/$USERNAME ]; then - mkdir -p /root/tempbackupemail/$USERNAME - fi - tar -czvf /root/tempbackupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir - echo $"Restarting mail server" - systemctl start exim4 - echo $"Backing up emails for $USERNAME" - backup_directory_to_usb /root/tempbackupemail/$USERNAME mail/$USERNAME - fi + # Backup email + if [ -d /home/$USERNAME/Maildir ]; then + echo $"Stopping mail server" + systemctl stop exim4 + echo $"Creating an email archive for $USERNAME" + if [ ! -d /root/tempbackupemail/$USERNAME ]; then + mkdir -p /root/tempbackupemail/$USERNAME + fi + tar -czvf /root/tempbackupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir + echo $"Restarting mail server" + systemctl start exim4 + echo $"Backing up emails for $USERNAME" + backup_directory_to_usb /root/tempbackupemail/$USERNAME mail/$USERNAME + fi - # Backup spamassassin - if [ -d /home/$USERNAME/.spamassassin ]; then - echo $"Backing up spamassassin settings for $USERNAME" - backup_directory_to_usb /home/$USERNAME/.spamassassin spamassassin/$USERNAME - fi + # Backup spamassassin + if [ -d /home/$USERNAME/.spamassassin ]; then + echo $"Backing up spamassassin settings for $USERNAME" + backup_directory_to_usb /home/$USERNAME/.spamassassin spamassassin/$USERNAME + fi - # Backup procmail - if [ -f /home/$USERNAME/.procmailrc ]; then - echo $"Backing up procmail settings for $USERNAME" - if [ ! -d /home/$USERNAME/tempbackup ]; then - mkdir -p /home/$USERNAME/tempbackup - fi - cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup - backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME - fi - fi - done + # Backup procmail + if [ -f /home/$USERNAME/.procmailrc ]; then + echo $"Backing up procmail settings for $USERNAME" + if [ ! -d /home/$USERNAME/tempbackup ]; then + mkdir -p /home/$USERNAME/tempbackup + fi + cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup + backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME + fi + fi + done } function backup_directories { - export GVM_ROOT=$GVM_HOME - if [ -d $GVM_ROOT/bin ]; then - cd $GVM_ROOT/bin - [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm" - gvm use go${GO_VERSION} --default - systemctl set-environment GOPATH=$GOPATH - fi + export GVM_ROOT=$GVM_HOME + if [ -d $GVM_ROOT/bin ]; then + cd $GVM_ROOT/bin + [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm" + gvm use go${GO_VERSION} --default + systemctl set-environment GOPATH=$GOPATH + fi - # directories to be backed up (source,dest) - backup_dirs=( - "/etc/letsencrypt, letsencrypt" - "/etc/ssl, ssl" - "/var/spool/mlmmj, mailinglist" - "/etc/nginx/sites-available, web" - "/var/lib/tor, tor" - ) + # directories to be backed up (source,dest) + backup_dirs=( + "/etc/letsencrypt, letsencrypt" + "/etc/ssl, ssl" + "/var/spool/mlmmj, mailinglist" + "/etc/nginx/sites-available, web" + "/var/lib/tor, tor" + ) - for dr in "${backup_dirs[@]}" - do - # if this directory exists then back it up to the given destination - source_directory=$(echo $dr | awk -F ',' '{print $1}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - if [ -d $source_directory ]; then - dest_directory=$(echo $dr | awk -F ',' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - echo $"Backing up $source_directory to $dest_directory" - backup_directory_to_usb $source_directory $dest_directory - fi + for dr in "${backup_dirs[@]}" + do + # if this directory exists then back it up to the given destination + source_directory=$(echo $dr | awk -F ',' '{print $1}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + if [ -d $source_directory ]; then + dest_directory=$(echo $dr | awk -F ',' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + echo $"Backing up $source_directory to $dest_directory" + backup_directory_to_usb $source_directory $dest_directory + fi - restart_site - done + restart_site + done } function remove_backup_directory { - if [ $1 ]; then - if [[ $1 == "remove" ]]; then - if [ -d $USB_MOUNT/backup ]; then - rm -rf $USB_MOUNT/backup - echo $'Existing backup directory removed' - backup_unmount_drive - exit 0 - fi - fi - fi + if [ $1 ]; then + if [[ $1 == "remove" ]]; then + if [ -d $USB_MOUNT/backup ]; then + rm -rf $USB_MOUNT/backup + echo $'Existing backup directory removed' + backup_unmount_drive + exit 0 + fi + fi + fi } function prepare_directories { - export GVM_ROOT=$GVM_HOME - if [ -d $GVM_ROOT/bin ]; then - cd $GVM_ROOT/bin - [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm" - gvm use go${GO_VERSION} --default - systemctl set-environment GOPATH=$GOPATH - fi + export GVM_ROOT=$GVM_HOME + if [ -d $GVM_ROOT/bin ]; then + cd $GVM_ROOT/bin + [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm" + gvm use go${GO_VERSION} --default + systemctl set-environment GOPATH=$GOPATH + fi - # Some miscellaneous preparation for backing up directories - if [ -d $GOPATH/src/github.com/gogits ]; then - mv /home/git/gogs-repositories/*.git /home/git/gogs-repositories/$ADMIN_USERNAME - fi - if [ -d /var/lib/tox-bootstrapd ]; then - cp /etc/tox-bootstrapd.conf /var/lib/tox-bootstrapd - if [ -d /var/lib/tox-bootstrapd/Maildir ]; then - rm -rf /var/lib/tox-bootstrapd/Maildir - fi - fi + # Some miscellaneous preparation for backing up directories + if [ -d $GOPATH/src/github.com/gogits ]; then + mv /home/git/gogs-repositories/*.git /home/git/gogs-repositories/$ADMIN_USERNAME + fi + if [ -d /var/lib/tox-bootstrapd ]; then + cp /etc/tox-bootstrapd.conf /var/lib/tox-bootstrapd + if [ -d /var/lib/tox-bootstrapd/Maildir ]; then + rm -rf /var/lib/tox-bootstrapd/Maildir + fi + fi } function backup_configuration { - echo $"Backing up ${PROJECT_NAME} configuration files" - temp_backup_dir=/root/tempbackupconfig - if [ ! -d $temp_backup_dir ]; then - mkdir -p $temp_backup_dir - fi - cp -f $CONFIG_FILE $temp_backup_dir - cp -f $COMPLETION_FILE $temp_backup_dir - if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then - cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir - fi - # nginx password hashes - if [ -f /etc/nginx/.htpasswd ]; then - cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd - fi - backup_directory_to_usb $temp_backup_dir config + echo $"Backing up ${PROJECT_NAME} configuration files" + temp_backup_dir=/root/tempbackupconfig + if [ ! -d $temp_backup_dir ]; then + mkdir -p $temp_backup_dir + fi + cp -f $CONFIG_FILE $temp_backup_dir + cp -f $COMPLETION_FILE $temp_backup_dir + if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then + cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir + fi + # nginx password hashes + if [ -f /etc/nginx/.htpasswd ]; then + cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd + fi + backup_directory_to_usb $temp_backup_dir config } function backup_admin_readme { - if [ -f /home/$ADMIN_USERNAME/README ]; then - echo $"Backing up README" - temp_backup_dir=/home/$ADMIN_USERNAME/tempbackup - if [ ! -d $temp_backup_dir ]; then - mkdir -p $temp_backup_dir - fi - cp -f /home/$ADMIN_USERNAME/README $temp_backup_dir - backup_directory_to_usb $temp_backup_dir readme - fi + if [ -f /home/$ADMIN_USERNAME/README ]; then + echo $"Backing up README" + temp_backup_dir=/home/$ADMIN_USERNAME/tempbackup + if [ ! -d $temp_backup_dir ]; then + mkdir -p $temp_backup_dir + fi + cp -f /home/$ADMIN_USERNAME/README $temp_backup_dir + backup_directory_to_usb $temp_backup_dir readme + fi } function backup_mariadb { - if [ ${#DATABASE_PASSWORD} -gt 1 ]; then - temp_backup_dir=/root/tempmariadb - if [ ! -d $temp_backup_dir ]; then - mkdir $temp_backup_dir - fi - mysqldump --lock-tables --password="$DATABASE_PASSWORD" mysql user > $temp_backup_dir/mysql.sql - if [ ! -s $temp_backup_dir/mysql.sql ]; then - echo $"Unable to backup mysql settings" - rm -rf $temp_backup_dir - umount $USB_MOUNT - rm -rf $USB_MOUNT - exit 8 - fi - echo "$DATABASE_PASSWORD" > $temp_backup_dir/db - chmod 400 $temp_backup_dir/db - backup_directory_to_usb $temp_backup_dir mariadb - fi + if [ ${#DATABASE_PASSWORD} -gt 1 ]; then + temp_backup_dir=/root/tempmariadb + if [ ! -d $temp_backup_dir ]; then + mkdir $temp_backup_dir + fi + mysqldump --lock-tables --password="$DATABASE_PASSWORD" mysql user > $temp_backup_dir/mysql.sql + if [ ! -s $temp_backup_dir/mysql.sql ]; then + echo $"Unable to backup mysql settings" + rm -rf $temp_backup_dir + umount $USB_MOUNT + rm -rf $USB_MOUNT + exit 8 + fi + echo "$DATABASE_PASSWORD" > $temp_backup_dir/db + chmod 400 $temp_backup_dir/db + backup_directory_to_usb $temp_backup_dir mariadb + fi } function valid_backup_destination { - destination_dir="$1" - is_valid="yes" + destination_dir="$1" + is_valid="yes" - if [[ "$destination_dir" == "hubzilla" || \ - "$destination_dir" == "hubzilladata" || \ - "$destination_dir" == "gogs" || \ - "$destination_dir" == "gogsrepos" || \ - "$destination_dir" == "gogsssh" || \ - "$destination_dir" == "gnusocial" || \ - "$destination_dir" == "gnusocialdata" || \ - "$destination_dir" == "mariadb" || \ - "$destination_dir" == "config" || \ - "$destination_dir" == "letsencrypt" || \ - "$destination_dir" == "wiki" || \ - "$destination_dir" == "wiki2" || \ - "$destination_dir" == "xmpp" || \ - "$destination_dir" == "ipfs" || \ - "$destination_dir" == "dlna" || \ - "$destination_dir" == "tox" || \ - "$destination_dir" == "ssl" || \ - "$destination_dir" == "ttrss" || \ - "$destination_dir" == "blog" || \ - "$destination_dir" == "syncthingconfig" || \ - "$destination_dir" == "syncthingshared" || \ - "$destination_dir" == "syncthing" || \ - "$destination_dir" == "mediagoblin" || \ - "$destination_dir" == "mailinglist" ]]; then - is_valid="no" - fi + if [[ "$destination_dir" == "hubzilla" || \ + "$destination_dir" == "hubzilladata" || \ + "$destination_dir" == "gogs" || \ + "$destination_dir" == "gogsrepos" || \ + "$destination_dir" == "gogsssh" || \ + "$destination_dir" == "gnusocial" || \ + "$destination_dir" == "gnusocialdata" || \ + "$destination_dir" == "mariadb" || \ + "$destination_dir" == "config" || \ + "$destination_dir" == "letsencrypt" || \ + "$destination_dir" == "wiki" || \ + "$destination_dir" == "wiki2" || \ + "$destination_dir" == "xmpp" || \ + "$destination_dir" == "ipfs" || \ + "$destination_dir" == "dlna" || \ + "$destination_dir" == "tox" || \ + "$destination_dir" == "ssl" || \ + "$destination_dir" == "ttrss" || \ + "$destination_dir" == "blog" || \ + "$destination_dir" == "syncthingconfig" || \ + "$destination_dir" == "syncthingshared" || \ + "$destination_dir" == "syncthing" || \ + "$destination_dir" == "mediagoblin" || \ + "$destination_dir" == "mailinglist" ]]; then + is_valid="no" + fi - echo $is_valid + echo $is_valid } function backup_extra_directories { - if [ ! -f $BACKUP_EXTRA_DIRECTORIES ]; then - return - fi + if [ ! -f $BACKUP_EXTRA_DIRECTORIES ]; then + return + fi - echo $"Backing up some additional directories" - while read backup_line - do - backup_dir=$(echo "$backup_line" | awk -F ',' '{print $1}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - if [ -d "$backup_dir" ]; then - destination_dir=$(echo "$backup_line" | awk -F ',' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - if [[ $(valid_backup_destination "$destination_dir") == "yes" ]]; then - backup_directory_to_usb "$backup_dir" "$destination_dir" - else - echo $"WARNING: The backup directory $destination_dir is already used." - echo $"Choose a different destination name for backing up $backup_dir" - fi - else - echo $"WARNING: Directory $backup_dir does not exist" - fi - done <$BACKUP_EXTRA_DIRECTORIES + echo $"Backing up some additional directories" + while read backup_line + do + backup_dir=$(echo "$backup_line" | awk -F ',' '{print $1}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + if [ -d "$backup_dir" ]; then + destination_dir=$(echo "$backup_line" | awk -F ',' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + if [[ $(valid_backup_destination "$destination_dir") == "yes" ]]; then + backup_directory_to_usb "$backup_dir" "$destination_dir" + else + echo $"WARNING: The backup directory $destination_dir is already used." + echo $"Choose a different destination name for backing up $backup_dir" + fi + else + echo $"WARNING: Directory $backup_dir does not exist" + fi + done <$BACKUP_EXTRA_DIRECTORIES } # has the remove option been set ? remove_option=$2 if [[ $1 == "remove" ]]; then - remove_option=$1 + remove_option=$1 fi backup_mount_drive $1 $2 diff --git a/src/freedombone-backup-remote b/src/freedombone-backup-remote index 5078b982..03dc5f7a 100755 --- a/src/freedombone-backup-remote +++ b/src/freedombone-backup-remote @@ -54,27 +54,27 @@ ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $ ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1) ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME} if [ ! -f /etc/ssl/private/backup.key ]; then - echo $"Creating backup key" - ${PROJECT_NAME}-addcert -h backup --dhkey 2048 + echo $"Creating backup key" + ${PROJECT_NAME}-addcert -h backup --dhkey 2048 fi if [ ! -f /home/${ADMIN_USERNAME}/backup.list ]; then - exit 1 + exit 1 fi # MariaDB password DATABASE_PASSWORD='' if [ -f /root/dbpass ]; then - DATABASE_PASSWORD=$(cat /root/dbpass) + DATABASE_PASSWORD=$(cat /root/dbpass) fi # local directory where the backup will be made if [ ! -d $SERVER_DIRECTORY ]; then - mkdir $SERVER_DIRECTORY + mkdir $SERVER_DIRECTORY fi if [ ! -d $SERVER_DIRECTORY/backup ]; then - mkdir -p $SERVER_DIRECTORY/backup + mkdir -p $SERVER_DIRECTORY/backup fi # The name of a currently suspended site @@ -82,392 +82,392 @@ fi SUSPENDED_SITE= function suspend_site { - # suspends a given website - if [[ $ENABLE_VERIFICATION != "yes" ]]; then - return - fi - SUSPENDED_SITE="$1" - nginx_dissite $SUSPENDED_SITE - service nginx reload + # suspends a given website + if [[ $ENABLE_VERIFICATION != "yes" ]]; then + return + fi + SUSPENDED_SITE="$1" + nginx_dissite $SUSPENDED_SITE + service nginx reload } function restart_site { - # restarts a given website - if [ ! $SUSPENDED_SITE ]; then - return - fi - nginx_ensite $SUSPENDED_SITE - service nginx reload - SUSPENDED_SITE= + # restarts a given website + if [ ! $SUSPENDED_SITE ]; then + return + fi + nginx_ensite $SUSPENDED_SITE + service nginx reload + SUSPENDED_SITE= } function backup_configuration { - echo $"Backing up ${PROJECT_NAME} configuration files" - temp_backup_dir=/root/tempbackupconfig - if [ ! -d $temp_backup_dir ]; then - mkdir -p $temp_backup_dir - fi - cp -f $CONFIG_FILE $temp_backup_dir - cp -f $COMPLETION_FILE $temp_backup_dir - if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then - cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir - fi - # nginx password hashes - if [ -f /etc/nginx/.htpasswd ]; then - cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd - fi - backup_directory_to_friend $temp_backup_dir config + echo $"Backing up ${PROJECT_NAME} configuration files" + temp_backup_dir=/root/tempbackupconfig + if [ ! -d $temp_backup_dir ]; then + mkdir -p $temp_backup_dir + fi + cp -f $CONFIG_FILE $temp_backup_dir + cp -f $COMPLETION_FILE $temp_backup_dir + if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then + cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir + fi + # nginx password hashes + if [ -f /etc/nginx/.htpasswd ]; then + cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd + fi + backup_directory_to_friend $temp_backup_dir config } function backup_users { - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then - # personal settings - if [ -d /home/$USERNAME/personal ]; then - echo $"Backing up personal settings for $USERNAME" - backup_directory_to_friend /home/$USERNAME/personal personal/$USERNAME - fi + # personal settings + if [ -d /home/$USERNAME/personal ]; then + echo $"Backing up personal settings for $USERNAME" + backup_directory_to_friend /home/$USERNAME/personal personal/$USERNAME + fi - # gpg keys - if [ -d /home/$USERNAME/.gnupg ]; then - echo $"Backing up gpg keys for $USERNAME" - backup_directory_to_friend /home/$USERNAME/.gnupg gnupg/$USERNAME - fi + # gpg keys + if [ -d /home/$USERNAME/.gnupg ]; then + echo $"Backing up gpg keys for $USERNAME" + backup_directory_to_friend /home/$USERNAME/.gnupg gnupg/$USERNAME + fi - # ssh keys - if [ -d /home/$USERNAME/.ssh ]; then - echo $"Backing up ssh keys for $USERNAME" - backup_directory_to_friend /home/$USERNAME/.ssh ssh/$USERNAME - fi + # ssh keys + if [ -d /home/$USERNAME/.ssh ]; then + echo $"Backing up ssh keys for $USERNAME" + backup_directory_to_friend /home/$USERNAME/.ssh ssh/$USERNAME + fi - # syncthing files - if [ -d /home/$USERNAME/Sync ]; then - echo $"Backing up syncthing files for $USERNAME" - backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME - # ensure that device IDs will be backed up as part of user config settings - if [ ! -d /home/$USERNAME/.config/syncthing ]; then - mkdir -p /home/$USERNAME/.config/syncthing - chown -R $USERNAME:$USERNAME /home/$USERNAME/.config - fi - if [ -f /home/$USERNAME/.syncthing-server-id ]; then - cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing - chown -R $USERNAME:$USERNAME /home/$USERNAME/.config - fi - if [ -f /home/$USERNAME/.syncthingids ]; then - cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing - chown -R $USERNAME:$USERNAME /home/$USERNAME/.config - fi - fi + # syncthing files + if [ -d /home/$USERNAME/Sync ]; then + echo $"Backing up syncthing files for $USERNAME" + backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME + # ensure that device IDs will be backed up as part of user config settings + if [ ! -d /home/$USERNAME/.config/syncthing ]; then + mkdir -p /home/$USERNAME/.config/syncthing + chown -R $USERNAME:$USERNAME /home/$USERNAME/.config + fi + if [ -f /home/$USERNAME/.syncthing-server-id ]; then + cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing + chown -R $USERNAME:$USERNAME /home/$USERNAME/.config + fi + if [ -f /home/$USERNAME/.syncthingids ]; then + cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing + chown -R $USERNAME:$USERNAME /home/$USERNAME/.config + fi + fi - # config files - if [ -d /home/$USERNAME/.config ]; then - echo $"Backing up config files for $USERNAME" - backup_directory_to_friend /home/$USERNAME/.config config/$USERNAME - fi + # config files + if [ -d /home/$USERNAME/.config ]; then + echo $"Backing up config files for $USERNAME" + backup_directory_to_friend /home/$USERNAME/.config config/$USERNAME + fi - # monkeysphere files - if [ -d /home/$USERNAME/.monkeysphere ]; then - echo $"Backing up monkeysphere files for $USERNAME" - backup_directory_to_friend /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME - fi + # monkeysphere files + if [ -d /home/$USERNAME/.monkeysphere ]; then + echo $"Backing up monkeysphere files for $USERNAME" + backup_directory_to_friend /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME + fi - # fin files - if [ -d /home/$USERNAME/.fin ]; then - echo $"Backing up fin files for $USERNAME" - backup_directory_to_friend /home/$USERNAME/.fin fin/$USERNAME - fi + # fin files + if [ -d /home/$USERNAME/.fin ]; then + echo $"Backing up fin files for $USERNAME" + backup_directory_to_friend /home/$USERNAME/.fin fin/$USERNAME + fi - # local files - if [ -d /home/$USERNAME/.local ]; then - echo $"Backing up local files for $USERNAME" - backup_directory_to_friend /home/$USERNAME/.local local/$USERNAME - fi + # local files + if [ -d /home/$USERNAME/.local ]; then + echo $"Backing up local files for $USERNAME" + backup_directory_to_friend /home/$USERNAME/.local local/$USERNAME + fi - # mutt settings - if [ -f /home/$USERNAME/.muttrc ]; then - echo $"Backing up Mutt settings for $USERNAME" - if [ ! -d /home/$USERNAME/tempbackup ]; then - mkdir -p /home/$USERNAME/tempbackup - fi - cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup - if [ -f /etc/Muttrc ]; then - cp /etc/Muttrc /home/$USERNAME/tempbackup - fi - backup_directory_to_friend /home/$USERNAME/tempbackup mutt/$USERNAME - fi + # mutt settings + if [ -f /home/$USERNAME/.muttrc ]; then + echo $"Backing up Mutt settings for $USERNAME" + if [ ! -d /home/$USERNAME/tempbackup ]; then + mkdir -p /home/$USERNAME/tempbackup + fi + cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup + if [ -f /etc/Muttrc ]; then + cp /etc/Muttrc /home/$USERNAME/tempbackup + fi + backup_directory_to_friend /home/$USERNAME/tempbackup mutt/$USERNAME + fi - # procmail settings - if [ -f /home/$USERNAME/.procmailrc ]; then - echo $"Backing up procmail settings for $USERNAME" - if [ ! -d /home/$USERNAME/tempbackup ]; then - mkdir -p /home/$USERNAME/tempbackup - fi - cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup - backup_directory_to_friend /home/$USERNAME/tempbackup procmail/$USERNAME - fi + # procmail settings + if [ -f /home/$USERNAME/.procmailrc ]; then + echo $"Backing up procmail settings for $USERNAME" + if [ ! -d /home/$USERNAME/tempbackup ]; then + mkdir -p /home/$USERNAME/tempbackup + fi + cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup + backup_directory_to_friend /home/$USERNAME/tempbackup procmail/$USERNAME + fi - # spamassassin settings - if [ -d /home/$USERNAME/.spamassassin ]; then - echo $"Backing up spamassassin settings for $USERNAME" - backup_directory_to_friend /home/$USERNAME/.spamassassin spamassassin/$USERNAME - fi + # spamassassin settings + if [ -d /home/$USERNAME/.spamassassin ]; then + echo $"Backing up spamassassin settings for $USERNAME" + backup_directory_to_friend /home/$USERNAME/.spamassassin spamassassin/$USERNAME + fi - # email - if [ -d /home/$USERNAME/Maildir ]; then - echo $"Stopping mail server" - systemctl stop exim4 - echo $"Creating an email archive" - if [ ! -d /root/backupemail/$USERNAME ]; then - mkdir -p /root/backupemail/$USERNAME - fi - tar -czvf /root/backupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir - echo $"Restarting mail server" - systemctl start exim4 - echo $"Backing up emails for $USERNAME" - backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME - fi - fi - done + # email + if [ -d /home/$USERNAME/Maildir ]; then + echo $"Stopping mail server" + systemctl stop exim4 + echo $"Creating an email archive" + if [ ! -d /root/backupemail/$USERNAME ]; then + mkdir -p /root/backupemail/$USERNAME + fi + tar -czvf /root/backupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir + echo $"Restarting mail server" + systemctl start exim4 + echo $"Backing up emails for $USERNAME" + backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME + fi + fi + done } function backup_letsencrypt { - if [ -d /etc/letsencrypt ]; then - echo $"Backing up Lets Encrypt settings" - backup_directory_to_friend /etc/letsencrypt letsencrypt - fi + if [ -d /etc/letsencrypt ]; then + echo $"Backing up Lets Encrypt settings" + backup_directory_to_friend /etc/letsencrypt letsencrypt + fi } function backup_tor { - if [ -d /etc/letsencrypt ]; then - echo $"Backing up Tor settings" - backup_directory_to_friend /var/lib/tor tor - fi + if [ -d /etc/letsencrypt ]; then + echo $"Backing up Tor settings" + backup_directory_to_friend /var/lib/tor tor + fi } function backup_certs { - if [ -d /etc/ssl ]; then - echo $"Backing up certificates" - backup_directory_to_friend /etc/ssl ssl - fi + if [ -d /etc/ssl ]; then + echo $"Backing up certificates" + backup_directory_to_friend /etc/ssl ssl + fi } function backup_mailing_list { - if [ -d /var/spool/mlmmj ]; then - echo $"Backing up the public mailing list" - backup_directory_to_friend /var/spool/mlmmj mailinglist - fi + if [ -d /var/spool/mlmmj ]; then + echo $"Backing up the public mailing list" + backup_directory_to_friend /var/spool/mlmmj mailinglist + fi } function backup_web_server { - if [ -d /etc/nginx ]; then - echo $"Backing up web settings" - backup_directory_to_friend /etc/nginx/sites-available web - fi + if [ -d /etc/nginx ]; then + echo $"Backing up web settings" + backup_directory_to_friend /etc/nginx/sites-available web + fi } function backup_admin_readme { - if [ -f /home/$ADMIN_USERNAME/README ]; then - echo $"Backing up README" - if [ ! -d /home/$ADMIN_USERNAME/tempbackup ]; then - mkdir -p /home/$ADMIN_USERNAME/tempbackup - fi - cp -f /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/tempbackup - backup_directory_to_friend /home/$ADMIN_USERNAME/tempbackup readme - fi + if [ -f /home/$ADMIN_USERNAME/README ]; then + echo $"Backing up README" + if [ ! -d /home/$ADMIN_USERNAME/tempbackup ]; then + mkdir -p /home/$ADMIN_USERNAME/tempbackup + fi + cp -f /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/tempbackup + backup_directory_to_friend /home/$ADMIN_USERNAME/tempbackup readme + fi } function backup_mariadb { - if [ ${#DATABASE_PASSWORD} -gt 1 ]; then - temp_backup_dir=/root/tempmariadb - if [ ! -d $temp_backup_dir ]; then - mkdir $temp_backup_dir - fi - mysqldump --password=$DATABASE_PASSWORD mysql user > $temp_backup_dir/mysql.sql - if [ ! -s $temp_backup_dir/mysql.sql ]; then - echo $"Unable to backup MariaDB settings" - rm -rf $temp_backup_dir - # Send a warning email - echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS - exit 653 - fi - echo "$DATABASE_PASSWORD" > $temp_backup_dir/db - chmod 400 $temp_backup_dir/db - backup_directory_to_friend $temp_backup_dir mariadb - fi + if [ ${#DATABASE_PASSWORD} -gt 1 ]; then + temp_backup_dir=/root/tempmariadb + if [ ! -d $temp_backup_dir ]; then + mkdir $temp_backup_dir + fi + mysqldump --password=$DATABASE_PASSWORD mysql user > $temp_backup_dir/mysql.sql + if [ ! -s $temp_backup_dir/mysql.sql ]; then + echo $"Unable to backup MariaDB settings" + rm -rf $temp_backup_dir + # Send a warning email + echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS + exit 653 + fi + echo "$DATABASE_PASSWORD" > $temp_backup_dir/db + chmod 400 $temp_backup_dir/db + backup_directory_to_friend $temp_backup_dir mariadb + fi } # Returns the filename of a key share function get_key_share { - no_of_shares=$1 - USERNAME="$2" - REMOTE_DOMAIN="$3" + no_of_shares=$1 + USERNAME="$2" + REMOTE_DOMAIN="$3" - # Get a share index based on the supplied domain name - # This ensures that the same share is always given to the same domain - sharenumstr=$(md5sum <<< "$REMOTE_DOMAIN") - share_index=$(echo $((0x${sharenumstr%% *} % ${no_of_shares})) | tr -d -) + # Get a share index based on the supplied domain name + # This ensures that the same share is always given to the same domain + sharenumstr=$(md5sum <<< "$REMOTE_DOMAIN") + share_index=$(echo $((0x${sharenumstr%% *} % ${no_of_shares})) | tr -d -) - # get the filename - share_files=(/home/$USERNAME/.gnupg_fragments/keyshare.asc.*) - share_filename=${share_files[share_index]} + # get the filename + share_files=(/home/$USERNAME/.gnupg_fragments/keyshare.asc.*) + share_filename=${share_files[share_index]} - echo "$share_filename" + echo "$share_filename" } function disperse_key_shares { - USERNAME=$1 - REMOTE_DOMAIN=$2 - REMOTE_SSH_PORT=$3 - REMOTE_PASSWORD=$4 - REMOTE_SERVER=$5 + USERNAME=$1 + REMOTE_DOMAIN=$2 + REMOTE_SSH_PORT=$3 + REMOTE_PASSWORD=$4 + REMOTE_SERVER=$5 - if [ -d /home/$USERNAME/.gnupg_fragments ]; then - if [ $REMOTE_DOMAIN ]; then - cd /home/$USERNAME/.gnupg_fragments - no_of_shares=$(ls -afq keyshare.asc.* | wc -l) - if (( no_of_shares > 1 )); then - share_filename=$(get_key_share $no_of_shares "$USERNAME" "$REMOTE_DOMAIN") + if [ -d /home/$USERNAME/.gnupg_fragments ]; then + if [ $REMOTE_DOMAIN ]; then + cd /home/$USERNAME/.gnupg_fragments + no_of_shares=$(ls -afq keyshare.asc.* | wc -l) + if (( no_of_shares > 1 )); then + share_filename=$(get_key_share $no_of_shares "$USERNAME" "$REMOTE_DOMAIN") - # create a temp directory containing the share - temp_key_share_dir=/home/$USERNAME/tempkey - temp_key_share_fragments=$temp_key_share_dir/.gnupg_fragments_${USERNAME} - mkdir -p $temp_key_share_fragments - cp $share_filename $temp_key_share_fragments/ + # create a temp directory containing the share + temp_key_share_dir=/home/$USERNAME/tempkey + temp_key_share_fragments=$temp_key_share_dir/.gnupg_fragments_${USERNAME} + mkdir -p $temp_key_share_fragments + cp $share_filename $temp_key_share_fragments/ - # copy the fragments directory to the remote server - /usr/bin/sshpass -p "$REMOTE_PASSWORD" \ - scp -r -P $REMOTE_SSH_PORT $temp_key_share_fragments $REMOTE_SERVER - if [ ! "$?" = "0" ]; then - # Send a warning email - echo "Key share to $REMOTE_SERVER failed" | \ - mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS - else - # Send a confirmation email - echo "Key ${share_filename} shared to $REMOTE_SERVER" | \ - mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS - fi + # copy the fragments directory to the remote server + /usr/bin/sshpass -p "$REMOTE_PASSWORD" \ + scp -r -P $REMOTE_SSH_PORT $temp_key_share_fragments $REMOTE_SERVER + if [ ! "$?" = "0" ]; then + # Send a warning email + echo "Key share to $REMOTE_SERVER failed" | \ + mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS + else + # Send a confirmation email + echo "Key ${share_filename} shared to $REMOTE_SERVER" | \ + mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS + fi - # remove the temp file/directory - shred -zu $temp_key_share_fragments/* - rm -rf $temp_key_share_dir - fi - fi - fi + # remove the temp file/directory + shred -zu $temp_key_share_fragments/* + rm -rf $temp_key_share_dir + fi + fi + fi } function valid_backup_destination { - destination_dir="$1" - is_valid="yes" + destination_dir="$1" + is_valid="yes" - if [[ "$destination_dir" == "hubzilla" || \ - "$destination_dir" == "hubzilladata" || \ - "$destination_dir" == "gogs" || \ - "$destination_dir" == "gogsrepos" || \ - "$destination_dir" == "gogsssh" || \ - "$destination_dir" == "gnusocial" || \ - "$destination_dir" == "gnusocialdata" || \ - "$destination_dir" == "mariadb" || \ - "$destination_dir" == "config" || \ - "$destination_dir" == "letsencrypt" || \ - "$destination_dir" == "wiki" || \ - "$destination_dir" == "wiki2" || \ - "$destination_dir" == "xmpp" || \ - "$destination_dir" == "ipfs" || \ - "$destination_dir" == "dlna" || \ - "$destination_dir" == "tox" || \ - "$destination_dir" == "ssl" || \ - "$destination_dir" == "blog" || \ - "$destination_dir" == "syncthing" || \ - "$destination_dir" == "syncthingconfig" || \ - "$destination_dir" == "syncthingshared" || \ - "$destination_dir" == "mailinglist" ]]; then - is_valid="no" - fi + if [[ "$destination_dir" == "hubzilla" || \ + "$destination_dir" == "hubzilladata" || \ + "$destination_dir" == "gogs" || \ + "$destination_dir" == "gogsrepos" || \ + "$destination_dir" == "gogsssh" || \ + "$destination_dir" == "gnusocial" || \ + "$destination_dir" == "gnusocialdata" || \ + "$destination_dir" == "mariadb" || \ + "$destination_dir" == "config" || \ + "$destination_dir" == "letsencrypt" || \ + "$destination_dir" == "wiki" || \ + "$destination_dir" == "wiki2" || \ + "$destination_dir" == "xmpp" || \ + "$destination_dir" == "ipfs" || \ + "$destination_dir" == "dlna" || \ + "$destination_dir" == "tox" || \ + "$destination_dir" == "ssl" || \ + "$destination_dir" == "blog" || \ + "$destination_dir" == "syncthing" || \ + "$destination_dir" == "syncthingconfig" || \ + "$destination_dir" == "syncthingshared" || \ + "$destination_dir" == "mailinglist" ]]; then + is_valid="no" + fi - echo $is_valid + echo $is_valid } function backup_extra_directories { - if [ ! -f $BACKUP_EXTRA_DIRECTORIES ]; then - return - fi + if [ ! -f $BACKUP_EXTRA_DIRECTORIES ]; then + return + fi - echo $"Backing up some additional directories" - while read backup_line - do - backup_dir=$(echo "$backup_line" | awk -F ',' '{print $1}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - if [ -d "$backup_dir" ]; then - destination_dir=$(echo "$backup_line" | awk -F ',' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - if [[ $(valid_backup_destination "$destination_dir") == "yes" ]]; then - backup_directory_to_friend "$backup_dir" "$destination_dir" - else - echo $"WARNING: The backup directory $destination_dir is already used." - echo $"Choose a different destination name for backing up $backup_dir" - fi - else - echo $"WARNING: Directory $backup_dir does not exist" - fi - done <$BACKUP_EXTRA_DIRECTORIES + echo $"Backing up some additional directories" + while read backup_line + do + backup_dir=$(echo "$backup_line" | awk -F ',' '{print $1}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + if [ -d "$backup_dir" ]; then + destination_dir=$(echo "$backup_line" | awk -F ',' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + if [[ $(valid_backup_destination "$destination_dir") == "yes" ]]; then + backup_directory_to_friend "$backup_dir" "$destination_dir" + else + echo $"WARNING: The backup directory $destination_dir is already used." + echo $"Choose a different destination name for backing up $backup_dir" + fi + else + echo $"WARNING: Directory $backup_dir does not exist" + fi + done <$BACKUP_EXTRA_DIRECTORIES } TEST_MODE="no" if [[ "$1" == "test" ]]; then - TEST_MODE="yes" + TEST_MODE="yes" fi backup_configuration if [[ $TEST_MODE == "no" ]]; then - backup_users - backup_letsencrypt - backup_tor - backup_web_server - backup_admin_readme - backup_mariadb - backup_certs - backup_mailing_list - backup_apps remote - backup_extra_directories + backup_users + backup_letsencrypt + backup_tor + backup_web_server + backup_admin_readme + backup_mariadb + backup_certs + backup_mailing_list + backup_apps remote + backup_extra_directories fi # For each remote server while read remote_server do - # Get the server and its password - # Format is: - # username@domain /home/username - REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}') - if [ $REMOTE_SERVER ]; then - REMOTE_DOMAIN=$(echo "${remote_server}" | awk -F ' ' '{print $1}' | awk -F '@' '{print $2}') - REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}') - REMOTE_DIRECTORY=$(echo "${remote_server}" | awk -F ' ' '{print $3}') - REMOTE_PASSWORD=$(echo "${remote_server}" | awk -F ' ' '{print $4}') - NOW=$(date +"%Y-%m-%d %H:%M:%S") - REMOTE_SERVER=$REMOTE_SERVER:$REMOTE_DIRECTORY + # Get the server and its password + # Format is: + # username@domain /home/username + REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}') + if [ $REMOTE_SERVER ]; then + REMOTE_DOMAIN=$(echo "${remote_server}" | awk -F ' ' '{print $1}' | awk -F '@' '{print $2}') + REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}') + REMOTE_DIRECTORY=$(echo "${remote_server}" | awk -F ' ' '{print $3}') + REMOTE_PASSWORD=$(echo "${remote_server}" | awk -F ' ' '{print $4}') + NOW=$(date +"%Y-%m-%d %H:%M:%S") + REMOTE_SERVER=$REMOTE_SERVER:$REMOTE_DIRECTORY - echo "$NOW Starting backup to $REMOTE_SERVER" >> /var/log/remotebackups.log + echo "$NOW Starting backup to $REMOTE_SERVER" >> /var/log/remotebackups.log - # Social key management - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - disperse_key_shares $USERNAME $REMOTE_DOMAIN $REMOTE_SSH_PORT "$REMOTE_PASSWORD" $REMOTE_SERVER - fi - done + # Social key management + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then + disperse_key_shares $USERNAME $REMOTE_DOMAIN $REMOTE_SSH_PORT "$REMOTE_PASSWORD" $REMOTE_SERVER + fi + done - if [[ $TEST_MODE == "yes" ]]; then - echo "rsync -ratlzv --rsh=\"/usr/bin/sshpass -p '$REMOTE_PASSWORD' ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no\" $SERVER_DIRECTORY/backup $REMOTE_SERVER" - fi - rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $SERVER_DIRECTORY/backup $REMOTE_SERVER - if [ ! "$?" = "0" ]; then - echo "$NOW Backup to $REMOTE_SERVER failed" >> /var/log/remotebackups.log - # Send a warning email - echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS - else - echo "$NOW Backed up to $REMOTE_SERVER" >> /var/log/remotebackups.log - fi - fi + if [[ $TEST_MODE == "yes" ]]; then + echo "rsync -ratlzv --rsh=\"/usr/bin/sshpass -p '$REMOTE_PASSWORD' ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no\" $SERVER_DIRECTORY/backup $REMOTE_SERVER" + fi + rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $SERVER_DIRECTORY/backup $REMOTE_SERVER + if [ ! "$?" = "0" ]; then + echo "$NOW Backup to $REMOTE_SERVER failed" >> /var/log/remotebackups.log + # Send a warning email + echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS + else + echo "$NOW Backed up to $REMOTE_SERVER" >> /var/log/remotebackups.log + fi + fi done < /home/${ADMIN_USERNAME}/backup.list diff --git a/src/freedombone-base-email b/src/freedombone-base-email index 06a41552..f06a7b87 100755 --- a/src/freedombone-base-email +++ b/src/freedombone-base-email @@ -79,1459 +79,1459 @@ GPGIT_COMMIT='583dc76119f19420f8a33f606744faa7c8922738' REFRESH_GPG_KEYS_HOURS=2 function backup_email { - echo '' + echo '' } function configure_firewall_for_email { - if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then - return - fi - if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - iptables -A INPUT -p tcp --dport 25 -j ACCEPT - iptables -A INPUT -p tcp --dport 587 -j ACCEPT - iptables -A INPUT -p tcp --dport 465 -j ACCEPT - iptables -A INPUT -p tcp --dport 993 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then + return + fi + if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + iptables -A INPUT -p tcp --dport 25 -j ACCEPT + iptables -A INPUT -p tcp --dport 587 -j ACCEPT + iptables -A INPUT -p tcp --dport 465 -j ACCEPT + iptables -A INPUT -p tcp --dport 993 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=('Email 25') - OPEN_PORTS+=('Email 587') - OPEN_PORTS+=('Email 465') - OPEN_PORTS+=('Email 993') - echo 'configure_firewall_for_email' >> $COMPLETION_FILE + OPEN_PORTS+=('Email 25') + OPEN_PORTS+=('Email 587') + OPEN_PORTS+=('Email 465') + OPEN_PORTS+=('Email 993') + echo 'configure_firewall_for_email' >> $COMPLETION_FILE } function encrypt_incoming_email { - # encrypts incoming mail using your GPG public key - # so even if an attacker gains access to the data at rest they still need - # to know your GPG key password to be able to read anything - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi + # encrypts incoming mail using your GPG public key + # so even if an attacker gains access to the data at rest they still need + # to know your GPG key password to be able to read anything + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi - # update to the next commit - function_check set_repo_commit - set_repo_commit $INSTALL_DIR/gpgit "gpgit commit" "$GPGIT_COMMIT" $GPGIT_REPO + # update to the next commit + function_check set_repo_commit + set_repo_commit $INSTALL_DIR/gpgit "gpgit commit" "$GPGIT_COMMIT" $GPGIT_REPO - if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then - return - fi + if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then + return + fi - if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then - return - fi + if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then + return + fi - if [ ! -f /usr/bin/gpgit.pl ]; then - apt-get -y install git libmail-gnupg-perl - cd $INSTALL_DIR - function_check git_clone - git_clone $GPGIT_REPO $INSTALL_DIR/gpgit - cd $INSTALL_DIR/gpgit - git checkout $GPGIT_COMMIT -b $GPGIT_COMMIT - if ! grep -q "gpgit commit" $COMPLETION_FILE; then - echo "gpgit commit:$GPGIT_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/gpgit commit.*/gpgit commit:$GPGIT_COMMIT/g" $COMPLETION_FILE - fi - cp gpgit.pl /usr/bin - fi + if [ ! -f /usr/bin/gpgit.pl ]; then + apt-get -y install git libmail-gnupg-perl + cd $INSTALL_DIR + function_check git_clone + git_clone $GPGIT_REPO $INSTALL_DIR/gpgit + cd $INSTALL_DIR/gpgit + git checkout $GPGIT_COMMIT -b $GPGIT_COMMIT + if ! grep -q "gpgit commit" $COMPLETION_FILE; then + echo "gpgit commit:$GPGIT_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/gpgit commit.*/gpgit commit:$GPGIT_COMMIT/g" $COMPLETION_FILE + fi + cp gpgit.pl /usr/bin + fi - # add a procmail rule - if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then - echo '' >> /home/$MY_USERNAME/.procmailrc - echo ':0 f' >> /home/$MY_USERNAME/.procmailrc - echo "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc - echo '' >> /etc/skel/.procmailrc - echo ':0 f' >> /etc/skel/.procmailrc - echo -n '| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $USER@' >> /etc/skel/.procmailrc - echo "$DEFAULT_DOMAIN_NAME" >> /etc/skel/.procmailrc - fi - echo 'encrypt_incoming_email' >> $COMPLETION_FILE + # add a procmail rule + if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then + echo '' >> /home/$MY_USERNAME/.procmailrc + echo ':0 f' >> /home/$MY_USERNAME/.procmailrc + echo "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc + echo '' >> /etc/skel/.procmailrc + echo ':0 f' >> /etc/skel/.procmailrc + echo -n '| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $USER@' >> /etc/skel/.procmailrc + echo "$DEFAULT_DOMAIN_NAME" >> /etc/skel/.procmailrc + fi + echo 'encrypt_incoming_email' >> $COMPLETION_FILE } function encrypt_outgoing_email { - # encrypts outgoing mail using your GPG public key - # so even if an attacker gains access to the data at rest they still need - # to know your GPG key password to be able to read sent mail - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then - return - fi - if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then - return - fi + # encrypts outgoing mail using your GPG public key + # so even if an attacker gains access to the data at rest they still need + # to know your GPG key password to be able to read sent mail + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then + return + fi + if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then + return + fi - if [ ! -d /home/$MY_USERNAME/.gnupg ]; then - return - fi + if [ ! -d /home/$MY_USERNAME/.gnupg ]; then + return + fi - if [ ! -f /home/$MY_USERNAME/.muttrc ]; then - return - fi + if [ ! -f /home/$MY_USERNAME/.muttrc ]; then + return + fi - # obtain your public key ID - if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then - MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS") - if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then - return - fi - if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then - return - fi - fi + # obtain your public key ID + if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then + MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS") + if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then + return + fi + if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then + return + fi + fi - if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then - echo '' >> /home/$MY_USERNAME/.muttrc - echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc - echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc - else - sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc - fi + if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then + echo '' >> /home/$MY_USERNAME/.muttrc + echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc + echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc + else + sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc + fi - if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then - echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc - else - sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc - fi + if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then + echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc + else + sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc + fi - echo 'encrypt_outgoing_email' >> $COMPLETION_FILE + echo 'encrypt_outgoing_email' >> $COMPLETION_FILE } function encrypt_all_email { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then - return - fi + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then + return + fi - if [ -f /usr/local/bin/${PROJECT_NAME}-encrypt-mail ]; then - cp /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir - else - cp /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir - fi - chmod +x /usr/bin/encmaildir + if [ -f /usr/local/bin/${PROJECT_NAME}-encrypt-mail ]; then + cp /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir + else + cp /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir + fi + chmod +x /usr/bin/encmaildir - if grep -Fxq "encrypt_all_email" $COMPLETION_FILE; then - return - fi + if grep -Fxq "encrypt_all_email" $COMPLETION_FILE; then + return + fi - if [ ! /home/$MY_USERNAME/README ]; then - touch /home/$MY_USERNAME/README - fi - if ! grep -q $"If you have imported legacy email which is not encrypted" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Encrypting legacy email' >> /home/$MY_USERNAME/README - echo '=======================' >> /home/$MY_USERNAME/README - echo $'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME/README - echo $'then it can be encrypted with the command:' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo ' encmaildir' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME/README - echo $'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME/README - echo $'and may be better done on a faster machine.' >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + if [ ! /home/$MY_USERNAME/README ]; then + touch /home/$MY_USERNAME/README + fi + if ! grep -q $"If you have imported legacy email which is not encrypted" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Encrypting legacy email' >> /home/$MY_USERNAME/README + echo '=======================' >> /home/$MY_USERNAME/README + echo $'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME/README + echo $'then it can be encrypted with the command:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo ' encmaildir' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME/README + echo $'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME/README + echo $'and may be better done on a faster machine.' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi - echo 'encrypt_all_email' >> $COMPLETION_FILE + echo 'encrypt_all_email' >> $COMPLETION_FILE } function email_client { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "email_client" $COMPLETION_FILE; then - return - fi - apt-get -y install mutt-patched lynx abook + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "email_client" $COMPLETION_FILE; then + return + fi + apt-get -y install mutt-patched lynx abook - if [ ! -f /etc/Muttrc ]; then - echo $"ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE" - exit 49 - fi + if [ ! -f /etc/Muttrc ]; then + echo $"ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE" + exit 49 + fi - if [ ! -d /home/$MY_USERNAME/.mutt ]; then - mkdir /home/$MY_USERNAME/.mutt - fi - echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap - cp /home/$MY_USERNAME/.mutt/mailcap /etc/skel/.mutt - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt - chown -R root:root /etc/skel/.mutt + if [ ! -d /home/$MY_USERNAME/.mutt ]; then + mkdir /home/$MY_USERNAME/.mutt + fi + echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap + cp /home/$MY_USERNAME/.mutt/mailcap /etc/skel/.mutt + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt + chown -R root:root /etc/skel/.mutt - echo 'set mbox_type=Maildir' >> /etc/Muttrc - echo 'set folder="~/Maildir"' >> /etc/Muttrc - echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc - echo 'set mbox="~/Maildir"' >> /etc/Muttrc - echo 'set record="+Sent"' >> /etc/Muttrc - echo 'set postponed="+Drafts"' >> /etc/Muttrc - echo 'set trash="+Trash"' >> /etc/Muttrc - echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc - echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc - echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /etc/Muttrc - echo 'set header_cache="+.cache"' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo 'macro index S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc - echo 'macro pager S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc - echo 'macro index H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc - echo 'macro pager H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# set up the sidebar' >> /etc/Muttrc - echo 'set sidebar_width=22' >> /etc/Muttrc - echo 'set sidebar_visible=yes' >> /etc/Muttrc - echo "set sidebar_delim='|'" >> /etc/Muttrc - echo 'set sidebar_sort=yes' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo 'set rfc2047_parameters' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# Show inbox and sent items' >> /etc/Muttrc - echo 'mailboxes = =Sent =maybe-spam =spam' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc - echo 'color sidebar_new yellow default' >> /etc/Muttrc - echo 'color normal white default' >> /etc/Muttrc - echo 'color hdrdefault brightcyan default' >> /etc/Muttrc - echo 'color signature green default' >> /etc/Muttrc - echo 'color attachment brightyellow default' >> /etc/Muttrc - echo 'color quoted green default' >> /etc/Muttrc - echo 'color quoted1 white default' >> /etc/Muttrc - echo 'color tilde blue default' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc - echo '# ctrl-o to open selected folder' >> /etc/Muttrc - echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc - echo 'bind index \Cn sidebar-next' >> /etc/Muttrc - echo 'bind index \Co sidebar-open' >> /etc/Muttrc - echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc - echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc - echo 'bind pager \Co sidebar-open' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc - echo "macro index,pager \Cb 'toggle sidebar_visible' 'toggle sidebar'" >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# esc-m Mark new messages as read' >> /etc/Muttrc - echo 'macro index m "T~N;WNT~O;WO\CT~T" "mark all messages read"' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# Collapsing threads' >> /etc/Muttrc - echo 'macro index [ "" "collapse/uncollapse thread"' >> /etc/Muttrc - echo 'macro index ] "" "collapse/uncollapse all threads"' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# threads containing new messages' >> /etc/Muttrc - echo 'uncolor index "~(~N)"' >> /etc/Muttrc - echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# new messages themselves' >> /etc/Muttrc - echo 'uncolor index "~N"' >> /etc/Muttrc - echo 'color index brightyellow default "~N"' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# GPG/PGP integration' >> /etc/Muttrc - echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc - echo 'set pgp_timeout=1800' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc - echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc - echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc - echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc - echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc - echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc - echo 'set fcc_clear=no # Keep encrypted copy of sent encrypted mail' >> /etc/Muttrc - echo 'unset smime_is_default' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc - echo 'source ~/.mutt-alias' >> /etc/Muttrc - echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc - echo 'macro index,pager A "abook --add-email-quiet" "add the sender address to abook"' >> /etc/Muttrc - echo '' >> /etc/Muttrc - echo '# Optional relay of SMTP via ISP' >> /etc/Muttrc - echo '#set smtp_url="smtps://username:password@isp_mail_domain:465/"' >> /etc/Muttrc + echo 'set mbox_type=Maildir' >> /etc/Muttrc + echo 'set folder="~/Maildir"' >> /etc/Muttrc + echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc + echo 'set mbox="~/Maildir"' >> /etc/Muttrc + echo 'set record="+Sent"' >> /etc/Muttrc + echo 'set postponed="+Drafts"' >> /etc/Muttrc + echo 'set trash="+Trash"' >> /etc/Muttrc + echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc + echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc + echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /etc/Muttrc + echo 'set header_cache="+.cache"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo 'macro index S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc + echo 'macro pager S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc + echo 'macro index H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc + echo 'macro pager H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# set up the sidebar' >> /etc/Muttrc + echo 'set sidebar_width=22' >> /etc/Muttrc + echo 'set sidebar_visible=yes' >> /etc/Muttrc + echo "set sidebar_delim='|'" >> /etc/Muttrc + echo 'set sidebar_sort=yes' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo 'set rfc2047_parameters' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# Show inbox and sent items' >> /etc/Muttrc + echo 'mailboxes = =Sent =maybe-spam =spam' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc + echo 'color sidebar_new yellow default' >> /etc/Muttrc + echo 'color normal white default' >> /etc/Muttrc + echo 'color hdrdefault brightcyan default' >> /etc/Muttrc + echo 'color signature green default' >> /etc/Muttrc + echo 'color attachment brightyellow default' >> /etc/Muttrc + echo 'color quoted green default' >> /etc/Muttrc + echo 'color quoted1 white default' >> /etc/Muttrc + echo 'color tilde blue default' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc + echo '# ctrl-o to open selected folder' >> /etc/Muttrc + echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc + echo 'bind index \Cn sidebar-next' >> /etc/Muttrc + echo 'bind index \Co sidebar-open' >> /etc/Muttrc + echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc + echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc + echo 'bind pager \Co sidebar-open' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc + echo "macro index,pager \Cb 'toggle sidebar_visible' 'toggle sidebar'" >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# esc-m Mark new messages as read' >> /etc/Muttrc + echo 'macro index m "T~N;WNT~O;WO\CT~T" "mark all messages read"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# Collapsing threads' >> /etc/Muttrc + echo 'macro index [ "" "collapse/uncollapse thread"' >> /etc/Muttrc + echo 'macro index ] "" "collapse/uncollapse all threads"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# threads containing new messages' >> /etc/Muttrc + echo 'uncolor index "~(~N)"' >> /etc/Muttrc + echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# new messages themselves' >> /etc/Muttrc + echo 'uncolor index "~N"' >> /etc/Muttrc + echo 'color index brightyellow default "~N"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# GPG/PGP integration' >> /etc/Muttrc + echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc + echo 'set pgp_timeout=1800' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc + echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc + echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc + echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc + echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc + echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc + echo 'set fcc_clear=no # Keep encrypted copy of sent encrypted mail' >> /etc/Muttrc + echo 'unset smime_is_default' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc + echo 'source ~/.mutt-alias' >> /etc/Muttrc + echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc + echo 'macro index,pager A "abook --add-email-quiet" "add the sender address to abook"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# Optional relay of SMTP via ISP' >> /etc/Muttrc + echo '#set smtp_url="smtps://username:password@isp_mail_domain:465/"' >> /etc/Muttrc - # create an Emacs configuration specifically for use with Mutt, which - # has word wrap and spell checking on by default - echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$MY_USERNAME/.emacs-mutt - echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs-mutt - echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs-mutt - echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs-mutt - echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs-mutt - echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs-mutt - echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs-mutt - echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs-mutt - echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs-mutt - echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs-mutt - echo "(dolist (hook '(text-mode-hook))" >> /home/$MY_USERNAME/.emacs-mutt - echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$MY_USERNAME/.emacs-mutt - echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs-mutt - echo '(setq auto-fill-mode 0)' >> /home/$MY_USERNAME/.emacs-mutt - echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt - echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt + # create an Emacs configuration specifically for use with Mutt, which + # has word wrap and spell checking on by default + echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$MY_USERNAME/.emacs-mutt + echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs-mutt + echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs-mutt + echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs-mutt + echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs-mutt + echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs-mutt + echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs-mutt + echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs-mutt + echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs-mutt + echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs-mutt + echo "(dolist (hook '(text-mode-hook))" >> /home/$MY_USERNAME/.emacs-mutt + echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$MY_USERNAME/.emacs-mutt + echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs-mutt + echo '(setq auto-fill-mode 0)' >> /home/$MY_USERNAME/.emacs-mutt + echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt + echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt - # add the emacs mutt configuration to the user profile skeleton - if [ ! -f /etc/skel/.emacs-mutt ]; then - cp /home/$MY_USERNAME/.emacs-mutt /etc/skel/.emacs-mutt - chown root:root /etc/skel/.emacs-mutt - fi + # add the emacs mutt configuration to the user profile skeleton + if [ ! -f /etc/skel/.emacs-mutt ]; then + cp /home/$MY_USERNAME/.emacs-mutt /etc/skel/.emacs-mutt + chown root:root /etc/skel/.emacs-mutt + fi - cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc - cp -f /etc/Muttrc /etc/skel/.muttrc - touch /home/$MY_USERNAME/.mutt-alias - cp /home/$MY_USERNAME/.mutt-alias /etc/skel/.mutt-alias - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs-mutt - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias + cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc + cp -f /etc/Muttrc /etc/skel/.muttrc + touch /home/$MY_USERNAME/.mutt-alias + cp /home/$MY_USERNAME/.mutt-alias /etc/skel/.mutt-alias + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs-mutt + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias - # default user on generic images - if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then - cp -f /etc/Muttrc /home/${GENERIC_IMAGE_USERNAME}/.muttrc - chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.muttrc - touch /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias - chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias - cp /etc/skel/.emacs-mutt /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt - chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt - fi + # default user on generic images + if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then + cp -f /etc/Muttrc /home/${GENERIC_IMAGE_USERNAME}/.muttrc + chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.muttrc + touch /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias + chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias + cp /etc/skel/.emacs-mutt /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt + chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt + fi - echo 'email_client' >> $COMPLETION_FILE + echo 'email_client' >> $COMPLETION_FILE } function email_archiving { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi - # ensure that the mail archive script is up to date - if [ -f /usr/local/bin/${PROJECT_NAME}-archive-mail ]; then - cp /usr/local/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail - else - if [ -f /usr/bin/${PROJECT_NAME}-archive-mail ]; then - cp /usr/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail - else - echo "/usr/bin/${PROJECT_NAME}-archive-mail was not found. ${PROJECT_NAME} might not have fully installed." - exit 62379 - fi - fi - chmod +x /etc/cron.daily/archivemail + # ensure that the mail archive script is up to date + if [ -f /usr/local/bin/${PROJECT_NAME}-archive-mail ]; then + cp /usr/local/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail + else + if [ -f /usr/bin/${PROJECT_NAME}-archive-mail ]; then + cp /usr/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail + else + echo "/usr/bin/${PROJECT_NAME}-archive-mail was not found. ${PROJECT_NAME} might not have fully installed." + exit 62379 + fi + fi + chmod +x /etc/cron.daily/archivemail - # update to the next commit - function_check set_repo_commit - set_repo_commit $INSTALL_DIR/cleanup-maildir "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT" $CLEANUP_MAILDIR_REPO + # update to the next commit + function_check set_repo_commit + set_repo_commit $INSTALL_DIR/cleanup-maildir "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT" $CLEANUP_MAILDIR_REPO - if grep -Fxq "email_archiving" $COMPLETION_FILE; then - return - fi + if grep -Fxq "email_archiving" $COMPLETION_FILE; then + return + fi - if [ ! -d $INSTALL_DIR ]; then - mkdir $INSTALL_DIR - fi - cd $INSTALL_DIR - function_check git_clone - git_clone $CLEANUP_MAILDIR_REPO $INSTALL_DIR/cleanup-maildir - cd $INSTALL_DIR/cleanup-maildir - git checkout $CLEANUP_MAILDIR_COMMIT -b $CLEANUP_MAILDIR_COMMIT - if ! grep -q "cleanup-maildir commit" $COMPLETION_FILE; then - echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/cleanup-maildir commit.*/cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT/g" $COMPLETION_FILE - fi + if [ ! -d $INSTALL_DIR ]; then + mkdir $INSTALL_DIR + fi + cd $INSTALL_DIR + function_check git_clone + git_clone $CLEANUP_MAILDIR_REPO $INSTALL_DIR/cleanup-maildir + cd $INSTALL_DIR/cleanup-maildir + git checkout $CLEANUP_MAILDIR_COMMIT -b $CLEANUP_MAILDIR_COMMIT + if ! grep -q "cleanup-maildir commit" $COMPLETION_FILE; then + echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/cleanup-maildir commit.*/cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT/g" $COMPLETION_FILE + fi - cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin + cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin - echo 'email_archiving' >> $COMPLETION_FILE + echo 'email_archiving' >> $COMPLETION_FILE } # Ensure that the from field is correct when sending email from Mutt function email_from_address { - if grep -Fxq "email_from_address" $COMPLETION_FILE; then - return - fi + if grep -Fxq "email_from_address" $COMPLETION_FILE; then + return + fi - if [ ! -f /home/$MY_USERNAME/.muttrc ]; then - return - fi - if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then - sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" /home/$MY_USERNAME/.muttrc - else - echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc - fi + if [ ! -f /home/$MY_USERNAME/.muttrc ]; then + return + fi + if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then + sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" /home/$MY_USERNAME/.muttrc + else + echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc + fi - echo 'email_from_address' >> $COMPLETION_FILE + echo 'email_from_address' >> $COMPLETION_FILE } function create_public_mailing_list { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then - return - fi - if [ ! $PUBLIC_MAILING_LIST ]; then - return - fi - # does the mailing list have a separate domain name? - if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then - PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME - fi + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then + return + fi + if [ ! $PUBLIC_MAILING_LIST ]; then + return + fi + # does the mailing list have a separate domain name? + if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then + PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME + fi - PUBLIC_MAILING_LIST_USER="mlmmj" + PUBLIC_MAILING_LIST_USER="mlmmj" - apt-get -y install mlmmj - adduser --system $PUBLIC_MAILING_LIST_USER - addgroup $PUBLIC_MAILING_LIST_USER - adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER + apt-get -y install mlmmj + adduser --system $PUBLIC_MAILING_LIST_USER + addgroup $PUBLIC_MAILING_LIST_USER + adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER - echo '' - echo $"Creating the $PUBLIC_MAILING_LIST mailing list" - echo '' + echo '' + echo $"Creating the $PUBLIC_MAILING_LIST mailing list" + echo '' - # create the list - mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER + # create the list + mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER - echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros - echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros - echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros + echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros + echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros + echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros - # router - echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + # router + echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj - # transport - echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + # transport + echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj - if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then - sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs - fi - if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then - sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs - fi + if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi + if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi - if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then - sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs - fi - if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then - sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs - fi + if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi + if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi - if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then - sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary - fi - update-exim4.conf.template -r - update-exim4.conf - systemctl restart exim4 + if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then + sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary + fi + update-exim4.conf.template -r + update-exim4.conf + systemctl restart exim4 - if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README - echo '=================================' >> /home/$MY_USERNAME/README - echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README - echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README + echo '=================================' >> /home/$MY_USERNAME/README + echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README + echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi - ${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST" + ${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST" - echo 'create_public_mailing_list' >> $COMPLETION_FILE + echo 'create_public_mailing_list' >> $COMPLETION_FILE } function create_private_mailing_list { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - # This installation doesn't work, results in ruby errors - # There is currently no schleuder package for Debian jessie - if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then - return - fi - if [ ! $PRIVATE_MAILING_LIST ]; then - return - fi - if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then - echo $'The name of the private mailing list should not be the same as your username' - exit 10 - fi - if [ ! $MY_GPG_PUBLIC_KEY ]; then - echo $'To create a private mailing list you need to specify a file' - echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at' - echo $'the top of the script' - exit 11 - fi - apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev - gem install schleuder - schleuder-fix-gem-dependencies - schleuder-init-setup --gem - # NOTE: this is version number sensitive and so might need changing - ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder - sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf - sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf - schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive - ${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + # This installation doesn't work, results in ruby errors + # There is currently no schleuder package for Debian jessie + if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then + return + fi + if [ ! $PRIVATE_MAILING_LIST ]; then + return + fi + if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then + echo $'The name of the private mailing list should not be the same as your username' + exit 10 + fi + if [ ! $MY_GPG_PUBLIC_KEY ]; then + echo $'To create a private mailing list you need to specify a file' + echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at' + echo $'the top of the script' + exit 11 + fi + apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev + gem install schleuder + schleuder-fix-gem-dependencies + schleuder-init-setup --gem + # NOTE: this is version number sensitive and so might need changing + ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder + sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf + sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf + schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive + ${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST - echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder - echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder - echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder - echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder - echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder - echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder - chown -R schleuder:schleuder /var/lib/schleuder - update-exim4.conf.template -r - update-exim4.conf - systemctl restart exim4 - useradd -d /var/schleuderlists -s /bin/false schleuder - adduser Debian-exim schleuder - usermod -a -G mail schleuder - #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME - echo 'create_private_mailing_list' >> $COMPLETION_FILE + echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + chown -R schleuder:schleuder /var/lib/schleuder + update-exim4.conf.template -r + update-exim4.conf + systemctl restart exim4 + useradd -d /var/schleuderlists -s /bin/false schleuder + adduser Debian-exim schleuder + usermod -a -G mail schleuder + #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME + echo 'create_private_mailing_list' >> $COMPLETION_FILE } function split_gpg_key_into_fragments { - # split the gpg key into fragments if social key management is enabled - if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then - echo 'Splitting GPG key. You may need to enter your passphrase.' - ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" - if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then - echo 'Yhe GPG key could not be split' - exit 86548 - fi - fi + # split the gpg key into fragments if social key management is enabled + if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then + echo 'Splitting GPG key. You may need to enter your passphrase.' + ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" + if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then + echo 'Yhe GPG key could not be split' + exit 86548 + fi + fi } function import_email { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - EMAIL_COMPLETE_MSG=$" + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + EMAIL_COMPLETE_MSG=$" *** ${PROJECT_NAME} mailbox installation is complete *** - Now on your internet router forward ports - 25, 587, 465, 993 and 2222 to the ${PROJECT_NAME} + Now on your internet router forward ports + 25, 587, 465, 993 and 2222 to the ${PROJECT_NAME} " - if grep -Fxq "import_email" $COMPLETION_FILE; then - if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then - function_check backup_to_friends_servers - backup_to_friends_servers + if grep -Fxq "import_email" $COMPLETION_FILE; then + if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then + function_check backup_to_friends_servers + backup_to_friends_servers - function_check install_tripwire - install_tripwire + function_check install_tripwire + install_tripwire - function_check split_gpg_key_into_fragments - split_gpg_key_into_fragments + function_check split_gpg_key_into_fragments + split_gpg_key_into_fragments - clear - echo '' - echo "$EMAIL_COMPLETE_MSG" - if [ -d $USB_MOUNT ]; then - umount $USB_MOUNT - rm -rf $USB_MOUNT - echo $' You can now remove the USB drive' - fi - exit 0 - fi - return - fi - if [ $IMPORT_MAILDIR ]; then - if [ -d $IMPORT_MAILDIR ]; then - echo $'Transfering email files' - cp -r $IMPORT_MAILDIR /home/$MY_USERNAME - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir - else - echo $"Email import directory $IMPORT_MAILDIR not found" - exit 9 - fi - fi - echo 'import_email' >> $COMPLETION_FILE - if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then - function_check backup_to_friends_servers - backup_to_friends_servers + clear + echo '' + echo "$EMAIL_COMPLETE_MSG" + if [ -d $USB_MOUNT ]; then + umount $USB_MOUNT + rm -rf $USB_MOUNT + echo $' You can now remove the USB drive' + fi + exit 0 + fi + return + fi + if [ $IMPORT_MAILDIR ]; then + if [ -d $IMPORT_MAILDIR ]; then + echo $'Transfering email files' + cp -r $IMPORT_MAILDIR /home/$MY_USERNAME + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir + else + echo $"Email import directory $IMPORT_MAILDIR not found" + exit 9 + fi + fi + echo 'import_email' >> $COMPLETION_FILE + if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then + function_check backup_to_friends_servers + backup_to_friends_servers - function_check install_tripwire - install_tripwire + function_check install_tripwire + install_tripwire - function_check split_gpg_key_into_fragments - split_gpg_key_into_fragments + function_check split_gpg_key_into_fragments + split_gpg_key_into_fragments - # unmount any attached usb drive - clear - echo '' - echo "$EMAIL_COMPLETE_MSG" - echo '' - if [ -d $USB_MOUNT ]; then - umount $USB_MOUNT - rm -rf $USB_MOUNT - echo $' You can now remove the USB drive' - fi - exit 0 - fi + # unmount any attached usb drive + clear + echo '' + echo "$EMAIL_COMPLETE_MSG" + echo '' + if [ -d $USB_MOUNT ]; then + umount $USB_MOUNT + rm -rf $USB_MOUNT + echo $' You can now remove the USB drive' + fi + exit 0 + fi } function remove_email { - echo '' + echo '' } function install_email { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "install_email" $COMPLETION_FILE; then - return - fi - apt-get -y remove postfix - apt-get -y install exim4 sasl2-bin swaks libnet-ssleay-perl procmail xinetd + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "install_email" $COMPLETION_FILE; then + return + fi + apt-get -y remove postfix + apt-get -y install exim4 sasl2-bin swaks libnet-ssleay-perl procmail xinetd - if [ ! -d /etc/exim4 ]; then - echo $"ERROR: Exim does not appear to have installed. $CHECK_MESSAGE" - exit 48 - fi + if [ ! -d /etc/exim4 ]; then + echo $"ERROR: Exim does not appear to have installed. $CHECK_MESSAGE" + exit 48 + fi - onion_service_name='email' - if [ ! -d /var/lib/tor ]; then - echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured." - exit 877367 - fi - if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then - echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc - echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc - echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc - echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc - echo 'HiddenServicePort 993 127.0.0.1:993' >> /etc/tor/torrc - echo $"Added onion site for ${onion_service_name}" - fi + onion_service_name='email' + if [ ! -d /var/lib/tor ]; then + echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured." + exit 877367 + fi + if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then + echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc + echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc + echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc + echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc + echo 'HiddenServicePort 993 127.0.0.1:993' >> /etc/tor/torrc + echo $"Added onion site for ${onion_service_name}" + fi - systemctl restart tor - function_check wait_for_onion_service - wait_for_onion_service ${onion_service_name} + systemctl restart tor + function_check wait_for_onion_service + wait_for_onion_service ${onion_service_name} - if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then - echo $"${onion_service_name} onion site hostname not found" - exit 76362 - fi - EMAIL_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname) + if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then + echo $"${onion_service_name} onion site hostname not found" + exit 76362 + fi + EMAIL_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname) - if [[ $ONION_ONLY != "no" ]]; then - function_check set_hostname - set_hostname ${EMAIL_ONION_HOSTNAME} - MY_EMAIL_ADDRESS=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME} - fi - if ! grep -q "Email onion domain" $COMPLETION_FILE; then - echo "Email onion domain:${EMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE - else - sed -i "s|Email onion domain.*|Email onion domain:${EMAIL_ONION_HOSTNAME}|g" $COMPLETION_FILE - fi + if [[ $ONION_ONLY != "no" ]]; then + function_check set_hostname + set_hostname ${EMAIL_ONION_HOSTNAME} + MY_EMAIL_ADDRESS=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME} + fi + if ! grep -q "Email onion domain" $COMPLETION_FILE; then + echo "Email onion domain:${EMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE + else + sed -i "s|Email onion domain.*|Email onion domain:${EMAIL_ONION_HOSTNAME}|g" $COMPLETION_FILE + fi - # see https://github.com/petterreinholdtsen/exim4-smtorp - echo '# tor stuff first' > /etc/exim4/conf.d/router/100_exim4-smtorp - echo '#' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo '# if were submitting mail *from* a .tor/.onion address,' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo '# make sure any header lines that may give us away is' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo '# stripped out, and add a new, cryptic Message-ID.' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo '# In address_data we store the name we should HELO as.' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo 'tor_to_any:' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' debug_print = "R: manualroute from .onion to $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' condition = ${if match {$sender_address_domain}{\N.*\.(onion|tor)$\N}}' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' address_data = $sender_address_domain' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' route_list = * localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' headers_remove = Received:Message-ID:X-Mailer:User-Agent' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' headers_add = Message-ID: <${lc:${sha1:$message_id}}@$sender_address_domain>' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo '' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo '# this catches the case where were submitting mail' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo '# from a regular email address where we dont need to' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo '# rewrite any headers' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo 'any_to_tor:' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' debug_print = "R: manualroute for $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' route_list = *.onion localhost ; *.tor localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo ' address_data = $smtp_active_hostname' >> /etc/exim4/conf.d/router/100_exim4-smtorp + # see https://github.com/petterreinholdtsen/exim4-smtorp + echo '# tor stuff first' > /etc/exim4/conf.d/router/100_exim4-smtorp + echo '#' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo '# if were submitting mail *from* a .tor/.onion address,' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo '# make sure any header lines that may give us away is' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo '# stripped out, and add a new, cryptic Message-ID.' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo '# In address_data we store the name we should HELO as.' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo 'tor_to_any:' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' debug_print = "R: manualroute from .onion to $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' condition = ${if match {$sender_address_domain}{\N.*\.(onion|tor)$\N}}' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' address_data = $sender_address_domain' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' route_list = * localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' headers_remove = Received:Message-ID:X-Mailer:User-Agent' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' headers_add = Message-ID: <${lc:${sha1:$message_id}}@$sender_address_domain>' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo '' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo '# this catches the case where were submitting mail' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo '# from a regular email address where we dont need to' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo '# rewrite any headers' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo 'any_to_tor:' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' debug_print = "R: manualroute for $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' route_list = *.onion localhost ; *.tor localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp + echo ' address_data = $smtp_active_hostname' >> /etc/exim4/conf.d/router/100_exim4-smtorp - echo 'remote_smtp_onion:' > /etc/exim4/conf.d/transport/100_exim4-smtorp - echo ' debug_print = "T: remote_smtp_onion for $local_part@$original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo ' driver = smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo ' # set helo_data to where we want to connect to,' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo ' # for the proxy program tor-smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo ' helo_data = "$address_data $original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo ' # wherever we configured our script at' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo ' port = 12668' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo ' # cannot use TLS otherwise it will EHLO again!!' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - echo ' hosts_avoid_tls = *' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo 'remote_smtp_onion:' > /etc/exim4/conf.d/transport/100_exim4-smtorp + echo ' debug_print = "T: remote_smtp_onion for $local_part@$original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo ' driver = smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo ' # set helo_data to where we want to connect to,' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo ' # for the proxy program tor-smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo ' helo_data = "$address_data $original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo ' # wherever we configured our script at' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo ' port = 12668' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo ' # cannot use TLS otherwise it will EHLO again!!' >> /etc/exim4/conf.d/transport/100_exim4-smtorp + echo ' hosts_avoid_tls = *' >> /etc/exim4/conf.d/transport/100_exim4-smtorp - if [ ! -d $INSTALL_DIR ]; then - mkdir -p $INSTALL_DIR - fi - cd $INSTALL_DIR - function_check git_clone - git_clone $EXIM_ONION_REPO $INSTALL_DIR/exim4-smtorp - cd $INSTALL_DIR/exim4-smtorp/tor-smtp - make - if [ ! -f $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp ]; then - echo $'Unable to make tor smtp transport' - exit 52629 - fi - if [ ! -d /usr/lib/exim4-smtorp ]; then - mkdir /usr/lib/exim4-smtorp - fi - cp $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp /usr/lib/exim4-smtorp/tor-smtp - if [ ! -f /usr/lib/exim4-smtorp/tor-smtp ]; then - echo $'Unable to copy tor-smtp' - exit 83503 - fi - cp $INSTALL_DIR/exim4-smtorp/xinetd /etc/xinetd.d/tor-smtp - if [ ! -f /etc/xinetd.d/tor-smtp ]; then - echo $'Unable to copy to xinetd.d' - exit 835954 - fi - systemctl restart xinetd + if [ ! -d $INSTALL_DIR ]; then + mkdir -p $INSTALL_DIR + fi + cd $INSTALL_DIR + function_check git_clone + git_clone $EXIM_ONION_REPO $INSTALL_DIR/exim4-smtorp + cd $INSTALL_DIR/exim4-smtorp/tor-smtp + make + if [ ! -f $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp ]; then + echo $'Unable to make tor smtp transport' + exit 52629 + fi + if [ ! -d /usr/lib/exim4-smtorp ]; then + mkdir /usr/lib/exim4-smtorp + fi + cp $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp /usr/lib/exim4-smtorp/tor-smtp + if [ ! -f /usr/lib/exim4-smtorp/tor-smtp ]; then + echo $'Unable to copy tor-smtp' + exit 83503 + fi + cp $INSTALL_DIR/exim4-smtorp/xinetd /etc/xinetd.d/tor-smtp + if [ ! -f /etc/xinetd.d/tor-smtp ]; then + echo $'Unable to copy to xinetd.d' + exit 835954 + fi + systemctl restart xinetd - # configure for Maildir format - sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs - sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs + # configure for Maildir format + sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs + sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs - if ! grep -q "export MAIL" /etc/profile; then - echo 'export MAIL=~/Maildir' >> /etc/profile - fi + if ! grep -q "export MAIL" /etc/profile; then + echo 'export MAIL=~/Maildir' >> /etc/profile + fi - sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login - sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd - sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su + sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login + sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd + sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su - echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf - if [[ $ONION_ONLY == "no" ]]; then - # both ICANN and onion domains - echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf - else - echo "dc_other_hostnames='${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf - fi - echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf - echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf - echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf - echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf - RELAY_NETS='192.168.1.0/24' - if [ $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then - RELAY_NETS=$(echo $LOCAL_NETWORK_STATIC_IP_ADDRESS | awk -F '.' '{print $1 "." $2 "." $3 ".0/24"}') - fi - echo "dc_relay_nets='$RELAY_NETS'" >> /etc/exim4/update-exim4.conf.conf - echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf - echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf - echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf - echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf - echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf - echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf - update-exim4.conf - sed -i "s/START=no/START=yes/g" /etc/default/saslauthd - systemctl start saslauthd + echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf + if [[ $ONION_ONLY == "no" ]]; then + # both ICANN and onion domains + echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf + else + echo "dc_other_hostnames='${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf + fi + echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf + echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf + echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf + echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf + RELAY_NETS='192.168.1.0/24' + if [ $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then + RELAY_NETS=$(echo $LOCAL_NETWORK_STATIC_IP_ADDRESS | awk -F '.' '{print $1 "." $2 "." $3 ".0/24"}') + fi + echo "dc_relay_nets='$RELAY_NETS'" >> /etc/exim4/update-exim4.conf.conf + echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf + echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf + echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf + echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf + echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf + echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf + update-exim4.conf + sed -i "s/START=no/START=yes/g" /etc/default/saslauthd + systemctl start saslauthd - # make a tls certificate for email - if [ ! -f /etc/ssl/certs/exim.dhparam ]; then - ${PROJECT_NAME}-addcert -h exim --dhkey $DH_KEYLENGTH - check_certificates exim - fi - cp /etc/ssl/private/exim.key /etc/exim4 - cp /etc/ssl/certs/exim.crt /etc/exim4 - cp /etc/ssl/certs/exim.dhparam /etc/exim4 - chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam - chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam + # make a tls certificate for email + if [ ! -f /etc/ssl/certs/exim.dhparam ]; then + ${PROJECT_NAME}-addcert -h exim --dhkey $DH_KEYLENGTH + check_certificates exim + fi + cp /etc/ssl/private/exim.key /etc/exim4 + cp /etc/ssl/certs/exim.crt /etc/exim4 + cp /etc/ssl/certs/exim.dhparam /etc/exim4 + chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam + chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam - sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template - sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DEFAULT_DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template - sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4 - if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then - sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template - fi + sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template + sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DEFAULT_DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template + sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4 + if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then + sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template + fi - adduser $MY_USERNAME sasl - addgroup Debian-exim sasl - systemctl restart exim4 - if [ ! -d /etc/skel/Maildir ]; then - mkdir -m 700 /etc/skel/.mutt - mkdir -m 700 /etc/skel/Maildir - mkdir -m 700 /etc/skel/Maildir/new - mkdir -m 700 /etc/skel/Maildir/cur - mkdir -m 700 /etc/skel/Maildir/Sent - mkdir -m 700 /etc/skel/Maildir/Sent/tmp - mkdir -m 700 /etc/skel/Maildir/Sent/cur - mkdir -m 700 /etc/skel/Maildir/Sent/new - mkdir -m 700 /etc/skel/Maildir/.learn-spam - mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur - mkdir -m 700 /etc/skel/Maildir/.learn-spam/new - mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp - mkdir -m 700 /etc/skel/Maildir/.learn-ham - mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur - mkdir -m 700 /etc/skel/Maildir/.learn-ham/new - mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp - ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam - ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham - fi + adduser $MY_USERNAME sasl + addgroup Debian-exim sasl + systemctl restart exim4 + if [ ! -d /etc/skel/Maildir ]; then + mkdir -m 700 /etc/skel/.mutt + mkdir -m 700 /etc/skel/Maildir + mkdir -m 700 /etc/skel/Maildir/new + mkdir -m 700 /etc/skel/Maildir/cur + mkdir -m 700 /etc/skel/Maildir/Sent + mkdir -m 700 /etc/skel/Maildir/Sent/tmp + mkdir -m 700 /etc/skel/Maildir/Sent/cur + mkdir -m 700 /etc/skel/Maildir/Sent/new + mkdir -m 700 /etc/skel/Maildir/.learn-spam + mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur + mkdir -m 700 /etc/skel/Maildir/.learn-spam/new + mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp + mkdir -m 700 /etc/skel/Maildir/.learn-ham + mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur + mkdir -m 700 /etc/skel/Maildir/.learn-ham/new + mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp + ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam + ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham + fi - if [ ! -d /home/$MY_USERNAME/Maildir ]; then - mkdir -m 700 /home/$MY_USERNAME/.mutt - mkdir -m 700 /home/$MY_USERNAME/Maildir - mkdir -m 700 /home/$MY_USERNAME/Maildir/cur - mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp - mkdir -m 700 /home/$MY_USERNAME/Maildir/new - mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent - mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur - mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp - mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new - mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam - mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur - mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new - mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp - mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham - mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur - mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new - mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp - ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam - ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir - fi + if [ ! -d /home/$MY_USERNAME/Maildir ]; then + mkdir -m 700 /home/$MY_USERNAME/.mutt + mkdir -m 700 /home/$MY_USERNAME/Maildir + mkdir -m 700 /home/$MY_USERNAME/Maildir/cur + mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp + mkdir -m 700 /home/$MY_USERNAME/Maildir/new + mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent + mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur + mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp + mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp + ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam + ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir + fi - function_check configure_firewall_for_email - configure_firewall_for_email - echo 'install_email' >> $COMPLETION_FILE + function_check configure_firewall_for_email + configure_firewall_for_email + echo 'install_email' >> $COMPLETION_FILE } function create_procmail { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "create_procmail" $COMPLETION_FILE; then - return - fi - if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then - echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc - echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc - echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc - echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc - echo '' >> /home/$MY_USERNAME/.procmailrc - echo $"# Tripwire reports which have no violations don't need to be logged" >> /home/$MY_USERNAME/.procmailrc - echo ':0 BD:' >> /home/$MY_USERNAME/.procmailrc - TRIPWIRE_VIOLATIONS_STR=$'Total violations found: 0' - echo " * .*$TRIPWIRE_VIOLATIONS_STR" >> /home/$MY_USERNAME/.procmailrc - echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc - echo '' >> /home/$MY_USERNAME/.procmailrc - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc - fi + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "create_procmail" $COMPLETION_FILE; then + return + fi + if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then + echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc + echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc + echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc + echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc + echo '' >> /home/$MY_USERNAME/.procmailrc + echo $"# Tripwire reports which have no violations don't need to be logged" >> /home/$MY_USERNAME/.procmailrc + echo ':0 BD:' >> /home/$MY_USERNAME/.procmailrc + TRIPWIRE_VIOLATIONS_STR=$'Total violations found: 0' + echo " * .*$TRIPWIRE_VIOLATIONS_STR" >> /home/$MY_USERNAME/.procmailrc + echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc + echo '' >> /home/$MY_USERNAME/.procmailrc + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc + fi - mkdir -p /home/$MY_USERNAME/Maildir/admin/new - mkdir -p /home/$MY_USERNAME/Maildir/admin/cur - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir/admin + mkdir -p /home/$MY_USERNAME/Maildir/admin/new + mkdir -p /home/$MY_USERNAME/Maildir/admin/cur + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir/admin - if [ ! -f /etc/skel/.procmailrc ]; then - cp /home/$MY_USERNAME/.procmailrc /etc/skel/.procmailrc - chown root:root /etc/skel/.procmailrc - fi + if [ ! -f /etc/skel/.procmailrc ]; then + cp /home/$MY_USERNAME/.procmailrc /etc/skel/.procmailrc + chown root:root /etc/skel/.procmailrc + fi - echo 'create_procmail' >> $COMPLETION_FILE + echo 'create_procmail' >> $COMPLETION_FILE } function handle_admin_emails { - # keep emails for root in a separate folder - if [ -d /home/$MY_USERNAME/Maildir/admin ]; then - return - fi + # keep emails for root in a separate folder + if [ -d /home/$MY_USERNAME/Maildir/admin ]; then + return + fi - ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "root@$DEFAULT_DOMAIN_NAME" -g admin --public no + ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "root@$DEFAULT_DOMAIN_NAME" -g admin --public no } function spam_filtering { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "spam_filtering" $COMPLETION_FILE; then - return - fi - apt-get -y install exim4-daemon-heavy - apt-get -y install spamassassin - if [ ! -f /etc/default/spamassassin ]; then - echo 'Spamassassin was not installed' - exit 72570 - fi - sa-update -v - sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin - sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template - # This configuration is based on https://wiki.debian.org/DebianSpamAssassin - sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt - sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt - sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data - echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data - echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data - echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data - echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data - echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data - echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data - echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data - echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data - echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data - echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data - # procmail configuration - echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc - echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc - echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc - echo '| spamc' >> /home/$MY_USERNAME/.procmailrc - echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc - echo ':0' >> /home/$MY_USERNAME/.procmailrc - echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc - echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc - echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc - echo ':0' >> /home/$MY_USERNAME/.procmailrc - echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc - echo 'maybe-spam/' >> /home/$MY_USERNAME/.procmailrc - echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc - echo ':0' >> /home/$MY_USERNAME/.procmailrc - echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc - echo 'spam/' >> /home/$MY_USERNAME/.procmailrc - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc - echo '# get spamassassin to check emails' >> /etc/skel/.procmailrc - echo ':0fw: .spamassassin.lock' >> /etc/skel/.procmailrc - echo ' * < 256000' >> /etc/skel/.procmailrc - echo '| spamc' >> /etc/skel/.procmailrc - echo '# strong spam are discarded' >> /etc/skel/.procmailrc - echo ':0' >> /etc/skel/.procmailrc - echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /etc/skel/.procmailrc - echo '/dev/null' >> /etc/skel/.procmailrc - echo '# weak spam are kept just in case - clear this out every now and then' >> /etc/skel/.procmailrc - echo ':0' >> /etc/skel/.procmailrc - echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /etc/skel/.procmailrc - echo 'maybe-spam/' >> /etc/skel/.procmailrc - echo '# otherwise, marginal spam goes here for revision' >> /etc/skel/.procmailrc - echo ':0' >> /etc/skel/.procmailrc - echo ' * ^X-Spam-Level: \*\*' >> /etc/skel/.procmailrc - echo 'spam/' >> /etc/skel/.procmailrc - # filtering scripts - echo '#!/bin/bash' > /usr/bin/filterspam - echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam - echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam - echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then' >> /usr/bin/filterspam - echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam - echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam - echo ' exit' >> /usr/bin/filterspam - echo ' fi' >> /usr/bin/filterspam - echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam - echo ' do' >> /usr/bin/filterspam - echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam - echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam - echo ' done' >> /usr/bin/filterspam - echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam - echo ' do' >> /usr/bin/filterspam - echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam - echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam - echo ' done' >> /usr/bin/filterspam - echo ' fi' >> /usr/bin/filterspam - echo 'done' >> /usr/bin/filterspam - echo 'exit 0' >> /usr/bin/filterspam + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "spam_filtering" $COMPLETION_FILE; then + return + fi + apt-get -y install exim4-daemon-heavy + apt-get -y install spamassassin + if [ ! -f /etc/default/spamassassin ]; then + echo 'Spamassassin was not installed' + exit 72570 + fi + sa-update -v + sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin + sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template + # This configuration is based on https://wiki.debian.org/DebianSpamAssassin + sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt + sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt + sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + # procmail configuration + echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc + echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc + echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc + echo '| spamc' >> /home/$MY_USERNAME/.procmailrc + echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc + echo ':0' >> /home/$MY_USERNAME/.procmailrc + echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc + echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc + echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc + echo ':0' >> /home/$MY_USERNAME/.procmailrc + echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc + echo 'maybe-spam/' >> /home/$MY_USERNAME/.procmailrc + echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc + echo ':0' >> /home/$MY_USERNAME/.procmailrc + echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc + echo 'spam/' >> /home/$MY_USERNAME/.procmailrc + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc + echo '# get spamassassin to check emails' >> /etc/skel/.procmailrc + echo ':0fw: .spamassassin.lock' >> /etc/skel/.procmailrc + echo ' * < 256000' >> /etc/skel/.procmailrc + echo '| spamc' >> /etc/skel/.procmailrc + echo '# strong spam are discarded' >> /etc/skel/.procmailrc + echo ':0' >> /etc/skel/.procmailrc + echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /etc/skel/.procmailrc + echo '/dev/null' >> /etc/skel/.procmailrc + echo '# weak spam are kept just in case - clear this out every now and then' >> /etc/skel/.procmailrc + echo ':0' >> /etc/skel/.procmailrc + echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /etc/skel/.procmailrc + echo 'maybe-spam/' >> /etc/skel/.procmailrc + echo '# otherwise, marginal spam goes here for revision' >> /etc/skel/.procmailrc + echo ':0' >> /etc/skel/.procmailrc + echo ' * ^X-Spam-Level: \*\*' >> /etc/skel/.procmailrc + echo 'spam/' >> /etc/skel/.procmailrc + # filtering scripts + echo '#!/bin/bash' > /usr/bin/filterspam + echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam + echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam + echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterspam + echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam + echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam + echo ' exit' >> /usr/bin/filterspam + echo ' fi' >> /usr/bin/filterspam + echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam + echo ' do' >> /usr/bin/filterspam + echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam + echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam + echo ' done' >> /usr/bin/filterspam + echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam + echo ' do' >> /usr/bin/filterspam + echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam + echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam + echo ' done' >> /usr/bin/filterspam + echo ' fi' >> /usr/bin/filterspam + echo 'done' >> /usr/bin/filterspam + echo 'exit 0' >> /usr/bin/filterspam - echo '#!/bin/bash' > /usr/bin/filterham - echo 'for d in /home/*/ ; do' >> /usr/bin/filterham - echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham - echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then' >> /usr/bin/filterham - echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham - echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham - echo ' exit' >> /usr/bin/filterham - echo ' fi' >> /usr/bin/filterham - echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham - echo ' do' >> /usr/bin/filterham - echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham - echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham - echo ' done' >> /usr/bin/filterham - echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterham - echo ' do' >> /usr/bin/filterham - echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham - echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham - echo ' done' >> /usr/bin/filterham - echo ' fi' >> /usr/bin/filterham - echo 'done' >> /usr/bin/filterham - echo 'exit 0' >> /usr/bin/filterham + echo '#!/bin/bash' > /usr/bin/filterham + echo 'for d in /home/*/ ; do' >> /usr/bin/filterham + echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham + echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterham + echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham + echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham + echo ' exit' >> /usr/bin/filterham + echo ' fi' >> /usr/bin/filterham + echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham + echo ' do' >> /usr/bin/filterham + echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham + echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham + echo ' done' >> /usr/bin/filterham + echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterham + echo ' do' >> /usr/bin/filterham + echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham + echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham + echo ' done' >> /usr/bin/filterham + echo ' fi' >> /usr/bin/filterham + echo 'done' >> /usr/bin/filterham + echo 'exit 0' >> /usr/bin/filterham - function_check cron_add_mins - cron_add_mins 3 '/usr/bin/timeout 120 /usr/bin/filterspam' - cron_add_mins 3 '/usr/bin/timeout 120 /usr/bin/filterham' - chmod 655 /usr/bin/filterspam /usr/bin/filterham - sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf - sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf + function_check cron_add_mins + cron_add_mins 3 '/usr/bin/timeout 120 /usr/bin/filterspam' + cron_add_mins 3 '/usr/bin/timeout 120 /usr/bin/filterham' + chmod 655 /usr/bin/filterspam /usr/bin/filterham + sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf + sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf - # user preferences - if [ ! -d /home/$MY_USERNAME/.spamassassin ]; then - mkdir /home/$MY_USERNAME/.spamassassin - echo $'# How many points before a mail is considered spam.' > /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# required_score 5' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# Whitelist and blacklist addresses are now file-glob-style patterns, so' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# whitelist_from someone@somewhere.com' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# Add your own customised scores for some tests below. The default scores are' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# read from the installed spamassassin rules files, but you can override them' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# here. To see the list of tests and their default scores, go to' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# http://spamassassin.apache.org/tests.html .' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '#' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# score SYMBOLIC_TEST_NAME n.nn' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# definitely want to uncomment the following lines. They will switch off some' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# rules that detect 8-bit characters, which commonly trigger on mails using CJK' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# character sets, or that assume a western-style charset is in use. ' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# ' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# score HTML_COMMENT_8BITS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# score UPPERCASE_25_50 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# score UPPERCASE_50_75 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# score UPPERCASE_75_100 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# score OBSCURED_EMAIL 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# Speakers of any language that uses non-English, accented characters may wish' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# to uncomment the following lines. They turn off rules that fire on' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# misformatted messages generated by common mail apps in contravention of the' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo $'# email RFCs.' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs - echo '# score SUBJ_ILLEGAL_CHARS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs - fi - # this must be accessible by root - chown -R $MY_USERNAME:root /home/$MY_USERNAME/.spamassassin + # user preferences + if [ ! -d /home/$MY_USERNAME/.spamassassin ]; then + mkdir /home/$MY_USERNAME/.spamassassin + echo $'# How many points before a mail is considered spam.' > /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# required_score 5' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# Whitelist and blacklist addresses are now file-glob-style patterns, so' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# whitelist_from someone@somewhere.com' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# Add your own customised scores for some tests below. The default scores are' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# read from the installed spamassassin rules files, but you can override them' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# here. To see the list of tests and their default scores, go to' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# http://spamassassin.apache.org/tests.html .' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '#' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# score SYMBOLIC_TEST_NAME n.nn' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# definitely want to uncomment the following lines. They will switch off some' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# rules that detect 8-bit characters, which commonly trigger on mails using CJK' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# character sets, or that assume a western-style charset is in use. ' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# ' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# score HTML_COMMENT_8BITS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# score UPPERCASE_25_50 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# score UPPERCASE_50_75 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# score UPPERCASE_75_100 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# score OBSCURED_EMAIL 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# Speakers of any language that uses non-English, accented characters may wish' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# to uncomment the following lines. They turn off rules that fire on' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# misformatted messages generated by common mail apps in contravention of the' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo $'# email RFCs.' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs + echo '# score SUBJ_ILLEGAL_CHARS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs + fi + # this must be accessible by root + chown -R $MY_USERNAME:root /home/$MY_USERNAME/.spamassassin - systemctl restart spamassassin - systemctl restart exim4 - systemctl restart cron + systemctl restart spamassassin + systemctl restart exim4 + systemctl restart cron - echo 'spam_filtering' >> $COMPLETION_FILE + echo 'spam_filtering' >> $COMPLETION_FILE } function configure_imap { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "configure_imap" $COMPLETION_FILE; then - return - fi + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "configure_imap" $COMPLETION_FILE; then + return + fi - dpkg -P dovecot-imapd - dpkg -P dovecot-core - apt-get -y install dovecot-imapd + dpkg -P dovecot-imapd + dpkg -P dovecot-core + apt-get -y install dovecot-imapd - if [ ! -d /etc/dovecot ]; then - echo $"ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE" - exit 48 - fi + if [ ! -d /etc/dovecot ]; then + echo $"ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE" + exit 48 + fi - if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then - ${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH - check_certificates dovecot - fi - chown root:dovecot /etc/ssl/certs/dovecot.* - chown root:dovecot /etc/ssl/private/dovecot.* + if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then + ${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH + check_certificates dovecot + fi + chown root:dovecot /etc/ssl/certs/dovecot.* + chown root:dovecot /etc/ssl/private/dovecot.* - if [ ! -f /etc/dovecot/conf.d/10-ssl.conf ]; then - echo $'Unable to find /etc/dovecot/conf.d/10-ssl.conf' - exit 83629 - fi - sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf - sed -i 's|ssl = no|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf - sed -i 's|ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf - sed -i 's|#ssl_cert =.*|ssl_cert = > /etc/dovecot/conf.d/10-ssl.conf + if [ ! -f /etc/dovecot/conf.d/10-ssl.conf ]; then + echo $'Unable to find /etc/dovecot/conf.d/10-ssl.conf' + exit 83629 + fi + sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf + sed -i 's|ssl = no|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf + sed -i 's|ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf + sed -i 's|#ssl_cert =.*|ssl_cert = > /etc/dovecot/conf.d/10-ssl.conf - if [ ! -f /etc/dovecot/conf.d/10-master.conf ]; then - echo $'Unable to find /etc/dovecot/conf.d/10-master.conf' - exit 49259 - fi - sed -i 's/#process_limit =.*/process_limit = 100/g' /etc/dovecot/conf.d/10-master.conf - sed -i 's/#default_client_limit.*/default_client_limit = 100/g' /etc/dovecot/conf.d/10-master.conf - sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf + if [ ! -f /etc/dovecot/conf.d/10-master.conf ]; then + echo $'Unable to find /etc/dovecot/conf.d/10-master.conf' + exit 49259 + fi + sed -i 's/#process_limit =.*/process_limit = 100/g' /etc/dovecot/conf.d/10-master.conf + sed -i 's/#default_client_limit.*/default_client_limit = 100/g' /etc/dovecot/conf.d/10-master.conf + sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf - if [ ! -f /etc/dovecot/conf.d/10-logging.conf ]; then - echo $'Unable to find /etc/dovecot/conf.d/10-logging.conf' - exit 48936 - fi - sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf + if [ ! -f /etc/dovecot/conf.d/10-logging.conf ]; then + echo $'Unable to find /etc/dovecot/conf.d/10-logging.conf' + exit 48936 + fi + sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf - if [ ! -f /etc/dovecot/dovecot.conf ]; then - echo $'Unable to find /etc/dovecot/dovecot.conf' - exit 43890 - fi - sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf + if [ ! -f /etc/dovecot/dovecot.conf ]; then + echo $'Unable to find /etc/dovecot/dovecot.conf' + exit 43890 + fi + sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf - if [ ! -f /etc/dovecot/conf.d/10-auth.conf ]; then - echo $'Unable to find /etc/dovecot/conf.d/10-auth.conf' - exit 843256 - fi - sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf - sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf + if [ ! -f /etc/dovecot/conf.d/10-auth.conf ]; then + echo $'Unable to find /etc/dovecot/conf.d/10-auth.conf' + exit 843256 + fi + sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf + sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf - if [ ! -f /etc/dovecot/conf.d/10-mail.conf ]; then - echo $'Unable to find /etc/dovecot/conf.d/10-mail.conf' - exit 42036 - fi - sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf + if [ ! -f /etc/dovecot/conf.d/10-mail.conf ]; then + echo $'Unable to find /etc/dovecot/conf.d/10-mail.conf' + exit 42036 + fi + sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf - # This long notify interval makes the system more suited for use with - # battery powered mobile devices - sed -i 's|#imap_idle_notify_interval =.*|imap_idle_notify_interval = 29|g' /etc/dovecot/conf.d/20-imap.conf + # This long notify interval makes the system more suited for use with + # battery powered mobile devices + sed -i 's|#imap_idle_notify_interval =.*|imap_idle_notify_interval = 29|g' /etc/dovecot/conf.d/20-imap.conf - if [ -f /var/lib/dovecot/ssl-parameters.dat ]; then - rm /var/lib/dovecot/ssl-parameters.dat - fi + if [ -f /var/lib/dovecot/ssl-parameters.dat ]; then + rm /var/lib/dovecot/ssl-parameters.dat + fi - systemctl restart dovecot - echo 'configure_imap' >> $COMPLETION_FILE + systemctl restart dovecot + echo 'configure_imap' >> $COMPLETION_FILE } function configure_imap_client_certs { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "configure_imap_client_certs" $COMPLETION_FILE; then - return - fi - # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/ - sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf - sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf - sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf - sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf - sed -i "s|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt|g" /etc/dovecot/conf.d/10-ssl.conf - sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf - sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf - if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then - echo '' >> /etc/dovecot/conf.d/10-auth.conf - echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf - echo ' driver = passwd-file' >> /etc/dovecot/conf.d/10-auth.conf - echo ' args = /etc/dovecot/passwd-file' >> /etc/dovecot/conf.d/10-auth.conf - echo ' deny = no' >> /etc/dovecot/conf.d/10-auth.conf - echo ' master = no' >> /etc/dovecot/conf.d/10-auth.conf - echo ' pass = no' >> /etc/dovecot/conf.d/10-auth.conf - echo '}' >> /etc/dovecot/conf.d/10-auth.conf - fi - if [[ $ONION_ONLY == "no" ]]; then - # make a CA cert - if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then - if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then - ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH - else - ${PROJECT_NAME}-addcert -e $DEFAULT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --ca "" --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS - fi - fi - fi - # CA configuration - echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf - echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf - echo '' >> /etc/ssl/dovecot-ca.cnf - echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf - echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf - echo '' >> /etc/ssl/dovecot-ca.cnf - echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf - echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf - echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf - echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf - echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf - echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf - echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf - echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf - echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf - echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf - echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf - echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf - echo '' >> /etc/ssl/dovecot-ca.cnf - echo '[ dovecot-ca_policy ]' >> /etc/ssl/dovecot-ca.cnf - echo 'commonName = supplied' >> /etc/ssl/dovecot-ca.cnf - echo 'stateOrProvinceName = supplied' >> /etc/ssl/dovecot-ca.cnf - echo 'countryName = supplied' >> /etc/ssl/dovecot-ca.cnf - echo 'emailAddress = optional' >> /etc/ssl/dovecot-ca.cnf - echo 'organizationName = supplied' >> /etc/ssl/dovecot-ca.cnf - echo 'organizationalUnitName = optional' >> /etc/ssl/dovecot-ca.cnf - echo '' >> /etc/ssl/dovecot-ca.cnf - echo '[ dovecot-ca_extensions ]' >> /etc/ssl/dovecot-ca.cnf - echo 'basicConstraints = CA:false' >> /etc/ssl/dovecot-ca.cnf - echo 'subjectKeyIdentifier = hash' >> /etc/ssl/dovecot-ca.cnf - echo 'authorityKeyIdentifier = keyid:always' >> /etc/ssl/dovecot-ca.cnf - echo 'keyUsage = digitalSignature,keyEncipherment' >> /etc/ssl/dovecot-ca.cnf - echo 'extendedKeyUsage = clientAuth' >> /etc/ssl/dovecot-ca.cnf - if [ -f /etc/ssl/ssldb ]; then - rm /etc/ssl/ssldb - fi - if [ -f /etc/ssl/sslserial ]; then - rm /etc/ssl/sslserial - fi - touch /etc/ssl/ssldb - echo 0001 > /etc/ssl/sslserial - #${PROJECT_NAME}-clientcert -u $MY_USERNAME - systemctl restart dovecot - echo 'configure_imap_client_certs' >> $COMPLETION_FILE + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "configure_imap_client_certs" $COMPLETION_FILE; then + return + fi + # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/ + sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf + sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf + sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf + sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf + sed -i "s|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt|g" /etc/dovecot/conf.d/10-ssl.conf + sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf + sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf + if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then + echo '' >> /etc/dovecot/conf.d/10-auth.conf + echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf + echo ' driver = passwd-file' >> /etc/dovecot/conf.d/10-auth.conf + echo ' args = /etc/dovecot/passwd-file' >> /etc/dovecot/conf.d/10-auth.conf + echo ' deny = no' >> /etc/dovecot/conf.d/10-auth.conf + echo ' master = no' >> /etc/dovecot/conf.d/10-auth.conf + echo ' pass = no' >> /etc/dovecot/conf.d/10-auth.conf + echo '}' >> /etc/dovecot/conf.d/10-auth.conf + fi + if [[ $ONION_ONLY == "no" ]]; then + # make a CA cert + if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then + if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then + ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH + else + ${PROJECT_NAME}-addcert -e $DEFAULT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --ca "" --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS + fi + fi + fi + # CA configuration + echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf + echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf + echo '' >> /etc/ssl/dovecot-ca.cnf + echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf + echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf + echo '' >> /etc/ssl/dovecot-ca.cnf + echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf + echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf + echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf + echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf + echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf + echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf + echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf + echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf + echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf + echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf + echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf + echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf + echo '' >> /etc/ssl/dovecot-ca.cnf + echo '[ dovecot-ca_policy ]' >> /etc/ssl/dovecot-ca.cnf + echo 'commonName = supplied' >> /etc/ssl/dovecot-ca.cnf + echo 'stateOrProvinceName = supplied' >> /etc/ssl/dovecot-ca.cnf + echo 'countryName = supplied' >> /etc/ssl/dovecot-ca.cnf + echo 'emailAddress = optional' >> /etc/ssl/dovecot-ca.cnf + echo 'organizationName = supplied' >> /etc/ssl/dovecot-ca.cnf + echo 'organizationalUnitName = optional' >> /etc/ssl/dovecot-ca.cnf + echo '' >> /etc/ssl/dovecot-ca.cnf + echo '[ dovecot-ca_extensions ]' >> /etc/ssl/dovecot-ca.cnf + echo 'basicConstraints = CA:false' >> /etc/ssl/dovecot-ca.cnf + echo 'subjectKeyIdentifier = hash' >> /etc/ssl/dovecot-ca.cnf + echo 'authorityKeyIdentifier = keyid:always' >> /etc/ssl/dovecot-ca.cnf + echo 'keyUsage = digitalSignature,keyEncipherment' >> /etc/ssl/dovecot-ca.cnf + echo 'extendedKeyUsage = clientAuth' >> /etc/ssl/dovecot-ca.cnf + if [ -f /etc/ssl/ssldb ]; then + rm /etc/ssl/ssldb + fi + if [ -f /etc/ssl/sslserial ]; then + rm /etc/ssl/sslserial + fi + touch /etc/ssl/ssldb + echo 0001 > /etc/ssl/sslserial + #${PROJECT_NAME}-clientcert -u $MY_USERNAME + systemctl restart dovecot + echo 'configure_imap_client_certs' >> $COMPLETION_FILE } function create_gpg_subkey { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "create_gpg_subkey" $COMPLETION_FILE; then - return - fi - apt-get -y install gnupg + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "create_gpg_subkey" $COMPLETION_FILE; then + return + fi + apt-get -y install gnupg - GPG_KEY_USAGE=$1 - if [[ $GPG_KEY_USAGE != "sign" && $GPG_KEY_USAGE != "auth" && $GPG_KEY_USAGE != "encrypt" ]]; then - echo $"Unknown subkey usage: $GPG_KEY_USAGE" - echo $'Available types: sign|auth|encrypt' - exit 14783 - fi + GPG_KEY_USAGE=$1 + if [[ $GPG_KEY_USAGE != "sign" && $GPG_KEY_USAGE != "auth" && $GPG_KEY_USAGE != "encrypt" ]]; then + echo $"Unknown subkey usage: $GPG_KEY_USAGE" + echo $'Available types: sign|auth|encrypt' + exit 14783 + fi - KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g') + KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g') - # Generate a GPG subkey - # Here a 2048bit length is used to be compatible with yubikey - echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf - echo "Key-Grip: $KEYGRIP" > /home/$MY_USERNAME/gpg-genkey.conf - echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf - echo 'Subkey-Length: 2048' >> /home/$MY_USERNAME/gpg-genkey.conf - echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf - echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf - echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf - echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf - echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf - su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME - shred -zu /home/$MY_USERNAME/gpg-genkey.conf - MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') + # Generate a GPG subkey + # Here a 2048bit length is used to be compatible with yubikey + echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf + echo "Key-Grip: $KEYGRIP" > /home/$MY_USERNAME/gpg-genkey.conf + echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf + echo 'Subkey-Length: 2048' >> /home/$MY_USERNAME/gpg-genkey.conf + echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf + echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf + echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf + echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf + echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf + su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME + shred -zu /home/$MY_USERNAME/gpg-genkey.conf + MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') - echo 'create_gpg_subkey' >> $COMPLETION_FILE + echo 'create_gpg_subkey' >> $COMPLETION_FILE } function gpg_key_exists { - key_owner_username=$1 - key_search_text=$2 - if [[ $key_owner_username != "root" ]]; then - KEY_EXISTS=$(su -c "gpg --list-keys \"${key_search_text}\"" - $key_owner_username) - else - KEY_EXISTS=$(gpg --list-keys "${key_search_text}") - fi - if [ ! "$KEY_EXISTS" ]; then - echo "no" - return - fi - if [ "$KEY_EXISTS" == *"error"* ]; then - echo "no" - return - fi - echo "yes" + key_owner_username=$1 + key_search_text=$2 + if [[ $key_owner_username != "root" ]]; then + KEY_EXISTS=$(su -c "gpg --list-keys \"${key_search_text}\"" - $key_owner_username) + else + KEY_EXISTS=$(gpg --list-keys "${key_search_text}") + fi + if [ ! "$KEY_EXISTS" ]; then + echo "no" + return + fi + if [ "$KEY_EXISTS" == *"error"* ]; then + echo "no" + return + fi + echo "yes" } function gpg_pubkey_from_email { - key_owner_username=$1 - key_email_address=$2 - key_id= - if [[ $key_owner_username != "root" ]]; then - key_id=$(su -c "gpg --list-keys $key_email_address | grep 'pub '" - $key_owner_username | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') - else - key_id=$(gpg --list-keys $key_email_address | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') - fi - echo $key_id + key_owner_username=$1 + key_email_address=$2 + key_id= + if [[ $key_owner_username != "root" ]]; then + key_id=$(su -c "gpg --list-keys $key_email_address | grep 'pub '" - $key_owner_username | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') + else + key_id=$(gpg --list-keys $key_email_address | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') + fi + echo $key_id } function configure_gpg { - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "configure_gpg" $COMPLETION_FILE; then - return - fi - apt-get -y install gnupg + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "configure_gpg" $COMPLETION_FILE; then + return + fi + apt-get -y install gnupg - gpg_dir=/home/$MY_USERNAME/.gnupg + gpg_dir=/home/$MY_USERNAME/.gnupg - # if gpg keys directory was previously imported from usb - if [[ $GPG_KEYS_IMPORTED == "yes" && -d $gpg_dir ]]; then - echo $'GPG keys were imported' - sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf - MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS") - if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then - echo $'GPG public key ID could not be obtained' - fi - chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir - chmod 700 $gpg_dir - chmod 600 $gpg_dir/* - echo 'configure_gpg' >> $COMPLETION_FILE - return - fi + # if gpg keys directory was previously imported from usb + if [[ $GPG_KEYS_IMPORTED == "yes" && -d $gpg_dir ]]; then + echo $'GPG keys were imported' + sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf + MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS") + if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then + echo $'GPG public key ID could not be obtained' + fi + chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir + chmod 700 $gpg_dir + chmod 600 $gpg_dir/* + echo 'configure_gpg' >> $COMPLETION_FILE + return + fi - if [ ! -d $gpg_dir ]; then - mkdir $gpg_dir - echo "keyserver $GPG_KEYSERVER" >> $gpg_dir/gpg.conf - echo 'keyserver-options auto-key-retrieve' >> $gpg_dir/gpg.conf - fi + if [ ! -d $gpg_dir ]; then + mkdir $gpg_dir + echo "keyserver $GPG_KEYSERVER" >> $gpg_dir/gpg.conf + echo 'keyserver-options auto-key-retrieve' >> $gpg_dir/gpg.conf + fi - sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf + sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf - if ! grep -q "# default preferences" $gpg_dir/gpg.conf; then - echo '' >> $gpg_dir/gpg.conf - echo '# default preferences' >> $gpg_dir/gpg.conf - echo 'personal-digest-preferences SHA256' >> $gpg_dir/gpg.conf - echo 'cert-digest-algo SHA256' >> $gpg_dir/gpg.conf - echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> $gpg_dir/gpg.conf - fi + if ! grep -q "# default preferences" $gpg_dir/gpg.conf; then + echo '' >> $gpg_dir/gpg.conf + echo '# default preferences' >> $gpg_dir/gpg.conf + echo 'personal-digest-preferences SHA256' >> $gpg_dir/gpg.conf + echo 'cert-digest-algo SHA256' >> $gpg_dir/gpg.conf + echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> $gpg_dir/gpg.conf + fi - chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir - chmod 700 $gpg_dir - chmod 600 $gpg_dir/* + chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir + chmod 700 $gpg_dir + chmod 600 $gpg_dir/* - if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then - echo $'Importing GPG keys from file' - echo $"Public key: $MY_GPG_PUBLIC_KEY" - echo $"Private key: $MY_GPG_PRIVATE_KEY" + if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then + echo $'Importing GPG keys from file' + echo $"Public key: $MY_GPG_PUBLIC_KEY" + echo $"Private key: $MY_GPG_PRIVATE_KEY" - # use your existing GPG keys which were exported - if [ ! -f $MY_GPG_PUBLIC_KEY ]; then - echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found" - exit 2483 - fi - if [ ! -f $MY_GPG_PRIVATE_KEY ]; then - echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found" - exit 5383 - fi - su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME - su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME - KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS") - if [[ $KEY_EXISTS == "no" ]]; then - echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported" - exit 13821 - fi + # use your existing GPG keys which were exported + if [ ! -f $MY_GPG_PUBLIC_KEY ]; then + echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found" + exit 2483 + fi + if [ ! -f $MY_GPG_PRIVATE_KEY ]; then + echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found" + exit 5383 + fi + su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME + su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME + KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS") + if [[ $KEY_EXISTS == "no" ]]; then + echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported" + exit 13821 + fi - # for security ensure that the private key file doesn't linger around - shred -zu $MY_GPG_PRIVATE_KEY - MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS") - if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then - echo $'GPG public key ID could not be obtained' - fi - else - # Generate a GPG key - echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf - echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf - echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf - echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf - echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf - echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf - echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf - echo $'Generating a new GPG key' - su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME - KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS") - if [[ $KEY_EXISTS == "no" ]]; then - echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created" - exit 6362 - fi - shred -zu /home/$MY_USERNAME/gpg-genkey.conf - MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS") - if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then - echo $'GPG public key ID could not be obtained' - fi - MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg - su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME + # for security ensure that the private key file doesn't linger around + shred -zu $MY_GPG_PRIVATE_KEY + MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS") + if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then + echo $'GPG public key ID could not be obtained' + fi + else + # Generate a GPG key + echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf + echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf + echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf + echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf + echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf + echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf + echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf + echo $'Generating a new GPG key' + su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME + KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS") + if [[ $KEY_EXISTS == "no" ]]; then + echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created" + exit 6362 + fi + shred -zu /home/$MY_USERNAME/gpg-genkey.conf + MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS") + if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then + echo $'GPG public key ID could not be obtained' + fi + MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg + su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME - if grep -q "install_email" $COMPLETION_FILE; then - if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Change your GPG password' >> /home/$MY_USERNAME/README - echo '========================' >> /home/$MY_USERNAME/README - echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README - echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README - echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README - echo $'You can change the it with:' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README - echo ' passwd' >> /home/$MY_USERNAME/README - echo ' save' >> /home/$MY_USERNAME/README - echo ' quit' >> /home/$MY_USERNAME/README - fi - if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Publish your GPG public key' >> /home/$MY_USERNAME/README - echo '===========================' >> /home/$MY_USERNAME/README - echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README - echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README - fi - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - fi + if grep -q "install_email" $COMPLETION_FILE; then + if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Change your GPG password' >> /home/$MY_USERNAME/README + echo '========================' >> /home/$MY_USERNAME/README + echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README + echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README + echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README + echo $'You can change the it with:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README + echo ' passwd' >> /home/$MY_USERNAME/README + echo ' save' >> /home/$MY_USERNAME/README + echo ' quit' >> /home/$MY_USERNAME/README + fi + if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Publish your GPG public key' >> /home/$MY_USERNAME/README + echo '===========================' >> /home/$MY_USERNAME/README + echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README + echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README + fi + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + fi - echo 'configure_gpg' >> $COMPLETION_FILE + echo 'configure_gpg' >> $COMPLETION_FILE } function refresh_gpg_keys { - REFRESH_GPG_KEYS_SCRIPT=/usr/bin/update-gpg-keys - echo '#!/bin/bash' > $REFRESH_GPG_KEYS_SCRIPT - echo "if [ -f /usr/local/bin/${PROJECT_NAME}-sec ]; then" >> $REFRESH_GPG_KEYS_SCRIPT - echo " /usr/bin/timeout 600 /usr/local/bin/${PROJECT_NAME}-sec --refresh yes" >> $REFRESH_GPG_KEYS_SCRIPT - echo 'else' >> $REFRESH_GPG_KEYS_SCRIPT - echo " /usr/bin/timeout 600 /usr/bin/${PROJECT_NAME}-sec --refresh yes" >> $REFRESH_GPG_KEYS_SCRIPT - echo 'fi' >> $REFRESH_GPG_KEYS_SCRIPT - chmod +x $REFRESH_GPG_KEYS_SCRIPT + REFRESH_GPG_KEYS_SCRIPT=/usr/bin/update-gpg-keys + echo '#!/bin/bash' > $REFRESH_GPG_KEYS_SCRIPT + echo "if [ -f /usr/local/bin/${PROJECT_NAME}-sec ]; then" >> $REFRESH_GPG_KEYS_SCRIPT + echo " /usr/bin/timeout 600 /usr/local/bin/${PROJECT_NAME}-sec --refresh yes" >> $REFRESH_GPG_KEYS_SCRIPT + echo 'else' >> $REFRESH_GPG_KEYS_SCRIPT + echo " /usr/bin/timeout 600 /usr/bin/${PROJECT_NAME}-sec --refresh yes" >> $REFRESH_GPG_KEYS_SCRIPT + echo 'fi' >> $REFRESH_GPG_KEYS_SCRIPT + chmod +x $REFRESH_GPG_KEYS_SCRIPT - if grep -q "${PROJECT_NAME}-sec" /etc/crontab; then - sed -i "/${PROJECT_NAME}-sec /d" /etc/crontab - fi - if ! grep -q "$REFRESH_GPG_KEYS_SCRIPT" /etc/crontab; then - GPG_REFRESH_TIME=$(( RANDOM % 60 )) - echo "$GPG_REFRESH_TIME */$REFRESH_GPG_KEYS_HOURS * * * root cronic $REFRESH_GPG_KEYS_SCRIPT" >> /etc/crontab - systemctl restart cron - else - sed -i "s|root $REFRESH_GPG_KEYS_SCRIPT.*|root cronic $REFRESH_GPG_KEYS_SCRIPT|g" /etc/crontab - fi + if grep -q "${PROJECT_NAME}-sec" /etc/crontab; then + sed -i "/${PROJECT_NAME}-sec /d" /etc/crontab + fi + if ! grep -q "$REFRESH_GPG_KEYS_SCRIPT" /etc/crontab; then + GPG_REFRESH_TIME=$(( RANDOM % 60 )) + echo "$GPG_REFRESH_TIME */$REFRESH_GPG_KEYS_HOURS * * * root cronic $REFRESH_GPG_KEYS_SCRIPT" >> /etc/crontab + systemctl restart cron + else + sed -i "s|root $REFRESH_GPG_KEYS_SCRIPT.*|root cronic $REFRESH_GPG_KEYS_SCRIPT|g" /etc/crontab + fi } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel index 17ded6bf..2c26eaa0 100755 --- a/src/freedombone-controlpanel +++ b/src/freedombone-controlpanel @@ -77,52 +77,52 @@ USB_DRIVE=sdb # get default USB from config file CONFIGURATION_FILE=/root/${PROJECT_NAME}.cfg if [ -f $CONFIGURATION_FILE ]; then - if grep -q "WIFI_HOTSPOT=" $CONFIGURATION_FILE; then - WIFI_HOTSPOT=$(cat $CONFIGURATION_FILE | grep "WIFI_HOTSPOT=" | awk -F '=' '{print $2}') - fi - if grep -q "WIFI_INTERFACE=" $CONFIGURATION_FILE; then - WIFI_INTERFACE=$(cat $CONFIGURATION_FILE | grep "WIFI_INTERFACE=" | awk -F '=' '{print $2}') - fi - if grep -q "WIFI_TYPE=" $CONFIGURATION_FILE; then - WIFI_TYPE=$(cat $CONFIGURATION_FILE | grep "WIFI_TYPE=" | awk -F '=' '{print $2}') - fi - if grep -q "WIFI_SSID=" $CONFIGURATION_FILE; then - WIFI_SSID=$(cat $CONFIGURATION_FILE | grep "WIFI_SSID=" | awk -F '=' '{print $2}') - fi - if grep -q "WIFI_PASSPHRASE=" $CONFIGURATION_FILE; then - WIFI_PASSPHRASE=$(cat $CONFIGURATION_FILE | grep "WIFI_PASSPHRASE=" | awk -F '=' '{print $2}') - fi - if grep -q "USB_DRIVE=" $CONFIGURATION_FILE; then - USB_DRIVE=$(cat $CONFIGURATION_FILE | grep "USB_DRIVE=" | awk -F '=' '{print $2}') - if [[ $USB_DRIVE == *"dev"* ]]; then - USB_DRIVE=$(echo ${USB_DRIVE} | awk -F '/' '{print $3}' | sed 's|1||g' | sed 's|2||g') - fi - fi - if grep -q "SSH_PORT=" $CONFIGURATION_FILE; then - SSH_PORT=$(cat $CONFIGURATION_FILE | grep "SSH_PORT=" | awk -F '=' '{print $2}') - fi - if grep -q "IRC_PORT=" $CONFIGURATION_FILE; then - IRC_PORT=$(cat $CONFIGURATION_FILE | grep "IRC_PORT=" | awk -F '=' '{print $2}') - fi + if grep -q "WIFI_HOTSPOT=" $CONFIGURATION_FILE; then + WIFI_HOTSPOT=$(cat $CONFIGURATION_FILE | grep "WIFI_HOTSPOT=" | awk -F '=' '{print $2}') + fi + if grep -q "WIFI_INTERFACE=" $CONFIGURATION_FILE; then + WIFI_INTERFACE=$(cat $CONFIGURATION_FILE | grep "WIFI_INTERFACE=" | awk -F '=' '{print $2}') + fi + if grep -q "WIFI_TYPE=" $CONFIGURATION_FILE; then + WIFI_TYPE=$(cat $CONFIGURATION_FILE | grep "WIFI_TYPE=" | awk -F '=' '{print $2}') + fi + if grep -q "WIFI_SSID=" $CONFIGURATION_FILE; then + WIFI_SSID=$(cat $CONFIGURATION_FILE | grep "WIFI_SSID=" | awk -F '=' '{print $2}') + fi + if grep -q "WIFI_PASSPHRASE=" $CONFIGURATION_FILE; then + WIFI_PASSPHRASE=$(cat $CONFIGURATION_FILE | grep "WIFI_PASSPHRASE=" | awk -F '=' '{print $2}') + fi + if grep -q "USB_DRIVE=" $CONFIGURATION_FILE; then + USB_DRIVE=$(cat $CONFIGURATION_FILE | grep "USB_DRIVE=" | awk -F '=' '{print $2}') + if [[ $USB_DRIVE == *"dev"* ]]; then + USB_DRIVE=$(echo ${USB_DRIVE} | awk -F '/' '{print $3}' | sed 's|1||g' | sed 's|2||g') + fi + fi + if grep -q "SSH_PORT=" $CONFIGURATION_FILE; then + SSH_PORT=$(cat $CONFIGURATION_FILE | grep "SSH_PORT=" | awk -F '=' '{print $2}') + fi + if grep -q "IRC_PORT=" $CONFIGURATION_FILE; then + IRC_PORT=$(cat $CONFIGURATION_FILE | grep "IRC_PORT=" | awk -F '=' '{print $2}') + fi - if grep -q "SMTP_PROXY_ENABLE=" $CONFIGURATION_FILE; then - SMTP_PROXY_ENABLE=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_ENABLE=" | awk -F '=' '{print $2}') - fi - if grep -q "SMTP_PROXY_PROTOCOL=" $CONFIGURATION_FILE; then - SMTP_PROXY_PROTOCOL=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_PROTOCOL=" | awk -F '=' '{print $2}') - fi - if grep -q "SMTP_PROXY_SERVER=" $CONFIGURATION_FILE; then - SMTP_PROXY_SERVER=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_SERVER=" | awk -F '=' '{print $2}') - fi - if grep -q "SMTP_PROXY_PORT=" $CONFIGURATION_FILE; then - SMTP_PROXY_PORT=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_PORT=" | awk -F '=' '{print $2}') - fi - if grep -q "SMTP_PROXY_USERNAME=" $CONFIGURATION_FILE; then - SMTP_PROXY_USERNAME=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_USERNAME=" | awk -F '=' '{print $2}') - fi - if grep -q "SMTP_PROXY_PASSWORD=" $CONFIGURATION_FILE; then - SMTP_PROXY_PASSWORD=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_PASSWORD=" | awk -F '=' '{print $2}') - fi + if grep -q "SMTP_PROXY_ENABLE=" $CONFIGURATION_FILE; then + SMTP_PROXY_ENABLE=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_ENABLE=" | awk -F '=' '{print $2}') + fi + if grep -q "SMTP_PROXY_PROTOCOL=" $CONFIGURATION_FILE; then + SMTP_PROXY_PROTOCOL=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_PROTOCOL=" | awk -F '=' '{print $2}') + fi + if grep -q "SMTP_PROXY_SERVER=" $CONFIGURATION_FILE; then + SMTP_PROXY_SERVER=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_SERVER=" | awk -F '=' '{print $2}') + fi + if grep -q "SMTP_PROXY_PORT=" $CONFIGURATION_FILE; then + SMTP_PROXY_PORT=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_PORT=" | awk -F '=' '{print $2}') + fi + if grep -q "SMTP_PROXY_USERNAME=" $CONFIGURATION_FILE; then + SMTP_PROXY_USERNAME=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_USERNAME=" | awk -F '=' '{print $2}') + fi + if grep -q "SMTP_PROXY_PASSWORD=" $CONFIGURATION_FILE; then + SMTP_PROXY_PASSWORD=$(cat $CONFIGURATION_FILE | grep "SMTP_PROXY_PASSWORD=" | awk -F '=' '{print $2}') + fi fi # Mirrors settings @@ -132,1975 +132,1987 @@ FRIENDS_MIRRORS_PASSWORD= MY_MIRRORS_PASSWORD= function any_key { - echo ' ' - read -n1 -r -p $"Press any key to continue..." key + echo ' ' + read -n1 -r -p $"Press any key to continue..." key } function check_for_updates { - if [ ! -f /etc/cron.weekly/$UPGRADE_SCRIPT_NAME ]; then - dialog --title $"Check for updates" \ - --msgbox $"Upgrade script was not found" 6 40 - return - fi + if [ ! -f /etc/cron.weekly/$UPGRADE_SCRIPT_NAME ]; then + dialog --title $"Check for updates" \ + --msgbox $"Upgrade script was not found" 6 40 + return + fi - clear - . /etc/cron.weekly/$UPGRADE_SCRIPT_NAME - any_key + clear + . /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + any_key } function read_repo_servers { - if [ -f $CONFIGURATION_FILE ]; then - if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then - FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}') - fi - if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then - FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') - fi - if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then - MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') - fi - if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then - FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') - fi - fi + if [ -f $CONFIGURATION_FILE ]; then + if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then + FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then + FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then + MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then + FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + fi - if [ ! $FRIENDS_MIRRORS_SERVER ]; then - return - fi - if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then - return - fi + if [ ! $FRIENDS_MIRRORS_SERVER ]; then + return + fi + if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then + return + fi - MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME} - if [ ! -f $MAIN_COMMAND ]; then - MAIN_COMMAND=/usr/bin/${PROJECT_NAME} - fi + MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME} + if [ ! -f $MAIN_COMMAND ]; then + MAIN_COMMAND=/usr/bin/${PROJECT_NAME} + fi - REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g')) + REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g')) - for line in "${REPOS[@]}" - do - repo_name=$(echo "$line" | awk -F '=' '{print $1}') - mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}') - friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}" - ${repo_name}="${friends_repo_url}" - done + for line in "${REPOS[@]}" + do + repo_name=$(echo "$line" | awk -F '=' '{print $1}') + mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}') + friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}" + ${repo_name}="${friends_repo_url}" + done } function set_main_repo { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Main Repository (Mirrors)" \ - --form $"If you do not wish to use the default repositories they can be obtained from mirrors on another ${PROJECT_NAME} server." 14 60 3 \ - $"URL:" 1 1 "$FRIENDS_MIRRORS_SERVER" 1 14 40 15 \ - $"SSH Port:" 2 1 "$FRIENDS_MIRRORS_SSH_PORT" 2 14 40 10000 \ - $"Password:" 3 1 "$FRIENDS_MIRRORS_PASSWORD" 3 14 40 10000 \ - 2> $data - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - new_mirrors_url=$(cat $data | sed -n 1p) - new_mirrors_ssh_port=$(cat $data | sed -n 2p) - new_mirrors_password=$(cat $data | sed -n 3p) + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Main Repository (Mirrors)" \ + --form $"If you do not wish to use the default repositories they can be obtained from mirrors on another ${PROJECT_NAME} server." 14 60 3 \ + $"URL:" 1 1 "$FRIENDS_MIRRORS_SERVER" 1 14 40 15 \ + $"SSH Port:" 2 1 "$FRIENDS_MIRRORS_SSH_PORT" 2 14 40 10000 \ + $"Password:" 3 1 "$FRIENDS_MIRRORS_PASSWORD" 3 14 40 10000 \ + 2> $data + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + new_mirrors_url=$(cat $data | sed -n 1p) + new_mirrors_ssh_port=$(cat $data | sed -n 2p) + new_mirrors_password=$(cat $data | sed -n 3p) - if [ ${#new_mirrors_url} -lt 2 ]; then - return - fi - if [ ${#new_mirrors_ssh_port} -lt 1 ]; then - return - fi - if [ ${#new_mirrors_password} -lt 10 ]; then - dialog --title $"Main Repository" \ - --msgbox $'Mirrors password was too short. Should be at least 10 characters.' 6 40 - return - fi + if [ ${#new_mirrors_url} -lt 2 ]; then + return + fi + if [ ${#new_mirrors_ssh_port} -lt 1 ]; then + return + fi + if [ ${#new_mirrors_password} -lt 10 ]; then + dialog --title $"Main Repository" \ + --msgbox $'Mirrors password was too short. Should be at least 10 characters.' 6 40 + return + fi - if [[ $new_mirrors_url == *"."* ]]; then - FRIENDS_MIRRORS_SERVER=$new_mirrors_url - FRIENDS_MIRRORS_SSH_PORT=$new_mirrors_ssh_port - FRIENDS_MIRRORS_PASSWORD=$new_mirrors_password + if [[ $new_mirrors_url == *"."* ]]; then + FRIENDS_MIRRORS_SERVER=$new_mirrors_url + FRIENDS_MIRRORS_SSH_PORT=$new_mirrors_ssh_port + FRIENDS_MIRRORS_PASSWORD=$new_mirrors_password - if ! grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then - echo "FRIENDS_MIRRORS_SERVER=$FRIENDS_MIRRORS_SERVER" >> $CONFIGURATION_FILE - else - sed -i "s|FRIENDS_MIRRORS_SERVER=.*|FRIENDS_MIRRORS_SERVER=$FRIENDS_MIRRORS_SERVER|g" $CONFIGURATION_FILE - fi + if ! grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then + echo "FRIENDS_MIRRORS_SERVER=$FRIENDS_MIRRORS_SERVER" >> $CONFIGURATION_FILE + else + sed -i "s|FRIENDS_MIRRORS_SERVER=.*|FRIENDS_MIRRORS_SERVER=$FRIENDS_MIRRORS_SERVER|g" $CONFIGURATION_FILE + fi - if ! grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then - echo "FRIENDS_MIRRORS_SSH_PORT=$FRIENDS_MIRRORS_SSH_PORT" >> $CONFIGURATION_FILE - else - sed -i "s|FRIENDS_MIRRORS_SSH_PORT=.*|FRIENDS_MIRRORS_SSH_PORT=$FRIENDS_MIRRORS_SSH_PORT|g" $CONFIGURATION_FILE - fi + if ! grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then + echo "FRIENDS_MIRRORS_SSH_PORT=$FRIENDS_MIRRORS_SSH_PORT" >> $CONFIGURATION_FILE + else + sed -i "s|FRIENDS_MIRRORS_SSH_PORT=.*|FRIENDS_MIRRORS_SSH_PORT=$FRIENDS_MIRRORS_SSH_PORT|g" $CONFIGURATION_FILE + fi - if ! grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then - echo "FRIENDS_MIRRORS_PASSWORD=$FRIENDS_MIRRORS_PASSWORD" >> $CONFIGURATION_FILE - else - sed -i "s|FRIENDS_MIRRORS_PASSWORD=.*|FRIENDS_MIRRORS_PASSWORD=$FRIENDS_MIRRORS_PASSWORD|g" $CONFIGURATION_FILE - fi + if ! grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then + echo "FRIENDS_MIRRORS_PASSWORD=$FRIENDS_MIRRORS_PASSWORD" >> $CONFIGURATION_FILE + else + sed -i "s|FRIENDS_MIRRORS_PASSWORD=.*|FRIENDS_MIRRORS_PASSWORD=$FRIENDS_MIRRORS_PASSWORD|g" $CONFIGURATION_FILE + fi - # re-read the repos - read_repo_servers + # re-read the repos + read_repo_servers - dialog --title $"Main Repository" \ - --msgbox $"Main repository set to $FRIENDS_MIRRORS_SERVER" 6 60 - fi + dialog --title $"Main Repository" \ + --msgbox $"Main repository set to $FRIENDS_MIRRORS_SERVER" 6 60 + fi } function add_user { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Add new user" \ - --form "\n" 8 60 3 \ - $"Username:" 1 1 "" 1 28 16 15 \ - $"ssh public key (optional):" 2 1 "" 2 28 40 10000 \ - 2> $data - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - new_user_username=$(cat $data | sed -n 1p) - new_user_ssh_public_key=$(cat $data | sed -n 2p) - if [ ${#new_user_username} -lt 2 ]; then - dialog --title $"New username" \ - --msgbox $"No username was given" 6 40 - return - fi - if [[ "$new_user_username" == *" "* ]]; then - dialog --title $"Invalid username" \ - --msgbox $"The username should not contain any spaces" 6 40 - return - fi - if [ ${#new_user_ssh_public_key} -lt 20 ]; then - clear - ${PROJECT_NAME}-adduser "$new_user_username" - any_key - else - if [[ "$new_user_ssh_public_key" == "ssh-"* ]]; then - clear - ${PROJECT_NAME}-adduser "$new_user_username" "$new_user_ssh_public_key" - any_key - else - dialog --title $"ssh public key" \ - --msgbox $"This does not look like an ssh public key" 6 40 - fi - fi + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Add new user" \ + --form "\n" 8 60 3 \ + $"Username:" 1 1 "" 1 28 16 15 \ + $"ssh public key (optional):" 2 1 "" 2 28 40 10000 \ + 2> $data + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + new_user_username=$(cat $data | sed -n 1p) + new_user_ssh_public_key=$(cat $data | sed -n 2p) + if [ ${#new_user_username} -lt 2 ]; then + dialog --title $"New username" \ + --msgbox $"No username was given" 6 40 + return + fi + if [[ "$new_user_username" == *" "* ]]; then + dialog --title $"Invalid username" \ + --msgbox $"The username should not contain any spaces" 6 40 + return + fi + if [ ${#new_user_ssh_public_key} -lt 20 ]; then + clear + ${PROJECT_NAME}-adduser "$new_user_username" + any_key + else + if [[ "$new_user_ssh_public_key" == "ssh-"* ]]; then + clear + ${PROJECT_NAME}-adduser "$new_user_username" "$new_user_ssh_public_key" + any_key + else + dialog --title $"ssh public key" \ + --msgbox $"This does not look like an ssh public key" 6 40 + fi + fi } function pad_string { - echo -n -e "$1" | sed -e :a -e 's/^.\{1,25\}$/& /;ta' + echo -n -e "$1" | sed -e :a -e 's/^.\{1,25\}$/& /;ta' } function show_domains { - DEFAULT_DOMAIN_NAME=$(cat $CONFIGURATION_FILE | grep "DEFAULT_DOMAIN_NAME=" | awk -F '=' '{print $2}') + DEFAULT_DOMAIN_NAME=$(cat $CONFIGURATION_FILE | grep "DEFAULT_DOMAIN_NAME=" | awk -F '=' '{print $2}') - echo 'Domains' - echo '=======' - echo '' - echo -n -e "$(pad_string 'Name')" - echo -n -e "$(pad_string 'ICANN')" - echo -n -e "$(pad_string 'Tor')" - echo '' - echo '--------------------------------------------------------------------------' - if grep -q "ssh onion domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'ssh')" - echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" - echo "$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')" - fi - if grep -q "Email onion domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'Email')" - echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" - echo "$(cat ${COMPLETION_FILE} | grep 'Email onion domain' | awk -F ':' '{print $2}')" - fi - if grep -q "XMPP onion domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'XMPP')" - echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" - echo "$(cat ${COMPLETION_FILE} | grep 'XMPP onion domain' | awk -F ':' '{print $2}')" - fi - if grep -q "VoIP onion domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'VoIP/Mumble')" - echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" - echo "$(cat ${COMPLETION_FILE} | grep 'VoIP onion domain' | awk -F ':' '{print $2}')" - fi - if grep -q "SIP onion domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'SIP')" - echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" - echo "$(cat ${COMPLETION_FILE} | grep 'SIP onion domain' | awk -F ':' '{print $2}')" - fi - if grep -q "IRC onion domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'IRC')" - echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" - echo "$(cat ${COMPLETION_FILE} | grep 'IRC onion domain' | awk -F ':' '{print $2}')" - fi - if grep -q "tox onion domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'Tox')" - echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" - echo "$(cat ${COMPLETION_FILE} | grep 'tox onion domain' | awk -F ':' '{print $2}')" - fi - if grep -q "Wiki domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'Wiki')" - WIKIDOM=$(cat ${COMPLETION_FILE} | grep 'Wiki domain' | awk -F ':' '{print $2}') - echo -n -e "$(pad_string ${WIKIDOM})" - if [ -d /var/lib/tor/hidden_service_wiki ]; then - echo -n "$(cat /var/lib/tor/hidden_service_wiki/hostname)" - fi - echo '' - fi - if grep -q "Hubzilla domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'Hubzilla')" - HUBZILLADOM=$(cat ${COMPLETION_FILE} | grep 'Hubzilla domain' | awk -F ':' '{print $2}') - echo -n -e "$(pad_string ${HUBZILLADOM})" - if [ -d /var/lib/tor/hidden_service_hubzilla ]; then - echo -n "$(cat /var/lib/tor/hidden_service_hubzilla/hostname)" - fi - echo '' - fi - if grep -q "Blog domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'Blog')" - BLOGDOM=$(cat ${COMPLETION_FILE} | grep 'Blog domain' | awk -F ':' '{print $2}') - echo -n -e "$(pad_string ${BLOGDOM})" - if [ -d /var/lib/tor/hidden_service_blog ]; then - echo -n "$(cat /var/lib/tor/hidden_service_blog/hostname)" - fi - echo '' - fi - if grep -q "GNU Social domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'GNU Social')" - GNUSOCIALDOM=$(cat ${COMPLETION_FILE} | grep 'GNU Social domain' | awk -F ':' '{print $2}') - echo -n -e "$(pad_string ${GNUSOCIALDOM})" - if [ -d /var/lib/tor/hidden_service_microblog ]; then - echo -n "$(cat /var/lib/tor/hidden_service_microblog/hostname)" - fi - echo '' - fi - if grep -q "Gogs domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'Gogs')" - GOGSDOM=$(cat ${COMPLETION_FILE} | grep 'Gogs domain' | awk -F ':' '{print $2}') - echo -n -e "$(pad_string ${GOGSDOM})" - if [ -d /var/lib/tor/hidden_service_gogs ]; then - echo -n "$(cat /var/lib/tor/hidden_service_gogs/hostname)" - fi - echo '' - fi - if grep -q "RSS reader domain" $COMPLETION_FILE; then - if [ -d /var/lib/tor/hidden_service_ttrss ]; then - echo -n -e "$(pad_string 'RSS reader')" - RSSDOM='-' - echo -n -e "$(pad_string ${RSSDOM})" - echo -n "$(cat /var/lib/tor/hidden_service_ttrss/hostname)" - echo '' - fi - if [ -d /var/lib/tor/hidden_service_ttrss_mobile ]; then - echo -n -e "$(pad_string 'RSS mobile')" - RSSMOBILEDOM='-' - echo -n -e "$(pad_string ${RSSMOBILEDOM})" - echo -n "$(cat /var/lib/tor/hidden_service_ttrss_mobile/hostname)" - echo '' - fi - fi - if grep -q "Webmail onion domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'Webmail')" - WEBMAILDOM='-' - echo -n -e "$(pad_string ${WEBMAILDOM})" - if [ -d /var/lib/tor/hidden_service_webmail ]; then - echo -n "$(cat /var/lib/tor/hidden_service_webmail/hostname)" - fi - echo '' - fi - if grep -q "Search engine onion domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'Search engine')" - SEARCHDOM='-' - echo -n -e "$(pad_string ${SEARCHDOM})" - if [ -d /var/lib/tor/hidden_service_searx ]; then - echo -n "$(cat /var/lib/tor/hidden_service_searx/hostname)" - fi - echo '' - fi - if grep -q "Mediagoblin domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'Mediagoblin')" - MEDIADOM=$(cat ${COMPLETION_FILE} | grep 'Mediagoblin domain' | awk -F ':' '{print $2}') - echo -n -e "$(pad_string ${MEDIADOM})" - if [ -d /var/lib/tor/hidden_service_mediagoblin ]; then - echo -n "$(cat /var/lib/tor/hidden_service_mediagoblin/hostname)" - fi - echo '' - fi - if grep -q "Media server domain" $COMPLETION_FILE; then - echo -n -e "$(pad_string 'Media server')" - MEDIADOM=$(cat ${COMPLETION_FILE} | grep 'Media server domain' | awk -F ':' '{print $2}') - echo -n -e "$(pad_string ${MEDIADOM})" - if [ -d /var/lib/tor/hidden_service_mediadrop ]; then - echo -n "$(cat /var/lib/tor/hidden_service_mediadrop/hostname)" - fi - echo '' - fi + echo 'Domains' + echo '=======' + echo '' + echo -n -e "$(pad_string 'Name')" + echo -n -e "$(pad_string 'ICANN')" + echo -n -e "$(pad_string 'Tor')" + echo '' + echo '--------------------------------------------------------------------------' + if grep -q "ssh onion domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'ssh')" + echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" + echo "$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')" + fi + if grep -q "Email onion domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'Email')" + echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" + echo "$(cat ${COMPLETION_FILE} | grep 'Email onion domain' | awk -F ':' '{print $2}')" + fi + if grep -q "XMPP onion domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'XMPP')" + echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" + echo "$(cat ${COMPLETION_FILE} | grep 'XMPP onion domain' | awk -F ':' '{print $2}')" + fi + if grep -q "VoIP onion domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'VoIP/Mumble')" + echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" + echo "$(cat ${COMPLETION_FILE} | grep 'VoIP onion domain' | awk -F ':' '{print $2}')" + fi + if grep -q "SIP onion domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'SIP')" + echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" + echo "$(cat ${COMPLETION_FILE} | grep 'SIP onion domain' | awk -F ':' '{print $2}')" + fi + if grep -q "IRC onion domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'IRC')" + echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" + echo "$(cat ${COMPLETION_FILE} | grep 'IRC onion domain' | awk -F ':' '{print $2}')" + fi + if grep -q "tox onion domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'Tox')" + echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})" + echo "$(cat ${COMPLETION_FILE} | grep 'tox onion domain' | awk -F ':' '{print $2}')" + fi + if grep -q "Wiki domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'Wiki')" + WIKIDOM=$(cat ${COMPLETION_FILE} | grep 'Wiki domain' | awk -F ':' '{print $2}') + echo -n -e "$(pad_string ${WIKIDOM})" + if [ -d /var/lib/tor/hidden_service_wiki ]; then + echo -n "$(cat /var/lib/tor/hidden_service_wiki/hostname)" + fi + echo '' + fi + if grep -q "Hubzilla domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'Hubzilla')" + HUBZILLADOM=$(cat ${COMPLETION_FILE} | grep 'Hubzilla domain' | awk -F ':' '{print $2}') + echo -n -e "$(pad_string ${HUBZILLADOM})" + if [ -d /var/lib/tor/hidden_service_hubzilla ]; then + echo -n "$(cat /var/lib/tor/hidden_service_hubzilla/hostname)" + fi + echo '' + fi + if grep -q "Blog domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'Blog')" + BLOGDOM=$(cat ${COMPLETION_FILE} | grep 'Blog domain' | awk -F ':' '{print $2}') + echo -n -e "$(pad_string ${BLOGDOM})" + if [ -d /var/lib/tor/hidden_service_blog ]; then + echo -n "$(cat /var/lib/tor/hidden_service_blog/hostname)" + fi + echo '' + fi + if grep -q "GNU Social domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'GNU Social')" + GNUSOCIALDOM=$(cat ${COMPLETION_FILE} | grep 'GNU Social domain' | awk -F ':' '{print $2}') + echo -n -e "$(pad_string ${GNUSOCIALDOM})" + if [ -d /var/lib/tor/hidden_service_microblog ]; then + echo -n "$(cat /var/lib/tor/hidden_service_microblog/hostname)" + fi + echo '' + fi + if grep -q "Gogs domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'Gogs')" + GOGSDOM=$(cat ${COMPLETION_FILE} | grep 'Gogs domain' | awk -F ':' '{print $2}') + echo -n -e "$(pad_string ${GOGSDOM})" + if [ -d /var/lib/tor/hidden_service_gogs ]; then + echo -n "$(cat /var/lib/tor/hidden_service_gogs/hostname)" + fi + echo '' + fi + if grep -q "RSS reader domain" $COMPLETION_FILE; then + if [ -d /var/lib/tor/hidden_service_ttrss ]; then + echo -n -e "$(pad_string 'RSS reader')" + RSSDOM='-' + echo -n -e "$(pad_string ${RSSDOM})" + echo -n "$(cat /var/lib/tor/hidden_service_ttrss/hostname)" + echo '' + fi + if [ -d /var/lib/tor/hidden_service_ttrss_mobile ]; then + echo -n -e "$(pad_string 'RSS mobile')" + RSSMOBILEDOM='-' + echo -n -e "$(pad_string ${RSSMOBILEDOM})" + echo -n "$(cat /var/lib/tor/hidden_service_ttrss_mobile/hostname)" + echo '' + fi + fi + if grep -q "Webmail onion domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'Webmail')" + WEBMAILDOM='-' + echo -n -e "$(pad_string ${WEBMAILDOM})" + if [ -d /var/lib/tor/hidden_service_webmail ]; then + echo -n "$(cat /var/lib/tor/hidden_service_webmail/hostname)" + fi + echo '' + fi + if grep -q "Search engine onion domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'Search engine')" + SEARCHDOM='-' + echo -n -e "$(pad_string ${SEARCHDOM})" + if [ -d /var/lib/tor/hidden_service_searx ]; then + echo -n "$(cat /var/lib/tor/hidden_service_searx/hostname)" + fi + echo '' + fi + if grep -q "Mediagoblin domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'Mediagoblin')" + MEDIADOM=$(cat ${COMPLETION_FILE} | grep 'Mediagoblin domain' | awk -F ':' '{print $2}') + echo -n -e "$(pad_string ${MEDIADOM})" + if [ -d /var/lib/tor/hidden_service_mediagoblin ]; then + echo -n "$(cat /var/lib/tor/hidden_service_mediagoblin/hostname)" + fi + echo '' + fi + if grep -q "Media server domain" $COMPLETION_FILE; then + echo -n -e "$(pad_string 'Media server')" + MEDIADOM=$(cat ${COMPLETION_FILE} | grep 'Media server domain' | awk -F ':' '{print $2}') + echo -n -e "$(pad_string ${MEDIADOM})" + if [ -d /var/lib/tor/hidden_service_mediadrop ]; then + echo -n "$(cat /var/lib/tor/hidden_service_mediadrop/hostname)" + fi + echo '' + fi - echo '' + echo '' } function show_users { - echo 'Users' - echo '=====' - echo '' - echo -n -e "$(pad_string 'Name')" - echo -n -e "$(pad_string 'SIP ext')" - echo -n -e "$(pad_string 'Data')" - echo '' - echo '--------------------------------------------------------------------------' - for d in /home/*/ ; do - USRNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USRNAME != "git" && $USRNAME != "mirrors" && $USRNAME != "sync" ]]; then - echo -n -e "$(pad_string ${USRNAME})" - # get the SIP extension - SIPEXT= - while read ext; do - if [[ $ext == *"user id"* ]]; then - CURR_UID=$(echo "$ext" | awk -F '"' '{print $2}' | awk -F '"' '{print $1}') - fi - if [[ $ext == *"extension"* ]]; then - if [[ $CURR_UID == $USRNAME ]]; then - SIPEXT=$(echo "$ext" | awk -F '>' '{print $2}' | awk -F '<' '{print $1}') - fi - fi - done < $SIP_CONFIGURATION_FILE - if [ $SIPEXT ]; then - echo -n -e "$(pad_string SIP:${SIPEXT})" - else - echo -n -e "$(pad_string '')" - fi + echo 'Users' + echo '=====' + echo '' + echo -n -e "$(pad_string 'Name')" + echo -n -e "$(pad_string 'SIP ext')" + echo -n -e "$(pad_string 'Data')" + echo '' + echo '--------------------------------------------------------------------------' + for d in /home/*/ ; do + USRNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $USRNAME != "git" && $USRNAME != "mirrors" && $USRNAME != "sync" && $USERNAME != "tahoelafs" ]]; then + echo -n -e "$(pad_string ${USRNAME})" + # get the SIP extension + SIPEXT= + while read ext; do + if [[ $ext == *"user id"* ]]; then + CURR_UID=$(echo "$ext" | awk -F '"' '{print $2}' | awk -F '"' '{print $1}') + fi + if [[ $ext == *"extension"* ]]; then + if [[ $CURR_UID == $USRNAME ]]; then + SIPEXT=$(echo "$ext" | awk -F '>' '{print $2}' | awk -F '<' '{print $1}') + fi + fi + done < $SIP_CONFIGURATION_FILE + if [ $SIPEXT ]; then + echo -n -e "$(pad_string SIP:${SIPEXT})" + else + echo -n -e "$(pad_string '')" + fi - # size of the home directory - echo "$(du -s -h /home/${USRNAME} | awk -F ' ' '{print $1}')" - fi - done - echo '' + # size of the home directory + echo "$(du -s -h /home/${USRNAME} | awk -F ' ' '{print $1}')" + fi + done + echo '' } function show_mirrors_password { - if [ ! /home/mirrors ]; then - return - fi - if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then - MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') - fi - echo 'Local Mirrors' - echo '=============' - echo '' - echo -n "URL: " - echo "$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')" - echo "SSH Port: $SSH_PORT" - echo "Password: $MY_MIRRORS_PASSWORD" - echo '' + if [ ! /home/mirrors ]; then + return + fi + if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then + MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + echo 'Local Mirrors' + echo '=============' + echo '' + echo -n "URL: " + echo "$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')" + echo "SSH Port: $SSH_PORT" + echo "Password: $MY_MIRRORS_PASSWORD" + echo '' +} + +function show_tahoe_introducer { + if [ ! -f /home/tahoelafs/.tahoe-introducer/private/introducer.furl ]; then + return + fi + echo 'Tahoe-LAFS' + echo '==========' + echo '' + cat /home/tahoelafs/.tahoe-introducer/private/introducer.furl + echo '' } function show_about { - clear - show_domains - show_mirrors_password - show_users - any_key + clear + show_domains + show_mirrors_password + show_tahoe_introducer + show_users + any_key } function select_user { - SELECTED_USERNAME= + SELECTED_USERNAME= - users_array=($(ls /home)) + users_array=($(ls /home)) - delete=(mirrors git) - for del in ${delete[@]} - do - users_array=(${users_array[@]/$del}) - done + delete=(mirrors git) + for del in ${delete[@]} + do + users_array=(${users_array[@]/$del}) + done - i=0 - W=() - name=() - for u in ${users_array[@]} - do - i=$((i+1)) - W+=($i "$u") - name+=("$u") - done + i=0 + W=() + name=() + for u in ${users_array[@]} + do + i=$((i+1)) + W+=($i "$u") + name+=("$u") + done - user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3) + user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3) - if [ $? -eq 0 ]; then - SELECTED_USERNAME="${name[$((user_index-1))]}" - fi + if [ $? -eq 0 ]; then + SELECTED_USERNAME="${name[$((user_index-1))]}" + fi } function smtp_proxy { - MUTTRC_FILE=/home/$ADMIN_USER/.muttrc - if [ ! -f $MUTTRC_FILE ]; then - return - fi + MUTTRC_FILE=/home/$ADMIN_USER/.muttrc + if [ ! -f $MUTTRC_FILE ]; then + return + fi - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"SMTP Proxy for $ADMIN_USER" \ - --form $"You may need to proxy outgoing email via your ISP's mail server. If so enter the details below." 14 75 6 \ - $"Enable proxy:" 1 1 "$SMTP_PROXY_ENABLE" 1 24 5 5 \ - $"Protocol (smtp/smtps):" 2 1 "$SMTP_PROXY_PROTOCOL" 2 24 5 5 \ - $"ISP mail server:" 3 1 "$SMTP_PROXY_SERVER" 3 24 40 10000 \ - $"Port:" 4 1 "$SMTP_PROXY_PORT" 4 24 5 5 \ - $"Username:" 5 1 "$SMTP_PROXY_USERNAME" 5 24 40 10000 \ - $"Password:" 6 1 "$SMTP_PROXY_PASSWORD" 6 24 40 10000 \ - 2> $data - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - SMTP_PROXY_ENABLE=$(cat $data | sed -n 1p) - SMTP_PROXY_PROTOCOL=$(cat $data | sed -n 2p) - SMTP_PROXY_SERVER=$(cat $data | sed -n 3p) - SMTP_PROXY_PORT=$(cat $data | sed -n 4p) - SMTP_PROXY_USERNAME=$(cat $data | sed -n 5p) - SMTP_PROXY_PASSWORD=$(cat $data | sed -n 6p) + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"SMTP Proxy for $ADMIN_USER" \ + --form $"You may need to proxy outgoing email via your ISP's mail server. If so enter the details below." 14 75 6 \ + $"Enable proxy:" 1 1 "$SMTP_PROXY_ENABLE" 1 24 5 5 \ + $"Protocol (smtp/smtps):" 2 1 "$SMTP_PROXY_PROTOCOL" 2 24 5 5 \ + $"ISP mail server:" 3 1 "$SMTP_PROXY_SERVER" 3 24 40 10000 \ + $"Port:" 4 1 "$SMTP_PROXY_PORT" 4 24 5 5 \ + $"Username:" 5 1 "$SMTP_PROXY_USERNAME" 5 24 40 10000 \ + $"Password:" 6 1 "$SMTP_PROXY_PASSWORD" 6 24 40 10000 \ + 2> $data + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + SMTP_PROXY_ENABLE=$(cat $data | sed -n 1p) + SMTP_PROXY_PROTOCOL=$(cat $data | sed -n 2p) + SMTP_PROXY_SERVER=$(cat $data | sed -n 3p) + SMTP_PROXY_PORT=$(cat $data | sed -n 4p) + SMTP_PROXY_USERNAME=$(cat $data | sed -n 5p) + SMTP_PROXY_PASSWORD=$(cat $data | sed -n 6p) - # change muttrc - if [ $SMTP_PROXY_ENABLE != $'no' ]; then - if ! grep "set smtp_url" $MUTTRC_FILE; then - echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> $MUTTRC_FILE - else - sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" $MUTTRC_FILE - fi - sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE - else - if grep "set smtp_url" $MUTTRC_FILE; then - sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE - fi - fi + # change muttrc + if [ $SMTP_PROXY_ENABLE != $'no' ]; then + if ! grep "set smtp_url" $MUTTRC_FILE; then + echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> $MUTTRC_FILE + else + sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" $MUTTRC_FILE + fi + sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE + else + if grep "set smtp_url" $MUTTRC_FILE; then + sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE + fi + fi - # save settings within the main configuration file - if ! grep -q "SMTP_PROXY_ENABLE=" $CONFIGURATION_FILE; then - echo "SMTP_PROXY_ENABLE=$SMTP_PROXY_ENABLE" >> $CONFIGURATION_FILE - else - sed -i "s|SMTP_PROXY_ENABLE=.*|SMTP_PROXY_ENABLE=$SMTP_PROXY_ENABLE|g" $CONFIGURATION_FILE - fi - if ! grep -q "SMTP_PROXY_PROTOCOL=" $CONFIGURATION_FILE; then - echo "SMTP_PROXY_PROTOCOL=$SMTP_PROXY_PROTOCOL" >> $CONFIGURATION_FILE - else - sed -i "s|SMTP_PROXY_PROTOCOL=.*|SMTP_PROXY_PROTOCOL=$SMTP_PROXY_PROTOCOL|g" $CONFIGURATION_FILE - fi - if ! grep -q "SMTP_PROXY_SERVER=" $CONFIGURATION_FILE; then - echo "SMTP_PROXY_SERVER=$SMTP_PROXY_SERVER" >> $CONFIGURATION_FILE - else - sed -i "s|SMTP_PROXY_SERVER=.*|SMTP_PROXY_SERVER=$SMTP_PROXY_SERVER|g" $CONFIGURATION_FILE - fi - if ! grep -q "SMTP_PROXY_PORT=" $CONFIGURATION_FILE; then - echo "SMTP_PROXY_PORT=$SMTP_PROXY_PORT" >> $CONFIGURATION_FILE - else - sed -i "s|SMTP_PROXY_PORT=.*|SMTP_PROXY_PORT=$SMTP_PROXY_PORT|g" $CONFIGURATION_FILE - fi - if ! grep -q "SMTP_PROXY_USERNAME=" $CONFIGURATION_FILE; then - echo "SMTP_PROXY_USERNAME=$SMTP_PROXY_USERNAME" >> $CONFIGURATION_FILE - else - sed -i "s|SMTP_PROXY_USERNAME=.*|SMTP_PROXY_USERNAME=$SMTP_PROXY_USERNAME|g" $CONFIGURATION_FILE - fi - if ! grep -q "SMTP_PROXY_PASSWORD=" $CONFIGURATION_FILE; then - echo "SMTP_PROXY_PASSWORD=$SMTP_PROXY_PASSWORD" >> $CONFIGURATION_FILE - else - sed -i "s|SMTP_PROXY_PASSWORD=.*|SMTP_PROXY_PASSWORD=$SMTP_PROXY_PASSWORD|g" $CONFIGURATION_FILE - fi + # save settings within the main configuration file + if ! grep -q "SMTP_PROXY_ENABLE=" $CONFIGURATION_FILE; then + echo "SMTP_PROXY_ENABLE=$SMTP_PROXY_ENABLE" >> $CONFIGURATION_FILE + else + sed -i "s|SMTP_PROXY_ENABLE=.*|SMTP_PROXY_ENABLE=$SMTP_PROXY_ENABLE|g" $CONFIGURATION_FILE + fi + if ! grep -q "SMTP_PROXY_PROTOCOL=" $CONFIGURATION_FILE; then + echo "SMTP_PROXY_PROTOCOL=$SMTP_PROXY_PROTOCOL" >> $CONFIGURATION_FILE + else + sed -i "s|SMTP_PROXY_PROTOCOL=.*|SMTP_PROXY_PROTOCOL=$SMTP_PROXY_PROTOCOL|g" $CONFIGURATION_FILE + fi + if ! grep -q "SMTP_PROXY_SERVER=" $CONFIGURATION_FILE; then + echo "SMTP_PROXY_SERVER=$SMTP_PROXY_SERVER" >> $CONFIGURATION_FILE + else + sed -i "s|SMTP_PROXY_SERVER=.*|SMTP_PROXY_SERVER=$SMTP_PROXY_SERVER|g" $CONFIGURATION_FILE + fi + if ! grep -q "SMTP_PROXY_PORT=" $CONFIGURATION_FILE; then + echo "SMTP_PROXY_PORT=$SMTP_PROXY_PORT" >> $CONFIGURATION_FILE + else + sed -i "s|SMTP_PROXY_PORT=.*|SMTP_PROXY_PORT=$SMTP_PROXY_PORT|g" $CONFIGURATION_FILE + fi + if ! grep -q "SMTP_PROXY_USERNAME=" $CONFIGURATION_FILE; then + echo "SMTP_PROXY_USERNAME=$SMTP_PROXY_USERNAME" >> $CONFIGURATION_FILE + else + sed -i "s|SMTP_PROXY_USERNAME=.*|SMTP_PROXY_USERNAME=$SMTP_PROXY_USERNAME|g" $CONFIGURATION_FILE + fi + if ! grep -q "SMTP_PROXY_PASSWORD=" $CONFIGURATION_FILE; then + echo "SMTP_PROXY_PASSWORD=$SMTP_PROXY_PASSWORD" >> $CONFIGURATION_FILE + else + sed -i "s|SMTP_PROXY_PASSWORD=.*|SMTP_PROXY_PASSWORD=$SMTP_PROXY_PASSWORD|g" $CONFIGURATION_FILE + fi } function delete_user { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi - if grep -Fxq "Admin user:$SELECTED_USERNAME" $COMPLETION_FILE; then - dialog --title $"Administrator user" \ - --msgbox $"You can't delete the administrator user" 6 40 - return - fi - clear - ${PROJECT_NAME}-rmuser $SELECTED_USERNAME - any_key + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi + if grep -Fxq "Admin user:$SELECTED_USERNAME" $COMPLETION_FILE; then + dialog --title $"Administrator user" \ + --msgbox $"You can't delete the administrator user" 6 40 + return + fi + clear + ${PROJECT_NAME}-rmuser $SELECTED_USERNAME + any_key } function configure_remote_backups { - if ! grep -Fxq "Admin user:$ADMIN_USER" $COMPLETION_FILE; then - dialog --title $"Administrator user" \ - --msgbox $"No Administrator user found. Check $COMPLETION_FILE" 6 40 - return - fi - if [ ${#ADMIN_USER} -lt 2 ]; then - dialog --title $"Administrator user" \ - --msgbox $"Username not found" 6 40 - return - fi - if [ ! -d /home/$ADMIN_USER ]; then - dialog --title $"Administrator user" \ - --msgbox $"Home directory not found" 6 40 - return - fi - ${PROJECT_NAME}-remote -u $ADMIN_USER - if [ ! "$?" = "0" ]; then - any_key - fi + if ! grep -Fxq "Admin user:$ADMIN_USER" $COMPLETION_FILE; then + dialog --title $"Administrator user" \ + --msgbox $"No Administrator user found. Check $COMPLETION_FILE" 6 40 + return + fi + if [ ${#ADMIN_USER} -lt 2 ]; then + dialog --title $"Administrator user" \ + --msgbox $"Username not found" 6 40 + return + fi + if [ ! -d /home/$ADMIN_USER ]; then + dialog --title $"Administrator user" \ + --msgbox $"Home directory not found" 6 40 + return + fi + ${PROJECT_NAME}-remote -u $ADMIN_USER + if [ ! "$?" = "0" ]; then + any_key + fi } function change_password { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi - dialog --title $"Change password" \ - --passwordbox $"New password for user $SELECTED_USERNAME" 8 40 2> $data - newpassword=$(<$data) - if [ ${#newpassword} -lt ${MINIMUM_PASSWORD_LENGTH} ]; then - dialog --title $"Change password" \ - --msgbox $"The password should be ${MINIMUM_PASSWORD_LENGTH} or more characters" 6 40 - return - fi + dialog --title $"Change password" \ + --passwordbox $"New password for user $SELECTED_USERNAME" 8 40 2> $data + newpassword=$(<$data) + if [ ${#newpassword} -lt ${MINIMUM_PASSWORD_LENGTH} ]; then + dialog --title $"Change password" \ + --msgbox $"The password should be ${MINIMUM_PASSWORD_LENGTH} or more characters" 6 40 + return + fi - echo "$SELECTED_USERNAME:$newpassword"|chpasswd + echo "$SELECTED_USERNAME:$newpassword"|chpasswd - dialog --title $"Change password" \ - --msgbox $"Password for $SELECTED_USERNAME was changed" 6 40 + dialog --title $"Change password" \ + --msgbox $"Password for $SELECTED_USERNAME was changed" 6 40 } function irc_show_password { - IRC_PASSWORD=$(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}') - dialog --title $"IRC Password" \ - --msgbox "$IRC_PASSWORD" 6 40 + IRC_PASSWORD=$(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}') + dialog --title $"IRC Password" \ + --msgbox "$IRC_PASSWORD" 6 40 } function irc_set_global_password { - dialog --title $"IRC Password" \ - --clear \ - --backtitle $"Freedombone Control Panel" \ - --passwordbox $"Password for all IRC users, or press Enter for no password" 10 50 2> $data - sel=$? - case $sel in - 0) - EXISTING_IRC_PASSWORD=$(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}') - NEW_IRC_PASSWORD=$(<$data) - sed -i "0,/RE/s/Password =.*/Password =$NEW_IRC_PASSWORD/" /etc/ngircd/ngircd.conf + dialog --title $"IRC Password" \ + --clear \ + --backtitle $"Freedombone Control Panel" \ + --passwordbox $"Password for all IRC users, or press Enter for no password" 10 50 2> $data + sel=$? + case $sel in + 0) + EXISTING_IRC_PASSWORD=$(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}') + NEW_IRC_PASSWORD=$(<$data) + sed -i "0,/RE/s/Password =.*/Password =$NEW_IRC_PASSWORD/" /etc/ngircd/ngircd.conf - # replace the password for all users - for d in /home/*/ ; do - IRC_USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $IRC_USERNAME != "git" && $IRC_USERNAME != "mirrors" && $IRC_USERNAME != "sync" ]]; then - if [ -f /home/$IRC_USERNAME/.irssi/config ]; then - sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" /home/$IRC_USERNAME/.irssi/config - chown -R $IRC_USERNAME:$IRC_USERNAME /home/$IRC_USERNAME/.irssi - fi - fi - done + # replace the password for all users + for d in /home/*/ ; do + IRC_USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $IRC_USERNAME != "git" && $IRC_USERNAME != "mirrors" && $IRC_USERNAME != "sync" && $IRC_USERNAME != "tahoelafs" ]]; then + if [ -f /home/$IRC_USERNAME/.irssi/config ]; then + sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" /home/$IRC_USERNAME/.irssi/config + chown -R $IRC_USERNAME:$IRC_USERNAME /home/$IRC_USERNAME/.irssi + fi + fi + done - # restart the daemon for the new password to take effect - systemctl restart ngircd + # restart the daemon for the new password to take effect + systemctl restart ngircd - dialog --title $"IRC Password" \ - --msgbox $"The IRC password was changed" 6 40 - ;; - esac + dialog --title $"IRC Password" \ + --msgbox $"The IRC password was changed" 6 40 + ;; + esac } function change_blog_avatar { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --title $"Change blog avatar" \ - --backtitle $"Freedombone Control Panel" \ - --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>$data - sel=$? - case $sel in - 0) - IMAGE_URL=$(<$data) - if [ ${#IMAGE_URL} -gt 5 ]; then - clear - ${PROJECT_NAME}-blog -a $IMAGE_URL - if [ "$?" = "0" ]; then - dialog --title $"Change blog avatar" \ - --msgbox $"Your blog avatar has been changed" 6 40 - fi - fi - ;; - esac + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Change blog avatar" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>$data + sel=$? + case $sel in + 0) + IMAGE_URL=$(<$data) + if [ ${#IMAGE_URL} -gt 5 ]; then + clear + ${PROJECT_NAME}-blog -a $IMAGE_URL + if [ "$?" = "0" ]; then + dialog --title $"Change blog avatar" \ + --msgbox $"Your blog avatar has been changed" 6 40 + fi + fi + ;; + esac } function change_ssh_public_key { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi - if grep -Fxq "Admin user:$SELECTED_USERNAME" $COMPLETION_FILE; then - dialog --title $"Change ssh public key" \ - --backtitle $"Freedombone Control Panel" \ - --defaultno \ - --yesno $"\nThis is the administrator user.\n\nAre you sure you want to change the ssh public key for the administrator?" 10 60 - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - fi + if grep -Fxq "Admin user:$SELECTED_USERNAME" $COMPLETION_FILE; then + dialog --title $"Change ssh public key" \ + --backtitle $"Freedombone Control Panel" \ + --defaultno \ + --yesno $"\nThis is the administrator user.\n\nAre you sure you want to change the ssh public key for the administrator?" 10 60 + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + fi - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --title $"Change ssh public key for $SELECTED_USERNAME" \ - --backtitle $"Freedombone Control Panel" \ - --inputbox $"Paste the ssh public key below" 8 60 2>$data - sel=$? - case $sel in - 0) - SSH_PUBLIC_KEY=$(<$data) - if [ "$SSH_PUBLIC_KEY" ]; then - if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then - if [ -f "$SSH_PUBLIC_KEY" ]; then - if [ ! -d /home/$SELECTED_USERNAME/.ssh ]; then - mkdir /home/$SELECTED_USERNAME/.ssh - fi - cp $SSH_PUBLIC_KEY \ - /home/$SELECTED_USERNAME/.ssh/authorized_keys - chown -R $SELECTED_USERNAME:$SELECTED_USERNAME \ - /home/$SELECTED_USERNAME/.ssh - dialog --title $"Change ssh public key" \ - --msgbox $"ssh public key was installed" 6 40 - else - if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then - if [ ! -d /home/$SELECTED_USERNAME/.ssh ]; then - mkdir /home/$SELECTED_USERNAME/.ssh - fi - echo "$SSH_PUBLIC_KEY" > \ - /home/$SELECTED_USERNAME/.ssh/authorized_keys - chown -R $SELECTED_USERNAME:$SELECTED_USERNAME \ - /home/$SELECTED_USERNAME/.ssh - dialog --title $"Change ssh public key" \ - --msgbox $"ssh public key was installed" 6 40 - fi - fi - fi - fi - ;; - esac + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Change ssh public key for $SELECTED_USERNAME" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"Paste the ssh public key below" 8 60 2>$data + sel=$? + case $sel in + 0) + SSH_PUBLIC_KEY=$(<$data) + if [ "$SSH_PUBLIC_KEY" ]; then + if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then + if [ -f "$SSH_PUBLIC_KEY" ]; then + if [ ! -d /home/$SELECTED_USERNAME/.ssh ]; then + mkdir /home/$SELECTED_USERNAME/.ssh + fi + cp $SSH_PUBLIC_KEY \ + /home/$SELECTED_USERNAME/.ssh/authorized_keys + chown -R $SELECTED_USERNAME:$SELECTED_USERNAME \ + /home/$SELECTED_USERNAME/.ssh + dialog --title $"Change ssh public key" \ + --msgbox $"ssh public key was installed" 6 40 + else + if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then + if [ ! -d /home/$SELECTED_USERNAME/.ssh ]; then + mkdir /home/$SELECTED_USERNAME/.ssh + fi + echo "$SSH_PUBLIC_KEY" > \ + /home/$SELECTED_USERNAME/.ssh/authorized_keys + chown -R $SELECTED_USERNAME:$SELECTED_USERNAME \ + /home/$SELECTED_USERNAME/.ssh + dialog --title $"Change ssh public key" \ + --msgbox $"ssh public key was installed" 6 40 + fi + fi + fi + fi + ;; + esac } function remove_user_from_mailing_list { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi - USER_MAILING_LISTS=$(cat "/home/$SELECTED_USERNAME/.procmailrc" | grep '\[' | grep '\]' | awk -F '\[' '{print $2}' | awk -F '\\' '{print $1}') + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi + USER_MAILING_LISTS=$(cat "/home/$SELECTED_USERNAME/.procmailrc" | grep '\[' | grep '\]' | awk -F '\[' '{print $2}' | awk -F '\\' '{print $1}') - i=0 - W=() - list_name=() - while read -r listname; do - i=$((i+1)) - W+=($i "$listname") - list_name+=("$listname") - echo $listname - done <<< "$USER_MAILING_LISTS" + i=0 + W=() + list_name=() + while read -r listname; do + i=$((i+1)) + W+=($i "$listname") + list_name+=("$listname") + echo $listname + done <<< "$USER_MAILING_LISTS" - i=$((i+1)) - W+=($i $"Exit back to user mainenance") + i=$((i+1)) + W+=($i $"Exit back to user mainenance") - list_selected=$(dialog --default-item "$i" --backtitle $"Freedombone Control Panel" --title $"Remove a mailing list for $SELECTED_USERNAME" --menu $"Select one of the following:" 24 50 17 "${W[@]}" 3>&2 2>&1 1>&3) + list_selected=$(dialog --default-item "$i" --backtitle $"Freedombone Control Panel" --title $"Remove a mailing list for $SELECTED_USERNAME" --menu $"Select one of the following:" 24 50 17 "${W[@]}" 3>&2 2>&1 1>&3) - if [ $? -eq 0 ]; then # Exit with OK - if [ ${list_selected} -ne ${i} ]; then - remove_list_name="${list_name[$((list_selected-1))]}" + if [ $? -eq 0 ]; then # Exit with OK + if [ ${list_selected} -ne ${i} ]; then + remove_list_name="${list_name[$((list_selected-1))]}" - # find the line number where the list is defined - line_number=0 - i=0 - while read -r line - do - if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then - line_number=${i} - fi - i=$((i+1)) - done < "/home/$SELECTED_USERNAME/.procmailrc" + # find the line number where the list is defined + line_number=0 + i=0 + while read -r line + do + if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then + line_number=${i} + fi + i=$((i+1)) + done < "/home/$SELECTED_USERNAME/.procmailrc" - if [ ${line_number} -eq 0 ]; then - # no match was found - return - fi + if [ ${line_number} -eq 0 ]; then + # no match was found + return + fi - # recreate the file - if [ -f /home/${SELECTED_USERNAME}/.procmailrc_new ]; then - rm /home/${SELECTED_USERNAME}/.procmailrc_new - fi - i=0 - clip=0 - while read -r line - do - i=$((i+1)) - if [ ${i} -gt $((line_number-1)) ]; then - if [ ${clip} -eq 0 ]; then - clip=1 - fi - if [ ${clip} -eq 1 ]; then - if [ ${i} -lt $((line_number+2)) ]; then - continue - else - if [ ${#line} -lt 1 ]; then - clip=2 - continue - fi - if [[ "$line" == ":"* || "$line" == "#"* ]]; then - clip=2 - else - continue - fi - fi - fi - fi + # recreate the file + if [ -f /home/${SELECTED_USERNAME}/.procmailrc_new ]; then + rm /home/${SELECTED_USERNAME}/.procmailrc_new + fi + i=0 + clip=0 + while read -r line + do + i=$((i+1)) + if [ ${i} -gt $((line_number-1)) ]; then + if [ ${clip} -eq 0 ]; then + clip=1 + fi + if [ ${clip} -eq 1 ]; then + if [ ${i} -lt $((line_number+2)) ]; then + continue + else + if [ ${#line} -lt 1 ]; then + clip=2 + continue + fi + if [[ "$line" == ":"* || "$line" == "#"* ]]; then + clip=2 + else + continue + fi + fi + fi + fi - echo "$line" >> /home/${SELECTED_USERNAME}/.procmailrc_new + echo "$line" >> /home/${SELECTED_USERNAME}/.procmailrc_new - if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then - line_number=${i} - fi - done < "/home/$SELECTED_USERNAME/.procmailrc" - cp /home/${SELECTED_USERNAME}/.procmailrc_new /home/${SELECTED_USERNAME}/.procmailrc - rm /home/${SELECTED_USERNAME}/.procmailrc_new - chown ${SELECTED_USERNAME}:${SELECTED_USERNAME} /home/${SELECTED_USERNAME}/.procmailrc - dialog --title $"Remove user from mailing list" \ - --msgbox $"${SELECTED_USERNAME} has been removed from ${remove_list_name}" 6 50 - fi - fi + if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then + line_number=${i} + fi + done < "/home/$SELECTED_USERNAME/.procmailrc" + cp /home/${SELECTED_USERNAME}/.procmailrc_new /home/${SELECTED_USERNAME}/.procmailrc + rm /home/${SELECTED_USERNAME}/.procmailrc_new + chown ${SELECTED_USERNAME}:${SELECTED_USERNAME} /home/${SELECTED_USERNAME}/.procmailrc + dialog --title $"Remove user from mailing list" \ + --msgbox $"${SELECTED_USERNAME} has been removed from ${remove_list_name}" 6 50 + fi + fi } function add_to_mailing_list { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Subscribe $SELECTED_USERNAME to a mailing list" \ - --form $"You can either enter a subject or an email address\n" 11 68 4 \ - $"List folder name:" 1 1 "" 1 35 26 25 \ - $"Name between [] on subject line:" 2 1 "" 2 35 26 25 \ - $"List email address:" 3 1 "" 3 35 26 25 \ - $"Public:" 4 1 $"yes" 4 35 4 25 \ - 2> $data - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - LIST_NAME=$(cat $data | sed -n 1p) - LIST_SUBJECT=$(cat $data | sed -n 2p) - LIST_EMAIL=$(cat $data | sed -n 3p) - LIST_PUBLIC=$(cat $data | sed -n 4p) + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Subscribe $SELECTED_USERNAME to a mailing list" \ + --form $"You can either enter a subject or an email address\n" 11 68 4 \ + $"List folder name:" 1 1 "" 1 35 26 25 \ + $"Name between [] on subject line:" 2 1 "" 2 35 26 25 \ + $"List email address:" 3 1 "" 3 35 26 25 \ + $"Public:" 4 1 $"yes" 4 35 4 25 \ + 2> $data + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + LIST_NAME=$(cat $data | sed -n 1p) + LIST_SUBJECT=$(cat $data | sed -n 2p) + LIST_EMAIL=$(cat $data | sed -n 3p) + LIST_PUBLIC=$(cat $data | sed -n 4p) - if [ ${#LIST_PUBLIC} -lt 1 ]; then - LIST_PUBLIC='no' - fi - if [[ $LIST_PUBLIC == $'y' || $LIST_PUBLIC == $'Y' || $LIST_PUBLIC == $'true' || $LIST_PUBLIC == $'True' || $LIST_PUBLIC == $'yes' || $LIST_PUBLIC == $'Yes' || $LIST_PUBLIC == $'YES' ]]; then - LIST_PUBLIC='yes' - else - LIST_PUBLIC='no' - fi - if [ ${#LIST_NAME} -lt 2 ]; then - dialog --title $"Add mailing list" \ - --msgbox $"No mailing list name was given" 6 40 - return - fi - if [ ${#LIST_SUBJECT} -lt 2 ]; then - if [ ${#LIST_EMAIL} -lt 2 ]; then - dialog --title $"Add mailing list" \ - --msgbox $"No mailing list subject or address was given" 6 40 - return - fi - fi - if [ ${#LIST_SUBJECT} -gt 1 ]; then - ${PROJECT_NAME}-addlist -u $SELECTED_USERNAME -l "$LIST_NAME" \ - -s "$LIST_SUBJECT" --public $LIST_PUBLIC - else - if [[ "$LIST_EMAIL" != *"@"* || "$LIST_EMAIL" != *"."* ]]; then - dialog --title $"Add mailing list" \ - --msgbox $"Unrecognised email address" 6 40 - return - else - ${PROJECT_NAME}-addlist -u $SELECTED_USERNAME -l "$LIST_NAME" \ - -e "$LIST_EMAIL" --public $LIST_PUBLIC - fi - fi + if [ ${#LIST_PUBLIC} -lt 1 ]; then + LIST_PUBLIC='no' + fi + if [[ $LIST_PUBLIC == $'y' || $LIST_PUBLIC == $'Y' || $LIST_PUBLIC == $'true' || $LIST_PUBLIC == $'True' || $LIST_PUBLIC == $'yes' || $LIST_PUBLIC == $'Yes' || $LIST_PUBLIC == $'YES' ]]; then + LIST_PUBLIC='yes' + else + LIST_PUBLIC='no' + fi + if [ ${#LIST_NAME} -lt 2 ]; then + dialog --title $"Add mailing list" \ + --msgbox $"No mailing list name was given" 6 40 + return + fi + if [ ${#LIST_SUBJECT} -lt 2 ]; then + if [ ${#LIST_EMAIL} -lt 2 ]; then + dialog --title $"Add mailing list" \ + --msgbox $"No mailing list subject or address was given" 6 40 + return + fi + fi + if [ ${#LIST_SUBJECT} -gt 1 ]; then + ${PROJECT_NAME}-addlist -u $SELECTED_USERNAME -l "$LIST_NAME" \ + -s "$LIST_SUBJECT" --public $LIST_PUBLIC + else + if [[ "$LIST_EMAIL" != *"@"* || "$LIST_EMAIL" != *"."* ]]; then + dialog --title $"Add mailing list" \ + --msgbox $"Unrecognised email address" 6 40 + return + else + ${PROJECT_NAME}-addlist -u $SELECTED_USERNAME -l "$LIST_NAME" \ + -e "$LIST_EMAIL" --public $LIST_PUBLIC + fi + fi - dialog --title $"Add mailing list" \ - --msgbox $"$LIST_NAME list was added" 6 40 + dialog --title $"Add mailing list" \ + --msgbox $"$LIST_NAME list was added" 6 40 } function email_rule { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Email rule for user $SELECTED_USERNAME" \ - --form "\n" 9 65 4 \ - $"When email arrives from address:" 1 1 "" 1 35 24 28 \ - $"Move to folder:" 2 1 "" 2 35 24 28 \ - $"Public:" 3 1 $"no" 3 35 4 25 \ - 2> $data - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - RULE_EMAIL=$(cat $data | sed -n 1p) - RULE_FOLDER=$(cat $data | sed -n 2p) - RULE_PUBLIC=$(cat $data | sed -n 3p) + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Email rule for user $SELECTED_USERNAME" \ + --form "\n" 9 65 4 \ + $"When email arrives from address:" 1 1 "" 1 35 24 28 \ + $"Move to folder:" 2 1 "" 2 35 24 28 \ + $"Public:" 3 1 $"no" 3 35 4 25 \ + 2> $data + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + RULE_EMAIL=$(cat $data | sed -n 1p) + RULE_FOLDER=$(cat $data | sed -n 2p) + RULE_PUBLIC=$(cat $data | sed -n 3p) - if [ ${#RULE_PUBLIC} -lt 1 ]; then - RULE_PUBLIC='no' - fi - if [[ $RULE_PUBLIC == $'y' || $RULE_PUBLIC == $'Y' || $RULE_PUBLIC == $'true' || $RULE_PUBLIC == $'True' || $RULE_PUBLIC == $'yes' || $RULE_PUBLIC == $'Yes' || $RULE_PUBLIC == $'YES' ]]; then - RULE_PUBLIC='yes' - else - RULE_PUBLIC='no' - fi - if [ ${#RULE_EMAIL} -lt 2 ]; then - dialog --title $"Add email rule" \ - --msgbox $"No email address was given" 6 40 - return - fi - if [ ${#RULE_FOLDER} -lt 2 ]; then - dialog --title $"Add email rule" \ - --msgbox $"No folder name was given" 6 40 - return - fi - if [[ "$RULE_EMAIL" != *"@"* || "$RULE_EMAIL" != *"."* ]]; then - dialog --title $"Add email rule" \ - --msgbox $"Unrecognised email address" 6 40 - return - fi + if [ ${#RULE_PUBLIC} -lt 1 ]; then + RULE_PUBLIC='no' + fi + if [[ $RULE_PUBLIC == $'y' || $RULE_PUBLIC == $'Y' || $RULE_PUBLIC == $'true' || $RULE_PUBLIC == $'True' || $RULE_PUBLIC == $'yes' || $RULE_PUBLIC == $'Yes' || $RULE_PUBLIC == $'YES' ]]; then + RULE_PUBLIC='yes' + else + RULE_PUBLIC='no' + fi + if [ ${#RULE_EMAIL} -lt 2 ]; then + dialog --title $"Add email rule" \ + --msgbox $"No email address was given" 6 40 + return + fi + if [ ${#RULE_FOLDER} -lt 2 ]; then + dialog --title $"Add email rule" \ + --msgbox $"No folder name was given" 6 40 + return + fi + if [[ "$RULE_EMAIL" != *"@"* || "$RULE_EMAIL" != *"."* ]]; then + dialog --title $"Add email rule" \ + --msgbox $"Unrecognised email address" 6 40 + return + fi - ${PROJECT_NAME}-addemail -u $SELECTED_USERNAME -e "$RULE_EMAIL" \ - -g "$RULE_FOLDER" --public $RULE_PUBLIC - dialog --title $"Add email rule" \ - --msgbox $"Email rule for $RULE_EMAIL was added" 6 40 + ${PROJECT_NAME}-addemail -u $SELECTED_USERNAME -e "$RULE_EMAIL" \ + -g "$RULE_FOLDER" --public $RULE_PUBLIC + dialog --title $"Add email rule" \ + --msgbox $"Email rule for $RULE_EMAIL was added" 6 40 } function block_unblock_email { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi - blockstr=$"Block/Unblock email going to" - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title "$blockstr $SELECTED_USERNAME" \ - --form "\n" 8 65 3 \ - $"When email arrives from address:" 1 1 "" 1 35 24 100 \ - $"Block it:" 2 1 "yes" 2 35 4 4 \ - 2> $data - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - BLOCK_EMAIL=$(cat $data | sed -n 1p) - BLOCK=$(cat $data | sed -n 2p) - if [ ${#BLOCK_EMAIL} -lt 2 ]; then - dialog --title $"Block/Unblock an email" \ - --msgbox $"No email address was given" 6 40 - return - fi - if [[ "$BLOCK_EMAIL" != *"@"* || "$BLOCK_EMAIL" != *"."* ]]; then - dialog --title $"Block/Unblock an email" \ - --msgbox $"Unrecognised email address" 6 40 - return - fi - if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then - ${PROJECT_NAME}-ignore -u $SELECTED_USERNAME -e "$BLOCK_EMAIL" - dialog --title $"Block an email" \ - --msgbox "Email from $BLOCK_EMAIL to $SELECTED_USERNAME blocked" 6 75 - else - ${PROJECT_NAME}-unignore -u $SELECTED_USERNAME -e "$BLOCK_EMAIL" - dialog --title $"Unblock an email" \ - --msgbox "Email from $BLOCK_EMAIL to $SELECTED_USERNAME unblocked" 6 75 - fi + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi + blockstr=$"Block/Unblock email going to" + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title "$blockstr $SELECTED_USERNAME" \ + --form "\n" 8 65 3 \ + $"When email arrives from address:" 1 1 "" 1 35 24 100 \ + $"Block it:" 2 1 "yes" 2 35 4 4 \ + 2> $data + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + BLOCK_EMAIL=$(cat $data | sed -n 1p) + BLOCK=$(cat $data | sed -n 2p) + if [ ${#BLOCK_EMAIL} -lt 2 ]; then + dialog --title $"Block/Unblock an email" \ + --msgbox $"No email address was given" 6 40 + return + fi + if [[ "$BLOCK_EMAIL" != *"@"* || "$BLOCK_EMAIL" != *"."* ]]; then + dialog --title $"Block/Unblock an email" \ + --msgbox $"Unrecognised email address" 6 40 + return + fi + if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then + ${PROJECT_NAME}-ignore -u $SELECTED_USERNAME -e "$BLOCK_EMAIL" + dialog --title $"Block an email" \ + --msgbox "Email from $BLOCK_EMAIL to $SELECTED_USERNAME blocked" 6 75 + else + ${PROJECT_NAME}-unignore -u $SELECTED_USERNAME -e "$BLOCK_EMAIL" + dialog --title $"Unblock an email" \ + --msgbox "Email from $BLOCK_EMAIL to $SELECTED_USERNAME unblocked" 6 75 + fi } function block_unblock_subject { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi - blockstr=$"Block/Unblock email going to" - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title "$blockstr $SELECTED_USERNAME" \ - --form "\n" 8 70 3 \ - $"When email arrives with subject text:" 1 1 "" 1 40 24 28 \ - $"Block it:" 2 1 "yes" 2 40 4 4 \ - 2> $data - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - BLOCK_SUBJECT=$(cat $data | sed -n 1p) - BLOCK=$(cat $data | sed -n 2p) - if [ ${#BLOCK_SUBJECT} -lt 2 ]; then - dialog --title $"Block/Unblock an email" \ - --msgbox $"No subject was given" 6 40 - return - fi - if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then - ${PROJECT_NAME}-ignore -u $SELECTED_USERNAME -t "$BLOCK_SUBJECT" - dialog --title $"Block an email" \ - --msgbox "Email with subject $BLOCK_SUBJECT to $SELECTED_USERNAME blocked" 6 40 - else - ${PROJECT_NAME}-unignore -u $SELECTED_USERNAME -t "$BLOCK_SUBJECT" - dialog --title $"Unblock an email" \ - --msgbox "Email with subject $BLOCK_SUBJECT to $SELECTED_USERNAME unblocked" 6 40 - fi + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi + blockstr=$"Block/Unblock email going to" + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title "$blockstr $SELECTED_USERNAME" \ + --form "\n" 8 70 3 \ + $"When email arrives with subject text:" 1 1 "" 1 40 24 28 \ + $"Block it:" 2 1 "yes" 2 40 4 4 \ + 2> $data + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + BLOCK_SUBJECT=$(cat $data | sed -n 1p) + BLOCK=$(cat $data | sed -n 2p) + if [ ${#BLOCK_SUBJECT} -lt 2 ]; then + dialog --title $"Block/Unblock an email" \ + --msgbox $"No subject was given" 6 40 + return + fi + if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then + ${PROJECT_NAME}-ignore -u $SELECTED_USERNAME -t "$BLOCK_SUBJECT" + dialog --title $"Block an email" \ + --msgbox "Email with subject $BLOCK_SUBJECT to $SELECTED_USERNAME blocked" 6 40 + else + ${PROJECT_NAME}-unignore -u $SELECTED_USERNAME -t "$BLOCK_SUBJECT" + dialog --title $"Unblock an email" \ + --msgbox "Email with subject $BLOCK_SUBJECT to $SELECTED_USERNAME unblocked" 6 40 + fi } function create_keydrive_master { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi - dialog --title $"USB Master Keydrive" \ - --msgbox $"Plug in a LUKS encrypted USB drive" 6 40 - clear - ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME --master 'yes' - any_key + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi + dialog --title $"USB Master Keydrive" \ + --msgbox $"Plug in a LUKS encrypted USB drive" 6 40 + clear + ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME --master 'yes' + any_key } function create_keydrive_fragment { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi - dialog --title $"USB Fragment Keydrive" \ - --msgbox $"Plug in a LUKS encrypted USB drive" 6 40 - clear - ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME - any_key + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi + dialog --title $"USB Fragment Keydrive" \ + --msgbox $"Plug in a LUKS encrypted USB drive" 6 40 + clear + ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME + any_key } function backup_data { - dialog --title $"Backup data to USB" \ - --msgbox $"Plug in a LUKS encrypted USB drive" 6 40 - clear - echo ' ' - echo $'Enter the passphrase for your LUKS encrypted backup drive:' - ${PROJECT_NAME}-backup-local - any_key + dialog --title $"Backup data to USB" \ + --msgbox $"Plug in a LUKS encrypted USB drive" 6 40 + clear + echo ' ' + echo $'Enter the passphrase for your LUKS encrypted backup drive:' + ${PROJECT_NAME}-backup-local + any_key } function restore_from_usb { - detect_apps - applist="all" - n=1 - app_index=0 - for a in "${APPS_INSTALLED_NAMES[@]}" - do - applist="$applist $n $a off" - n=$[n+1] - app_index=$[app_index+1] - done + detect_apps + applist="all" + n=1 + app_index=0 + for a in "${APPS_INSTALLED_NAMES[@]}" + do + applist="$applist $n $a off" + n=$[n+1] + app_index=$[app_index+1] + done - choices=$(dialog --stdout --backtitle $"Freedombone" \ - --title $"Restore apps" \ - --checklist $'Choose:' \ - 80 40 20 $applist) + choices=$(dialog --stdout --backtitle $"Freedombone" \ + --title $"Restore apps" \ + --checklist $'Choose:' \ + 80 40 20 $applist) - if [ $? -eq 0 ]; then - clear - ctr=0 - for choice in $choices - do - app_index = $[choice-1] - app_name=${APPS_INSTALLED_NAMES[app_index]} - if [[ "${app_name}" == 'all' ]]; then - ${PROJECT_NAME}-restore-local $USB_DRIVE - else - ${PROJECT_NAME}-restore-local $USB_DRIVE "${app_name}" - fi - if [ ! "$?" = "0" ]; then - dialog --title $"Restore apps from USB" \ - --msgbox $"Restore of ${app_name} failed with code $?" 6 40 - return - fi - ctr=$((ctr + 1)) - done - if [ $ctr -gt 0 ]; then - dialog --title $"Restore apps from USB" \ - --msgbox $"Restore complete" 6 40 - fi - fi + if [ $? -eq 0 ]; then + clear + ctr=0 + for choice in $choices + do + app_index = $[choice-1] + app_name=${APPS_INSTALLED_NAMES[app_index]} + if [[ "${app_name}" == 'all' ]]; then + ${PROJECT_NAME}-restore-local $USB_DRIVE + else + ${PROJECT_NAME}-restore-local $USB_DRIVE "${app_name}" + fi + if [ ! "$?" = "0" ]; then + dialog --title $"Restore apps from USB" \ + --msgbox $"Restore of ${app_name} failed with code $?" 6 40 + return + fi + ctr=$((ctr + 1)) + done + if [ $ctr -gt 0 ]; then + dialog --title $"Restore apps from USB" \ + --msgbox $"Restore complete" 6 40 + fi + fi } function restore_from_remote { - remote_domain_name=$1 + remote_domain_name=$1 - while true - do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Restore from ${remote_domain_name}" \ - --radiolist $"Choose an application to restore:" 31 70 28 \ - 1 $"Everything" off \ - 2 $"Return to the backup and restore menu" on \ - 3 $"Configuration files" off \ - 4 $"MariaDB settings" off \ - 5 $"Let's Encrypt account" off \ - 6 $"Mutt email client settings" off \ - 7 $"GPG keys" off \ - 8 $"Email processing rules" off \ - 9 $"Spam filtering rules" off \ - 10 $"Administrator's README file" off \ - 11 $"IPFS" off \ - 12 $"SSH keys" off \ - 13 $"User configuration files" off \ - 14 $"User local files" off \ - 15 $"User fin files" off \ - 16 $"SSL/TLS certificates" off \ - 17 $"Personal settings" off \ - 18 $"Mailing List" off \ - 19 $"XMPP chat" off \ - 20 $"GNU Social" off \ - 21 $"Hubzilla" off \ - 22 $"Syncthing" off \ - 23 $"Gogs" off \ - 24 $"Wiki" off \ - 25 $"Blog" off \ - 26 $"CJDNS" off \ - 27 $"Email" off \ - 28 $"DLNA" off \ - 29 $"VoIP" off \ - 30 $"RSS reader" off \ - 31 $"Tox" off 2> $data - sel=$? - case $sel in - 1) break;; - 255) break;; - esac + while true + do + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Restore from ${remote_domain_name}" \ + --radiolist $"Choose an application to restore:" 31 70 28 \ + 1 $"Everything" off \ + 2 $"Return to the backup and restore menu" on \ + 3 $"Configuration files" off \ + 4 $"MariaDB settings" off \ + 5 $"Let's Encrypt account" off \ + 6 $"Mutt email client settings" off \ + 7 $"GPG keys" off \ + 8 $"Email processing rules" off \ + 9 $"Spam filtering rules" off \ + 10 $"Administrator's README file" off \ + 11 $"IPFS" off \ + 12 $"SSH keys" off \ + 13 $"User configuration files" off \ + 14 $"User local files" off \ + 15 $"User fin files" off \ + 16 $"SSL/TLS certificates" off \ + 17 $"Personal settings" off \ + 18 $"Mailing List" off \ + 19 $"XMPP chat" off \ + 20 $"GNU Social" off \ + 21 $"Hubzilla" off \ + 22 $"Syncthing" off \ + 23 $"Gogs" off \ + 24 $"Wiki" off \ + 25 $"Blog" off \ + 26 $"CJDNS" off \ + 27 $"Email" off \ + 28 $"DLNA" off \ + 29 $"VoIP" off \ + 30 $"RSS reader" off \ + 31 $"Tox" off 2> $data + sel=$? + case $sel in + 1) break;; + 255) break;; + esac - if [ $(cat $data) -ne 2 ]; then - clear - fi + if [ $(cat $data) -ne 2 ]; then + clear + fi - case $(cat $data) in - 1) ${PROJECT_NAME}-restore-remote $remote_domain_name;; - 2) return;; - 3) ${PROJECT_NAME}-restore-remote $remote_domain_name configuration;; - 4) ${PROJECT_NAME}-restore-remote $remote_domain_name mariadb;; - 5) ${PROJECT_NAME}-restore-remote $remote_domain_name letsencrypt;; - 6) ${PROJECT_NAME}-restore-remote $remote_domain_name mutt;; - 7) ${PROJECT_NAME}-restore-remote $remote_domain_name gpg;; - 8) ${PROJECT_NAME}-restore-remote $remote_domain_name procmail;; - 9) ${PROJECT_NAME}-restore-remote $remote_domain_name spamassassin;; - 10) ${PROJECT_NAME}-restore-remote $remote_domain_name readme;; - 11) ${PROJECT_NAME}-restore-remote $remote_domain_name ipfs;; - 12) ${PROJECT_NAME}-restore-remote $remote_domain_name ssh;; - 13) ${PROJECT_NAME}-restore-remote $remote_domain_name userconfig;; - 14) ${PROJECT_NAME}-restore-remote $remote_domain_name userlocal;; - 15) ${PROJECT_NAME}-restore-remote $remote_domain_name userfin;; - 16) ${PROJECT_NAME}-restore-remote $remote_domain_name certs;; - 17) ${PROJECT_NAME}-restore-remote $remote_domain_name personal;; - 18) ${PROJECT_NAME}-restore-remote $remote_domain_name mailinglist;; - 19) ${PROJECT_NAME}-restore-remote $remote_domain_name xmpp;; - 20) ${PROJECT_NAME}-restore-remote $remote_domain_name gnusocial;; - 21) ${PROJECT_NAME}-restore-remote $remote_domain_name hubzilla;; - 22) ${PROJECT_NAME}-restore-remote $remote_domain_name syncthing;; - 23) ${PROJECT_NAME}-restore-remote $remote_domain_name gogs;; - 24) ${PROJECT_NAME}-restore-remote $remote_domain_name wiki;; - 25) ${PROJECT_NAME}-restore-remote $remote_domain_name blog;; - 26) ${PROJECT_NAME}-restore-remote $remote_domain_name cjdns;; - 27) ${PROJECT_NAME}-restore-remote $remote_domain_name email;; - 28) ${PROJECT_NAME}-restore-remote $remote_domain_name dlna;; - 29) ${PROJECT_NAME}-restore-remote $remote_domain_name voip;; - 30) ${PROJECT_NAME}-restore-remote $remote_domain_name ttrss;; - 31) ${PROJECT_NAME}-restore-remote $remote_domain_name tox;; - esac - done - any_key + case $(cat $data) in + 1) ${PROJECT_NAME}-restore-remote $remote_domain_name;; + 2) return;; + 3) ${PROJECT_NAME}-restore-remote $remote_domain_name configuration;; + 4) ${PROJECT_NAME}-restore-remote $remote_domain_name mariadb;; + 5) ${PROJECT_NAME}-restore-remote $remote_domain_name letsencrypt;; + 6) ${PROJECT_NAME}-restore-remote $remote_domain_name mutt;; + 7) ${PROJECT_NAME}-restore-remote $remote_domain_name gpg;; + 8) ${PROJECT_NAME}-restore-remote $remote_domain_name procmail;; + 9) ${PROJECT_NAME}-restore-remote $remote_domain_name spamassassin;; + 10) ${PROJECT_NAME}-restore-remote $remote_domain_name readme;; + 11) ${PROJECT_NAME}-restore-remote $remote_domain_name ipfs;; + 12) ${PROJECT_NAME}-restore-remote $remote_domain_name ssh;; + 13) ${PROJECT_NAME}-restore-remote $remote_domain_name userconfig;; + 14) ${PROJECT_NAME}-restore-remote $remote_domain_name userlocal;; + 15) ${PROJECT_NAME}-restore-remote $remote_domain_name userfin;; + 16) ${PROJECT_NAME}-restore-remote $remote_domain_name certs;; + 17) ${PROJECT_NAME}-restore-remote $remote_domain_name personal;; + 18) ${PROJECT_NAME}-restore-remote $remote_domain_name mailinglist;; + 19) ${PROJECT_NAME}-restore-remote $remote_domain_name xmpp;; + 20) ${PROJECT_NAME}-restore-remote $remote_domain_name gnusocial;; + 21) ${PROJECT_NAME}-restore-remote $remote_domain_name hubzilla;; + 22) ${PROJECT_NAME}-restore-remote $remote_domain_name syncthing;; + 23) ${PROJECT_NAME}-restore-remote $remote_domain_name gogs;; + 24) ${PROJECT_NAME}-restore-remote $remote_domain_name wiki;; + 25) ${PROJECT_NAME}-restore-remote $remote_domain_name blog;; + 26) ${PROJECT_NAME}-restore-remote $remote_domain_name cjdns;; + 27) ${PROJECT_NAME}-restore-remote $remote_domain_name email;; + 28) ${PROJECT_NAME}-restore-remote $remote_domain_name dlna;; + 29) ${PROJECT_NAME}-restore-remote $remote_domain_name voip;; + 30) ${PROJECT_NAME}-restore-remote $remote_domain_name ttrss;; + 31) ${PROJECT_NAME}-restore-remote $remote_domain_name tox;; + esac + done + any_key } function restore_data { - dialog --title $"Restore data from USB" \ - --msgbox $"Plug in your backup USB drive" 6 40 - clear - echo ' ' - echo $'Enter the passphrase for your LUKS encrypted backup drive:' - restore_from_usb + dialog --title $"Restore data from USB" \ + --msgbox $"Plug in your backup USB drive" 6 40 + clear + echo ' ' + echo $'Enter the passphrase for your LUKS encrypted backup drive:' + restore_from_usb } function restore_data_remote { - if [ ! $ADMIN_USER ]; then - dialog --title $"Restore data from remote server" \ - --msgbox $"Unknown admin user" 6 40 - return - fi - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --title $"Restore from remote server" \ - --backtitle $"Freedombone Control Panel" \ - --inputbox $"Enter the domain name of the server from which you wish to restore" 8 60 2>$data - sel=$? - case $sel in - 0) - friend_server_domain_name=$(<$data) + if [ ! $ADMIN_USER ]; then + dialog --title $"Restore data from remote server" \ + --msgbox $"Unknown admin user" 6 40 + return + fi + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Restore from remote server" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"Enter the domain name of the server from which you wish to restore" 8 60 2>$data + sel=$? + case $sel in + 0) + friend_server_domain_name=$(<$data) - if [ ${#friend_server_domain_name} -lt 2 ]; then - return - fi + if [ ${#friend_server_domain_name} -lt 2 ]; then + return + fi - if [[ $friend_server_domain_name != *"."* ]]; then - dialog --title $"Remote server domain name" \ - --msgbox $"Invalid domain name" 6 40 - return - fi + if [[ $friend_server_domain_name != *"."* ]]; then + dialog --title $"Remote server domain name" \ + --msgbox $"Invalid domain name" 6 40 + return + fi - restore_from_remote $friend_server_domain_name - ;; - esac + restore_from_remote $friend_server_domain_name + ;; + esac } function ping_enable_disable { - ping_str=$"\nDo you want to enable other systems to ping this machine?\n\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it." - enable_ping="no" - dialog --title $"Enable Ping / ICMP" \ - --backtitle $"Freedombone Control Panel" \ - --defaultno \ - --yesno "$ping_str" 10 60 - sel=$? - case $sel in - 0) enable_ping="yes";; - 255) return;; - esac + ping_str=$"\nDo you want to enable other systems to ping this machine?\n\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it." + enable_ping="no" + dialog --title $"Enable Ping / ICMP" \ + --backtitle $"Freedombone Control Panel" \ + --defaultno \ + --yesno "$ping_str" 10 60 + sel=$? + case $sel in + 0) enable_ping="yes";; + 255) return;; + esac - if [[ $enable_ping == "yes" ]]; then - iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT - iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT - echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all - else - iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT - iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT - echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all - fi + if [[ $enable_ping == "yes" ]]; then + iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT + iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT + echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all + else + iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT + iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT + echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all + fi } function logging_on_off { - logging="no" - dialog --title $"Logging" \ - --backtitle $"Freedombone Control Panel" \ - --yesno $"\nDo you want to turn logging on?" 7 60 - sel=$? - case $sel in - 0) logging="yes";; - 255) return;; - esac + logging="no" + dialog --title $"Logging" \ + --backtitle $"Freedombone Control Panel" \ + --yesno $"\nDo you want to turn logging on?" 7 60 + sel=$? + case $sel in + 0) logging="yes";; + 255) return;; + esac - clear - echo '' - echo $'This may take a few seconds. Please wait...' - if [[ $logging == "no" ]]; then - ${PROJECT_NAME}-logging off - else - ${PROJECT_NAME}-logging on - fi + clear + echo '' + echo $'This may take a few seconds. Please wait...' + if [[ $logging == "no" ]]; then + ${PROJECT_NAME}-logging off + else + ${PROJECT_NAME}-logging on + fi } function restore_gpg_key { - select_user - if [ ! $SELECTED_USERNAME ]; then - return - fi - restorestr=$"Restore GPG key for user" - dialog --title "$restorestr $SELECTED_USERNAME" \ - --msgbox $"Plug in your USB keydrive" 6 40 - clear - ${PROJECT_NAME}-recoverkey -u $SELECTED_USERNAME - any_key + select_user + if [ ! $SELECTED_USERNAME ]; then + return + fi + restorestr=$"Restore GPG key for user" + dialog --title "$restorestr $SELECTED_USERNAME" \ + --msgbox $"Plug in your USB keydrive" 6 40 + clear + ${PROJECT_NAME}-recoverkey -u $SELECTED_USERNAME + any_key } function security_settings { - ${PROJECT_NAME}-sec - any_key + ${PROJECT_NAME}-sec + any_key } function reset_tripwire { - if [ ! -f /usr/bin/reset-tripwire ]; then - return - fi - clear - echo $'Resetting the Tripwire...' - echo ' ' - echo ' + if [ ! -f /usr/bin/reset-tripwire ]; then + return + fi + clear + echo $'Resetting the Tripwire...' + echo ' ' + echo ' - ' | reset-tripwire - any_key + ' | reset-tripwire + any_key } function hubzilla_renew_cert { - dialog --title $"Renew SSL certificate" \ - --backtitle $"Freedombone Control Panel" \ - --yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60 - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}') - if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then - dialog --title $"Renew SSL certificate" \ - --msgbox $"Hubzilla install directory not found" 6 40 - return - fi - ${PROJECT_NAME}-renew-cert -h $HUBZILLA_DOMAIN_NAME -p 'letsencrypt' - if [ ! "$?" = "0" ]; then - any_key - else - dialog --title $"Renew SSL certificate" \ - --msgbox $"Hubzilla certificate has been renewed" 6 40 - fi + dialog --title $"Renew SSL certificate" \ + --backtitle $"Freedombone Control Panel" \ + --yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60 + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}') + if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then + dialog --title $"Renew SSL certificate" \ + --msgbox $"Hubzilla install directory not found" 6 40 + return + fi + ${PROJECT_NAME}-renew-cert -h $HUBZILLA_DOMAIN_NAME -p 'letsencrypt' + if [ ! "$?" = "0" ]; then + any_key + else + dialog --title $"Renew SSL certificate" \ + --msgbox $"Hubzilla certificate has been renewed" 6 40 + fi } function hubzilla_channel_directory_server { - if ! grep -q "Hubzilla domain" $COMPLETION_FILE; then - dialog --title $"Hubzilla channel directory server" \ - --msgbox $"Hubzilla is not installed on this system" 6 40 - return - fi - HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}') - if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then - dialog --title $"Hubzilla channel directory server" \ - --msgbox $"Hubzilla install directory not found" 6 40 - return - fi + if ! grep -q "Hubzilla domain" $COMPLETION_FILE; then + dialog --title $"Hubzilla channel directory server" \ + --msgbox $"Hubzilla is not installed on this system" 6 40 + return + fi + HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}') + if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then + dialog --title $"Hubzilla channel directory server" \ + --msgbox $"Hubzilla install directory not found" 6 40 + return + fi - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --title $"Hubzilla channel directory server" \ - --backtitle $"Freedombone Control Panel" \ - --inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>$data - sel=$? - case $sel in - 0) - hubzilla_domain_server=$(<$data) - if [[ $hubzilla_domain_server != *"."* ]]; then - return - fi - if [[ $hubzilla_domain_server != "https"* ]]; then - dialog --title $"Hubzilla channel directory server" \ - --msgbox $"Invalid domain - include the https://" 6 40 - return - fi - ./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config system directory_server $hubzilla_domain_server - dialog --title $"Hubzilla channel directory server" \ - --msgbox $"Domain channel directory server changed to $hubzilla_domain_server" 6 40 - ;; - esac + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Hubzilla channel directory server" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>$data + sel=$? + case $sel in + 0) + hubzilla_domain_server=$(<$data) + if [[ $hubzilla_domain_server != *"."* ]]; then + return + fi + if [[ $hubzilla_domain_server != "https"* ]]; then + dialog --title $"Hubzilla channel directory server" \ + --msgbox $"Invalid domain - include the https://" 6 40 + return + fi + ./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config system directory_server $hubzilla_domain_server + dialog --title $"Hubzilla channel directory server" \ + --msgbox $"Domain channel directory server changed to $hubzilla_domain_server" 6 40 + ;; + esac } function format_drive { - drive= - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Format a USB drive (LUKS encrypted)" \ - --radiolist $"Choose a drive:" 12 70 5 \ - 1 $"sda (Beaglebone Black)" off \ - 2 $"sdb" off \ - 3 $"sdc" off \ - 4 $"sdd" off \ - 5 $"Back to Backup and Restore menu" on 2> $data - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - case $(cat $data) in - 1) drive='sda';; - 2) drive='sdb';; - 3) drive='sdc';; - 4) drive='sdd';; - 5) return;; - esac + drive= + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Format a USB drive (LUKS encrypted)" \ + --radiolist $"Choose a drive:" 12 70 5 \ + 1 $"sda (Beaglebone Black)" off \ + 2 $"sdb" off \ + 3 $"sdc" off \ + 4 $"sdd" off \ + 5 $"Back to Backup and Restore menu" on 2> $data + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + case $(cat $data) in + 1) drive='sda';; + 2) drive='sdb';; + 3) drive='sdc';; + 4) drive='sdd';; + 5) return;; + esac - dialog --title $"Format USB drive" \ - --backtitle $"Freedombone Control Panel" \ - --defaultno \ - --yesno $"\nPlease confirm that you wish to format drive\n\n ${drive}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60 - sel=$? - case $sel in - 1) return;; - 255) return;; - esac + dialog --title $"Format USB drive" \ + --backtitle $"Freedombone Control Panel" \ + --defaultno \ + --yesno $"\nPlease confirm that you wish to format drive\n\n ${drive}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60 + sel=$? + case $sel in + 1) return;; + 255) return;; + esac - clear - ${PROJECT_NAME}-format $drive - any_key + clear + ${PROJECT_NAME}-format $drive + any_key } function remove_backups { - drive= - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Remove backups from a USB drive" \ - --radiolist $"Choose a drive:" 12 70 5 \ - 1 $"sda (Beaglebone Black)" off \ - 2 $"sdb" off \ - 3 $"sdc" off \ - 4 $"sdd" off \ - 5 $"Back to Backup and Restore menu" on 2> $data - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - case $(cat $data) in - 1) drive='sda';; - 2) drive='sdb';; - 3) drive='sdc';; - 4) drive='sdd';; - 5) return;; - esac + drive= + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Remove backups from a USB drive" \ + --radiolist $"Choose a drive:" 12 70 5 \ + 1 $"sda (Beaglebone Black)" off \ + 2 $"sdb" off \ + 3 $"sdc" off \ + 4 $"sdd" off \ + 5 $"Back to Backup and Restore menu" on 2> $data + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + case $(cat $data) in + 1) drive='sda';; + 2) drive='sdb';; + 3) drive='sdc';; + 4) drive='sdd';; + 5) return;; + esac - dialog --title $"Remove backups from a USB drive" \ - --backtitle $"Freedombone Control Panel" \ - --defaultno \ - --yesno $"\nPlease confirm that you wish to remove backups from this drive\n\n ${drive}\n\nYou will not be able to recover them afterwards." 12 60 - sel=$? - case $sel in - 1) return;; - 255) return;; - esac + dialog --title $"Remove backups from a USB drive" \ + --backtitle $"Freedombone Control Panel" \ + --defaultno \ + --yesno $"\nPlease confirm that you wish to remove backups from this drive\n\n ${drive}\n\nYou will not be able to recover them afterwards." 12 60 + sel=$? + case $sel in + 1) return;; + 255) return;; + esac - clear - ${PROJECT_NAME}-backup-local $drive remove - any_key + clear + ${PROJECT_NAME}-backup-local $drive remove + any_key } function shut_down_system { - dialog --title $"Power off the system" \ - --backtitle $"Freedombone Control Panel" \ - --defaultno \ - --yesno $"\nPlease confirm that you wish to power off the system.\n\nWARNING: to power on again you will need to have physical access to the hardware." 10 60 - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - shutdown now + dialog --title $"Power off the system" \ + --backtitle $"Freedombone Control Panel" \ + --defaultno \ + --yesno $"\nPlease confirm that you wish to power off the system.\n\nWARNING: to power on again you will need to have physical access to the hardware." 10 60 + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + shutdown now } function restart_system { - dialog --title $"Restart the system" \ - --backtitle $"Freedombone Control Panel" \ - --defaultno \ - --yesno $"\nPlease confirm that you wish to restart the system.\n\nWARNING: If you are using full disk encryption then you will need physical access to the hardware to type in the password" 10 60 - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - reboot + dialog --title $"Restart the system" \ + --backtitle $"Freedombone Control Panel" \ + --defaultno \ + --yesno $"\nPlease confirm that you wish to restart the system.\n\nWARNING: If you are using full disk encryption then you will need physical access to the hardware to type in the password" 10 60 + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + reboot } function change_system_name { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --title $"Change the name of this system" \ - --backtitle $"Freedombone Control Panel" \ - --inputbox $'Enter a new name for this system on your local network\n\nIt will appear as newname.local' 10 60 2>$data - sel=$? - case $sel in - 0) NEW_SYSTEM_NAME=$(<$data) - if [ "$NEW_SYSTEM_NAME" ]; then - if [ ${#NEW_SYSTEM_NAME} -gt 1 ]; then - sed -i "s|host-name=.*|host-name=$NEW_SYSTEM_NAME|g" /etc/avahi/avahi-daemon.conf - systemctl restart avahi-daemon - if grep -q "host-name=$NEW_SYSTEM_NAME" /etc/avahi/avahi-daemon.conf; then - dialog --title $"New local network name" \ - --msgbox $"The name of this system on your local network was changed successfully" 6 70 - fi - fi - fi - ;; - esac + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Change the name of this system" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $'Enter a new name for this system on your local network\n\nIt will appear as newname.local' 10 60 2>$data + sel=$? + case $sel in + 0) NEW_SYSTEM_NAME=$(<$data) + if [ "$NEW_SYSTEM_NAME" ]; then + if [ ${#NEW_SYSTEM_NAME} -gt 1 ]; then + sed -i "s|host-name=.*|host-name=$NEW_SYSTEM_NAME|g" /etc/avahi/avahi-daemon.conf + systemctl restart avahi-daemon + if grep -q "host-name=$NEW_SYSTEM_NAME" /etc/avahi/avahi-daemon.conf; then + dialog --title $"New local network name" \ + --msgbox $"The name of this system on your local network was changed successfully" 6 70 + fi + fi + fi + ;; + esac } function set_tls_time_source { - TLS_DATE_SOURCE=$(cat /usr/bin/updatedate | grep "TIMESOURCE='" | awk -F '=' '{print $2}' | awk -F "'" '{print $2}') - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --title $"Set the TLS date/time source" \ - --backtitle $"Freedombone Control Panel" \ - --inputbox $"Enter a domain name to use as a TLS time source.\n\nFactors to consider when choosing a source are whether you wish that site to know that your system is 'alive' and also what might happen if an adversary were to try to mess with the date/time from that domain (i.e. how much blowback would there be)." 14 60 "$TLS_DATE_SOURCE" 2>$data - sel=$? - case $sel in - 0) NEW_TLS_DATE_SOURCE=$(<$data) - if [[ $NEW_TLS_DATE_SOURCE == *"."* && $NEW_TLS_DATE_SOURCE != *'/'* ]]; then - if [[ $NEW_TLS_DATE_SOURCE != "http"* ]]; then - sed -i "s|TIMESOURCE='.*|TIMESOURCE='${NEW_TLS_DATE_SOURCE}'|g" $UPDATE_DATE_SCRIPT - else - dialog --title $"Invalid domain name" \ - --msgbox $"Don't include the 'https'" 6 70 - fi - else - dialog --title $"Invalid domain name" \ - --msgbox $"That doesn't look like a domain name" 6 70 - fi - ;; - esac + TLS_DATE_SOURCE=$(cat /usr/bin/updatedate | grep "TIMESOURCE='" | awk -F '=' '{print $2}' | awk -F "'" '{print $2}') + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Set the TLS date/time source" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"Enter a domain name to use as a TLS time source.\n\nFactors to consider when choosing a source are whether you wish that site to know that your system is 'alive' and also what might happen if an adversary were to try to mess with the date/time from that domain (i.e. how much blowback would there be)." 14 60 "$TLS_DATE_SOURCE" 2>$data + sel=$? + case $sel in + 0) NEW_TLS_DATE_SOURCE=$(<$data) + if [[ $NEW_TLS_DATE_SOURCE == *"."* && $NEW_TLS_DATE_SOURCE != *'/'* ]]; then + if [[ $NEW_TLS_DATE_SOURCE != "http"* ]]; then + sed -i "s|TIMESOURCE='.*|TIMESOURCE='${NEW_TLS_DATE_SOURCE}'|g" $UPDATE_DATE_SCRIPT + else + dialog --title $"Invalid domain name" \ + --msgbox $"Don't include the 'https'" 6 70 + fi + else + dialog --title $"Invalid domain name" \ + --msgbox $"That doesn't look like a domain name" 6 70 + fi + ;; + esac } function set_static_IP { - STATIC_IP='192.168.1.60' - STATIC_GATEWAY='192.168.1.1' - NEW_STATIC_IP= - NEW_STATIC_GATEWAY= - if grep -q 'iface eth0 inet static' /etc/network/interfaces; then - STATIC_IP=$(cat /etc/network/interfaces | grep "address " | awk -F ' ' '{print $2}' | head -n 1) - STATIC_GATEWAY=$(cat /etc/network/interfaces | grep "gateway " | awk -F ' ' '{print $2}' | head -n 1) - fi + STATIC_IP='192.168.1.60' + STATIC_GATEWAY='192.168.1.1' + NEW_STATIC_IP= + NEW_STATIC_GATEWAY= + if grep -q 'iface eth0 inet static' /etc/network/interfaces; then + STATIC_IP=$(cat /etc/network/interfaces | grep "address " | awk -F ' ' '{print $2}' | head -n 1) + STATIC_GATEWAY=$(cat /etc/network/interfaces | grep "gateway " | awk -F ' ' '{print $2}' | head -n 1) + fi - # get the IP for the box - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --title $"Set a static local IP address" \ - --backtitle $"Freedombone Control Panel" \ - --inputbox $"In order to forward incoming internet traffic to this system most internet routers need to know a static local IP address to send the data to.\n\n + # get the IP for the box + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Set a static local IP address" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"In order to forward incoming internet traffic to this system most internet routers need to know a static local IP address to send the data to.\n\n Enter a static local IP address for this system.\n\nIt will typically be 192.168.1.x" 15 60 "$STATIC_IP" 2>$data - sel=$? - case $sel in - 0) NEW_STATIC_IP=$(<$data) - if [[ "$NEW_STATIC_IP" != *"."* ]]; then - return - fi - if grep -q 'iface eth0 inet static' /etc/network/interfaces; then - if [[ "$NEW_STATIC_IP" != "$STATIC_IP" ]]; then - sed -i "s|${STATIC_IP}|${NEW_STATIC_IP}|g" /etc/network/interfaces - fi - fi - ;; - esac + sel=$? + case $sel in + 0) NEW_STATIC_IP=$(<$data) + if [[ "$NEW_STATIC_IP" != *"."* ]]; then + return + fi + if grep -q 'iface eth0 inet static' /etc/network/interfaces; then + if [[ "$NEW_STATIC_IP" != "$STATIC_IP" ]]; then + sed -i "s|${STATIC_IP}|${NEW_STATIC_IP}|g" /etc/network/interfaces + fi + fi + ;; + esac - # get the gateway - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --title $"Set the IP address of your internet router/modem" \ - --backtitle $"Freedombone Control Panel" \ - --inputbox $"Set the local IP address for your internet router or ADSL modem.\n\nIt will typically be 192.168.1.1, 192.168.1.254, or similar" 12 60 "$STATIC_GATEWAY" 2>$data - sel=$? - case $sel in - 0) NEW_STATIC_GATEWAY=$(<$data) - if [[ "$NEW_STATIC_GATEWAY" != *"."* ]]; then - return - fi - if grep -q 'iface eth0 inet static' /etc/network/interfaces; then - if [[ "$NEW_STATIC_GATEWAY" != "$STATIC_GATEWAY" ]]; then - sed -i "s|${STATIC_GATEWAY}|${NEW_STATIC_GATEWAY}|g" /etc/network/interfaces - fi - return - fi - ;; - esac + # get the gateway + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Set the IP address of your internet router/modem" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"Set the local IP address for your internet router or ADSL modem.\n\nIt will typically be 192.168.1.1, 192.168.1.254, or similar" 12 60 "$STATIC_GATEWAY" 2>$data + sel=$? + case $sel in + 0) NEW_STATIC_GATEWAY=$(<$data) + if [[ "$NEW_STATIC_GATEWAY" != *"."* ]]; then + return + fi + if grep -q 'iface eth0 inet static' /etc/network/interfaces; then + if [[ "$NEW_STATIC_GATEWAY" != "$STATIC_GATEWAY" ]]; then + sed -i "s|${STATIC_GATEWAY}|${NEW_STATIC_GATEWAY}|g" /etc/network/interfaces + fi + return + fi + ;; + esac - if ! grep -q 'iface eth0 inet static' /etc/network/interfaces; then - if [ "$NEW_STATIC_GATEWAY" && "$NEW_STATIC_IP" ]; then - echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces - echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces - echo '' >> /etc/network/interfaces - echo '# The loopback network interface' >> /etc/network/interfaces - echo 'auto lo' >> /etc/network/interfaces - echo 'iface lo inet loopback' >> /etc/network/interfaces - echo '' >> /etc/network/interfaces - echo '# The primary network interface' >> /etc/network/interfaces - echo 'auto eth0' >> /etc/network/interfaces - echo 'iface eth0 inet static' >> /etc/network/interfaces - echo " address ${NEW_STATIC_IP}" >> /etc/network/interfaces - echo ' netmask 255.255.255.0' >> /etc/network/interfaces - echo " gateway ${NEW_STATIC_GATEWAY}" >> /etc/network/interfaces - echo " dns-nameservers 213.73.91.35 85.214.20.141" >> /etc/network/interfaces - echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces - echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces - echo '' >> /etc/network/interfaces - echo '# The secondary network interface' >> /etc/network/interfaces - echo '#auto eth1' >> /etc/network/interfaces - echo '#iface eth1 inet dhcp' >> /etc/network/interfaces - echo '' >> /etc/network/interfaces - echo '# WiFi Example' >> /etc/network/interfaces - echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces - echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces - echo '# wpa-ssid "essid"' >> /etc/network/interfaces - echo '# wpa-psk "password"' >> /etc/network/interfaces - echo '' >> /etc/network/interfaces - echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces - echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces - echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces - echo '#iface usb0 inet static' >> /etc/network/interfaces - echo '# address 192.168.7.2' >> /etc/network/interfaces - echo '# netmask 255.255.255.0' >> /etc/network/interfaces - echo '# network 192.168.7.0' >> /etc/network/interfaces - echo '# gateway 192.168.7.1' >> /etc/network/interfaces - fi - fi + if ! grep -q 'iface eth0 inet static' /etc/network/interfaces; then + if [ "$NEW_STATIC_GATEWAY" && "$NEW_STATIC_IP" ]; then + echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces + echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# The loopback network interface' >> /etc/network/interfaces + echo 'auto lo' >> /etc/network/interfaces + echo 'iface lo inet loopback' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# The primary network interface' >> /etc/network/interfaces + echo 'auto eth0' >> /etc/network/interfaces + echo 'iface eth0 inet static' >> /etc/network/interfaces + echo " address ${NEW_STATIC_IP}" >> /etc/network/interfaces + echo ' netmask 255.255.255.0' >> /etc/network/interfaces + echo " gateway ${NEW_STATIC_GATEWAY}" >> /etc/network/interfaces + echo " dns-nameservers 213.73.91.35 85.214.20.141" >> /etc/network/interfaces + echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces + echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# The secondary network interface' >> /etc/network/interfaces + echo '#auto eth1' >> /etc/network/interfaces + echo '#iface eth1 inet dhcp' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# WiFi Example' >> /etc/network/interfaces + echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces + echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces + echo '# wpa-ssid "essid"' >> /etc/network/interfaces + echo '# wpa-psk "password"' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces + echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces + echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces + echo '#iface usb0 inet static' >> /etc/network/interfaces + echo '# address 192.168.7.2' >> /etc/network/interfaces + echo '# netmask 255.255.255.0' >> /etc/network/interfaces + echo '# network 192.168.7.0' >> /etc/network/interfaces + echo '# gateway 192.168.7.1' >> /etc/network/interfaces + fi + fi } function wifi_settings { - if [ -f /etc/hostapd/hostapd.conf ]; then - return - fi + if [ -f /etc/hostapd/hostapd.conf ]; then + return + fi - TEMP_WIFI_NETWORKS_FILE=~/.temp-${PROJECT_NAME}-wifi.cfg - ${PROJECT_NAME}-wifi --networksinteractive $TEMP_WIFI_NETWORKS_FILE - if [ -f $TEMP_WIFI_NETWORKS_FILE ]; then - cp $TEMP_WIFI_NETWORKS_FILE $WIFI_NETWORKS_FILE - rm $TEMP_WIFI_NETWORKS_FILE - ${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE - dialog --title $"Wifi Settings" \ - --msgbox $"Wifi settings were changed" 6 40 - fi + TEMP_WIFI_NETWORKS_FILE=~/.temp-${PROJECT_NAME}-wifi.cfg + ${PROJECT_NAME}-wifi --networksinteractive $TEMP_WIFI_NETWORKS_FILE + if [ -f $TEMP_WIFI_NETWORKS_FILE ]; then + cp $TEMP_WIFI_NETWORKS_FILE $WIFI_NETWORKS_FILE + rm $TEMP_WIFI_NETWORKS_FILE + ${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE + dialog --title $"Wifi Settings" \ + --msgbox $"Wifi settings were changed" 6 40 + fi } function wifi_edit_networks { - if [ -f /etc/hostapd/hostapd.conf ]; then - return - fi - if [ ! -f $WIFI_NETWORKS_FILE ]; then - echo $'# Add wifi networks as follows:' > $WIFI_NETWORKS_FILE - echo '#' >> $WIFI_NETWORKS_FILE - echo $'# MySSID' >> $WIFI_NETWORKS_FILE - echo $'# wpa2-psk' >> $WIFI_NETWORKS_FILE - echo $'# myWifiPassphrase' >> $WIFI_NETWORKS_FILE - echo '#' >> $WIFI_NETWORKS_FILE - echo $'# AnotherSSID' >> $WIFI_NETWORKS_FILE - echo $'# none' >> $WIFI_NETWORKS_FILE - echo '#' >> $WIFI_NETWORKS_FILE - fi - editor $WIFI_NETWORKS_FILE - ${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE + if [ -f /etc/hostapd/hostapd.conf ]; then + return + fi + if [ ! -f $WIFI_NETWORKS_FILE ]; then + echo $'# Add wifi networks as follows:' > $WIFI_NETWORKS_FILE + echo '#' >> $WIFI_NETWORKS_FILE + echo $'# MySSID' >> $WIFI_NETWORKS_FILE + echo $'# wpa2-psk' >> $WIFI_NETWORKS_FILE + echo $'# myWifiPassphrase' >> $WIFI_NETWORKS_FILE + echo '#' >> $WIFI_NETWORKS_FILE + echo $'# AnotherSSID' >> $WIFI_NETWORKS_FILE + echo $'# none' >> $WIFI_NETWORKS_FILE + echo '#' >> $WIFI_NETWORKS_FILE + fi + editor $WIFI_NETWORKS_FILE + ${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE } function hotspot_settings { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Hotspot Settings" \ - --form $"" 10 60 4 \ - $"Enabled (yes/no):" 1 1 "$WIFI_HOTSPOT" 1 24 5 5 \ - $"SSID:" 2 1 "$WIFI_SSID" 2 24 256 256 \ - $"Type (wpa2-psk/none):" 3 1 "$WIFI_TYPE" 3 24 10 10 \ - $"Passphrase:" 4 1 "$WIFI_PASSPHRASE" 4 24 256 256 \ - 2> $data - sel=$? - case $sel in - 1) return;; - 255) return;; - esac - TEMP_WIFI_HOTSPOT=$(cat $data | sed -n 1p) - TEMP_WIFI_SSID=$(cat $data | sed -n 2p) - TEMP_WIFI_TYPE=$(cat $data | sed -n 3p) - TEMP_WIFI_PASSPHRASE=$(cat $data | sed -n 4p) + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Hotspot Settings" \ + --form $"" 10 60 4 \ + $"Enabled (yes/no):" 1 1 "$WIFI_HOTSPOT" 1 24 5 5 \ + $"SSID:" 2 1 "$WIFI_SSID" 2 24 256 256 \ + $"Type (wpa2-psk/none):" 3 1 "$WIFI_TYPE" 3 24 10 10 \ + $"Passphrase:" 4 1 "$WIFI_PASSPHRASE" 4 24 256 256 \ + 2> $data + sel=$? + case $sel in + 1) return;; + 255) return;; + esac + TEMP_WIFI_HOTSPOT=$(cat $data | sed -n 1p) + TEMP_WIFI_SSID=$(cat $data | sed -n 2p) + TEMP_WIFI_TYPE=$(cat $data | sed -n 3p) + TEMP_WIFI_PASSPHRASE=$(cat $data | sed -n 4p) - if [ ${#TEMP_WIFI_SSID} -lt 2 ]; then - return - fi - if [ ${#TEMP_WIFI_TYPE} -lt 2 ]; then - return - fi + if [ ${#TEMP_WIFI_SSID} -lt 2 ]; then + return + fi + if [ ${#TEMP_WIFI_TYPE} -lt 2 ]; then + return + fi - WIFI_EXTRA='' - if [[ $TEMP_WIFI_HOTSPOT == $'yes' || $TEMP_WIFI_HOTSPOT == $'y' || $TEMP_WIFI_HOTSPOT == $'on' ]]; then - TEMP_WIFI_HOTSPOT='yes' - else - TEMP_WIFI_HOTSPOT='no' - if [ -f $WIFI_NETWORKS_FILE ]; then - WIFI_EXTRA='--networks $WIFI_NETWORKS_FILE' - fi - fi + WIFI_EXTRA='' + if [[ $TEMP_WIFI_HOTSPOT == $'yes' || $TEMP_WIFI_HOTSPOT == $'y' || $TEMP_WIFI_HOTSPOT == $'on' ]]; then + TEMP_WIFI_HOTSPOT='yes' + else + TEMP_WIFI_HOTSPOT='no' + if [ -f $WIFI_NETWORKS_FILE ]; then + WIFI_EXTRA='--networks $WIFI_NETWORKS_FILE' + fi + fi - if [[ $TEMP_WIFI_TYPE != $'none' ]]; then - if [ ! $TEMP_WIFI_PASSPHRASE ]; then - dialog --title $"Wifi Settings" \ - --msgbox $"No wifi hotspot passphrase was given" 6 40 - return - fi - if [ ${#TEMP_WIFI_PASSPHRASE} -lt 2 ]; then - dialog --title $"Wifi Settings" \ - --msgbox $"Wifi hotspot passphrase was too short" 6 40 - return - fi + if [[ $TEMP_WIFI_TYPE != $'none' ]]; then + if [ ! $TEMP_WIFI_PASSPHRASE ]; then + dialog --title $"Wifi Settings" \ + --msgbox $"No wifi hotspot passphrase was given" 6 40 + return + fi + if [ ${#TEMP_WIFI_PASSPHRASE} -lt 2 ]; then + dialog --title $"Wifi Settings" \ + --msgbox $"Wifi hotspot passphrase was too short" 6 40 + return + fi - WIFI_HOTSPOT=$TEMP_WIFI_HOTSPOT - WIFI_SSID=$TEMP_WIFI_SSID - WIFI_TYPE=$TEMP_WIFI_TYPE - WIFI_PASSPHRASE=$TEMP_WIFI_PASSPHRASE + WIFI_HOTSPOT=$TEMP_WIFI_HOTSPOT + WIFI_SSID=$TEMP_WIFI_SSID + WIFI_TYPE=$TEMP_WIFI_TYPE + WIFI_PASSPHRASE=$TEMP_WIFI_PASSPHRASE - ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT $WIFI_EXTRA - else - WIFI_HOTSPOT=$TEMP_WIFI_HOTSPOT - WIFI_SSID=$TEMP_WIFI_SSID - WIFI_TYPE=$TEMP_WIFI_TYPE - WIFI_PASSPHRASE=$TEMP_WIFI_PASSPHRASE + ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT $WIFI_EXTRA + else + WIFI_HOTSPOT=$TEMP_WIFI_HOTSPOT + WIFI_SSID=$TEMP_WIFI_SSID + WIFI_TYPE=$TEMP_WIFI_TYPE + WIFI_PASSPHRASE=$TEMP_WIFI_PASSPHRASE - ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE --hotspot $WIFI_HOTSPOT $WIFI_EXTRA - fi + ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE --hotspot $WIFI_HOTSPOT $WIFI_EXTRA + fi - # store any changes - if ! grep -q "WIFI_HOTSPOT" $CONFIGURATION_FILE; then - echo "WIFI_HOTSPOT=$WIFI_HOTSPOT" >> $CONFIGURATION_FILE - else - sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=$WIFI_HOTSPOT|g" $CONFIGURATION_FILE - fi - if ! grep -q "WIFI_SSID" $CONFIGURATION_FILE; then - echo "WIFI_SSID=$WIFI_SSID" >> $CONFIGURATION_FILE - else - sed -i "s|WIFI_SSID=.*|WIFI_SSID=$WIFI_SSID|g" $CONFIGURATION_FILE - fi - if ! grep -q "WIFI_TYPE" $CONFIGURATION_FILE; then - echo "WIFI_TYPE=$WIFI_TYPE" >> $CONFIGURATION_FILE - else - sed -i "s|WIFI_TYPE=.*|WIFI_SSID=$WIFI_TYPE|g" $CONFIGURATION_FILE - fi - if ! grep -q "WIFI_PASSPHRASE" $CONFIGURATION_FILE; then - echo "WIFI_PASSPHRASE=$WIFI_PASSPHRASE" >> $CONFIGURATION_FILE - else - sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=$WIFI_PASSPHRASE|g" $CONFIGURATION_FILE - fi + # store any changes + if ! grep -q "WIFI_HOTSPOT" $CONFIGURATION_FILE; then + echo "WIFI_HOTSPOT=$WIFI_HOTSPOT" >> $CONFIGURATION_FILE + else + sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=$WIFI_HOTSPOT|g" $CONFIGURATION_FILE + fi + if ! grep -q "WIFI_SSID" $CONFIGURATION_FILE; then + echo "WIFI_SSID=$WIFI_SSID" >> $CONFIGURATION_FILE + else + sed -i "s|WIFI_SSID=.*|WIFI_SSID=$WIFI_SSID|g" $CONFIGURATION_FILE + fi + if ! grep -q "WIFI_TYPE" $CONFIGURATION_FILE; then + echo "WIFI_TYPE=$WIFI_TYPE" >> $CONFIGURATION_FILE + else + sed -i "s|WIFI_TYPE=.*|WIFI_SSID=$WIFI_TYPE|g" $CONFIGURATION_FILE + fi + if ! grep -q "WIFI_PASSPHRASE" $CONFIGURATION_FILE; then + echo "WIFI_PASSPHRASE=$WIFI_PASSPHRASE" >> $CONFIGURATION_FILE + else + sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=$WIFI_PASSPHRASE|g" $CONFIGURATION_FILE + fi - dialog --title $"Wifi Settings" \ - --msgbox $"Hotspot settings were changed" 6 40 + dialog --title $"Wifi Settings" \ + --msgbox $"Hotspot settings were changed" 6 40 } function reinstall_mariadb { - dialog --title $"Reinstall MariaDB" \ - --backtitle $"Freedombone Control Panel" \ - --defaultno \ - --yesno $"\nThis should be a LAST RESORT, if the mysql daemon won't start. You will lose ALL databases and will then need to restore them from backup.\n\nAre you sure that you wish to continue?" 12 60 - sel=$? - case $sel in - 1) return;; - 255) return;; - esac + dialog --title $"Reinstall MariaDB" \ + --backtitle $"Freedombone Control Panel" \ + --defaultno \ + --yesno $"\nThis should be a LAST RESORT, if the mysql daemon won't start. You will lose ALL databases and will then need to restore them from backup.\n\nAre you sure that you wish to continue?" 12 60 + sel=$? + case $sel in + 1) return;; + 255) return;; + esac - clear - database_reinstall + clear + database_reinstall - dialog --title $"Reinstall MariaDB" \ - --msgbox $"MariaDB has been reinstalled" 6 40 + dialog --title $"Reinstall MariaDB" \ + --msgbox $"MariaDB has been reinstalled" 6 40 } function menu_backup_restore { - while true - do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Backup and Restore" \ - --radiolist $"Choose an operation:" 19 70 12 \ - 1 $"Backup data to USB drive" off \ - 2 $"Restore GPG key from USB keydrive" off \ - 3 $"Restore data from USB drive" off \ - 4 $"Reinstall mariadb" off \ - 5 $"Configure remote backups" off \ - 6 $"Restore from remote backup" off \ - 7 $"Backup GPG key to USB (master keydrive)" off \ - 8 $"Backup GPG key to USB (fragment keydrive)" off \ - 9 $"Format a USB drive (LUKS encrypted)" off \ - 10 $"Remove backups from a USB drive" off \ - 11 $"Back to main menu" on 2> $data - sel=$? - case $sel in - 1) break;; - 255) break;; - esac - case $(cat $data) in - 1) backup_data;; - 2) restore_gpg_key;; - 3) restore_data;; - 4) reinstall_mariadb;; - 5) configure_remote_backups;; - 6) restore_data_remote;; - 7) create_keydrive_master;; - 8) create_keydrive_fragment;; - 9) format_drive;; - 10) remove_backups;; - 11) break;; - esac - done + while true + do + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Backup and Restore" \ + --radiolist $"Choose an operation:" 19 70 12 \ + 1 $"Backup data to USB drive" off \ + 2 $"Restore GPG key from USB keydrive" off \ + 3 $"Restore data from USB drive" off \ + 4 $"Reinstall mariadb" off \ + 5 $"Configure remote backups" off \ + 6 $"Restore from remote backup" off \ + 7 $"Backup GPG key to USB (master keydrive)" off \ + 8 $"Backup GPG key to USB (fragment keydrive)" off \ + 9 $"Format a USB drive (LUKS encrypted)" off \ + 10 $"Remove backups from a USB drive" off \ + 11 $"Back to main menu" on 2> $data + sel=$? + case $sel in + 1) break;; + 255) break;; + esac + case $(cat $data) in + 1) backup_data;; + 2) restore_gpg_key;; + 3) restore_data;; + 4) reinstall_mariadb;; + 5) configure_remote_backups;; + 6) restore_data_remote;; + 7) create_keydrive_master;; + 8) create_keydrive_fragment;; + 9) format_drive;; + 10) remove_backups;; + 11) break;; + esac + done } function menu_email { - while true - do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Email Filtering Rules" \ - --radiolist $"Choose an operation:" 13 70 6 \ - 1 $"Add a user to a mailing list" off \ - 2 $"Remove a user from a mailing list" off \ - 3 $"Add an email rule" off \ - 4 $"Block/Unblock an email address" off \ - 5 $"Block/Unblock email with subject text" off \ - 6 $"Back to main menu" on 2> $data - sel=$? - case $sel in - 1) break;; - 255) break;; - esac - case $(cat $data) in - 1) add_to_mailing_list;; - 2) remove_user_from_mailing_list;; - 3) email_rule;; - 4) block_unblock_email;; - 5) block_unblock_subject;; - 6) break;; - esac - done + while true + do + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Email Filtering Rules" \ + --radiolist $"Choose an operation:" 13 70 6 \ + 1 $"Add a user to a mailing list" off \ + 2 $"Remove a user from a mailing list" off \ + 3 $"Add an email rule" off \ + 4 $"Block/Unblock an email address" off \ + 5 $"Block/Unblock email with subject text" off \ + 6 $"Back to main menu" on 2> $data + sel=$? + case $sel in + 1) break;; + 255) break;; + esac + case $(cat $data) in + 1) add_to_mailing_list;; + 2) remove_user_from_mailing_list;; + 3) email_rule;; + 4) block_unblock_email;; + 5) block_unblock_subject;; + 6) break;; + esac + done } function menu_users { - while true - do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Manage Users" \ - --radiolist $"Choose an operation:" 12 70 5 \ - 1 $"Add a user" off \ - 2 $"Delete a user" off \ - 3 $"Change user password" off \ - 4 $"Change user ssh public key" off \ - 5 $"Back to main menu" on 2> $data - sel=$? - case $sel in - 1) break;; - 255) break;; - esac - case $(cat $data) in - 1) add_user;; - 2) delete_user;; - 3) change_password;; - 4) change_ssh_public_key;; - 5) break;; - esac - done + while true + do + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Manage Users" \ + --radiolist $"Choose an operation:" 12 70 5 \ + 1 $"Add a user" off \ + 2 $"Delete a user" off \ + 3 $"Change user password" off \ + 4 $"Change user ssh public key" off \ + 5 $"Back to main menu" on 2> $data + sel=$? + case $sel in + 1) break;; + 255) break;; + esac + case $(cat $data) in + 1) add_user;; + 2) delete_user;; + 3) change_password;; + 4) change_ssh_public_key;; + 5) break;; + esac + done } function menu_hubzilla { - while true - do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Hubzilla" \ - --radiolist $"Choose an operation:" 13 70 4 \ - 1 $"Set channel directory server" off \ - 2 $"Renew SSL certificate" off \ - 3 $"Back to main menu" on 2> $data - sel=$? - case $sel in - 1) break;; - 255) break;; - esac - case $(cat $data) in - 1) hubzilla_channel_directory_server;; - 2) hubzilla_renew_cert;; - 3) break;; - esac - done + while true + do + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Hubzilla" \ + --radiolist $"Choose an operation:" 13 70 4 \ + 1 $"Set channel directory server" off \ + 2 $"Renew SSL certificate" off \ + 3 $"Back to main menu" on 2> $data + sel=$? + case $sel in + 1) break;; + 255) break;; + esac + case $(cat $data) in + 1) hubzilla_channel_directory_server;; + 2) hubzilla_renew_cert;; + 3) break;; + esac + done } function menu_media { - while true - do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Media Menu" \ - --radiolist $"Choose an operation:" 13 70 3 \ - 1 $"Attach a drive containing playable media" off \ - 2 $"Remove a drive containing playable media" off \ - 3 $"Exit" on 2> $data - sel=$? - case $sel in - 1) break;; - 255) break;; - esac - case $(cat $data) in - 1) remove-music - attach-music;; - 2) remove-music;; - 3) break;; - esac - done + while true + do + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Media Menu" \ + --radiolist $"Choose an operation:" 13 70 3 \ + 1 $"Attach a drive containing playable media" off \ + 2 $"Remove a drive containing playable media" off \ + 3 $"Exit" on 2> $data + sel=$? + case $sel in + 1) break;; + 255) break;; + esac + case $(cat $data) in + 1) remove-music + attach-music;; + 2) remove-music;; + 3) break;; + esac + done } function wifi_enable { - disable_wifi='yes' - dialog --title $"Enable Wifi" \ - --backtitle $"Freedombone Control Panel" \ - --defaultno \ - --yesno $"\nDo you wish to enable wifi?" 10 50 - sel=$? - case $sel in - 0) disable_wifi='no';; - 1) disable_wifi='yes';; - 255) return;; - esac - ${PROJECT_NAME}-wifi --disable $disable_wifi + disable_wifi='yes' + dialog --title $"Enable Wifi" \ + --backtitle $"Freedombone Control Panel" \ + --defaultno \ + --yesno $"\nDo you wish to enable wifi?" 10 50 + sel=$? + case $sel in + 0) disable_wifi='no';; + 1) disable_wifi='yes';; + 255) return;; + esac + ${PROJECT_NAME}-wifi --disable $disable_wifi } function menu_wifi { - while true - do - status_str=$'Wifi OFF' - if [ -f /etc/hostapd/hostapd.conf ]; then - status_str=$'Hotspot ON' - else - if grep -q "# wifi enabled" /etc/network/interfaces; then - status_str=$'Wifi ON' - fi - fi + while true + do + status_str=$'Wifi OFF' + if [ -f /etc/hostapd/hostapd.conf ]; then + status_str=$'Hotspot ON' + else + if grep -q "# wifi enabled" /etc/network/interfaces; then + status_str=$'Wifi ON' + fi + fi - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Wifi Menu" \ - --radiolist $"${status_str}\n\nChoose an operation:" 14 70 6 \ - 1 $"Enable or disable Wifi" off \ - 2 $"Configure wifi networks" off \ - 3 $"Manually edit wifi networks file" off \ - 4 $"Hotspot settings" off \ - 5 $"Exit" on 2> $data - sel=$? - case $sel in - 1) break;; - 255) break;; - esac - case $(cat $data) in - 1) wifi_enable;; - 2) wifi_settings;; - 3) wifi_edit_networks;; - 4) hotspot_settings;; - 5) break;; - esac - done + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Wifi Menu" \ + --radiolist $"${status_str}\n\nChoose an operation:" 14 70 6 \ + 1 $"Enable or disable Wifi" off \ + 2 $"Configure wifi networks" off \ + 3 $"Manually edit wifi networks file" off \ + 4 $"Hotspot settings" off \ + 5 $"Exit" on 2> $data + sel=$? + case $sel in + 1) break;; + 255) break;; + esac + case $(cat $data) in + 1) wifi_enable;; + 2) wifi_settings;; + 3) wifi_edit_networks;; + 4) hotspot_settings;; + 5) break;; + esac + done } function menu_irc { - if [ ! -d /etc/ngircd ]; then - dialog --title $"IRC Menu" \ - --msgbox $"No IRC server is installed" 6 70 - return - fi + if [ ! -d /etc/ngircd ]; then + dialog --title $"IRC Menu" \ + --msgbox $"No IRC server is installed" 6 70 + return + fi - while true - do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"IRC Menu" \ - --radiolist $"Choose an operation:" 14 70 4 \ - 1 $"Set a password for all IRC users" off \ - 2 $"Show current IRC login password" off \ - 3 $"Exit" on 2> $data - sel=$? - case $sel in - 1) break;; - 255) break;; - esac - case $(cat $data) in - 1) irc_set_global_password;; - 2) irc_show_password;; - 3) break;; - esac - done + while true + do + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"IRC Menu" \ + --radiolist $"Choose an operation:" 14 70 4 \ + 1 $"Set a password for all IRC users" off \ + 2 $"Show current IRC login password" off \ + 3 $"Exit" on 2> $data + sel=$? + case $sel in + 1) break;; + 255) break;; + esac + case $(cat $data) in + 1) irc_set_global_password;; + 2) irc_show_password;; + 3) break;; + esac + done } function menu_top_level { - while true - do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --backtitle $"Freedombone Control Panel" \ - --title $"Control Panel" \ - --radiolist $"Choose an operation:" 29 70 22 \ - 1 $"About this system" off \ - 2 $"Backup and Restore" off \ - 3 $"Reset Tripwire" off \ - 4 $"Logging on/off" off \ - 5 $"Ping enable/disable" off \ - 6 $"Manage Users" off \ - 7 $"Email Filtering Rules" off \ - 8 $"Outgoing Email Proxy" off \ - 9 $"Security Settings" off \ - 10 $"Set the main repository (repo mirrors)" off \ - 11 $"Hubzilla" off \ - 12 $"Media menu" off \ - 13 $"IRC menu" off \ - 14 $"Change your blog avatar" off \ - 15 $"Change the name of this system" off \ - 16 $"Set the TLS date/time source" off \ - 17 $"Set a static local IP address" off \ - 18 $"Wifi menu" off \ - 19 $"Check for updates" off \ - 20 $"Power off the system" off \ - 21 $"Restart the system" off \ - 22 $"Exit" on 2> $data - sel=$? - case $sel in - 1) exit 1;; - 255) exit 1;; - esac - case $(cat $data) in - 1) show_about;; - 2) menu_backup_restore;; - 3) reset_tripwire;; - 4) logging_on_off;; - 5) ping_enable_disable;; - 6) menu_users;; - 7) menu_email;; - 8) smtp_proxy;; - 9) security_settings;; - 10) set_main_repo;; - 11) menu_hubzilla;; - 12) menu_media;; - 13) menu_irc;; - 14) change_blog_avatar;; - 15) change_system_name;; - 16) set_tls_time_source;; - 17) set_static_IP;; - 18) menu_wifi;; - 19) check_for_updates;; - 20) shut_down_system;; - 21) restart_system;; - 22) break;; - esac - done + while true + do + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --backtitle $"Freedombone Control Panel" \ + --title $"Control Panel" \ + --radiolist $"Choose an operation:" 29 70 22 \ + 1 $"About this system" off \ + 2 $"Backup and Restore" off \ + 3 $"Reset Tripwire" off \ + 4 $"Logging on/off" off \ + 5 $"Ping enable/disable" off \ + 6 $"Manage Users" off \ + 7 $"Email Filtering Rules" off \ + 8 $"Outgoing Email Proxy" off \ + 9 $"Security Settings" off \ + 10 $"Set the main repository (repo mirrors)" off \ + 11 $"Hubzilla" off \ + 12 $"Media menu" off \ + 13 $"IRC menu" off \ + 14 $"Change your blog avatar" off \ + 15 $"Change the name of this system" off \ + 16 $"Set the TLS date/time source" off \ + 17 $"Set a static local IP address" off \ + 18 $"Wifi menu" off \ + 19 $"Check for updates" off \ + 20 $"Power off the system" off \ + 21 $"Restart the system" off \ + 22 $"Exit" on 2> $data + sel=$? + case $sel in + 1) exit 1;; + 255) exit 1;; + esac + case $(cat $data) in + 1) show_about;; + 2) menu_backup_restore;; + 3) reset_tripwire;; + 4) logging_on_off;; + 5) ping_enable_disable;; + 6) menu_users;; + 7) menu_email;; + 8) smtp_proxy;; + 9) security_settings;; + 10) set_main_repo;; + 11) menu_hubzilla;; + 12) menu_media;; + 13) menu_irc;; + 14) change_blog_avatar;; + 15) change_system_name;; + 16) set_tls_time_source;; + 17) set_static_IP;; + 18) menu_wifi;; + 19) check_for_updates;; + 20) shut_down_system;; + 21) restart_system;; + 22) break;; + esac + done } if [[ $USER != 'root' ]]; then - # show the user version of the control panel - ${PROJECT_NAME}-controlpanel-user - exit 0 + # show the user version of the control panel + ${PROJECT_NAME}-controlpanel-user + exit 0 fi if [ ! -f $COMPLETION_FILE ]; then - echo $'This command should only be run on an installed Freedombone system' - exit 1 + echo $'This command should only be run on an installed Freedombone system' + exit 1 fi ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') diff --git a/src/freedombone-restore-local b/src/freedombone-restore-local index 1af58ab6..b4417573 100755 --- a/src/freedombone-restore-local +++ b/src/freedombone-restore-local @@ -238,7 +238,7 @@ function restore_mutt_settings { if [ -d $USB_MOUNT/backup/mutt ]; then for d in $USB_MOUNT/backup/mutt/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME fi @@ -272,7 +272,7 @@ function restore_gpg { if [ -d $USB_MOUNT/backup/gnupg ]; then for d in $USB_MOUNT/backup/gnupg/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME fi @@ -309,7 +309,7 @@ function restore_procmail { if [ -d $USB_MOUNT/backup/procmail ]; then for d in $USB_MOUNT/backup/procmail/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME fi @@ -338,7 +338,7 @@ function restore_spamassassin { if [ -d $USB_MOUNT/backup/spamassassin ]; then for d in $USB_MOUNT/backup/spamassassin/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $USB_MOUNT/backup/spamassassin/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -399,7 +399,7 @@ function restore_user_ssh_keys { if [ -d $USB_MOUNT/backup/ssh ]; then for d in $USB_MOUNT/backup/ssh/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME fi @@ -428,7 +428,7 @@ function restore_user_config { if [ -d $USB_MOUNT/backup/config ]; then for d in $USB_MOUNT/backup/config/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME fi @@ -469,7 +469,7 @@ function restore_user_monkeysphere { if [ -d $USB_MOUNT/backup/monkeysphere ]; then for d in $USB_MOUNT/backup/monkeysphere/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME fi @@ -508,7 +508,7 @@ function restore_user_fin { if [ -d $USB_MOUNT/backup/fin ]; then for d in $USB_MOUNT/backup/fin/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME fi @@ -537,7 +537,7 @@ function restore_user_local { if [ -d $USB_MOUNT/backup/local ]; then for d in $USB_MOUNT/backup/local/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME fi @@ -610,7 +610,7 @@ function restore_personal_settings { if [ -d $USB_MOUNT/backup/personal ]; then for d in $USB_MOUNT/backup/personal/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $USB_MOUNT/backup/personal/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -663,7 +663,7 @@ function restore_email { if [ -d $USB_MOUNT/backup/mail ]; then for d in $USB_MOUNT/backup/mail/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME fi diff --git a/src/freedombone-restore-remote b/src/freedombone-restore-remote index d6043688..b5c234b5 100755 --- a/src/freedombone-restore-remote +++ b/src/freedombone-restore-remote @@ -225,7 +225,7 @@ function restore_mutt_settings { fi for d in $SERVER_DIRECTORY/backup/mutt/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/mutt/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -257,7 +257,7 @@ function restore_gpg { fi for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/gnupg/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -290,7 +290,7 @@ function restore_procmail { fi for d in $SERVER_DIRECTORY/backup/procmail/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/procmail/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -317,7 +317,7 @@ function restore_spamassassin { fi for d in $SERVER_DIRECTORY/backup/spamassassin/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/spamassassin/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -363,7 +363,7 @@ function restore_ssh_keys { fi for d in $SERVER_DIRECTORY/backup/ssh/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/ssh/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -390,7 +390,7 @@ function restore_user_config { fi for d in $SERVER_DIRECTORY/backup/config/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/config/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -429,7 +429,7 @@ function restore_user_monkeysphere { fi for d in $SERVER_DIRECTORY/backup/monkeysphere/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/monkeysphere/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -466,7 +466,7 @@ function restore_user_fin { fi for d in $SERVER_DIRECTORY/backup/fin/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/fin/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -493,7 +493,7 @@ function restore_user_local { fi for d in $SERVER_DIRECTORY/backup/local/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/local/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -561,7 +561,7 @@ function restore_personal_settings { fi for d in $SERVER_DIRECTORY/backup/personal/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/personal/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME @@ -608,7 +608,7 @@ function restore_email { fi for d in $SERVER_DIRECTORY/backup/mail/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -d $SERVER_DIRECTORY/backup/mail/$USERNAME ]; then if [ ! -d /home/$USERNAME ]; then ${PROJECT_NAME}-adduser $USERNAME diff --git a/src/freedombone-sec b/src/freedombone-sec index 554fad9b..65799737 100755 --- a/src/freedombone-sec +++ b/src/freedombone-sec @@ -336,7 +336,7 @@ function send_monkeysphere_server_keys_to_users { monkeysphere_server_keys=$(monkeysphere-host show-key | grep $"OpenPGP fingerprint" | awk -F ' ' '{print $3}') for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ ! -d /home/$USERNAME/.monkeysphere ]; then mkdir /home/$USERNAME/.monkeysphere fi @@ -952,7 +952,7 @@ function export_settings { function refresh_gpg_keys { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then su -c 'gpg --refresh-keys' - $USERNAME fi done diff --git a/src/freedombone-syncthing b/src/freedombone-syncthing index c47fd077..bc91e3b4 100755 --- a/src/freedombone-syncthing +++ b/src/freedombone-syncthing @@ -76,8 +76,8 @@ function create_syncthing_config { if [ -f $SYNCTHING_CONFIG_FILE ]; then SYNCTHING_ID=$(cat $SYNCTHING_CONFIG_FILE | grep "device id=" | head -n 1 | awk -F '"' '{print $2}') else - SYNCTHING_ID=$(new_syncthing_id) - fi + SYNCTHING_ID=$(new_syncthing_id) + fi fi if ! grep -q "Syncthing ID" $COMPLETION_FILE; then @@ -97,7 +97,7 @@ function create_syncthing_config { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then echo " " >> $SYNCTHING_CONFIG_FILE # include any specified device IDs for this user if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then @@ -137,7 +137,7 @@ function create_syncthing_config { echo "" > $TEMP_IDS_FILE for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then while read -r line || [[ -n "$line" ]]; do line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" @@ -169,7 +169,7 @@ function create_syncthing_config { echo ' false' >> $SYNCTHING_CONFIG_FILE echo ' ' >> $SYNCTHING_CONFIG_FILE - + echo " " >> $SYNCTHING_CONFIG_FILE echo '
dynamic
' >> $SYNCTHING_CONFIG_FILE echo '
' >> $SYNCTHING_CONFIG_FILE @@ -177,7 +177,7 @@ function create_syncthing_config { echo "" > $TEMP_IDS_FILE for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then while read -r line || [[ -n "$line" ]]; do line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" @@ -195,7 +195,7 @@ function create_syncthing_config { fi fi done - rm $TEMP_IDS_FILE + rm $TEMP_IDS_FILE echo ' ' >> $SYNCTHING_CONFIG_FILE echo " tcp://0.0.0.0:$SYNCTHING_PORT" >> $SYNCTHING_CONFIG_FILE @@ -236,7 +236,7 @@ function create_syncthing_config { # This allows it to appear within the user control panel for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then echo "$SYNCTHING_ID" > /home/$USERNAME/.syncthing-server-id chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id fi @@ -254,14 +254,14 @@ function user_devices_changed { CHANGED=1 return fi - + for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then if [ -f /home/$USERNAME/$SYNCTHING_UPDATE_FILE ]; then CHANGED=1 fi - + if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then while read -r line || [[ -n "$line" ]]; do if [[ $line != *"#"* && $line != *"*"* && $line != *'/'* && $line == *"-"* ]]; then diff --git a/src/freedombone-utils-backup b/src/freedombone-utils-backup index db53718b..9b1b4e67 100755 --- a/src/freedombone-utils-backup +++ b/src/freedombone-utils-backup @@ -275,7 +275,7 @@ function set_user_permissions { echo $"Setting permissions" for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then chown -R $USERNAME:$USERNAME /home/$USERNAME fi done