Local backups

This commit is contained in:
Bob Mottram 2016-07-07 20:42:25 +01:00
parent 0b54cf5641
commit 783d66fdf3
8 changed files with 398 additions and 343 deletions

View File

@ -46,13 +46,13 @@ function upgrade_mumble {
function backup_local_mumble {
if [ -f /etc/mumble-server.ini ]; then
echo $"Backing up Mumble settings"
if [ ! -d /root/tempvoipbackup ]; then
mkdir -p /root/tempvoipbackup
temp_backup_dir=/root/tempvoipbackup
if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir
fi
cp -f /etc/mumble-server.ini /root/tempvoipbackup
cp -f /var/lib/mumble-server/mumble-server.sqlite /root/tempvoipbackup
cp -f /etc/sipwitch.conf /root/tempvoipbackup
backup_directory_to_usb /root/tempvoipbackup voip
cp -f /etc/mumble-server.ini $temp_backup_dir
cp -f /var/lib/mumble-server/mumble-server.sqlite $temp_backup_dir
backup_directory_to_usb $temp_backup_dir voip
echo $"Mumble settings backup complete"
fi
}

View File

@ -38,11 +38,20 @@ VOIP_TURN_TLS_PORT=5349
VOIP_TURN_NONCE=
function upgrade_sip {
echo -n ''
echo -n ''
}
function backup_local_sip {
echo -n ''
if [ -f /etc/sipwitch.conf ]; then
echo $"Backing up SIP settings"
temp_backup_dir=/root/tempsipbackup
if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir
fi
cp -f /etc/sipwitch.conf $temp_backup_dir
backup_directory_to_usb $temp_backup_dir sip
echo $"SIP settings backup complete"
fi
}
function backup_remote_sip {

View File

@ -40,15 +40,23 @@ SYNCTHING_SHARED_DATA=/var/lib/syncthing/SyncShared
SYNCTHING_USER_IDS_FILE='.syncthingids'
function upgrade_syncthing {
echo -n ''
echo -n ''
}
function backup_local_syncthing {
echo -n ''
if [ -d /var/lib/syncthing/SyncShared ]; then
echo $"Backing up syncthing"
function_check backup_directory_to_usb
backup_directory_to_usb /var/lib/syncthing/SyncShared syncthingshared
backup_directory_to_usb /root/.config/syncthing syncthingconfig
echo $"Backup to syncthing complete"
fi
}
function backup_remote_syncthing {
echo -n ''
echo -n ''
}
function remove_syncthing {

View File

@ -58,7 +58,21 @@ function upgrade_tox {
}
function backup_local_tox {
echo ''
if [ -d /var/lib/tox-bootstrapd ]; then
echo $"Backing up Tox"
if [ -d /var/lib/tox-bootstrapd ]; then
cp /etc/tox-bootstrapd.conf /var/lib/tox-bootstrapd
if [ -d /var/lib/tox-bootstrapd/Maildir ]; then
rm -rf /var/lib/tox-bootstrapd/Maildir
fi
fi
function_check backup_directory_to_usb
backup_directory_to_usb /var/lib/tox-bootstrapd tox
echo $"Backup of Tox complete"
fi
}
function backup_remote_tox {

View File

@ -31,15 +31,15 @@
VARIANTS=''
function upgrade_vpn {
echo ''
echo -n ''
}
function backup_local_vpn {
echo ''
echo -n ''
}
function backup_remote_vpn {
echo ''
echo -n ''
}
function remove_vpn {

View File

@ -47,11 +47,16 @@ function upgrade_webmail {
}
function backup_local_webmail {
echo ''
echo $"Backing up webmail"
function_check backup_database_to_usb
backup_database_to_usb webmail
echo $"Backing up webmail complete"
}
function backup_remote_webmail {
echo ''
echo -n ''
}
function remove_webmail {
@ -65,7 +70,7 @@ function remove_webmail {
function_check remove_onion_service
remove_onion_service webmail ${WEBMAIL_ONION_PORT}
function_check drop_database
drop_database webmain
drop_database webmail
if [ -d $WEB_PATH/webmail ]; then
rm -rf $WEB_PATH/webmail
fi

View File

@ -37,15 +37,25 @@ WIKI_CODE=
WIKI_ONION_PORT=8089
function upgrade_wiki {
echo ''
echo -n ''
}
function backup_local_wiki {
echo ''
source_directory=/var/lib/dokuwiki
if [ -d $source_directory ]; then
dest_directory=wiki
echo $"Backing up $source_directory to $dest_directory"
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
backup_directory_to_usb /etc/dokuwiki wiki2
echo $"Backup to $dest_directory complete"
fi
}
function backup_remote_wiki {
echo ''
echo -n ''
}
function remove_wiki {

View File

@ -38,389 +38,398 @@ XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+
XMPP_ECC_CURVE='"secp384r1"'
function update_prosody_modules {
if [ ! -d $INSTALL_DIR/prosody-modules ]; then
return
fi
if [ ! -d /usr/lib/prosody ]; then
return
fi
if [ ! -d $INSTALL_DIR/prosody-modules ]; then
return
fi
if [ ! -d /usr/lib/prosody ]; then
return
fi
cd $INSTALL_DIR/prosody-modules
hg pull
hg update
cd $INSTALL_DIR/prosody-modules
hg pull
hg update
# support onion addresses
if [ -f $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua ]; then
cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua
fi
# support onion addresses
if [ -f $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua ]; then
cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua
fi
# XEP-0313 message archive management
# https://modules.prosody.im/mod_mam.html
# Allows you to download your previous messages onto a new client
# This only applies if you are not using forward secret crypto
# such as OTR or OMEMO (eg. OpenPGP)
if [ -d $INSTALL_DIR/prosody-modules/mod_mam ]; then
cp $INSTALL_DIR/prosody-modules/mod_mam/*.lua /usr/lib/prosody/modules
fi
# XEP-0313 message archive management
# https://modules.prosody.im/mod_mam.html
# Allows you to download your previous messages onto a new client
# This only applies if you are not using forward secret crypto
# such as OTR or OMEMO (eg. OpenPGP)
if [ -d $INSTALL_DIR/prosody-modules/mod_mam ]; then
cp $INSTALL_DIR/prosody-modules/mod_mam/*.lua /usr/lib/prosody/modules
fi
# XEP-0352 Client State Indication
# Notifies the server if the app is in the background or not
if [ -d $INSTALL_DIR/prosody-modules/mod_csi ]; then
cp $INSTALL_DIR/prosody-modules/mod_csi/*.lua /usr/lib/prosody/modules
fi
# XEP-0352 Client State Indication
# Notifies the server if the app is in the background or not
if [ -d $INSTALL_DIR/prosody-modules/mod_csi ]; then
cp $INSTALL_DIR/prosody-modules/mod_csi/*.lua /usr/lib/prosody/modules
fi
# XEP-0280 Message Carbons
# Ensures all messages get delivered to all clients (if you have a mobile and desktop client)
if [ -d $INSTALL_DIR/prosody-modules/mod_carbons ]; then
cp $INSTALL_DIR/prosody-modules/mod_carbons/*.lua /usr/lib/prosody/modules
fi
# XEP-0280 Message Carbons
# Ensures all messages get delivered to all clients (if you have a mobile and desktop client)
if [ -d $INSTALL_DIR/prosody-modules/mod_carbons ]; then
cp $INSTALL_DIR/prosody-modules/mod_carbons/*.lua /usr/lib/prosody/modules
fi
# XEP-0198 Stream management
# Helps mobile apps recover when a device switches networks.
if [ -d $INSTALL_DIR/prosody-modules/mod_smacks ]; then
cp $INSTALL_DIR/prosody-modules/mod_smacks/*.lua /usr/lib/prosody/modules
fi
if [ -d $INSTALL_DIR/prosody-modules/mod_smacks_offline ]; then
cp $INSTALL_DIR/prosody-modules/mod_smacks_offline/*.lua /usr/lib/prosody/modules
fi
# XEP-0198 Stream management
# Helps mobile apps recover when a device switches networks.
if [ -d $INSTALL_DIR/prosody-modules/mod_smacks ]; then
cp $INSTALL_DIR/prosody-modules/mod_smacks/*.lua /usr/lib/prosody/modules
fi
if [ -d $INSTALL_DIR/prosody-modules/mod_smacks_offline ]; then
cp $INSTALL_DIR/prosody-modules/mod_smacks_offline/*.lua /usr/lib/prosody/modules
fi
# XEP-0191: blocking
if [ -d $INSTALL_DIR/prosody-modules/mod_blocking ]; then
cp $INSTALL_DIR/prosody-modules/mod_blocking/*.lua /usr/lib/prosody/modules
fi
# XEP-0191: blocking
if [ -d $INSTALL_DIR/prosody-modules/mod_blocking ]; then
cp $INSTALL_DIR/prosody-modules/mod_blocking/*.lua /usr/lib/prosody/modules
fi
# XEP-0016 Privacy lists
if [ -d $INSTALL_DIR/prosody-modules/mod_privacy_lists ]; then
cp $INSTALL_DIR/prosody-modules/mod_privacy_lists/*.lua /usr/lib/prosody/modules
fi
# XEP-0016 Privacy lists
if [ -d $INSTALL_DIR/prosody-modules/mod_privacy_lists ]; then
cp $INSTALL_DIR/prosody-modules/mod_privacy_lists/*.lua /usr/lib/prosody/modules
fi
}
function upgrade_xmpp {
if ! grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
return
fi
function_check update_prosody_modules
update_prosody_modules
if ! grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
return
fi
function_check update_prosody_modules
update_prosody_modules
}
function backup_local_xmpp {
echo ''
source_directory=/var/lib/prosody xmpp
if [ -d $source_directory ]; then
dest_directory=xmpp
echo $"Backing up $source_directory to $dest_directory"
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
echo $"Backup to $dest_directory complete"
fi
}
function backup_remote_xmpp {
echo ''
echo -n ''
}
function configure_firewall_for_xmpp {
if [ ! -d /etc/prosody ]; then
return
fi
if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
if [ ! -d /etc/prosody ]; then
return
fi
if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=('XMPP 5222-5223')
OPEN_PORTS+=('XMPP 5269')
OPEN_PORTS+=('XMPP 5280-5281')
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
OPEN_PORTS+=('XMPP 5222-5223')
OPEN_PORTS+=('XMPP 5269')
OPEN_PORTS+=('XMPP 5280-5281')
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
}
function remove_xmpp_client {
if ! grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
return
fi
apt-get -y remove --purge profanity
sed '/install_xmpp_client/d' $COMPLETION_FILE
if ! grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
return
fi
apt-get -y remove --purge profanity
sed '/install_xmpp_client/d' $COMPLETION_FILE
}
function remove_xmpp {
remove_xmpp_client
if ! grep -Fxq "install_xmpp" $COMPLETION_FILE; then
return
fi
iptables -D INPUT -p tcp --dport 5222:5223 -j ACCEPT
iptables -D INPUT -p tcp --dport 5269 -j ACCEPT
iptables -D INPUT -p tcp --dport 5280:5281 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
remove_xmpp_client
if ! grep -Fxq "install_xmpp" $COMPLETION_FILE; then
return
fi
iptables -D INPUT -p tcp --dport 5222:5223 -j ACCEPT
iptables -D INPUT -p tcp --dport 5269 -j ACCEPT
iptables -D INPUT -p tcp --dport 5280:5281 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
function_check remove_onion_service
remove_onion_service xmpp 5222 5223 5269
function_check remove_onion_service
remove_onion_service xmpp 5222 5223 5269
apt-get -y remove --purge prosody prosody-modules
if [ -d $INSTALL_DIR/prosody-modules ]; then
rm -rf $INSTALL_DIR/prosody-modules
fi
if [ -d /etc/prosody ]; then
rm -rf /etc/prosody
fi
apt-get -y remove --purge prosody prosody-modules
if [ -d $INSTALL_DIR/prosody-modules ]; then
rm -rf $INSTALL_DIR/prosody-modules
fi
if [ -d /etc/prosody ]; then
rm -rf /etc/prosody
fi
sed '/install_xmpp/d' $COMPLETION_FILE
sed '/XMPP /d' $COMPLETION_FILE
sed '/install_xmpp/d' $COMPLETION_FILE
sed '/XMPP /d' $COMPLETION_FILE
}
function install_xmpp_main {
update_prosody_modules
update_prosody_modules
if grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
return
fi
apt-get -y install lua-sec lua-bitop
apt-get -y install prosody prosody-modules mercurial
if grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
return
fi
apt-get -y install lua-sec lua-bitop
apt-get -y install prosody prosody-modules mercurial
if [ ! -d /etc/prosody ]; then
echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
exit 52
fi
if [ ! -d /etc/prosody ]; then
echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
exit 52
fi
# obtain the prosody modules
cd $INSTALL_DIR
hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then
echo $'mod_onions prosody module could not be found'
exit 73254
fi
# obtain the prosody modules
cd $INSTALL_DIR
hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then
echo $'mod_onions prosody module could not be found'
exit 73254
fi
# install the onions module
update_prosody_modules
if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then
echo $'mod_onions.lua could not be copied to the prosody modules directory'
exit 63952
fi
# install the onions module
update_prosody_modules
if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then
echo $'mod_onions.lua could not be copied to the prosody modules directory'
exit 63952
fi
# create a certificate
if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
check_certificates xmpp
fi
chown prosody:prosody /etc/ssl/private/xmpp.key
chown prosody:prosody /etc/ssl/certs/xmpp.*
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
# create a certificate
if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
check_certificates xmpp
fi
chown prosody:prosody /etc/ssl/private/xmpp.key
chown prosody:prosody /etc/ssl/certs/xmpp.*
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
fi
sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
fi
sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
systemctl restart prosody
touch /home/$MY_USERNAME/README
systemctl restart prosody
touch /home/$MY_USERNAME/README
if [ ! -d /var/lib/tor ]; then
echo $'No Tor installation found. XMPP onion site cannot be configured.'
exit 877367
fi
if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
echo $'Added onion site for XMPP chat'
fi
if [ ! -d /var/lib/tor ]; then
echo $'No Tor installation found. XMPP onion site cannot be configured.'
exit 877367
fi
if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
echo $'Added onion site for XMPP chat'
fi
systemctl restart tor
wait_for_onion_service 'xmpp'
systemctl restart tor
wait_for_onion_service 'xmpp'
if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
echo $'XMPP onion site hostname not found'
exit 65349
fi
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then
echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
else
sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
fi
if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
echo $'XMPP onion site hostname not found'
exit 65349
fi
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then
echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
else
sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
fi
if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
if [ ${#XMPP_PASSWORD} -lt 8 ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
fi
fi
prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'XMPP' >> /home/$MY_USERNAME/README
echo '====' >> /home/$MY_USERNAME/README
echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
echo $'You can change it with: ' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
if [ ${#XMPP_PASSWORD} -lt 8 ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
fi
fi
prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'XMPP' >> /home/$MY_USERNAME/README
echo '====' >> /home/$MY_USERNAME/README
echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
echo $'You can change it with: ' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
function_check configure_firewall_for_xmpp
configure_firewall_for_xmpp
function_check configure_firewall_for_xmpp
configure_firewall_for_xmpp
echo 'install_xmpp_main' >> $COMPLETION_FILE
echo 'install_xmpp_main' >> $COMPLETION_FILE
}
function install_xmpp_client {
if grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
return
fi
apt-get -y install profanity
if grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
return
fi
apt-get -y install profanity
XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
if [ ! -d $XMPP_CLIENT_DIR ]; then
mkdir -p $XMPP_CLIENT_DIR
fi
XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
if [ ! -d $XMPP_CLIENT_DIR ]; then
mkdir -p $XMPP_CLIENT_DIR
fi
if [[ $ONION_ONLY == 'no' ]]; then
echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
echo "muc.service=conference.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
if [ ${#XMPP_PASSWORD} -gt 2 ]; then
echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
fi
fi
if [[ $ONION_ONLY == 'no' ]]; then
echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
echo "muc.service=conference.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
if [ ${#XMPP_PASSWORD} -gt 2 ]; then
echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
fi
fi
if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
if [[ $ONION_ONLY == 'no' ]]; then
echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
else
echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
fi
echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
echo "muc.service=conference.${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
if [ ${#XMPP_PASSWORD} -gt 2 ]; then
echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
fi
fi
if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
if [[ $ONION_ONLY == 'no' ]]; then
echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
else
echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
fi
echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
echo "muc.service=conference.${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
if [ ${#XMPP_PASSWORD} -gt 2 ]; then
echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
fi
fi
if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
mkdir /home/$MY_USERNAME/.config/profanity
fi
echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
mkdir /home/$MY_USERNAME/.config/profanity
fi
echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
echo 'install_xmpp_client' >> $COMPLETION_FILE
echo 'install_xmpp_client' >> $COMPLETION_FILE
}
function install_xmpp {
if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
return
fi
install_xmpp_main
install_xmpp_client
echo 'install_xmpp' >> $COMPLETION_FILE
if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
return
fi
install_xmpp_main
install_xmpp_client
echo 'install_xmpp' >> $COMPLETION_FILE
}
# NOTE: deliberately no exit 0