From baf2a204fbed06aca61358d999cbe2aa2023e5be Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Fri, 16 Jan 2015 19:46:15 +0000 Subject: [PATCH] Tidying --- backups.org => doc/backups.org | 0 beaglebone.txt => doc/beaglebone.txt | 0 code.org => doc/code.org | 0 faq.org => doc/faq.org | 0 index.org => doc/index.org | 0 installation.org => doc/installation.org | 0 related.org => doc/related.org | 0 support.org => doc/support.org | 0 usage.org => doc/usage.org | 0 variants.org => doc/variants.org | 0 src/freedombone | 7859 +++++++++++++++++ src/freedombone-prep | 150 + .../freedombone-tordongle | 0 index.css => website/index.css | 0 14 files changed, 8009 insertions(+) rename backups.org => doc/backups.org (100%) rename beaglebone.txt => doc/beaglebone.txt (100%) rename code.org => doc/code.org (100%) rename faq.org => doc/faq.org (100%) rename index.org => doc/index.org (100%) rename installation.org => doc/installation.org (100%) rename related.org => doc/related.org (100%) rename support.org => doc/support.org (100%) rename usage.org => doc/usage.org (100%) rename variants.org => doc/variants.org (100%) create mode 100755 src/freedombone create mode 100755 src/freedombone-prep rename tor_dongle_setup.sh => src/freedombone-tordongle (100%) rename index.css => website/index.css (100%) diff --git a/backups.org b/doc/backups.org similarity index 100% rename from backups.org rename to doc/backups.org diff --git a/beaglebone.txt b/doc/beaglebone.txt similarity index 100% rename from beaglebone.txt rename to doc/beaglebone.txt diff --git a/code.org b/doc/code.org similarity index 100% rename from code.org rename to doc/code.org diff --git a/faq.org b/doc/faq.org similarity index 100% rename from faq.org rename to doc/faq.org diff --git a/index.org b/doc/index.org similarity index 100% rename from index.org rename to doc/index.org diff --git a/installation.org b/doc/installation.org similarity index 100% rename from installation.org rename to doc/installation.org diff --git a/related.org b/doc/related.org similarity index 100% rename from related.org rename to doc/related.org diff --git a/support.org b/doc/support.org similarity index 100% rename from support.org rename to doc/support.org diff --git a/usage.org b/doc/usage.org similarity index 100% rename from usage.org rename to doc/usage.org diff --git a/variants.org b/doc/variants.org similarity index 100% rename from variants.org rename to doc/variants.org diff --git a/src/freedombone b/src/freedombone new file mode 100755 index 00000000..a932b725 --- /dev/null +++ b/src/freedombone @@ -0,0 +1,7859 @@ +#!/bin/bash +# +# .---. . . +# | | | +# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. +# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' +# ' ' --' --' -' - -' ' ' -' -' -' ' - --' +# +# Freedom in the Cloud +# +# This install script is intended for use with Debian Jessie +# +# Please note that the various hashes and download archives +# for systems such as Owncloud and Dokuwiki may need to be updated +# +# License +# ======= +# +# Copyright (C) 2014-2015 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Summary +# ======= +# +# This script is intended to be run on the target device, which +# is typically a Beaglebone Black. +# +# To be able to run this script you need to get to a condition +# where you have Debian Jessie installed, with at least one +# unprivileged user account and at least one subdomain created on +# https://freedns.afraid.org/. If you're not installing on a +# Beaglebone Black then set the variable INSTALLING_ON_BBB to "no" +# +# Note on dynamic dns +# =================== +# +# I'm not particularly trying to promote freedns.afraid.org +# as a service, it just happens to be a dynamic DNS system which +# provides free (as in beer) accounts, and I'm trying to make the +# process of setting up a working server as trivial as possible. +# Other dynamic DNS systems are available, and if you're using +# something different then comment out the section within +# argument_checks and the call to dynamic_dns_freedns. +# +# Prerequisites +# ============= +# +# You will need to initially prepare a microSD card with a Debian +# image on it. This can be done using the initial_setup.sh script. +# +# If you are not using a Beaglebone Black then just prepare the +# target system with a fresh installation of Debian Jessie. +# +# Configuration file +# ================== +# If you don't want to edit this script directly then you can +# create a configuration file called freedombone.cfg, which should +# be in the same directory as install-freedombone.sh. +# Within the configuration file you can specify the main settings +# such as: +# +# INSTALLING_ON_BBB=yes +# SSH_PORT=2222 +# MICROBLOG_DOMAIN_NAME=mydomain +# MICROBLOG_FREEDNS_SUBDOMAIN_CODE=[code] +# ... +# +# Note that there are no spaces around the equals. + +DOMAIN_NAME= +MY_USERNAME= +FREEDNS_SUBDOMAIN_CODE= +SYSTEM_TYPE= + +# Are we installing on a Beaglebone Black (BBB) or some other system? +INSTALLING_ON_BBB="no" + +# Version number of this script +VERSION="1.00" + +# Different system variants which may be specified within +# the SYSTEM_TYPE option +VARIANT_WRITER="writer" +VARIANT_CLOUD="cloud" +VARIANT_CHAT="chat" +VARIANT_MAILBOX="mailbox" +VARIANT_NONMAILBOX="nonmailbox" +VARIANT_SOCIAL="social" +VARIANT_MEDIA="media" +VARIANT_TOR_DONGLE="tordongle" + +# An optional configuration file which overrides some of these variables +CONFIGURATION_FILE="freedombone.cfg" + +SSH_PORT=2222 + +# parameters used when adding a new domain +DDNS_PROVIDER="freedns.afraid.org" +DDNS_USERNAME= +DDNS_PASSWORD= +CURRENT_DDNS_DOMAIN= +CURRENT_DDNS_CODE= + +# number of CPU cores +CPU_CORES=1 + +# The static IP address of the system within the local network +LOCAL_NETWORK_STATIC_IP_ADDRESS="192.168.1.60" + +# IP address of the router (gateway) +ROUTER_IP_ADDRESS="192.168.1.254" + +# whether to route outgoing traffic through Tor +ROUTE_THROUGH_TOR="no" + +# Why use Google as a time source? +# The thinking here is that it's likely to be reliable and fast. +# The ping doesn't reveal any information other than that the server +# is running, and if anyone maliciously alters the time on Google's +# servers then that would certainly be newsworthy and they'd be +# likely to do something about it quickly. +# If you have better time sources then change them here. +TLS_TIME_SOURCE1="google.com" +TLS_TIME_SOURCE2="www.ptb.de" + +# kernel specifically tweaked for the Beaglebone Black +# See http://rcn-ee.net/deb/jessie-armhf/ +KERNEL_VERSION="v3.15.10-bone8" + +# Whether or not to use the beaglebone's hardware random number generator +USE_HWRNG="yes" + +# Whether this system is being installed within a docker container +INSTALLED_WITHIN_DOCKER="no" + +# If you want to run a public mailing list specify its name here. +# There should be no spaces in the name +PUBLIC_MAILING_LIST= +# Optional different domain name for the public mailing list +PUBLIC_MAILING_LIST_DOMAIN_NAME= +# Directory where the public mailing list data is stored +PUBLIC_MAILING_LIST_DIRECTORY="/var/spool/mlmmj" + +# If you want to run an encrypted mailing list specify its name here. +# There should be no spaces in the name +PRIVATE_MAILING_LIST= + +# Domain name or freedns subdomain for mediagoblin installation +MEDIAGOBLIN_DOMAIN_NAME= +MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE= +MEDIAGOBLIN_REPO="" +MEDIAGOBLIN_ADMIN_PASSWORD= + +# Domain name or freedns subdomain for microblog installation +MICROBLOG_DOMAIN_NAME= +MICROBLOG_FREEDNS_SUBDOMAIN_CODE= +MICROBLOG_REPO="git://gitorious.org/social/mainline.git" +MICROBLOG_ADMIN_PASSWORD= + +# Domain name or redmatrix installation +REDMATRIX_DOMAIN_NAME= +REDMATRIX_FREEDNS_SUBDOMAIN_CODE= +REDMATRIX_REPO="https://github.com/friendica/red.git" +REDMATRIX_ADDONS_REPO="https://github.com/friendica/red-addons.git" +REDMATRIX_ADMIN_PASSWORD= + +# Domain name and freedns subdomain for Owncloud installation +OWNCLOUD_DOMAIN_NAME= +OWNCLOUD_FREEDNS_SUBDOMAIN_CODE= +OWNCLOUD_ADMIN_PASSWORD= + +# Domain name and freedns subdomain for your wiki +WIKI_DOMAIN_NAME= +WIKI_FREEDNS_SUBDOMAIN_CODE= +WIKI_ADMIN_PASSWORD= +WIKI_TITLE="Freedombone Wiki" + +# Domain name and freedns subdomain for your blog +FULLBLOG_DOMAIN_NAME= +FULLBLOG_FREEDNS_SUBDOMAIN_CODE= +MY_BLOG_TITLE="My Blog" +MY_BLOG_SUBTITLE="Another Freedombone Blog" + +GPG_KEYSERVER="hkp://keys.gnupg.net" + +# whether to encrypt all incoming email with your public key +GPG_ENCRYPT_STORED_EMAIL="yes" + +# gets set to yes if gpg keys are imported from usb +GPG_KEYS_IMPORTED="no" + +# optionally you can provide your exported GPG key pair here +# Note that the private key file will be deleted after use +# If these are unspecified then a new GPG key will be created +MY_GPG_PUBLIC_KEY= +MY_GPG_PRIVATE_KEY= + +# optionally specify your public key ID +MY_GPG_PUBLIC_KEY_ID= + +# If you have existing mail within a Maildir +# you can specify the directory here and the files +# will be imported +IMPORT_MAILDIR= + +# The Debian package repository to use. +DEBIAN_REPO="ftp.us.debian.org" + +DEBIAN_VERSION="jessie" + +# Directory where source code is downloaded and compiled +INSTALL_DIR=$HOME/build + +# device name for an attached usb drive +USB_DRIVE=/dev/sda1 + +# Location where the USB drive is mounted to +USB_MOUNT=/mnt/usb + +# name of a script used to upgrade the system +UPGRADE_SCRIPT_NAME="freedombone-upgrade" + +# name of a script which keeps running processes going even if they crash +WATCHDOG_SCRIPT_NAME="keepon" + +# Name of a script used to create a backup of the system on usb drive +BACKUP_SCRIPT_NAME="backup" + +# Name of a script used to restore the system from usb drive +RESTORE_SCRIPT_NAME="restore" + +# name of a script used to backup to friends servers +BACKUP_TO_FRIENDS_SCRIPT_NAME="backup2friends" + +# name of a script used to restore backed up data from a friend +RESTORE_FROM_FRIEND_SCRIPT_NAME="restorefromfriend" + +# Location of the certificate used to encrypt backups +BACKUP_CERTIFICATE=/etc/ssl/private/backup.key + +# memory limit for php in MB +MAX_PHP_MEMORY=64 + +# default MariaDB password +MARIADB_PASSWORD= + +# Directory where XMPP settings are stored +XMPP_DIRECTORY="/var/lib/prosody" + +# file containing a list of remote locations to backup to +# Format: [username@friendsdomain//home/username] [ssh_password] +# With the only space character being between the server and the password +FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list + +# list of encryption protocols +SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2" + +# list of ciphers to use. See bettercrypto.org recommendations +SSL_CIPHERS="EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA" + +# ssh ciphers +SSH_CIPHERS="Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr" +SSH_MACS="MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160" +SSH_KEX="KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1" + +# xmpp ciphers and curve +XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"' +XMPP_ECC_CURVE='"secp384r1"' + +# the default email address +MY_EMAIL_ADDRESS=$MY_USERNAME@$DOMAIN_NAME + +# optionally specify your name to appear on the blog +MY_NAME=$DOMAIN_NAME + +export DEBIAN_FRONTEND=noninteractive + +# logging level for Nginx +WEBSERVER_LOG_LEVEL='crit' + +# used to limit CPU usage +CPULIMIT='/usr/bin/cpulimit -l 20 -e' + +# command to create a git repository +CREATE_GIT_PROJECT_COMMAND='create-project' + +# File which keeps track of what has already been installed +COMPLETION_FILE=$HOME/freedombone-completed.txt +if [ ! -f $COMPLETION_FILE ]; then + touch $COMPLETION_FILE +fi + +# Your github username +GITHUB_USERNAME= + +# Directory where github projects will be backed up +GITHUB_BACKUP_DIRECTORY=/var/backups/github + +# Used to indicate whether the backup contains MariaDB databases or not +BACKUP_INCLUDES_DATABASES="no" + +# contains the mysql root password which +# is used for backups and repair +DATABASE_PASSWORD_FILE=/root/dbpass + +# log file where details of remote backups are stored +REMOTE_BACKUPS_LOG=/var/log/remotebackups.log + +# message if something fails to install +CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list." + +# cjdns settings +ENABLE_CJDNS="no" +CJDNS_PRIVATE_KEY= +CJDNS_PUBLIC_KEY= +CJDNS_IPV6= +CJDNS_PASSWORD= +CJDNS_PORT= + +function show_help { + echo '' + echo 'freedombone -d [domain] -u [username] -c [FreeDNS subdomain code] -s [system type]' + echo '' + echo ' -h --help Show help' + echo ' --bbb Installing on Beaglebone Black' + echo ' -u --user User to install the system as' + echo ' -d --domain Domain name' + echo ' -s --system System type' + echo ' --ip Static LAN IP address of the system' + echo ' --iprouter LAN IP address of the internet router' + echo ' --ddns Dynamic DNS provider domain' + echo ' --ddnsuser Dynamic DNS provider username' + echo ' --ddnspass Dynamic DNS provider password' + echo '' + echo ' -c --code FreeDNS code' + echo ' --microblogcode Microblog FreeDNS code' + echo ' --wikicode Wiki FreeDNS code' + echo ' --owncloudcode Owncloud FreeDNS code' + echo ' --redmatrixcode Redmatrix FreeDNS code' + echo ' --blogcode Blog FreeDNS code' + echo '' + echo ' --microblogdomain Microblog domain name' + echo ' --wikidomain Wiki domain name' + echo ' --blogdomain Blog domain name' + echo ' --ownclouddomain Owncloud domain name' + echo ' --redmatrixdomain Redmatrix domain name' + echo ' -t --time Domain used as a TLS time source' + echo ' --ssh ssh port number' + echo ' --list Public mailing list name' + echo ' --cores Number of CPU cores' + echo ' --name Your name' + echo ' --email Your email address' + echo ' --usb Path for the USB drive (eg. /dev/sdb1)' + echo ' --cjdns Enable CJDNS' + echo '' + echo 'system types' + echo '------------' + echo 'This can either be blank if you wish to install the full system,' + echo "or for more specialised variants you can specify '$VARIANT_MAILBOX', '$VARIANT_CLOUD'," + echo "'$VARIANT_CHAT', '$VARIANT_SOCIAL', '$VARIANT_MEDIA', '$VARIANT_TOR_DONGLE' or '$VARIANT_WRITER'." + echo "If you wish to install everything except email then use the '$VARIANT_NONMAILBOX' variaint." + echo '' +} + +function parse_args { + if [ ! $1 ]; then + show_help + exit 0 + fi + + while [[ $# > 1 ]] + do + key="$1" + + case $key in + -h|--help) + show_help + exit 0 + ;; + # username within /home + -u|--user) + MY_USERNAME="$1" + shift + ;; + # microblog domain name + --microblogdomain) + MICROBLOG_DOMAIN_NAME="$1" + shift + ;; + # microblog domain code (freedns) + --microblogcode) + MICROBLOG_FREEDNS_SUBDOMAIN_CODE="$1" + shift + ;; + # wiki domain name + --wikidomain) + WIKI_DOMAIN_NAME="$1" + shift + ;; + # wiki domain code (freedns) + --wikicode) + WIKI_FREEDNS_SUBDOMAIN_CODE="$1" + shift + ;; + # blog domain name + --blogdomain) + FULLBLOG_DOMAIN_NAME="$1" + shift + ;; + # blog domain code (freedns) + --blogcode) + FULLBLOG_FREEDNS_SUBDOMAIN_CODE="$1" + shift + ;; + # owncloud domain name + --ownclouddomain) + OWNCLOUD_DOMAIN_NAME="$1" + shift + ;; + # owncloud domain code (freedns) + --owncloudcode) + OWNCLOUD_FREEDNS_SUBDOMAIN_CODE="$1" + shift + ;; + # redmatrix domain name + --redmatrixdomain) + REDMATRIX_DOMAIN_NAME="$1" + shift + ;; + # redmatrix domain code (freedns) + --redmatrixcode) + REDMATRIX_FREEDNS_SUBDOMAIN_CODE="$1" + shift + ;; + # default domain name + -d|--domain) + DOMAIN_NAME="$1" + shift + ;; + # default domain code (freedns) + -c|--code) + FREEDNS_SUBDOMAIN_CODE="$1" + shift + ;; + # The type of system + -s|--system) + SYSTEM_TYPE="$1" + shift + ;; + # The dynamic DNS provider + --ddns) + DDNS_PROVIDER="$1" + shift + ;; + # Username for the synamic DNS provider + --ddnsuser) + DDNS_USERNAME="$1" + shift + ;; + # Password for the synamic DNS provider + --ddnspass) + DDNS_PASSWORD="$1" + shift + ;; + # Whether this installation is on a Beaglebone Black + --bbb) + INSTALLING_ON_BBB="$1" + shift + ;; + # Domain name to use as a TLS time source + -t|--time) + TLS_TIME_SOURCE1="$1" + shift + ;; + # Static IP address for the system + --ip) + LOCAL_NETWORK_STATIC_IP_ADDRESS=$1 + shift + ;; + # IP address for the internet router + --iprouter) + ROUTER_IP_ADDRESS=$1 + shift + ;; + # ssh port + --ssh) + SSH_PORT=$1 + shift + ;; + # public mailing list name + --list) + PUBLIC_MAILING_LIST="$1" + shift + ;; + # Number of CPU cores + --cores) + CPU_CORES=$1 + shift + ;; + # my name + --name) + MY_NAME="$1" + shift + ;; + # my email address + --email) + MY_EMAIL_ADDRESS="$1" + shift + ;; + # USB drive + --usb) + USB_DRIVE=$1 + shift + ;; + # Enable CJDNS + --cjdns) + ENABLE_CJDNS="yes" + shift + ;; + *) + # unknown option + ;; + esac + shift + done + + if [ ! -d /home/$MY_USERNAME ]; then + echo "There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user." + exit 1 + fi + if [ ! $DOMAIN_NAME ]; then + show_help + exit 2 + fi + if [ ! $MY_USERNAME ]; then + show_help + exit 3 + fi + if [ ! $DDNS_USERNAME ]; then + echo 'Please provide the username for your dynamic DNS provider with the --ddnsuser option' + exit 7823 + fi + if [ ! $DDNS_PASSWORD ]; then + echo 'Please provide the password for your dynamic DNS provider with the --ddnspass option' + exit 6382 + fi + if [[ $DDNS_PROVIDER == "freedns.afraid.org" ]]; then + if [ ! $FREEDNS_SUBDOMAIN_CODE ]; then + show_help + exit 4 + fi + fi + if [[ $SYSTEM_TYPE != $VARIANT_WRITER && $SYSTEM_TYPE != $VARIANT_CLOUD && $SYSTEM_TYPE != $VARIANT_CHAT && $SYSTEM_TYPE != $VARIANT_MAILBOX && $SYSTEM_TYPE != $VARIANT_NONMAILBOX && $SYSTEM_TYPE != $VARIANT_SOCIAL && $SYSTEM_TYPE != $VARIANT_MEDIA && $SYSTEM_TYPE != $VARIANT_TOR_DONGLE ]]; then + echo "'$SYSTEM_TYPE' is an unrecognised Freedombone variant." + exit 30 + fi +} + +function read_configuration { + # if not installing on a Beaglebone then use sdb as the USB drive by default + if [ ! $INSTALLING_ON_BBB ]; then + if [[ $USB_DRIVE == /dev/sda1 ]]; then + USB_DRIVE=/dev/sdb1 + fi + fi + + if [ -f $CONFIGURATION_FILE ]; then + if grep -q "DDNS_PROVIDER" $CONFIGURATION_FILE; then + DDNS_PROVIDER=$(grep "DDNS_PROVIDER" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "DDNS_USERNAME" $CONFIGURATION_FILE; then + DDNS_USERNAME=$(grep "DDNS_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "DDNS_PASSWORD" $CONFIGURATION_FILE; then + DDNS_PASSWORD=$(grep "DDNS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE; then + LOCAL_NETWORK_STATIC_IP_ADDRESS=$(grep "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "ENABLE_CJDNS" $CONFIGURATION_FILE; then + ENABLE_CJDNS=$(grep "ENABLE_CJDNS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "CJDNS_IPV6" $CONFIGURATION_FILE; then + CJDNS_IPV6=$(grep "CJDNS_IPV6" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE; then + CJDNS_PUBLIC_KEY=$(grep "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE; then + CJDNS_PRIVATE_KEY=$(grep "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "BACKUP_CERTIFICATE" $CONFIGURATION_FILE; then + BACKUP_CERTIFICATE=$(grep "BACKUP_CERTIFICATE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE; then + ROUTER_IP_ADDRESS=$(grep "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "GITHUB_USERNAME" $CONFIGURATION_FILE; then + GITHUB_USERNAME=$(grep "GITHUB_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "GITHUB_BACKUP_DIRECTORY" $CONFIGURATION_FILE; then + GITHUB_BACKUP_DIRECTORY=$(grep "GITHUB_BACKUP_DIRECTORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "CPU_CORES" $CONFIGURATION_FILE; then + CPU_CORES=$(grep "CPU_CORES" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE; then + WEBSERVER_LOG_LEVEL=$(grep "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE; then + ROUTE_THROUGH_TOR=$(grep "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "WIKI_TITLE" $CONFIGURATION_FILE; then + WIKI_TITLE=$(grep "WIKI_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MY_NAME" $CONFIGURATION_FILE; then + MY_NAME=$(grep "MY_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE; then + MY_EMAIL_ADDRESS=$(grep "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "INSTALLING_ON_BBB" $CONFIGURATION_FILE; then + INSTALLING_ON_BBB=$(grep "INSTALLING_ON_BBB" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "SSH_PORT" $CONFIGURATION_FILE; then + SSH_PORT=$(grep "SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE; then + INSTALLED_WITHIN_DOCKER=$(grep "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE; then + PUBLIC_MAILING_LIST=$(grep "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then + MICROBLOG_DOMAIN_NAME=$(grep "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MICROBLOG_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE; then + MICROBLOG_FREEDNS_SUBDOMAIN_CODE=$(grep "MICROBLOG_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "REDMATRIX_DOMAIN_NAME" $CONFIGURATION_FILE; then + REDMATRIX_DOMAIN_NAME=$(grep "REDMATRIX_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "REDMATRIX_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE; then + REDMATRIX_FREEDNS_SUBDOMAIN_CODE=$(grep "REDMATRIX_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE; then + OWNCLOUD_DOMAIN_NAME=$(grep "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "OWNCLOUD_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE; then + OWNCLOUD_FREEDNS_SUBDOMAIN_CODE=$(grep "OWNCLOUD_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE; then + WIKI_DOMAIN_NAME=$(grep "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "WIKI_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE; then + WIKI_FREEDNS_SUBDOMAIN_CODE=$(grep "WIKI_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then + FULLBLOG_DOMAIN_NAME=$(grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "FULLBLOG_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE; then + FULLBLOG_FREEDNS_SUBDOMAIN_CODE=$(grep "FULLBLOG_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MY_BLOG_TITLE" $CONFIGURATION_FILE; then + MY_BLOG_TITLE=$(grep "MY_BLOG_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE; then + MY_BLOG_SUBTITLE=$(grep "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE; then + GPG_ENCRYPT_STORED_EMAIL=$(grep "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE; then + MY_GPG_PUBLIC_KEY=$(grep "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE; then + MY_GPG_PRIVATE_KEY=$(grep "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE; then + MY_GPG_PUBLIC_KEY_ID=$(grep "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "USB_DRIVE" $CONFIGURATION_FILE; then + USB_DRIVE=$(grep "USB_DRIVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "MAX_PHP_MEMORY" $CONFIGURATION_FILE; then + MAX_PHP_MEMORY=$(grep "MAX_PHP_MEMORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "TLS_TIME_SOURCE1" $CONFIGURATION_FILE; then + TLS_TIME_SOURCE1=$(grep "TLS_TIME_SOURCE1" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "TLS_TIME_SOURCE2" $CONFIGURATION_FILE; then + TLS_TIME_SOURCE2=$(grep "TLS_TIME_SOURCE2" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + fi +} + +function install_not_on_BBB { + if grep -Fxq "install_not_on_BBB" $COMPLETION_FILE; then + return + fi + if [[ INSTALLING_ON_BBB == "yes" ]]; then + return + fi + + echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces + echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# The loopback network interface' >> /etc/network/interfaces + echo 'auto lo' >> /etc/network/interfaces + echo 'iface lo inet loopback' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# The primary network interface' >> /etc/network/interfaces + echo 'auto eth0' >> /etc/network/interfaces + echo 'iface eth0 inet static' >> /etc/network/interfaces + echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces + echo ' netmask 255.255.255.0' >> /etc/network/interfaces + echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces + echo ' dns-nameservers 213.73.91.35 85.214.20.141' >> /etc/network/interfaces + echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces + echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# The secondary network interface' >> /etc/network/interfaces + echo '#auto eth1' >> /etc/network/interfaces + echo '#iface eth1 inet dhcp' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# WiFi Example' >> /etc/network/interfaces + echo '#auto wlan0' >> /etc/network/interfaces + echo '#iface wlan0 inet dhcp' >> /etc/network/interfaces + echo '# wpa-ssid "essid"' >> /etc/network/interfaces + echo '# wpa-psk "password"' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces + echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces + echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces + echo '#iface usb0 inet static' >> /etc/network/interfaces + echo '# address 192.168.7.2' >> /etc/network/interfaces + echo '# netmask 255.255.255.0' >> /etc/network/interfaces + echo '# network 192.168.7.0' >> /etc/network/interfaces + echo '# gateway 192.168.7.1' >> /etc/network/interfaces + + echo 'install_not_on_BBB' >> $COMPLETION_FILE +} + +function get_cjdns_public_key { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "cjdns public key" /home/$MY_USERNAME/README; then + if [ ! $CJDNS_PUBLIC_KEY ]; then + CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi + fi +} + +function get_cjdns_private_key { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "cjdns private key" /home/$MY_USERNAME/README; then + if [ ! $CJDNS_PRIVATE_KEY ]; then + CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi + fi +} + +function get_cjdns_ipv6_address { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then + if [ ! $CJDNS_IPV6 ]; then + CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi + fi +} + +function get_cjdns_port { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "cjdns port" /home/$MY_USERNAME/README; then + if [ ! $CJDNS_PORT ]; then + CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi + fi +} + +function get_cjdns_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "cjdns password" /home/$MY_USERNAME/README; then + if [ ! $CJDNS_PASSWORD ]; then + CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi + fi +} + +function install_cjdns { + if grep -Fxq "install_cjdns" $COMPLETION_FILE; then + return + fi + if [[ $ENABLE_CJDNS != "yes" ]]; then + return + fi + apt-get -y install nodejs git build-essential nmap + + # if a README exists then obtain the cjdns parameters + get_cjdns_ipv6_address + get_cjdns_public_key + get_cjdns_private_key + get_cjdns_port + get_cjdns_password + + # special compile settings for running ./do on the Beaglebone Black + if [[ $INSTALLING_ON_BBB == "yes" ]]; then + CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized" + export LDFLAGS="$CFLAGS" + fi + + if [ ! -d /etc/cjdns ]; then + git clone https://github.com/cjdelisle/cjdns.git /etc/cjdns + cd /etc/cjdns + ./do + if [ ! "$?" = "0" ]; then + exit 7439 + fi + # create a configuration + if [ ! -f /etc/cjdns/cjdroute.conf ]; then + ./cjdroute --genconf > /etc/cjdns/cjdroute.conf + if [ ! "$?" = "0" ]; then + exit 5922 + fi + fi + # create a user to run as + useradd cjdns + else + cd /etc/cjdns + git pull + ./do + if [ ! "$?" = "0" ]; then + exit 9926 + fi + fi + + # set permissions + chown -R cjdns:cjdns /etc/cjdns + chmod 600 /etc/cjdns/cjdroute.conf + + /sbin/ip tuntap add mode tun user cjdns dev cjdroute0 + + # insert values into the configuration file + if [ $CJDNS_PRIVATE_KEY ]; then + sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf + else + CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p) + fi + if [ $CJDNS_PUBLIC_KEY ]; then + sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf + else + CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p) + fi + if [ $CJDNS_IPV6 ]; then + sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf + else + CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p) + fi + if [ $CJDNS_PASSWORD ]; then + sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf + else + CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p) + fi + if [ $CJDNS_PORT ]; then + sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf + else + CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p) + fi + + # endure that ipv6 is enabled and can route + sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf + #sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf + #sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf + sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + + echo '#!/bin/sh -e' > /etc/init.d/cjdns + echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns + echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns + echo '# Provides: cjdroute' >> /etc/init.d/cjdns + echo '# Required-Start: $remote_fs $network' >> /etc/init.d/cjdns + echo '# Required-Stop: $remote_fs $network' >> /etc/init.d/cjdns + echo '# Default-Start: 2 3 4 5' >> /etc/init.d/cjdns + echo '# Default-Stop: 0 1 6' >> /etc/init.d/cjdns + echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns + echo '# Description: A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns + echo '# cjdns git repo: https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns + echo '### END INIT INFO' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo 'PROG="cjdroute"' >> /etc/init.d/cjdns + echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns + echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns + echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns + echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns + echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo 'start() {' >> /etc/init.d/cjdns + echo ' # Start it up with the user cjdns' >> /etc/init.d/cjdns + echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns + echo ' then' >> /etc/init.d/cjdns + echo ' echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns + echo ' else' >> /etc/init.d/cjdns + echo ' echo " * Starting cjdroute"' >> /etc/init.d/cjdns + echo ' su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns + echo ' /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns + echo ' /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns + echo ' /sbin/ip link set tun0 up' >> /etc/init.d/cjdns + echo ' /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns + echo ' fi' >> /etc/init.d/cjdns + echo '}' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo 'stop() {' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo ' if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns + echo ' then' >> /etc/init.d/cjdns + echo ' echo "cjdns isnt running."' >> /etc/init.d/cjdns + echo ' else' >> /etc/init.d/cjdns + echo ' echo "Killing cjdroute"' >> /etc/init.d/cjdns + echo ' killall cjdroute' >> /etc/init.d/cjdns + echo ' fi' >> /etc/init.d/cjdns + echo '}' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo 'status() {' >> /etc/init.d/cjdns + echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns + echo ' then' >> /etc/init.d/cjdns + echo ' echo "Cjdns is running"' >> /etc/init.d/cjdns + echo ' else' >> /etc/init.d/cjdns + echo ' echo "Cjdns is not running"' >> /etc/init.d/cjdns + echo ' fi' >> /etc/init.d/cjdns + echo '}' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo ' update() {' >> /etc/init.d/cjdns + echo ' cd $GIT_PATH' >> /etc/init.d/cjdns + echo ' echo "Updating..."' >> /etc/init.d/cjdns + echo ' git pull' >> /etc/init.d/cjdns + echo ' ./do' >> /etc/init.d/cjdns + echo '}' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns + echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns + echo ' echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns + echo ' exit 1' >> /etc/init.d/cjdns + echo 'fi' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo 'case $1 in' >> /etc/init.d/cjdns + echo ' start)' >> /etc/init.d/cjdns + echo ' start' >> /etc/init.d/cjdns + echo ' exit 0' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo ' stop)' >> /etc/init.d/cjdns + echo ' stop' >> /etc/init.d/cjdns + echo ' exit 0' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo ' reload|restart|force-reload)' >> /etc/init.d/cjdns + echo ' stop' >> /etc/init.d/cjdns + echo ' sleep 1' >> /etc/init.d/cjdns + echo ' start' >> /etc/init.d/cjdns + echo ' exit 0' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo ' status)' >> /etc/init.d/cjdns + echo ' status' >> /etc/init.d/cjdns + echo ' exit 0' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo ' update|upgrade)' >> /etc/init.d/cjdns + echo ' update' >> /etc/init.d/cjdns + echo ' stop' >> /etc/init.d/cjdns + echo ' sleep 2' >> /etc/init.d/cjdns + echo ' start' >> /etc/init.d/cjdns + echo ' exit 0' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo ' **)' >> /etc/init.d/cjdns + echo ' echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns + echo ' exit 1' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo 'esac' >> /etc/init.d/cjdns + chmod +x /etc/init.d/cjdns + update-rc.d cjdns defaults + service cjdns start + if [ ! "$?" = "0" ]; then + systemctl status cjdns.service + exit 8260 + fi + + apt-get -y install radvd + echo 'interface eth0' > /etc/radvd.conf + echo '{' >> /etc/radvd.conf + echo ' AdvSendAdvert on;' >> /etc/radvd.conf + echo ' prefix fdfc::1/64' >> /etc/radvd.conf + echo ' {' >> /etc/radvd.conf + echo ' AdvRouterAddr on;' >> /etc/radvd.conf + echo ' };' >> /etc/radvd.conf + echo '};' >> /etc/radvd.conf + service radvd restart + if [ ! "$?" = "0" ]; then + systemctl status radvd.service + exit 4395 + fi + + if ! grep -q "# Mesh network" /etc/network/interfaces; then + echo '' >> /etc/network/interfaces + echo '# Mesh network' >> /etc/network/interfaces + echo 'iface eth0 inet6 static' >> /etc/network/interfaces + echo ' pre-up modprobe ipv6' >> /etc/network/interfaces + echo ' address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces + echo ' netmask 64' >> /etc/network/interfaces + service networking restart + if [ ! "$?" = "0" ]; then + systemctl status networking.service + exit 6949 + fi + fi + + ip6tables -A INPUT -i eth0 -p udp --dport $CJDNS_PORT -j ACCEPT + ip6tables -A INPUT -i eth0 -p tcp --dport $CJDNS_PORT -j ACCEPT + save_firewall_settings + + if ! grep -q "Mesh Networking" /home/$MY_USERNAME/README; then + CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}') + + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Mesh Networking' >> /home/$MY_USERNAME/README + echo '===============' >> /home/$MY_USERNAME/README + echo "cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README + echo "cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README + echo "cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README + echo "cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README + echo "cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo "Forward port $CJDNS_PORT from your internet router to the Freedombone" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README + echo 'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README + echo 'to you using your default password' >> /home/$MY_USERNAME/README + echo 'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README + echo 'so that leaks can be isolated.' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README + echo 'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README + echo 'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README + echo 'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README + echo 'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README + echo 'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README + echo 'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README + echo 'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README + echo 'each password is for.' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README + echo ' http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README + echo ' http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + echo 'install_cjdns' >> $COMPLETION_FILE +} + +function install_cjdns_tools { + if grep -Fxq "install_cjdns_tools" $COMPLETION_FILE; then + return + fi + if [[ $ENABLE_CJDNS != "yes" ]]; then + return + fi + if [ ! -d /etc/cjdns ]; then + install_cjdns + fi + + apt-get -y install golang mercurial + if [ ! -f ~/.bashrc ]; then + touch ~/.bashrc + fi + if ! grep -q "export GOPATH=" ~/.bashrc; then + echo 'export GOPATH=$HOME/projects/go' >> ~/.bashrc + fi + if ! grep -q "export PATH=$PATH:$HOME/projects/go/bin" ~/.bashrc; then + echo 'export PATH=$PATH:$HOME/projects/go/bin' >> ~/.bashrc + fi + . ~/.bashrc + export GOPATH=$HOME/projects/go + export PATH=$PATH:$HOME/projects/go/bin + go get github.com/inhies/cjdcmd + if [ ! -f $HOME/projects/go/bin/cjdcmd ]; then + echo 'cjdcmd was not compiled. Check your golang installation' + exit 7439 + fi + cp $HOME/projects/go/bin/cjdcmd /usr/bin + + # initialise from the cjdns config + /usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf + + echo 'install_cjdns_tools' >> $COMPLETION_FILE +} + +function check_hwrng { + # If hardware random number generation was enabled then make sure that the device exists. + # if /dev/hwrng is not found then any subsequent cryptographic key generation would + # suffer from low entropy and might be insecure + if [ ! -f /etc/default/rng-tools ]; then + return + fi + if [ ! -e /dev/hwrng ]; then + ls /dev/hw* + echo 'The hardware random number generator is enabled but could not be detected on' + echo '/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.' + exit 75 + fi +} + +function get_mariadb_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "MariaDB password" /home/$MY_USERNAME/README; then + if [ -f $DATABASE_PASSWORD_FILE ]; then + MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE) + else + MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//') + echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE + chmod 600 $DATABASE_PASSWORD_FILE + fi + fi + fi +} + +function get_mariadb_gnusocial_admin_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "MariaDB gnusocial admin password" /home/$MY_USERNAME/README; then + MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi +} + +function get_mariadb_redmatrix_admin_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "MariaDB Red Matrix admin password" /home/$MY_USERNAME/README; then + REDMATRIX_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB Red Matrix admin password" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi +} + +function get_mariadb_owncloud_admin_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "Owncloud database password" /home/$MY_USERNAME/README; then + OWNCLOUD_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Owncloud database password" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi +} + +# For rsyncrypto usage see http://archive09.linux.com/feature/125322 +function create_backup_script { + if grep -Fxq "create_backup_script" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install rsyncrypto + + get_mariadb_password + get_mariadb_gnusocial_admin_password + get_mariadb_redmatrix_admin_password + get_mariadb_owncloud_admin_password + + echo '#!/bin/bash' > /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -b $USB_DRIVE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Please attach a USB drive"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 1' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mount $USB_DRIVE $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT/backup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir $USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT/backup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " echo 'There was a problem making the directory $USB_MOUNT/backup.'" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 27' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Creating backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' makecert backup' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo "if [ ! -f $BACKUP_CERTIFICATE.gpg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "GPG encrypt the backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " gpg -c $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "cp $BACKUP_CERTIFICATE.gpg $USB_MOUNT/backup/key.gpg" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# MariaDB password' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then + BACKUP_INCLUDES_DATABASES="yes" + echo "if [ ! -d $USB_MOUNT/backup/gnusocial ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/gnusocial" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT/backup/gnusocialdata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/gnusocialdata" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d /root/tempgnusocialdata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p /root/tempgnusocialdata" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'echo "Obtaining GNU Social database backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'mysqldump --password=$DATABASE_PASSWORD gnusocial > /root/tempgnusocialdata/gnusocial.sql' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -s /root/tempgnusocialdata/gnusocial.sql ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "GNU social database could not be saved"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " fi" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' shred -zu /root/tempgnusocialdata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 296' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "fi" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /root/tempgnusocialdata $USB_MOUNT/backup/gnusocialdata $USB_MOUNT/backup/gnusocialdata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 853' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'shred -zu /root/tempgnusocialdata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'rm -rf /root/tempgnusocialdata' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'echo "Backing up GNU social installation"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /var/www/$MICROBLOG_DOMAIN_NAME/htdocs $USB_MOUNT/backup/gnusocial $USB_MOUNT/backup/gnusocial.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 846' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + fi + if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then + BACKUP_INCLUDES_DATABASES="yes" + echo "if [ ! -d $USB_MOUNT/backup/redmatrix ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/redmatrix" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT/backup/redmatrixdata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/redmatrixdata" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d /root/tempredmatrixdata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p /root/tempredmatrixdata" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'echo "Obtaining Red Matrix database backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'mysqldump --password=$DATABASE_PASSWORD redmatrix > /root/tempredmatrixdata/redmatrix.sql' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -s /root/tempredmatrixdata/redmatrix.sql ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Red Matrix database could not be saved"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " fi" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' shred -zu /root/tempredmatrixdata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 378' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "fi" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /root/tempredmatrixdata $USB_MOUNT/backup/redmatrixdata $USB_MOUNT/backup/redmatrixdata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 285' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'shred -zu /root/tempredmatrixdata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'rm -rf /root/tempredmatrixdata' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'echo "Backing up Red Matrix installation"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /var/www/$REDMATRIX_DOMAIN_NAME/htdocs $USB_MOUNT/backup/redmatrix $USB_MOUNT/backup/redmatrix.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 593' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + fi + if grep -Fxq "install_owncloud" $COMPLETION_FILE; then + BACKUP_INCLUDES_DATABASES="yes" + echo "if [ ! -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/owncloud" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT/backup/owncloud2 ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/owncloud2" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT/backup/ownclouddata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/ownclouddata" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d /root/tempownclouddata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p /root/tempownclouddata" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'mysqldump --password=$DATABASE_PASSWORD owncloud > /root/tempownclouddata/owncloud.sql' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -s /root/tempownclouddata/owncloud.sql ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Owncloud database could not be saved"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " fi" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' shred -zu /root/tempownclouddata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 377' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "fi" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /root/tempownclouddata $USB_MOUNT/backup/ownclouddata $USB_MOUNT/backup/ownclouddata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 188' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'shred -zu /root/tempownclouddata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'rm -rf /root/tempownclouddata' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'echo "Obtaining Owncloud data backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /var/lib/owncloud $USB_MOUNT/backup/owncloud $USB_MOUNT/backup/owncloud.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 632' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /etc/owncloud $USB_MOUNT/backup/owncloud2 $USB_MOUNT/backup/owncloud2.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 632' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + fi + if grep -Fxq "install_wiki" $COMPLETION_FILE; then + echo "if [ ! -d $USB_MOUNT/backup/wiki ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/wiki" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT/backup/wiki2 ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/wiki2" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'echo "Obtaining wiki data backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /var/lib/dokuwiki $USB_MOUNT/backup/wiki $USB_MOUNT/backup/wiki.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 964' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /etc/dokuwiki $USB_MOUNT/backup/wiki2 $USB_MOUNT/backup/wiki2.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 964' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + fi + if grep -Fxq "install_blog" $COMPLETION_FILE; then + echo "if [ ! -d $USB_MOUNT/backup/blog ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/blog" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'echo "Obtaining blog backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /var/www/$FULLBLOG_DOMAIN_NAME/htdocs $USB_MOUNT/backup/blog $USB_MOUNT/backup/blog.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 854' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + fi + if grep -Fxq "install_cjdns" $COMPLETION_FILE; then + echo "if [ ! -d $USB_MOUNT/backup/cjdns ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/cjdns" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'echo "Obtaining cjdns backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /etc/cjdns $USB_MOUNT/backup/blog $USB_MOUNT/backup/cjdns.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 7438' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + fi + + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '# Backup certificates' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -d /etc/ssl ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up certificates"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/ssl ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/ssl" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /etc/ssl $USB_MOUNT/backup/ssl $USB_MOUNT/backup/ssl.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 343' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup projects' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -d /home/$MY_USERNAME/projects ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up projects"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/projects ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/projects" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /home/$MY_USERNAME/projects $USB_MOUNT/backup/projects $USB_MOUNT/backup/projects.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 873' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup personal settings' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -d /home/$MY_USERNAME/personal ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up personal settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/personal ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/personal" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /home/$MY_USERNAME/personal $USB_MOUNT/backup/personal $USB_MOUNT/backup/personal.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 649' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup the public mailing list' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up the public mailing list"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/mailinglist ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/mailinglist" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r $PUBLIC_MAILING_LIST_DIRECTORY $USB_MOUNT/backup/mailinglist $USB_MOUNT/backup/mailinglist.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 938' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup xmpp settings' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up the XMPP settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/xmpp ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/xmpp" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r $XMPP_DIRECTORY $USB_MOUNT/backup/xmpp $USB_MOUNT/backup/xmpp.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 593' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup gpg keys' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -d /home/$MY_USERNAME/.gnupg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up gpg keys"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/gnupg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/gnupg" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /home/$MY_USERNAME/.gnupg $USB_MOUNT/backup/gnupg $USB_MOUNT/backup/gnupg.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 491' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup ssh keys' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -d /home/$MY_USERNAME/.ssh ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up ssh keys"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/ssh ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/ssh" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /home/$MY_USERNAME/.ssh $USB_MOUNT/backup/ssh $USB_MOUNT/backup/ssh.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 731' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup web sites' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -d /etc/nginx ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up web settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/web ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/web" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /etc/nginx/sites-available $USB_MOUNT/backup/web $USB_MOUNT/backup/web.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 848' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup README file' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -f /home/$MY_USERNAME/README ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up README"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/readme ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/readme" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " cp -f /home/$MY_USERNAME/README /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup $USB_MOUNT/backup/readme $USB_MOUNT/backup/readme.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 848' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup Mutt settings' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -f /home/$MY_USERNAME/.muttrc ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up Mutt settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " cp /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ -f /etc/Muttrc ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " cp /etc/Muttrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/mutt ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/mutt" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup $USB_MOUNT/backup/mutt $USB_MOUNT/backup/mutt.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 492' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup procmail settings' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -f /home/$MY_USERNAME/.procmailrc ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up procmail settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " cp /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/procmail ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/procmail" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup $USB_MOUNT/backup/procmail $USB_MOUNT/backup/procmail.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 492' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup email' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -d /home/$MY_USERNAME/Maildir ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up emails"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/mail ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/mail" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /home/$MY_USERNAME/Maildir $USB_MOUNT/backup/mail $USB_MOUNT/backup/mail.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 396' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + echo '# Backup DLNA cache' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Backing up DLNA cache"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " if [ ! -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/dlna" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rsyncrypto -v -r /var/cache/minidlna $USB_MOUNT/backup/dlna $USB_MOUNT/backup/dlna.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 498' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + + if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then + echo '# Mysql settings' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT/backup/mariadb ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " mkdir -p $USB_MOUNT/backup/mariadb" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! -d /root/tempmariadb ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' mkdir /root/tempmariadb' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'mysqldump --password=$DATABASE_PASSWORD mysql user > /root/tempmariadb/mysql.sql' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "if [ ! -s /root/tempmariadb/mysql.sql ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' echo "Unable to backup mysql settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' rm -rf /root/tempmariadb' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 653' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'echo "$DATABASE_PASSWORD" > /root/tempmariadb/db' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'chmod 400 /root/tempmariadb/db' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rsyncrypto -v -r /root/tempmariadb $USB_MOUNT/backup/mariadb $USB_MOUNT/backup/mariadb.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo ' exit 794' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'shred -zu /root/tempmariadb/*' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'rm -rf /root/tempmariadb' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME + fi + + echo 'sync' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo "rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'echo "Backup to USB drive is complete. You can now unplug it."' >> /usr/bin/$BACKUP_SCRIPT_NAME + echo 'exit 0' >> /usr/bin/$BACKUP_SCRIPT_NAME + chmod 400 /usr/bin/$BACKUP_SCRIPT_NAME + chmod +x /usr/bin/$BACKUP_SCRIPT_NAME + + echo 'create_backup_script' >> $COMPLETION_FILE +} + +function create_restore_script { + if grep -Fxq "create_restore_script" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install rsyncrypto + + get_mariadb_password + get_mariadb_gnusocial_admin_password + get_mariadb_redmatrix_admin_password + get_mariadb_owncloud_admin_password + + echo '#!/bin/bash' > /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "if [ ! -b $USB_DRIVE ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Please attach a USB drive"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 1' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " mkdir $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " mount $USB_DRIVE $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "if [ ! -d $USB_MOUNT/backup ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "No backup directory found on the USB drive."' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 2' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo 'echo "Checking that user exists"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "if [ ! -d /home/$MY_USERNAME ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " echo 'Username $MY_USERNAME not found. Reinstall Freedombone with this username.'" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 295' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo 'echo "Copying GPG keys to root"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "cp -r /home/$MY_USERNAME/.gnupg /root" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -f $USB_MOUNT/backup/key.gpg ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " if [ -f $BACKUP_CERTIFICATE.new ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm $BACKUP_CERTIFICATE.new" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp $USB_MOUNT/backup/key.gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " if [ -f /root/tempbackupkey ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Backup key decrypted"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp /root/tempbackupkey $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " shred -zu /root/tempbackupkey" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " chmod 400 $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Backup certificate installed"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' else' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Unable to decrypt the backup key"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 735' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " echo 'No backup key was found. Copy your backup key to $BACKUP_CERTIFICATE'" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 563' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '# MariaDB password' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo '# Make a backup of the original README file' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '# incase old passwords need to be used' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "if [ -f /home/$MY_USERNAME/README ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " if [ ! -f /home/$MY_USERNAME/README_original ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp /home/$MY_USERNAME/README /home/$MY_USERNAME/README_original" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then + echo "if [ -d $USB_MOUNT/backup/mariadb ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring mysql settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -d /root/tempmariadb ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempmariadb' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/mariadb /root/tempmariadb $USB_MOUNT/backup/mariadb.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Get the MariaDB password from the backup"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -f /root/tempmariadb/usb/backup/mariadb/tempmariadb/db ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "MariaDB password file not found"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 495' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' BACKUP_MARIADB_PASSWORD=$(cat /root/tempmariadb/usb/backup/mariadb/tempmariadb/db)' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [[ $BACKUP_MARIADB_PASSWORD != $DATABASE_PASSWORD ]]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restore the MariaDB user table"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD mysql -o < /root/tempmariadb/usb/backup/mariadb/tempmariadb/mysql.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Try again using the password obtained from backup"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mysqlsuccess=$(mysql -u root --password=$BACKUP_MARIADB_PASSWORD mysql -o < /root/tempmariadb/usb/backup/mariadb/tempmariadb/mysql.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 962' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restarting database"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' service mysql restart' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Change the MariaDB password to the backup version"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' DATABASE_PASSWORD=$BACKUP_MARIADB_PASSWORD' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' shred -zu /root/tempmariadb/usb/backup/mariadb/tempmariadb/db' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempmariadb' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' # Change database password file' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo -n ' echo "$DATABASE_PASSWORD" > ' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "$DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " chmod 600 $DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + fi + + echo "if [ -d $USB_MOUNT/backup/mutt ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring Mutt settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempmutt' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/mutt /root/tempmutt $USB_MOUNT/backup/mutt.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " if [ -f /root/tempmutt/usb/backup/mutt/$MY_USERNAME/tempbackup/.muttrc ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -f /root/tempmutt/usb/backup/mutt/$MY_USERNAME/tempbackup/.muttrc /home/$MY_USERNAME/.muttrc" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " if [ -f /root/tempmutt/usb/backup/mutt/$MY_USERNAME/tempbackup/Muttrc ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -f /root/tempmutt/usb/backup/mutt/$MY_USERNAME/tempbackup/Muttrc /etc/Muttrc" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $USB_MOUNT/backup/gnupg ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring gnupg settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempgnupg' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/gnupg /root/tempgnupg $USB_MOUNT/backup/gnupg.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempgnupg/usb/backup/gnupg/$MY_USERNAME/.gnupg /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /home/$MY_USERNAME/.gnupg /root" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 283' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $USB_MOUNT/backup/procmail ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring procmail settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempprocmail' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/procmail /root/tempprocmail $USB_MOUNT/backup/procmail.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -f /root/tempprocmail/usb/backup/procmail/$MY_USERNAME/tempbackup/.procmailrc /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $USB_MOUNT/backup/readme ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring README"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempreadme' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/readme /root/tempreadme $USB_MOUNT/backup/readme.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -f /root/tempreadme/usb/backup/readme/$MY_USERNAME/tempbackup/README /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $USB_MOUNT/backup/ssh ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring ssh keys"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempssh' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/ssh /root/tempssh $USB_MOUNT/backup/ssh.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempssh/usb/backup/ssh/$MY_USERNAME/.ssh /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 664' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $USB_MOUNT/backup/ssl ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring certificates"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempssl' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/ssl /root/tempssl $USB_MOUNT/backup/ssl.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' cp -r /root/tempssl/usb/backup/ssl/ssl/* /etc/ssl' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempssl' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $USB_MOUNT/backup/projects ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring projects"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempprojects' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/projects /root/tempprojects $USB_MOUNT/backup/projects.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " if [ -d /home/$MY_USERNAME/projects ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /home/$MY_USERNAME/projects' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " mv /root/tempprojects/usb/backup/projects/$MY_USERNAME/projects /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 166' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempprojects' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $USB_MOUNT/backup/personal ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring personal settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/temppersonal' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/personal /root/temppersonal $USB_MOUNT/backup/personal.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " if [ -d /home/$MY_USERNAME/personal ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /home/$MY_USERNAME/personal' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " mv /root/temppersonal/usb/backup/personal/$MY_USERNAME/personal /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 184' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/temppersonal' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring public mailing list"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempmailinglist' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/mailinglist /root/tempmailinglist $USB_MOUNT/backup/mailinglist.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempmailinglist/usb/backup/mailinglist/spool/mlmmj/* $PUBLIC_MAILING_LIST_DIRECTORY" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 526' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempmailinglist' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring XMPP settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempxmpp' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/xmpp /root/tempxmpp $USB_MOUNT/backup/xmpp.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempxmpp/usb/backup/xmpp/lib/prosody/* $XMPP_DIRECTORY" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 725' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempxmpp' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' service prosody restart' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' chown -R prosody:prosody /var/lib/prosody/*' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + BACKUP_INCLUDES_WEBSITES="no" + + if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then + BACKUP_INCLUDES_WEBSITES="yes" + echo "if [ -d $USB_MOUNT/backup/gnusocial ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring microblog database"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -d /root/tempgnusocialdata ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempgnusocialdata' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/gnusocialdata /root/tempgnusocialdata $USB_MOUNT/backup/gnusocialdata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -f /root/tempgnusocialdata/usb/backup/gnusocialdata/tempgnusocialdata/gnusocial.sql ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Unable to restore microblog database"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 503' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD gnusocial -o < /root/tempgnusocialdata/usb/backup/gnusocialdata/tempgnusocialdata/gnusocial.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 964' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' shred -zu /root/tempgnusocialdata/usb/backup/gnusocialdata/tempgnusocialdata/*' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring microblog installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -d /root/tempgnusocial ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempgnusocial' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/gnusocial /root/tempgnusocial $USB_MOUNT/backup/gnusocial.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf /var/www/$MICROBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " mv /root/tempgnusocial/usb/backup/gnusocial/www/$MICROBLOG_DOMAIN_NAME/htdocs /var/www/$MICROBLOG_DOMAIN_NAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 683' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempgnusocial' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + fi + + if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then + BACKUP_INCLUDES_WEBSITES="yes" + echo "if [ -d $USB_MOUNT/backup/redmatrix ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring Red Matrix database"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -d /root/tempredmatrixdata ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempredmatrixdata' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/redmatrixdata /root/tempredmatrixdata $USB_MOUNT/backup/redmatrixdata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -f /root/tempredmatrixdata/usb/backup/redmatrixdata/tempredmatrixdata/redmatrix.sql ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Unable to restore Red Matrix database"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 504' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD redmatrix -o < /root/tempredmatrixdata/usb/backup/redmatrixdata/tempredmatrixdata/redmatrix.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 965' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' shred -zu /root/tempredmatrixdata/usb/backup/redmatrixdata/tempredmatrixdata/*' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring Red Matrix installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -d /root/tempredmatrix ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempredmatrix' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/redmatrix /root/tempredmatrix $USB_MOUNT/backup/redmatrix.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf /var/www/$REDMATRIX_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempredmatrix/usb/backup/redmatrix/www/$REDMATRIX_DOMAIN_NAME/htdocs/* /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' else' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " mv /root/tempredmatrix/usb/backup/redmatrix/www/$REDMATRIX_DOMAIN_NAME/htdocs /var/www/$REDMATRIX_DOMAIN_NAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 759' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempredmatrix' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " chown -R www-data:www-data /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/*" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + fi + + if grep -Fxq "install_owncloud" $COMPLETION_FILE; then + BACKUP_INCLUDES_WEBSITES="yes" + echo "if [ -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring owncloud database"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -d /root/tempownclouddata ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempownclouddata' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/ownclouddata /root/tempownclouddata $USB_MOUNT/backup/ownclouddata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -f /root/tempownclouddata/usb/backup/ownclouddata/tempownclouddata/owncloud.sql ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Unable to restore Owncloud database"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 505' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD owncloud -o < /root/tempownclouddata/usb/backup/ownclouddata/tempownclouddata/owncloud.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 965' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring Owncloud installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -d /root/tempowncloud ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempowncloud' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! -d /root/tempowncloud2 ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempowncloud2' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/owncloud /root/tempowncloud $USB_MOUNT/backup/owncloud.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempowncloud/usb/backup/owncloud/lib/owncloud/* /var/lib/owncloud/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 981' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/owncloud2 /root/tempowncloud2 $USB_MOUNT/backup/owncloud2.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempowncloud2/usb/backup/owncloud2/owncloud/* /etc/owncloud/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 982' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempowncloud' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempowncloud2' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' chown -R www-data:www-data /var/lib/owncloud/data' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' chown -R www-data:www-data /var/lib/owncloud/backup' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' chown -R www-data:www-data /var/lib/owncloud/assets' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + fi + + echo "if [ -d $USB_MOUNT/backup/wiki ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring Wiki installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempwiki' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/wiki /root/tempwiki $USB_MOUNT/backup/wiki.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempwiki/usb/backup/wiki/lib/dokuwiki/* /var/lib/dokuwiki/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 868' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempwiki2' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/wiki2 /root/tempwiki2 $USB_MOUNT/backup/wiki2.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempwiki2/usb/backup/wiki2/dokuwiki/* /etc/dokuwiki/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 869' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempwiki' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempwiki2' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' chown -R www-data:www-data /var/lib/dokuwiki/*' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $USB_MOUNT/backup/blog ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring blog installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempblog' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/blog /root/tempblog $USB_MOUNT/backup/blog.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempblog/usb/backup/blog/www/$FULLBLOG_DOMAIN_NAME/htdocs /var/www/$FULLBLOG_DOMAIN_NAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 593' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempblog' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "No content directory found after restoring blog"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 287' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $USB_MOUNT/backup/cjdns ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring cjdns installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempcjdns' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/cjdns /root/tempcjdns $USB_MOUNT/backup/cjdns.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf /etc/cjdns" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempcjdns/usb/backup/cjdns/cjdns /etc/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 8472' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempcjdns' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d $USB_MOUNT/backup/mail ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring emails"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempmail' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/mail /root/tempmail $USB_MOUNT/backup/mail.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " if [ ! -d /home/$MY_USERNAME/Maildir ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " mkdir /home/$MY_USERNAME/Maildir" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempmail/usb/backup/mail/$MY_USERNAME/Maildir/* /home/$MY_USERNAME/Maildir/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 927' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempmail' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " if [ -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' echo "Restoring DLNA cache"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' mkdir /root/tempdlna' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rsyncrypto -v -d -r $USB_MOUNT/backup/dlna /root/tempdlna $USB_MOUNT/backup/dlna.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " cp -r /root/tempdlna/usb/backup/dlna/cache/minidlna/* /var/cache/minidlna/" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' exit 982' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' rm -rf /root/tempdlna' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + + echo 'sync' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "# Unmount the USB drive" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + if [[ $BACKUP_INCLUDES_WEBSITES == "yes" ]]; then + echo "# Restart the web server" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "service nginx restart" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "service php5-fpm restart" >> /usr/bin/$RESTORE_SCRIPT_NAME + fi + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'echo "Setting permissions"' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo "chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'echo "Restore from USB drive is complete. You can now remove it."' >> /usr/bin/$RESTORE_SCRIPT_NAME + echo 'exit 0' >> /usr/bin/$RESTORE_SCRIPT_NAME + chmod 400 /usr/bin/$RESTORE_SCRIPT_NAME + chmod +x /usr/bin/$RESTORE_SCRIPT_NAME + + echo 'create_restore_script' >> $COMPLETION_FILE +} + +function backup_to_friends_servers { + if grep -Fxq "backup_to_friends_servers" $COMPLETION_FILE; then + return + fi + if [ ! $FRIENDS_SERVERS_LIST ]; then + return + fi + + apt-get -y --force-yes install rsyncrypto sshpass + + get_mariadb_password + get_mariadb_gnusocial_admin_password + get_mariadb_redmatrix_admin_password + get_mariadb_owncloud_admin_password + + if ! grep -q "backups on friends servers" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Backups' >> /home/$MY_USERNAME/README + echo '=======' >> /home/$MY_USERNAME/README + echo 'Key file: /root/backupkey' >> /home/$MY_USERNAME/README + echo "To add friends servers create a file called $FRIENDS_SERVERS_LIST" >> /home/$MY_USERNAME/README + echo 'and add entries like this:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo "username1@domain1:$SSH_PORT//home/username1 ssh_password1" >> /home/$MY_USERNAME/README + echo "username2@domain2:$SSH_PORT//home/username2 ssh_password2" >> /home/$MY_USERNAME/README + echo '...' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'The system will try to backup to these remote locations once per day.' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + echo '#!/bin/bash' > /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Temporary location for data to be backed up to other servers' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'SERVER_DIRECTORY=/root/remotebackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Creating backup key"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' makecert backup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo "if [ ! -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 1' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# MariaDB password' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + + echo '# local directory where the backup will be made' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! -d $SERVER_DIRECTORY ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir $SERVER_DIRECTORY' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! -d $SERVER_DIRECTORY/backup ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then + BACKUP_INCLUDES_DATABASES="yes" + echo 'if [ ! -d $SERVER_DIRECTORY/backup/gnusocial ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/gnusocial' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! -d $SERVER_DIRECTORY/backup/gnusocialdata ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/gnusocialdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ ! -d /root/tempgnusocialdata ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " mkdir -p /root/tempgnusocialdata" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'echo "Obtaining GNU Social database backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'mysqldump --password=$DATABASE_PASSWORD gnusocial > /root/tempgnusocialdata/gnusocial.sql' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ ! -s /root/tempgnusocialdata/gnusocial.sql ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "GNU social database could not be saved"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' shred -zu /root/tempgnusocialdata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to export gnusocial database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 296' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n 'rsyncrypto -v -r /root/tempgnusocialdata $SERVER_DIRECTORY/backup/gnusocialdata $SERVER_DIRECTORY/backup/gnusocialdata.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' shred -zu /root/tempgnusocialdata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt gnusocial database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 853' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'shred -zu /root/tempgnusocialdata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'rm -rf /root/tempgnusocialdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'echo "Backing up GNU social installation"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n "rsyncrypto -v -r /var/www/$MICROBLOG_DOMAIN_NAME/htdocs " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/gnusocial $SERVER_DIRECTORY/backup/gnusocial.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt gnusocial installation" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 846' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + fi + if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then + BACKUP_INCLUDES_DATABASES="yes" + echo 'if [ ! -d $SERVER_DIRECTORY/backup/redmatrix ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/redmatrix' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! -d $SERVER_DIRECTORY/backup/redmatrixdata ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/redmatrixdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ ! -d /root/tempredmatrixdata ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " mkdir -p /root/tempredmatrixdata" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'echo "Obtaining Red Matrix database backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'mysqldump --password=$DATABASE_PASSWORD redmatrix > /root/tempredmatrixdata/redmatrix.sql' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ ! -s /root/tempredmatrixdata/redmatrix.sql ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Red Matrix database could not be saved"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to export redmatrix database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 378' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n 'rsyncrypto -v -r /root/tempredmatrixdata $SERVER_DIRECTORY/backup/redmatrixdata $SERVER_DIRECTORY/backup/redmatrixdata.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' shred -zu /root/tempredmatrixdata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt redmatrix database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 285' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'shred -zu /root/tempredmatrixdata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'rm -rf /root/tempredmatrixdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'echo "Backing up Red Matrix installation"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n "rsyncrypto -v -r /var/www/$REDMATRIX_DOMAIN_NAME/htdocs " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/redmatrix $SERVER_DIRECTORY/backup/redmatrix.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt redmatrix installation" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 593' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + fi + if grep -Fxq "install_owncloud" $COMPLETION_FILE; then + BACKUP_INCLUDES_DATABASES="yes" + echo 'if [ ! -d $SERVER_DIRECTORY/backup/owncloud ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/owncloud' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! -d $SERVER_DIRECTORY/backup/owncloud2 ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/owncloud2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! -d $SERVER_DIRECTORY/backup/ownclouddata ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/ownclouddata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ ! -d /root/tempownclouddata ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " mkdir -p /root/tempownclouddata" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'mysqldump --password=$DATABASE_PASSWORD owncloud > /root/tempownclouddata/owncloud.sql' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ ! -s /root/tempownclouddata/owncloud.sql ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Owncloud database could not be saved"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to export owncloud database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 377' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n 'rsyncrypto -v -r /root/tempownclouddata $SERVER_DIRECTORY/backup/ownclouddata $SERVER_DIRECTORY/backup/ownclouddata.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' shred -zu /root/tempownclouddata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt owncloud database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 188' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'shred -zu /root/tempownclouddata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'rm -rf /root/tempownclouddata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'echo "Obtaining Owncloud data backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n 'rsyncrypto -v -r /var/lib/owncloud $SERVER_DIRECTORY/backup/owncloud $SERVER_DIRECTORY/backup/owncloud.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt owncloud installation (/var/lib/owncloud)" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 632' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n 'rsyncrypto -v -r /etc/owncloud $SERVER_DIRECTORY/backup/owncloud2 $SERVER_DIRECTORY/backup/owncloud2.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt owncloud installation (/etc/owncloud)" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 632' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + fi + if grep -Fxq "install_wiki" $COMPLETION_FILE; then + echo 'if [ ! -d $SERVER_DIRECTORY/backup/wiki ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/wiki' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! -d $SERVER_DIRECTORY/backup/wiki2 ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/wiki2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'echo "Obtaining wiki data backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n 'rsyncrypto -v -r /var/lib/dokuwiki $SERVER_DIRECTORY/backup/wiki $SERVER_DIRECTORY/backup/wiki.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt wiki installation (/var/lib/dokuwiki)" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 964' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n 'rsyncrypto -v -r /etc/dokuwiki $SERVER_DIRECTORY/backup/wiki2 $SERVER_DIRECTORY/backup/wiki2.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt wiki installation (/etc/dokuwiki)" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 964' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + fi + if grep -Fxq "install_blog" $COMPLETION_FILE; then + echo 'if [ ! -d $SERVER_DIRECTORY/backup/blog ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/blog' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'echo "Obtaining blog backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n "rsyncrypto -v -r /var/www/$FULLBLOG_DOMAIN_NAME/htdocs " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/blog $SERVER_DIRECTORY/backup/blog.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt blog installation" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 854' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + fi + if grep -Fxq "install_cjdns" $COMPLETION_FILE; then + echo 'if [ ! -d $SERVER_DIRECTORY/backup/cjdns ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/cjdns' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'echo "Obtaining cjdns backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n "rsyncrypto -v -r /etc/cjdns " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/cjdns $SERVER_DIRECTORY/backup/cjdns.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt cjdns installation" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 854' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + fi + + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '# Backup certificates' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -d /etc/ssl ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up certificates"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/ssl ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/ssl' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' rsyncrypto -v -r /etc/ssl $SERVER_DIRECTORY/backup/ssl $SERVER_DIRECTORY/backup/ssl.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt ssl certificates" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 343' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup projects' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -d /home/$MY_USERNAME/projects ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up projects"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/projects ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/projects' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n " rsyncrypto -v -r /home/$MY_USERNAME/projects " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/projects $SERVER_DIRECTORY/backup/projects.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt git projects" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 873' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup personal settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -d /home/$MY_USERNAME/personal ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up personal settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/personal ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/personal' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n " rsyncrypto -v -r /home/$MY_USERNAME/personal " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/personal $SERVER_DIRECTORY/backup/personal.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt personal settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 649' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup the public mailing list' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up the public mailing list"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/mailinglist ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/mailinglist' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n " rsyncrypto -v -r $PUBLIC_MAILING_LIST_DIRECTORY " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/mailinglist $SERVER_DIRECTORY/backup/mailinglist.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt public mailing list" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 938' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup xmpp settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up the XMPP settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/xmpp ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/xmpp' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n " rsyncrypto -v -r $XMPP_DIRECTORY " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/xmpp $SERVER_DIRECTORY/backup/xmpp.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt XMPP settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 593' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup gpg keys' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -d /home/$MY_USERNAME/.gnupg ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up gpg keys"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/gnupg ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/gnupg' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n " rsyncrypto -v -r /home/$MY_USERNAME/.gnupg " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/gnupg $SERVER_DIRECTORY/backup/gnupg.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt gpg keys" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 491' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup ssh keys' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -d /home/$MY_USERNAME/.ssh ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up ssh keys"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/ssh ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/ssh' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n " rsyncrypto -v -r /home/$MY_USERNAME/.ssh " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/ssh $SERVER_DIRECTORY/backup/ssh.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt ssh keys" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 731' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup web sites' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -d /etc/nginx ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up web settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/web ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/web' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' rsyncrypto -v -r /etc/nginx/sites-available $SERVER_DIRECTORY/backup/web $SERVER_DIRECTORY/backup/web.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 848' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup README file' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -f /home/$MY_USERNAME/README ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up README"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/readme ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/readme' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " cp -f /home/$MY_USERNAME/README /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/readme $SERVER_DIRECTORY/backup/readme.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt README file" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 848' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup Mutt settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -f /home/$MY_USERNAME/.muttrc ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up Mutt settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " cp /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ -f /etc/Muttrc ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " cp /etc/Muttrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/mutt ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/mutt' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/mutt $SERVER_DIRECTORY/backup/mutt.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt Mutt settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 492' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup procmail settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -f /home/$MY_USERNAME/.procmailrc ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up procmail settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo " cp /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/procmail ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/procmail' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/procmail $SERVER_DIRECTORY/backup/procmail.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt procmail settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 492' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -d /home/$MY_USERNAME/Maildir ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up emails"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/mail ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/mail' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n " rsyncrypto -v -r /home/$MY_USERNAME/Maildir " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$SERVER_DIRECTORY/backup/mail $SERVER_DIRECTORY/backup/mail.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt emails" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 396' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo '# Backup DLNA cache' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Backing up DLNA cache"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! -d $SERVER_DIRECTORY/backup/dlna ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/dlna' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' rsyncrypto -v -r /var/cache/minidlna $SERVER_DIRECTORY/backup/dlna $SERVER_DIRECTORY/backup/dlna.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt DLNA settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 498' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then + echo '# Mysql settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! -d $SERVER_DIRECTORY/backup/mariadb ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir -p $SERVER_DIRECTORY/backup/mariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! -d /root/tempmariadb ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' mkdir /root/tempmariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'mysqldump --password=$DATABASE_PASSWORD mysql user > /root/tempmariadb/mysql.sql' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "if [ ! -s /root/tempmariadb/mysql.sql ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' echo "Unable to backup mysql settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' rm -rf /root/tempmariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to export database settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 653' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'echo "$DATABASE_PASSWORD" > /root/tempmariadb/db' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'chmod 400 /root/tempmariadb/db' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n 'rsyncrypto -v -r /root/tempmariadb $SERVER_DIRECTORY/backup/mariadb $SERVER_DIRECTORY/backup/mariadb.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Unable to encrypt database settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' exit 794' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'rm -rf /root/tempmariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + fi + + # Now that we have the server directory updated with the encrypted backup + # we just need to rsync it to each friend + + echo '# For each remote server' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'while read remote_server' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'do' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Get the server and its password' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Format is:' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # username@domain:/home/username ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' REMOTE_SERVER=$(echo "${remote_server}" | ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n "awk -F ' ' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$1' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ $REMOTE_SERVER ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' REMOTE_SSH_PORT=$(echo "${remote_server}" | ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n "awk -F ' ' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' REMOTE_PASSWORD=$(echo "${remote_server}" | ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n "awk -F ' ' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n '$3' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' NOW=$(date +"%Y-%m-%d %H:%M:%S")' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo -n ' echo "$NOW Starting backup to $REMOTE_SERVER" >> ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + echo -n ' rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '$SERVER_DIRECTORY/backup $REMOTE_SERVER' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "$NOW Backup to $REMOTE_SERVER failed" >> ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "Backup to $REMOTE_SERVER failed" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' else' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo -n ' echo "$NOW Backed up to $REMOTE_SERVER" >> ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + # End of the loop + + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo "done < $FRIENDS_SERVERS_LIST" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + echo 'exit 0' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + chown root:root /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + chmod 400 /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + chmod +x /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME + + # update crontab + echo '#!/bin/bash' > /etc/cron.daily/backuptofriends + echo "/usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME" >> /etc/cron.daily/backuptofriends + chmod +x /etc/cron.daily/backuptofriends + + echo 'backup_to_friends_servers' >> $COMPLETION_FILE +} + +function restore_from_friend { + if grep -Fxq "restore_from_friend" $COMPLETION_FILE; then + return + fi + + apt-get -y --force-yes install rsyncrypto sshpass + + get_mariadb_password + get_mariadb_gnusocial_admin_password + get_mariadb_redmatrix_admin_password + get_mariadb_owncloud_admin_password + + if ! grep -q "restore from a friend's server" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Restoring from backups to friends servers' >> /home/$MY_USERNAME/README + echo '=========================================' >> /home/$MY_USERNAME/README + echo "To restore from a friend's server use the command:" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " $RESTORE_FROM_FRIEND_SCRIPT_NAME [server]" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + echo '#!/bin/bash' > /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'SERVER_NAME=$1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo '# Temporary location for data to be backed up to other servers' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'SERVER_DIRECTORY=/root/remoterestore' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ ! $SERVER_NAME ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " echo '$RESTORE_FROM_FRIEND_SCRIPT_NAME [server]'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "if [ ! -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " echo 'No friends list found at $FRIENDS_SERVERS_LIST'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n 'if ! grep -q "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$FRIENDS_SERVERS_LIST; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Server not found within the friends list"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 3' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n 'REMOTE_SERVER=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n "$FRIENDS_SERVERS_LIST | awk -F ' ' '{print " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n '$1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "}')" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n 'REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n "$FRIENDS_SERVERS_LIST | awk -F ' ' '{print " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n '$2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "}')" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n 'REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n "$FRIENDS_SERVERS_LIST | awk -F ' ' '{print " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n '$3' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "}')" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo '# Check that a backup key exists' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " echo 'No backup key was found in $BACKUP_CERTIFICATE'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 84' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + # Rsync from the remote server back to this server + + echo 'NOW=$(date +"%Y-%m-%d %H:%M:%S")' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo -n 'echo "$NOW Starting restore from $REMOTE_SERVER" >> ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo -n 'rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '$REMOTE_SERVER/backup $SERVER_DIRECTORY' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' echo "$NOW Restore from $REMOTE_SERVER failed" >> ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' # Send a warning email' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' echo "Restore from $REMOTE_SERVER failed" | mail -s "Freedombone restore from friend" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 790' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'else' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo '# MariaDB password' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/mariadb ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring mysql settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -d /root/tempmariadb ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempmariadb' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/mariadb /root/tempmariadb $SERVER_DIRECTORY/backup/mariadb.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Get the MariaDB password from the backup"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -f /root/tempmariadb/remoterestore/backup/mariadb/tempmariadb/db ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "MariaDB password file not found"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 495' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' BACKUP_MARIADB_PASSWORD=$(cat /root/tempmariadb/remoterestore/backup/mariadb/tempmariadb/db)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [[ $BACKUP_MARIADB_PASSWORD != $DATABASE_PASSWORD ]]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restore the MariaDB user table"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD mysql -o < /root/tempmariadb/remoterestore/backup/mariadb/tempmariadb/mysql.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Try again using the password obtained from backup"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mysqlsuccess=$(mysql -u root --password=$BACKUP_MARIADB_PASSWORD mysql -o < /root/tempmariadb/remoterestore/backup/mariadb/tempmariadb/mysql.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 962' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restarting database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' service mysql restart' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Change the MariaDB password to the backup version"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' DATABASE_PASSWORD=$BACKUP_MARIADB_PASSWORD' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' shred -zu /root/tempmariadb/remoterestore/backup/mariadb/tempmariadb/db' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempmariadb' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' # Change database password file' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' echo "$DATABASE_PASSWORD" > ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " chmod 600 $DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/mutt ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring Mutt settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempmutt' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/mutt /root/tempmutt $SERVER_DIRECTORY/backup/mutt.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " if [ -f /root/tempmutt/remoterestore/backup/mutt/$MY_USERNAME/tempbackup/.muttrc ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -f /root/tempmutt/remoterestore/backup/mutt/$MY_USERNAME/tempbackup/.muttrc /home/$MY_USERNAME/.muttrc" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " if [ -f /root/tempmutt/remoterestore/backup/mutt/$MY_USERNAME/tempbackup/Muttrc ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -f /root/tempmutt/remoterestore/backup/mutt/$MY_USERNAME/tempbackup/Muttrc /etc/Muttrc" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/gnupg ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring gnupg settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempgnupg' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/gnupg /root/tempgnupg $SERVER_DIRECTORY/backup/gnupg.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempgnupg/remoterestore/backup/gnupg/$MY_USERNAME/.gnupg /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /home/$MY_USERNAME/.gnupg /root" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 283' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/procmail ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring procmail settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempprocmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/procmail /root/tempprocmail $SERVER_DIRECTORY/backup/procmail.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -f /root/tempprocmail/remoterestore/backup/procmail/$MY_USERNAME/tempbackup/.procmailrc /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/readme ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring README"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempreadme' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/readme /root/tempreadme $SERVER_DIRECTORY/backup/readme.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -f /root/tempreadme/remoterestore/backup/readme/$MY_USERNAME/tempbackup/README /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/ssh ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring ssh keys"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/ssh /root/tempssh $SERVER_DIRECTORY/backup/ssh.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempssh/remoterestore/backup/ssh/$MY_USERNAME/.ssh /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 664' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/ssl ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring certificates"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempssl' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/ssl /root/tempssl $SERVER_DIRECTORY/backup/ssl.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' cp -r /root/tempssl/remoterestore/backup/ssl/ssl/* /etc/ssl' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempssl' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/projects ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring projects"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempprojects' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/projects /root/tempprojects $SERVER_DIRECTORY/backup/projects.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " if [ -d /home/$MY_USERNAME/projects ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " rm -rf /home/$MY_USERNAME/projects" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " mv /root/tempprojects/remoterestore/backup/projects/$MY_USERNAME/projects /home/$MY_USERNAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 166' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempprojects' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/personal ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring personal settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/temppersonal' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/personal /root/temppersonal $SERVER_DIRECTORY/backup/personal.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " if [ -d /home/$MY_USERNAME/personal ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " rm -rf /home/$MY_USERNAME/personal" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " mv /root/temppersonal/remoterestore/backup/personal/$MY_USERNAME/personal /home/$MY_USERNAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 184' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/temppersonal' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring public mailing list"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempmailinglist' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/mailinglist /root/tempmailinglist $SERVER_DIRECTORY/backup/mailinglist.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempmailinglist/remoterestore/backup/mailinglist/spool/mlmmj/* $PUBLIC_MAILING_LIST_DIRECTORY" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 526' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempmailinglist' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring XMPP settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempxmpp' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/xmpp /root/tempxmpp $SERVER_DIRECTORY/backup/xmpp.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempxmpp/remoterestore/backup/xmpp/lib/prosody/* $XMPP_DIRECTORY" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 725' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempxmpp' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' service prosody restart' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' chown -R prosody:prosody /var/lib/prosody/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + BACKUP_INCLUDES_WEBSITES="no" + + if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then + BACKUP_INCLUDES_WEBSITES="yes" + echo 'if [ -d $SERVER_DIRECTORY/backup/gnusocial ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring microblog database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -d /root/tempgnusocialdata ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempgnusocialdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/gnusocialdata /root/tempgnusocialdata $SERVER_DIRECTORY/backup/gnusocialdata.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -f /root/tempgnusocialdata/remoterestore/backup/gnusocialdata/tempgnusocialdata/gnusocial.sql ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Unable to restore microblog database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 503' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD gnusocial -o < /root/tempgnusocialdata/remoterestore/backup/gnusocialdata/tempgnusocialdata/gnusocial.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 964' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' shred -zu /root/tempgnusocialdata/remoterestore/backup/gnusocialdata/tempgnusocialdata/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring microblog installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -d /root/tempgnusocial ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempgnusocial' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/gnusocial /root/tempgnusocial $SERVER_DIRECTORY/backup/gnusocial.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " rm -rf /var/www/$MICROBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " mv /root/tempgnusocial/remoterestore/backup/gnusocial/www/$MICROBLOG_DOMAIN_NAME/htdocs /var/www/$MICROBLOG_DOMAIN_NAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 683' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempgnusocial' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + fi + + if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then + BACKUP_INCLUDES_WEBSITES="yes" + echo 'if [ -d $SERVER_DIRECTORY/backup/redmatrix ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring Red Matrix database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -d /root/tempredmatrixdata ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempredmatrixdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/redmatrixdata /root/tempredmatrixdata $SERVER_DIRECTORY/backup/redmatrixdata.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -f /root/tempredmatrixdata/remoterestore/backup/redmatrixdata/tempredmatrixdata/redmatrix.sql ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Unable to restore Red Matrix database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 504' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD redmatrix -o < /root/tempredmatrixdata/remoterestore/backup/redmatrixdata/tempredmatrixdata/redmatrix.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 965' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' shred -zu /root/tempredmatrixdata/remoterestore/backup/redmatrixdata/tempredmatrixdata/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring Red Matrix installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -d /root/tempredmatrix ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempredmatrix' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/redmatrix /root/tempredmatrix $SERVER_DIRECTORY/backup/redmatrix.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " rm -rf /var/www/$REDMATRIX_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempredmatrix/remoterestore/backup/redmatrix/www/$REDMATRIX_DOMAIN_NAME/htdocs/* /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' else' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " mv /root/tempredmatrix/remoterestore/backup/redmatrix/www/$REDMATRIX_DOMAIN_NAME/htdocs /var/www/$REDMATRIX_DOMAIN_NAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 759' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempredmatrix' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " chown -R www-data:www-data /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/*" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + fi + + if grep -Fxq "install_owncloud" $COMPLETION_FILE; then + BACKUP_INCLUDES_WEBSITES="yes" + echo 'if [ -d $SERVER_DIRECTORY/backup/owncloud ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring owncloud database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -d /root/tempownclouddata ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempownclouddata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/ownclouddata /root/tempownclouddata $SERVER_DIRECTORY/backup/ownclouddata.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -f /root/tempownclouddata/remoterestore/backup/ownclouddata/tempownclouddata/owncloud.sql ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Unable to restore Owncloud database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 505' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD owncloud -o < /root/tempownclouddata/remoterestore/backup/ownclouddata/tempownclouddata/owncloud.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 965' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring Owncloud installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -d /root/tempowncloud ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempowncloud' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! -d /root/tempowncloud2 ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempowncloud2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/owncloud /root/tempowncloud $SERVER_DIRECTORY/backup/owncloud.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempowncloud/remoterestore/backup/owncloud/lib/owncloud/* /var/lib/owncloud/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 981' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/owncloud2 /root/tempowncloud2 $SERVER_DIRECTORY/backup/owncloud2.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempowncloud2/remoterestore/backup/owncloud2/owncloud/* /etc/owncloud/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 982' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempowncloud' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempowncloud2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' chown -R www-data:www-data /var/lib/owncloud/data' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' chown -R www-data:www-data /var/lib/owncloud/backup' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' chown -R www-data:www-data /var/lib/owncloud/assets' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + fi + + echo 'if [ -d $SERVER_DIRECTORY/backup/wiki ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring Wiki installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempwiki' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/wiki /root/tempwiki $SERVER_DIRECTORY/backup/wiki.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempwiki/remoterestore/backup/wiki/lib/dokuwiki/* /var/lib/dokuwiki/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 868' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempwiki2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/wiki2 /root/tempwiki2 $SERVER_DIRECTORY/backup/wiki2.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempwiki2/remoterestore/backup/wiki2/dokuwiki/* /etc/dokuwiki/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 869' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempwiki' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempwiki2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' chown -R www-data:www-data /var/lib/dokuwiki/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/blog ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring blog installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempblog' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/blog /root/tempblog $SERVER_DIRECTORY/backup/blog.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " rm -rf /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempblog/remoterestore/backup/blog/www/$FULLBLOG_DOMAIN_NAME/htdocs /var/www/$FULLBLOG_DOMAIN_NAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 593' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempblog' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "No content directory found after restoring blog"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 287' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring cjdns installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempcjdns' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/cjdns /root/tempcjdns $SERVER_DIRECTORY/backup/cjdns.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " rm -rf /etc/cjdns" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempcjdns/remoterestore/backup/cjdns/cjdns /etc/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 7438' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempcjdns' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'if [ -d $SERVER_DIRECTORY/backup/mail ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring emails"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/mail /root/tempmail $SERVER_DIRECTORY/backup/mail.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " if [ ! -d /home/$MY_USERNAME/Maildir ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " mkdir /home/$MY_USERNAME/Maildir" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempmail/remoterestore/backup/mail/$MY_USERNAME/Maildir/* /home/$MY_USERNAME/Maildir/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 927' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ -d $SERVER_DIRECTORY/backup/dlna ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' echo "Restoring DLNA cache"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' mkdir /root/tempdlna' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/dlna /root/tempdlna $SERVER_DIRECTORY/backup/dlna.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo " cp -r /root/tempdlna/remoterestore/backup/dlna/cache/minidlna/* /var/cache/minidlna/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' exit 982' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' rm -rf /root/tempdlna' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'echo "*** Remote restore was successful ***"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + echo 'exit 0' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + chmod 400 /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + chmod +x /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME + + echo 'restore_from_friend' >> $COMPLETION_FILE +} + +function remove_default_user { + # make sure you don't use the default user account + if [[ $MY_USERNAME == "debian" ]]; then + echo 'Do not use the default debian user account. Create a different user with: adduser [username]' + exit 68 + fi + # remove the default debian user to prevent it from becoming an attack vector + if [ -d /home/debian ]; then + userdel -r debian + echo 'Default debian user account removed' + fi +} + +function enforce_good_passwords { + # because humans are generally bad at choosing passwords + if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install libpam-cracklib + + sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password + echo 'enforce_good_passwords' >> $COMPLETION_FILE +} + +function change_login_message { + if grep -Fxq "change_login_message" $COMPLETION_FILE; then + return + fi + echo '' > /etc/motd + echo ".---. . . " >> /etc/motd + echo "| | | " >> /etc/motd + echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd + echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd + echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd + + if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then + echo ' . . . ' >> /etc/motd + echo ' |\ /| | o ' >> /etc/motd + echo " | \/ | .-. .-.| . .-. " >> /etc/motd + echo " | |(.-'( | | ( ) " >> /etc/motd + echo " ' ' --' -' --' - -' - " >> /etc/motd + fi + + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then + echo ' . . . . . ' >> /etc/motd + echo ' \ \ / / o _|_ ' >> /etc/motd + echo ' \ \ /.--.. | .-. .--.' >> /etc/motd + echo " \/ \/ | | | (.-' | " >> /etc/motd + echo " ' ' ' -' - -' --'' " >> /etc/motd + fi + + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then + echo ' .--.. . ' >> /etc/motd + echo ' : | | ' >> /etc/motd + echo ' | | .-. . . .-.| ' >> /etc/motd + echo ' : |( )| |( | ' >> /etc/motd + echo " --' - -' -- - -' -" >> /etc/motd + fi + + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then + echo ' .--.. . ' >> /etc/motd + echo ' : | _|_ ' >> /etc/motd + echo ' | |--. .-. | ' >> /etc/motd + echo ' : | |( ) | ' >> /etc/motd + echo " --'' - -' - -' " >> /etc/motd + fi + + if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then + echo ' .-. . ' >> /etc/motd + echo ' ( ) o | ' >> /etc/motd + echo ' -. .-. .-. . .-. | ' >> /etc/motd + echo ' ( )( )( | ( ) | ' >> /etc/motd + echo " -' -' -'-' - -' - - " >> /etc/motd + fi + + if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then + echo ' . . . . ' >> /etc/motd + echo ' |\ /| o | | ' >> /etc/motd + echo ' | \/ | .-. . | |.-. .-.-. ,- ' >> /etc/motd + echo ' | |( ) | | | )( ) : ' >> /etc/motd + echo " ' ' -' --' - -' -' -'-' - " >> /etc/motd + fi + + if [[ $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + echo ' .---. .--. . ' >> /etc/motd + echo ' | | : | ' >> /etc/motd + echo ' | .-. .--. | | .-. .--. .-..| .-. ' >> /etc/motd + echo " |( )| | ;( )| |( ||(.-' " >> /etc/motd + echo " ' -' ' '--' -' ' - - | - --'" >> /etc/motd + echo " ._.' " >> /etc/motd + fi + + echo '' >> /etc/motd + echo ' Freedom in the Cloud' >> /etc/motd + echo '' >> /etc/motd + echo 'change_login_message' >> $COMPLETION_FILE +} + +function search_for_attached_usb_drive { + # If a USB drive is attached then search for email, + # gpg, ssh keys and emacs configuration + if grep -Fxq "search_for_attached_usb_drive" $COMPLETION_FILE; then + return + fi + if [[ $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if [ -b $USB_DRIVE ]; then + if [ ! -d $USB_MOUNT ]; then + echo 'Mounting USB drive' + mkdir $USB_MOUNT + mount $USB_DRIVE $USB_MOUNT + fi + if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then + if [ -d $USB_MOUNT/Maildir ]; then + echo 'Maildir found on USB drive' + IMPORT_MAILDIR=$USB_MOUNT/Maildir + fi + if [ -d $USB_MOUNT/.gnupg ]; then + echo 'Importing GPG keyring' + cp -r $USB_MOUNT/.gnupg /home/$MY_USERNAME + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg + GPG_KEYS_IMPORTED="yes" + if [ -f /home/$MY_USERNAME/.gnupg/secring.gpg ]; then + shred -zu $USB_MOUNT/.gnupg/secring.gpg + shred -zu $USB_MOUNT/.gnupg/random_seed + shred -zu $USB_MOUNT/.gnupg/trustdb.gpg + rm -rf $USB_MOUNT/.gnupg + else + echo 'GPG files did not copy' + exit 7 + fi + fi + + if [ -f $USB_MOUNT/.procmailrc ]; then + echo 'Importing procmail settings' + cp $USB_MOUNT/.procmailrc /home/$MY_USERNAME + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc + fi + + if [ -f $USB_MOUNT/private_key.gpg ]; then + echo 'GPG private key found on USB drive' + MY_GPG_PRIVATE_KEY=$USB_MOUNT/private_key.gpg + fi + if [ -f $USB_MOUNT/public_key.gpg ]; then + echo 'GPG public key found on USB drive' + MY_GPG_PUBLIC_KEY=$USB_MOUNT/public_key.gpg + fi + fi + if [ -d $USB_MOUNT/prosody ]; then + if [ ! -d $XMPP_DIRECTORY ]; then + mkdir $XMPP_DIRECTORY + fi + cp -r $USB_MOUNT/prosody/* $XMPP_DIRECTORY + chown -R prosody:prosody $XMPP_DIRECTORY + fi + if [ -d $USB_MOUNT/.ssh ]; then + echo 'Importing ssh keys' + cp -r $USB_MOUNT/.ssh /home/$MY_USERNAME + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh + # for security delete the ssh keys from the usb drive + if [ -f /home/$MY_USERNAME/.ssh/id_rsa ]; then + shred -zu $USB_MOUNT/.ssh/id_rsa + shred -zu $USB_MOUNT/.ssh/id_rsa.pub + shred -zu $USB_MOUNT/.ssh/known_hosts + rm -rf $USB_MOUNT/.ssh + else + echo 'ssh files did not copy' + exit 8 + fi + fi + if [ -f $USB_MOUNT/.emacs ]; then + echo 'Importing .emacs file' + cp -f $USB_MOUNT/.emacs /home/$MY_USERNAME/.emacs + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs + fi + if [ -d $USB_MOUNT/.emacs.d ]; then + echo 'Importing .emacs.d directory' + cp -r $USB_MOUNT/.emacs.d /home/$MY_USERNAME + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs.d + fi + if [ -d $USB_MOUNT/ssl ]; then + echo 'Importing SSL certificates' + cp -r $USB_MOUNT/ssl/* /etc/ssl + chmod 640 /etc/ssl/certs/* + chmod 400 /etc/ssl/private/* + # change ownership of some certificates + if [ -d /etc/prosody ]; then + chown prosody:prosody /etc/ssl/private/xmpp.* + chown prosody:prosody /etc/ssl/certs/xmpp.* + fi + if [ -d /etc/dovecot ]; then + chown root:dovecot /etc/ssl/certs/dovecot.* + chown root:dovecot /etc/ssl/private/dovecot.* + fi + if [ -f /etc/ssl/private/exim.key ]; then + chown root:Debian-exim /etc/ssl/private/exim.key /etc/ssl/certs/exim.crt /etc/ssl/certs/exim.dhparam + fi + fi + if [ -d $USB_MOUNT/personal ]; then + echo 'Importing personal directory' + cp -r $USB_MOUNT/personal /home/$MY_USERNAME + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/personal + fi + else + if [ -d $USB_MOUNT ]; then + umount $USB_MOUNT + rm -rf $USB_MOUNT + fi + echo 'No USB drive attached' + fi + echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE +} + +function remove_proprietary_repos { + if grep -Fxq "remove_proprietary_repos" $COMPLETION_FILE; then + return + fi + sed -i 's/ non-free//g' /etc/apt/sources.list + echo 'remove_proprietary_repos' >> $COMPLETION_FILE +} + +function change_debian_repos { + if grep -Fxq "change_debian_repos" $COMPLETION_FILE; then + return + fi + rm -rf /var/lib/apt/lists/* + apt-get clean + sed -i "s/ftp.us.debian.org/$DEBIAN_REPO/g" /etc/apt/sources.list + + # ensure that there is a security repo + if ! grep -q "security" /etc/apt/sources.list; then + echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib" >> /etc/apt/sources.list + echo "#deb-src http://security.debian.org/ $DEBIAN_VERSION/updates main contrib" >> /etc/apt/sources.list + fi + + apt-get update + apt-get -y --force-yes install apt-transport-https + echo 'change_debian_repos' >> $COMPLETION_FILE +} + +function initial_setup { + if grep -Fxq "initial_setup" $COMPLETION_FILE; then + return + fi + apt-get -y remove --purge apache* + apt-get -y dist-upgrade + apt-get -y install ca-certificates emacs24 cpulimit + + echo 'initial_setup' >> $COMPLETION_FILE +} + +function install_editor { + if grep -Fxq "install_editor" $COMPLETION_FILE; then + return + fi + update-alternatives --set editor /usr/bin/emacs24 + + # A minimal emacs configuration + #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs + #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs + #echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs + echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs + echo "'goto-line)" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs + echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs + echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs + echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs + echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs + echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs + echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs + echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs + echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs + echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs + echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs + echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs + cp /home/$MY_USERNAME/.emacs /root/.emacs + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs + + echo 'install_editor' >> $COMPLETION_FILE +} + +function enable_backports { + if grep -Fxq "enable_backports" $COMPLETION_FILE; then + return + fi + if ! grep -Fxq "deb http://$DEBIAN_REPO/debian $DEBIAN_VERSION-backports main" /etc/apt/sources.list; then + echo "deb http://$DEBIAN_REPO/debian $DEBIAN_VERSION-backports main" >> /etc/apt/sources.list + fi + echo 'enable_backports' >> $COMPLETION_FILE +} + +function update_the_kernel { + if grep -Fxq "update_the_kernel" $COMPLETION_FILE; then + return + fi + # if this is not a beaglebone or is a docker container + # then just use the standard kernel + if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then + return + fi + cd /opt/scripts/tools + ./update_kernel.sh --kernel $KERNEL_VERSION + echo 'update_the_kernel' >> $COMPLETION_FILE +} + +function enable_zram { + if grep -Fxq "enable_zram" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then + return + fi + if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then + echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf + fi + echo '#!/bin/bash' > /etc/init.d/zram + echo '### BEGIN INIT INFO' >> /etc/init.d/zram + echo '# Provides: zram' >> /etc/init.d/zram + echo '# Required-Start:' >> /etc/init.d/zram + echo '# Required-Stop:' >> /etc/init.d/zram + echo '# Default-Start: 2 3 4 5' >> /etc/init.d/zram + echo '# Default-Stop: 0 1 6' >> /etc/init.d/zram + echo '# Short-Description: Increased Performance In Linux With zRam (Virtual Swap Compressed in RAM)' >> /etc/init.d/zram + echo '# Description: Adapted from systemd scripts at https://github.com/mystilleef/FedoraZram' >> /etc/init.d/zram + echo '### END INIT INFO' >> /etc/init.d/zram + echo 'start() {' >> /etc/init.d/zram + echo ' # get the number of CPUs' >> /etc/init.d/zram + echo ' num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram + echo ' # if something goes wrong, assume we have 1' >> /etc/init.d/zram + echo ' [ "$num_cpus" != 0 ] || num_cpus=1' >> /etc/init.d/zram + echo ' # set decremented number of CPUs' >> /etc/init.d/zram + echo ' decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram + echo ' # get the amount of memory in the machine' >> /etc/init.d/zram + echo ' mem_total_kb=$(grep MemTotal /proc/meminfo | grep -E --only-matching "[[:digit:]]+")' >> /etc/init.d/zram + echo ' mem_total=$((mem_total_kb * 1024))' >> /etc/init.d/zram + echo ' # load dependency modules' >> /etc/init.d/zram + echo ' modprobe zram num_devices=$num_cpus' >> /etc/init.d/zram + echo ' # initialize the devices' >> /etc/init.d/zram + echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram + echo ' echo $((mem_total / num_cpus)) > /sys/block/zram$i/disksize' >> /etc/init.d/zram + echo ' done' >> /etc/init.d/zram + echo ' # Creating swap filesystems' >> /etc/init.d/zram + echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram + echo ' mkswap /dev/zram$i' >> /etc/init.d/zram + echo ' done' >> /etc/init.d/zram + echo ' # Switch the swaps on' >> /etc/init.d/zram + echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram + echo ' swapon -p 100 /dev/zram$i' >> /etc/init.d/zram + echo ' done' >> /etc/init.d/zram + echo '}' >> /etc/init.d/zram + echo 'stop() {' >> /etc/init.d/zram + echo ' # get the number of CPUs' >> /etc/init.d/zram + echo ' num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram + echo ' # set decremented number of CPUs' >> /etc/init.d/zram + echo ' decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram + echo ' # Switching off swap' >> /etc/init.d/zram + echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram + echo ' if [ "$(grep /dev/zram$i /proc/swaps)" != "" ]; then' >> /etc/init.d/zram + echo ' swapoff /dev/zram$i' >> /etc/init.d/zram + echo ' sleep 1' >> /etc/init.d/zram + echo ' fi' >> /etc/init.d/zram + echo ' done' >> /etc/init.d/zram + echo ' sleep 1' >> /etc/init.d/zram + echo ' rmmod zram' >> /etc/init.d/zram + echo '}' >> /etc/init.d/zram + echo 'case "$1" in' >> /etc/init.d/zram + echo ' start)' >> /etc/init.d/zram + echo ' start' >> /etc/init.d/zram + echo ' ;;' >> /etc/init.d/zram + echo ' stop)' >> /etc/init.d/zram + echo ' stop' >> /etc/init.d/zram + echo ' ;;' >> /etc/init.d/zram + echo ' restart)' >> /etc/init.d/zram + echo ' stop' >> /etc/init.d/zram + echo ' sleep 3' >> /etc/init.d/zram + echo ' start' >> /etc/init.d/zram + echo ' ;;' >> /etc/init.d/zram + echo ' *)' >> /etc/init.d/zram + echo ' echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/zram + echo ' RETVAL=1' >> /etc/init.d/zram + echo 'esac' >> /etc/init.d/zram + echo 'exit $RETVAL' >> /etc/init.d/zram + chmod +x /etc/init.d/zram + update-rc.d zram defaults + echo 'enable_zram' >> $COMPLETION_FILE +} + +function random_number_generator { + if grep -Fxq "random_number_generator" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLING_ON_BBB != "yes" ]]; then + # On systems which are not beaglebones assume that + # no hardware random number generator is available + # and use the second best option + apt-get -y --force-yes install haveged + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # it is assumed that docker uses the random number + # generator of the host system + return + fi + if [[ $USE_HWRNG == "yes" ]]; then + apt-get -y --force-yes install rng-tools + sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools + else + apt-get -y --force-yes install haveged + fi + echo 'random_number_generator' >> $COMPLETION_FILE +} + +function configure_ssh { + if grep -Fxq "configure_ssh" $COMPLETION_FILE; then + return + fi + sed -i "s/Port .*/Port $SSH_PORT/g" /etc/ssh/sshd_config + sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config + sed -i 's/X11Forwarding.*/X11Forwarding no/g' /etc/ssh/sshd_config + sed -i 's/ServerKeyBits.*/ServerKeyBits 4096/g' /etc/ssh/sshd_config + sed -i 's/TCPKeepAlive.*/TCPKeepAlive no/g' /etc/ssh/sshd_config + sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config + sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config + if grep -q 'ClientAliveInterval' /etc/ssh/sshd_config; then + sed -i 's/ClientAliveInterval.*/ClientAliveInterval 60/g' /etc/ssh/sshd_config + else + echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config + fi + if grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config; then + sed -i 's/ClientAliveCountMax.*/ClientAliveCountMax 3/g' /etc/ssh/sshd_config + else + echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config + fi + if grep -q 'Ciphers' /etc/ssh/sshd_config; then + sed -i "s|Ciphers.*|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config + else + echo "Ciphers $SSH_CIPHERS" >> /etc/ssh/sshd_config + fi + if grep -q 'MACs' /etc/ssh/sshd_config; then + sed -i "s|MACs.*|MACs $SSH_MACS|g" /etc/ssh/sshd_config + else + echo "MACs $SSH_MACS" >> /etc/ssh/sshd_config + fi + if grep -q 'KexAlgorithms' /etc/ssh/sshd_config; then + sed -i "s|KexAlgorithms.*|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config + else + echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config + fi + + apt-get -y --force-yes install fail2ban + echo 'configure_ssh' >> $COMPLETION_FILE + # Don't reboot if installing within docker + # random numbers will come from the host system + if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then + return + fi + echo '' + echo '' + echo ' *** Rebooting to initialise ssh settings and random number generator ***' + echo '' + echo " *** Reconnect via ssh on port $SSH_PORT, then run this script again ***" + echo '' + reboot +} + +function regenerate_ssh_keys { + if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE; then + return + fi + rm -f /etc/ssh/ssh_host_* + dpkg-reconfigure openssh-server + service ssh restart + echo 'regenerate_ssh_keys' >> $COMPLETION_FILE +} + +function configure_dns { + if grep -Fxq "configure_dns" $COMPLETION_FILE; then + return + fi + echo 'domain localdomain' > /etc/resolv.conf + echo 'search localdomain' >> /etc/resolv.conf + echo 'nameserver 213.73.91.35' >> /etc/resolv.conf + echo 'nameserver 85.214.20.141' >> /etc/resolv.conf + echo 'configure_dns' >> $COMPLETION_FILE +} + +function set_your_domain_name { + if grep -Fxq "set_your_domain_name" $COMPLETION_FILE; then + return + fi + echo "$DOMAIN_NAME" > /etc/hostname + hostname $DOMAIN_NAME + sed -i "s/127.0.1.1 arm/127.0.1.1 $DOMAIN_NAME/g" /etc/hosts + echo "127.0.1.1 $DOMAIN_NAME" >> /etc/hosts + echo 'set_your_domain_name' >> $COMPLETION_FILE +} + +function time_synchronisation { + if grep -Fxq "time_synchronisation" $COMPLETION_FILE; then + return + fi + #apt-get -y --force-yes install tlsdate + + # building tlsdate from source is a workaround because of + # this bug https://github.com/ioerror/tlsdate/issues/130 + apt-get -y --force-yes install build-essential automake git pkg-config autoconf libtool libssl-dev libevent-dev + + if [ ! -d $INSTALL_DIR ]; then + mkdir $INSTALL_DIR + fi + cd $INSTALL_DIR + git clone https://github.com/ioerror/tlsdate.git + cd $INSTALL_DIR/tlsdate + ./autogen.sh + ./configure + make + make install + cp /usr/local/bin/tlsdate* /usr/bin + cp /usr/local/sbin/tlsdate* /usr/bin + + apt-get -y remove ntpdate + + echo '#!/bin/bash' > /usr/bin/updatedate + echo "TIMESOURCE='TLS_TIME_SOURCE1'" >> /usr/bin/updatedate + echo "TIMESOURCE2='TLS_TIME_SOURCE2'" >> /usr/bin/updatedate + echo 'LOGFILE=/var/log/tlsdate.log' >> /usr/bin/updatedate + echo 'TIMEOUT=5' >> /usr/bin/updatedate + echo "EMAIL=$MY_EMAIL_ADDRESS" >> /usr/bin/updatedate + echo '# File which contains the previous date as a number' >> /usr/bin/updatedate + echo 'BEFORE_DATE_FILE=/var/log/tlsdateprevious.txt' >> /usr/bin/updatedate + echo '# File which contains the previous date as a string' >> /usr/bin/updatedate + echo 'BEFORE_FULLDATE_FILE=/var/log/tlsdate.txt' >> /usr/bin/updatedate + echo 'DATE_BEFORE=$(date)' >> /usr/bin/updatedate + echo 'BEFORE=$(date -d "$Y-$M-$D" "+%s")' >> /usr/bin/updatedate + echo 'BACKWARDS_BETWEEN=0' >> /usr/bin/updatedate + echo '# If the date was previously set' >> /usr/bin/updatedate + echo 'if [ -f "$BEFORE_DATE_FILE" ]; then' >> /usr/bin/updatedate + echo ' BEFORE_FILE=$(cat $BEFORE_DATE_FILE)' >> /usr/bin/updatedate + echo ' BEFORE_FULLDATE=$(cat $BEFORE_FULLDATE_FILE)' >> /usr/bin/updatedate + echo ' # is the date going backwards?' >> /usr/bin/updatedate + echo ' if (( $BEFORE_FILE > $BEFORE )); then' >> /usr/bin/updatedate + echo ' echo -n "Date went backwards between tlsdate updates. " >> $LOGFILE' >> /usr/bin/updatedate + echo ' echo -n "$BEFORE_FILE > $BEFORE, " >> $LOGFILE' >> /usr/bin/updatedate + echo ' echo "$BEFORE_FULLDATE > $DATE_BEFORE" >> $LOGFILE' >> /usr/bin/updatedate + echo ' # Send a warning email' >> /usr/bin/updatedate + echo ' echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate + echo ' # Try another time source' >> /usr/bin/updatedate + echo ' TIMESOURCE=$TIMESOURCE2' >> /usr/bin/updatedate + echo ' # try running without any parameters' >> /usr/bin/updatedate + echo ' tlsdate >> $LOGFILE' >> /usr/bin/updatedate + echo ' BACKWARDS_BETWEEN=1' >> /usr/bin/updatedate + echo ' fi' >> /usr/bin/updatedate + echo 'fi' >> /usr/bin/updatedate + echo '# Set the date' >> /usr/bin/updatedate + echo '/usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE -p 443 >> $LOGFILE' >> /usr/bin/updatedate + echo 'DATE_AFTER=$(date)' >> /usr/bin/updatedate + echo 'AFTER=$(date -d "$Y-$M-$D" '+%s')' >> /usr/bin/updatedate + echo '# After setting the date did it go backwards?' >> /usr/bin/updatedate + echo 'if (( $AFTER < $BEFORE )); then' >> /usr/bin/updatedate + echo ' echo "Incorrect date: $DATE_BEFORE -> $DATE_AFTER" >> $LOGFILE' >> /usr/bin/updatedate + echo ' # Send a warning email' >> /usr/bin/updatedate + echo ' echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate + echo ' # Try resetting the date from another time source' >> /usr/bin/updatedate + echo ' /usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE2 -p 443 >> $LOGFILE' >> /usr/bin/updatedate + echo ' DATE_AFTER=$(date)' >> /usr/bin/updatedate + echo ' AFTER=$(date -d "$Y-$M-$D" "+%s")' >> /usr/bin/updatedate + echo 'else' >> /usr/bin/updatedate + echo ' echo -n $TIMESOURCE >> $LOGFILE' >> /usr/bin/updatedate + echo ' if [ -f "$BEFORE_DATE_FILE" ]; then' >> /usr/bin/updatedate + echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate + echo ' echo -n $BEFORE_FILE >> $LOGFILE' >> /usr/bin/updatedate + echo ' fi' >> /usr/bin/updatedate + echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate + echo ' echo -n $BEFORE >> $LOGFILE' >> /usr/bin/updatedate + echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate + echo ' echo -n $AFTER >> $LOGFILE' >> /usr/bin/updatedate + echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate + echo ' echo $DATE_AFTER >> $LOGFILE' >> /usr/bin/updatedate + echo 'fi' >> /usr/bin/updatedate + echo '# Log the last date' >> /usr/bin/updatedate + echo 'if [[ $BACKWARDS_BETWEEN == 0 ]]; then' >> /usr/bin/updatedate + echo ' echo "$AFTER" > $BEFORE_DATE_FILE' >> /usr/bin/updatedate + echo ' echo "$DATE_AFTER" > $BEFORE_FULLDATE_FILE' >> /usr/bin/updatedate + echo ' exit 0' >> /usr/bin/updatedate + echo 'else' >> /usr/bin/updatedate + echo ' exit 1' >> /usr/bin/updatedate + echo 'fi' >> /usr/bin/updatedate + chmod +x /usr/bin/updatedate + echo '*/15 * * * * root /usr/bin/updatedate' >> /etc/crontab + service cron restart + + echo '#!/bin/bash' > /etc/init.d/tlsdate + echo '# /etc/init.d/tlsdate' >> /etc/init.d/tlsdate + echo '### BEGIN INIT INFO' >> /etc/init.d/tlsdate + echo '# Provides: tlsdate' >> /etc/init.d/tlsdate + echo '# Required-Start: $remote_fs $syslog' >> /etc/init.d/tlsdate + echo '# Required-Stop: $remote_fs $syslog' >> /etc/init.d/tlsdate + echo '# Default-Start: 2 3 4 5' >> /etc/init.d/tlsdate + echo '# Default-Stop: 0 1 6' >> /etc/init.d/tlsdate + echo '# Short-Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate + echo '# Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate + echo '### END INIT INFO' >> /etc/init.d/tlsdate + echo '# Author: Bob Mottram ' >> /etc/init.d/tlsdate + echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin"' >> /etc/init.d/tlsdate + echo 'LOGFILE="/var/log/tlsdate.log"' >> /etc/init.d/tlsdate + echo 'TLSDATECOMMAND="tlsdate --timewarp -l -H www.ptb.de -p 443 >> $LOGFILE"' >> /etc/init.d/tlsdate + echo '#Start-Stop here' >> /etc/init.d/tlsdate + echo 'case "$1" in' >> /etc/init.d/tlsdate + echo ' start)' >> /etc/init.d/tlsdate + echo ' echo "tlsdate started"' >> /etc/init.d/tlsdate + echo ' $TLSDATECOMMAND' >> /etc/init.d/tlsdate + echo ' ;;' >> /etc/init.d/tlsdate + echo ' stop)' >> /etc/init.d/tlsdate + echo ' echo "tlsdate stopped"' >> /etc/init.d/tlsdate + echo ' ;;' >> /etc/init.d/tlsdate + echo ' restart)' >> /etc/init.d/tlsdate + echo ' echo "tlsdate restarted"' >> /etc/init.d/tlsdate + echo ' $TLSDATECOMMAND' >> /etc/init.d/tlsdate + echo ' ;;' >> /etc/init.d/tlsdate + echo ' *)' >> /etc/init.d/tlsdate + echo ' echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/tlsdate + echo ' exit 1' >> /etc/init.d/tlsdate + echo ' ;;' >> /etc/init.d/tlsdate + echo 'esac' >> /etc/init.d/tlsdate + echo 'exit 0' >> /etc/init.d/tlsdate + chmod +x /etc/init.d/tlsdate + update-rc.d tlsdate defaults + echo 'time_synchronisation' >> $COMPLETION_FILE +} + +function configure_firewall { + if grep -Fxq "configure_firewall" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -P INPUT ACCEPT + ip6tables -P INPUT ACCEPT + iptables -F + ip6tables -F + iptables -t nat -F + ip6tables -t nat -F + iptables -X + ip6tables -X + iptables -P INPUT DROP + ip6tables -P INPUT DROP + iptables -A INPUT -i lo -j ACCEPT + iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + + # Make sure incoming tcp connections are SYN packets + iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP + + # Drop packets with incoming fragments + iptables -A INPUT -f -j DROP + + # Drop bogons + iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP + iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP + iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP + + # Incoming malformed NULL packets: + iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP + + echo 'configure_firewall' >> $COMPLETION_FILE +} + +function save_firewall_settings { + iptables-save > /etc/firewall.conf + ip6tables-save > /etc/firewall6.conf + printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables + printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables + printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables + chmod +x /etc/network/if-up.d/iptables +} + +function configure_firewall_for_cjdns { + if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then + return + fi + if [[ $ENABLE_CJDNS != "yes" ]]; then + return + fi + ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE + ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE +} + +function configure_firewall_for_dlna { + if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + iptables -A INPUT -i eth0 -p udp --dport 1900 -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport 8200 -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE +} + +function configure_firewall_for_dns { + if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_dns' >> $COMPLETION_FILE +} + +function configure_firewall_for_xmpp { + if [ ! -d /etc/prosody ]; then + return + fi + if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -i eth0 -p tcp --dport 5222:5223 -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport 5269 -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport 5280:5281 -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE +} + +function configure_firewall_for_irc { + if [ ! -d /etc/ngircd ]; then + return + fi + if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -i eth0 -p tcp --dport 6697 -j ACCEPT + iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 6697 -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport 9999 -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_irc' >> $COMPLETION_FILE +} + +function configure_firewall_for_ftp { + if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE +} + +function configure_firewall_for_web_access { + if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE +} + +function configure_firewall_for_web_server { + if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE +} + +function configure_firewall_for_ssh { + if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE +} + +function configure_firewall_for_git { + if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_git' >> $COMPLETION_FILE +} + +function configure_firewall_for_email { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_email' >> $COMPLETION_FILE +} + +function configure_internet_protocol { + if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then + return + fi + sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf + sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf + sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf + sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf + echo '# ignore pings' >> /etc/sysctl.conf + echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf + echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf + echo '# disable ipv6' >> /etc/sysctl.conf + echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf + echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf + echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf + echo '# keepalive' >> /etc/sysctl.conf + echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf + echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf + echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf + echo 'configure_internet_protocol' >> $COMPLETION_FILE +} + +function script_to_make_self_signed_certificates { + if grep -Fxq "script_to_make_self_signed_certificates" $COMPLETION_FILE; then + return + fi + echo '#!/bin/bash' > /usr/bin/makecert + echo 'HOSTNAME=$1' >> /usr/bin/makecert + echo 'COUNTRY_CODE="US"' >> /usr/bin/makecert + echo 'AREA="Free Speech Zone"' >> /usr/bin/makecert + echo 'LOCATION="Freedomville"' >> /usr/bin/makecert + echo 'ORGANISATION="Freedombone"' >> /usr/bin/makecert + echo 'UNIT="Freedombone Unit"' >> /usr/bin/makecert + echo 'if ! which openssl > /dev/null ;then' >> /usr/bin/makecert + echo ' echo "$0: openssl is not installed, exiting" 1>&2' >> /usr/bin/makecert + echo ' exit 1' >> /usr/bin/makecert + echo 'fi' >> /usr/bin/makecert + echo 'openssl req -x509 -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt' >> /usr/bin/makecert + echo 'openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam' >> /usr/bin/makecert + echo 'chmod 400 /etc/ssl/private/$HOSTNAME.key' >> /usr/bin/makecert + echo 'chmod 640 /etc/ssl/certs/$HOSTNAME.crt' >> /usr/bin/makecert + echo 'chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam' >> /usr/bin/makecert + echo 'if [ -f /etc/init.d/nginx ]; then' >> /usr/bin/makecert + echo ' /etc/init.d/nginx reload' >> /usr/bin/makecert + echo 'fi' >> /usr/bin/makecert + echo '# add the public certificate to a separate directory' >> /usr/bin/makecert + echo '# so that we can redistribute it easily' >> /usr/bin/makecert + echo 'if [ ! -d /etc/ssl/mycerts ]; then' >> /usr/bin/makecert + echo ' mkdir /etc/ssl/mycerts' >> /usr/bin/makecert + echo 'fi' >> /usr/bin/makecert + echo 'cp /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/mycerts' >> /usr/bin/makecert + echo '# Create a bundle of your certificates' >> /usr/bin/makecert + echo 'cat /etc/ssl/mycerts/*.crt > /etc/ssl/freedombone-bundle.crt' >> /usr/bin/makecert + echo 'tar -czvf /etc/ssl/freedombone-certs.tar.gz /etc/ssl/mycerts/*.crt' >> /usr/bin/makecert + chmod +x /usr/bin/makecert + echo 'script_to_make_self_signed_certificates' >> $COMPLETION_FILE +} + +function configure_email { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "configure_email" $COMPLETION_FILE; then + return + fi + apt-get -y remove postfix + apt-get -y --force-yes install exim4 sasl2-bin swaks libnet-ssleay-perl procmail + + if [ ! -d /etc/exim4 ]; then + echo "ERROR: Exim does not appear to have installed. $CHECK_MESSAGE" + exit 48 + fi + + # configure for Maildir format + sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs + sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs + + if ! grep -q "export MAIL" /etc/profile; then + echo 'export MAIL=~/Maildir' >> /etc/profile + fi + + sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login + sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd + sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su + + echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf + echo "dc_other_hostnames='$DOMAIN_NAME'" >> /etc/exim4/update-exim4.conf.conf + echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf + echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf + echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf + echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf + echo "dc_relay_nets='192.168.1.0/24'" >> /etc/exim4/update-exim4.conf.conf + echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf + echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf + echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf + echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf + echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf + echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf + update-exim4.conf + sed -i "s/START=no/START=yes/g" /etc/default/saslauthd + /etc/init.d/saslauthd start + + # make a tls certificate for email + if [ ! -f /etc/ssl/private/exim.key ]; then + makecert exim + fi + cp /etc/ssl/private/exim.key /etc/exim4 + cp /etc/ssl/certs/exim.crt /etc/exim4 + cp /etc/ssl/certs/exim.dhparam /etc/exim4 + chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam + chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam + + sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template + sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template + sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4 + if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then + sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template + fi + + adduser $MY_USERNAME sasl + addgroup Debian-exim sasl + /etc/init.d/exim4 restart + if [ ! -d /etc/skel/Maildir ]; then + mkdir -m 700 /etc/skel/Maildir + mkdir -m 700 /etc/skel/Maildir/Sent + mkdir -m 700 /etc/skel/Maildir/Sent/tmp + mkdir -m 700 /etc/skel/Maildir/Sent/cur + mkdir -m 700 /etc/skel/Maildir/Sent/new + mkdir -m 700 /etc/skel/Maildir/.learn-spam + mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur + mkdir -m 700 /etc/skel/Maildir/.learn-spam/new + mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp + mkdir -m 700 /etc/skel/Maildir/.learn-ham + mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur + mkdir -m 700 /etc/skel/Maildir/.learn-ham/new + mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp + ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam + ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham + fi + + if [ ! -d /home/$MY_USERNAME/Maildir ]; then + mkdir -m 700 /home/$MY_USERNAME/Maildir + mkdir -m 700 /home/$MY_USERNAME/Maildir/cur + mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp + mkdir -m 700 /home/$MY_USERNAME/Maildir/new + mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent + mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur + mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp + mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new + mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp + ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam + ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir + fi + echo 'configure_email' >> $COMPLETION_FILE +} + +function create_procmail { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "create_procmail" $COMPLETION_FILE; then + return + fi + if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then + echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc + echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc + echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc + echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc + fi + echo 'create_procmail' >> $COMPLETION_FILE +} + +function spam_filtering { + # NOTE: spamassassin installation currently doesn't work, sa-compile fails with a make error 23/09/2014 + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "spam_filtering" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install exim4-daemon-heavy + apt-get -y --force-yes install spamassassin + sa-update -v + sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin + sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template + # This configuration is based on https://wiki.debian.org/DebianSpamAssassin + sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt + sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt + sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data + # procmail configuration + echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc + echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc + echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc + echo '| spamc' >> /home/$MY_USERNAME/.procmailrc + echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc + echo ':0' >> /home/$MY_USERNAME/.procmailrc + echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc + echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc + echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc + echo ':0' >> /home/$MY_USERNAME/.procmailrc + echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc + echo '.0-spam/' >> /home/$MY_USERNAME/.procmailrc + echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc + echo ':0' >> /home/$MY_USERNAME/.procmailrc + echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc + echo '.spam/' >> /home/$MY_USERNAME/.procmailrc + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc + # filtering scripts + echo '#!/bin/bash' > /usr/bin/filterspam + echo 'USERNAME=$1' >> /usr/bin/filterspam + echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam + echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam + echo ' exit' >> /usr/bin/filterspam + echo 'fi' >> /usr/bin/filterspam + echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam + echo 'do' >> /usr/bin/filterspam + echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam + echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam + echo 'done' >> /usr/bin/filterspam + echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam + echo 'do' >> /usr/bin/filterspam + echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam + echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam + echo 'done' >> /usr/bin/filterspam + + echo '#!/bin/bash' > /usr/bin/filterham + echo 'USERNAME=$1' >> /usr/bin/filterham + echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham + echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham + echo ' exit' >> /usr/bin/filterham + echo 'fi' >> /usr/bin/filterham + echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham + echo 'do' >> /usr/bin/filterham + echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham + echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham + echo 'done' >> /usr/bin/filterham + echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterham + echo 'do' >> /usr/bin/filterham + echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham + echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham + echo 'done' >> /usr/bin/filterham + + if ! grep -q "filterspam" /etc/crontab; then + echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam $MY_USERNAME" >> /etc/crontab + fi + if ! grep -q "filterham" /etc/crontab; then + echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham $MY_USERNAME" >> /etc/crontab + fi + chmod 655 /usr/bin/filterspam /usr/bin/filterham + sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf + sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf + + service spamassassin restart + service exim4 restart + service cron restart + echo 'spam_filtering' >> $COMPLETION_FILE +} + +function configure_imap { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "configure_imap" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install dovecot-common dovecot-imapd + + if [ ! -d /etc/dovecot ]; then + echo "ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE" + exit 48 + fi + + if [ ! -f /etc/ssl/private/dovecot.key ]; then + makecert dovecot + fi + chown root:dovecot /etc/ssl/certs/dovecot.* + chown root:dovecot /etc/ssl/private/dovecot.* + + sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf + sed -i 's|ssl_cert =.*|ssl_cert = > /etc/dovecot/conf.d/10-ssl.conf + + sed -i 's/#process_limit =.*/process_limit = 5/g' /etc/dovecot/conf.d/10-master.conf + sed -i 's/#default_client_limit.*/default_client_limit = 5/g' /etc/dovecot/conf.d/10-master.conf + + sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf + + sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf + sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf + sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf + sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf + service dovecot restart + echo 'configure_imap' >> $COMPLETION_FILE +} + +function configure_gpg { + if grep -Fxq "configure_gpg" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install gnupg + + # if gpg keys directory was previously imported from usb + if [[ $GPG_KEYS_IMPORTED == "yes" && -d /home/$MY_USERNAME/.gnupg ]]; then + sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf + MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') + echo 'configure_gpg' >> $COMPLETION_FILE + return + fi + + if [ ! -d /home/$MY_USERNAME/.gnupg ]; then + mkdir /home/$MY_USERNAME/.gnupg + echo 'keyserver hkp://keys.gnupg.net' >> /home/$MY_USERNAME/.gnupg/gpg.conf + echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf + fi + + sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf + + if ! grep -q "# default preferences" /home/$MY_USERNAME/.gnupg/gpg.conf; then + echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf + echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf + echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf + echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf + echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf + fi + + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg + + if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then + # use your existing GPG keys which were exported + if [ ! -f $MY_GPG_PUBLIC_KEY ]; then + echo "GPG public key file $MY_GPG_PUBLIC_KEY was not found" + exit 5 + fi + if [ ! -f $MY_GPG_PRIVATE_KEY ]; then + echo "GPG private key file $MY_GPG_PRIVATE_KEY was not found" + exit 6 + fi + su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME + su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME + # for security ensure that the private key file doesn't linger around + shred -zu $MY_GPG_PRIVATE_KEY + MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') + else + # Generate a GPG key + echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf + echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf + echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf + echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf + echo "Name-Real: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf + echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf + echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf + su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME + shred -zu /home/$MY_USERNAME/gpg-genkey.conf + MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') + MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg + su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME + + if grep -q "configure_email" $COMPLETION_FILE; then + if ! grep -q "Change your GPG password" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Change your GPG password' >> /home/$MY_USERNAME/README + echo '========================' >> /home/$MY_USERNAME/README + echo "It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README + echo "if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README + echo 'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README + echo 'You can change the it with:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " gpg --edit-key $MY_GPG_PUBLIC_KEY" >> /home/$MY_USERNAME/README + echo ' passwd' >> /home/$MY_USERNAME/README + echo ' save' >> /home/$MY_USERNAME/README + echo ' quit' >> /home/$MY_USERNAME/README + fi + if ! grep -q "Publish your GPG public key" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Publish your GPG public key' >> /home/$MY_USERNAME/README + echo '===========================' >> /home/$MY_USERNAME/README + echo 'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README + echo 'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " gpg --send-keys $MY_GPG_PUBLIC_KEY" >> /home/$MY_USERNAME/README + fi + fi + fi + + echo 'configure_gpg' >> $COMPLETION_FILE +} + +function encrypt_incoming_email { + # encrypts incoming mail using your GPG public key + # so even if an attacker gains access to the data at rest they still need + # to know your GPG key password to be able to read anything + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then + return + fi + if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then + return + fi + if [ ! -f /usr/bin/gpgit.pl ]; then + apt-get -y --force-yes install git libmail-gnupg-perl + cd $INSTALL_DIR + git clone https://github.com/mikecardwell/gpgit + cd gpgit + cp gpgit.pl /usr/bin + fi + + # add a procmail rule + if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then + echo '' >> /home/$MY_USERNAME/.procmailrc + echo ':0 f' >> /home/$MY_USERNAME/.procmailrc + echo "| /usr/bin/gpgit.pl $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc + fi + echo 'encrypt_incoming_email' >> $COMPLETION_FILE +} + +function encrypt_outgoing_email { + # encrypts outgoing mail using your GPG public key + # so even if an attacker gains access to the data at rest they still need + # to know your GPG key password to be able to read sent mail + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then + return + fi + if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then + return + fi + + if [ ! -d /home/$MY_USERNAME/.gnupg ]; then + return + fi + + if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then + MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') + if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then + return + fi + fi + + sed -i "s|#encrypt-to .*|hidden-encrypt-to $MY_GPG_PUBLIC_KEY_ID|g" /home/$MY_USERNAME/.gnupg/gpg.conf + + echo 'encrypt_outgoing_email' >> $COMPLETION_FILE +} + +function encrypt_all_email { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "encrypt_all_email" $COMPLETION_FILE; then + return + fi + if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then + return + fi + echo '#!/bin/bash' > /usr/bin/encmaildir + echo '#' >> /usr/bin/encmaildir + echo '# GPLv2' >> /usr/bin/encmaildir + echo '# GPG Encrypt a Maildir using gpgit.pl' >> /usr/bin/encmaildir + echo '# Oct 03, 2014' >> /usr/bin/encmaildir + echo '#' >> /usr/bin/encmaildir + echo '# Change log:' >> /usr/bin/encmaildir + echo '# Sep 03, 2011' >> /usr/bin/encmaildir + echo '# - Temporary file is based on file_owner to avoid' >> /usr/bin/encmaildir + echo '# issues with permission differences.' >> /usr/bin/encmaildir + echo '# - Temporary file is removed after run.' >> /usr/bin/encmaildir + echo '# - Optional arguments passed to "find".' >> /usr/bin/encmaildir + echo '# - Full paths to binaries.' >> /usr/bin/encmaildir + echo '# - Removed unneccessary need of "cat", "grep", etc.' >> /usr/bin/encmaildir + echo '# Sep 04, 2011' >> /usr/bin/encmaildir + echo '# - Dont remove Dovecot index/uid unless messages' >> /usr/bin/encmaildir + echo '# have been GPG encrypted.' >> /usr/bin/encmaildir + echo '# - Adjust file tests to not just use -e' >> /usr/bin/encmaildir + echo '# - Quote all file operations' >> /usr/bin/encmaildir + echo '# Sep 05, 2011' >> /usr/bin/encmaildir + echo '# - Dont arbitrarily copy files, only overwrite the file' >> /usr/bin/encmaildir + echo '# in ~/Maildir if it differs after calling gpgencmail.pl' >> /usr/bin/encmaildir + echo '# - Only rebuild the index if we have modified ~/Maildir' >> /usr/bin/encmaildir + echo '# Oct 03, 2014' >> /usr/bin/encmaildir + echo '# - Minor modifications for use with Freedombone' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo 'if [[ -z "$1" || -z "$2" || -z "$3" ]]; then' >> /usr/bin/encmaildir + echo ' echo "Usage is ./encmaildir.sh {optional arguments passed to find for messages such as -mtime 0}"' >> /usr/bin/encmaildir + echo ' exit 0' >> /usr/bin/encmaildir + echo 'fi' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo 'MAIL_DIR=$1' >> /usr/bin/encmaildir + echo 'EMAIL_ADDRESS=$2' >> /usr/bin/encmaildir + echo 'USERNAME=$3' >> /usr/bin/encmaildir + echo 'if [ ! -d "$MAIL_DIR" ]; then' >> /usr/bin/encmaildir + echo " MAIL_DIR='/home/$MY_USERNAME/Maildir'" >> /usr/bin/encmaildir + echo 'fi' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo 'if [ ! $EMAIL_ADDRESS ]; then' >> /usr/bin/encmaildir + echo " EMAIL_ADDRESS='$MY_EMAIL_ADDRESS'" >> /usr/bin/encmaildir + echo 'fi' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo 'if [ ! $USERNAME ]; then' >> /usr/bin/encmaildir + echo " USERNAME='$MY_USERNAME'" >> /usr/bin/encmaildir + echo 'fi' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo '# Does this key exist?' >> /usr/bin/encmaildir + echo 'gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1' >> /usr/bin/encmaildir + echo 'if [ $? -gt 0 ]; then' >> /usr/bin/encmaildir + echo ' echo "A GPG key for $EMAIL_ADDRESS could not be found!"' >> /usr/bin/encmaildir + echo ' exit 0' >> /usr/bin/encmaildir + echo 'fi' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo '# Find all files in the Maildir specified.' >> /usr/bin/encmaildir + echo 'echo "Calling find"' >> /usr/bin/encmaildir + echo -n 'find "$MAIL_DIR" -type f -regex ' >> /usr/bin/encmaildir + echo -n "'.*/\(cur\|new\)/.*' " >> /usr/bin/encmaildir + echo '$4|while read line; do' >> /usr/bin/encmaildir + echo ' gpgit.pl --encrypt-mode prefer-inline "$EMAIL_ADDRESS" "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo ' # Check to see if there are differences between the existing' >> /usr/bin/encmaildir + echo ' # Maildir file and what was created by gpgit.pl' >> /usr/bin/encmaildir + echo ' diff -qa "$line" "/tmp/msg_$USERNAME" > /dev/null 2>&1;' >> /usr/bin/encmaildir + echo ' if [ $? -gt 0 ]; then' >> /usr/bin/encmaildir + echo ' # Preserve timestamps, set ownership.' >> /usr/bin/encmaildir + echo ' chown $USERNAME:$USERNAME "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir + echo ' chmod 600 "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir + echo ' touch "/tmp/msg_$USERNAME" --reference="$line"' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo ' # Unlink the original Maildir message' >> /usr/bin/encmaildir + echo ' unlink "$line"' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo ' # Strip message sizes, retain experimental flags' >> /usr/bin/encmaildir + echo ' # and status flags, and copy the file over.' >> /usr/bin/encmaildir + echo ' STRIPSIZES=$(/bin/echo "$line"|/bin/sed -e "s/W=[[:digit:]]*//" -e "s/S=[[:digit:]]*//" -e "s/,,//" -e "s/,:2/:2/")' >> /usr/bin/encmaildir + echo ' cp -av "/tmp/msg_$USERNAME" "$STRIPSIZES"' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo ' #Indexes must be rebuilt, weve modified Maildir.' >> /usr/bin/encmaildir + echo ' touch "/tmp/rebuild_index_$USERNAME"' >> /usr/bin/encmaildir + echo ' else' >> /usr/bin/encmaildir + echo ' echo "Not copying, no differences between /tmp/msg_$USERNAME and $line"' >> /usr/bin/encmaildir + echo ' fi' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo ' # Remove the temporary file' >> /usr/bin/encmaildir + echo ' unlink "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir + echo 'done' >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo '# Remove Dovecot index and uids for regeneration.' >> /usr/bin/encmaildir + echo 'if [ -f "/tmp/rebuild_index_$USERNAME" ]; then' >> /usr/bin/encmaildir + echo ' echo "Removing Dovecot indexes and uids"' >> /usr/bin/encmaildir + echo -n ' find "$MAIL_DIR" -type f -regex ' >> /usr/bin/encmaildir + echo "'.*\(dovecot-\|dovecot\.\|\.uidvalidity\).*' -delete" >> /usr/bin/encmaildir + echo '' >> /usr/bin/encmaildir + echo ' # Remove the temporary file' >> /usr/bin/encmaildir + echo ' unlink "/tmp/rebuild_index_$USERNAME"' >> /usr/bin/encmaildir + echo 'else' >> /usr/bin/encmaildir + echo ' echo "No messages found needing GPG encryption, not' >> /usr/bin/encmaildir + echo ' echo "removing Dovecot indexes and UIDs."' >> /usr/bin/encmaildir + echo 'fi' >> /usr/bin/encmaildir + echo 'exit 0' >> /usr/bin/encmaildir + chmod +x /usr/bin/encmaildir + + if [ ! /home/$MY_USERNAME/README ]; then + touch /home/$MY_USERNAME/README + fi + if ! grep -q "If you have imported legacy email" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Encrypting legacy email' >> /home/$MY_USERNAME/README + echo '=======================' >> /home/$MY_USERNAME/README + echo 'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME/README + echo 'then it can be encrypted with the command:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo ' encmaildir' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME/README + echo 'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME/README + echo 'and may be better done on a faster machine.' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + echo 'encrypt_all_email' >> $COMPLETION_FILE +} + +function email_client { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "email_client" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install mutt-patched lynx abook + + if [ ! -f /etc/Muttrc ]; then + echo "ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE" + exit 49 + fi + + if [ ! -d /home/$MY_USERNAME/.mutt ]; then + mkdir /home/$MY_USERNAME/.mutt + fi + echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt + + + echo 'set mbox_type=Maildir' >> /etc/Muttrc + echo 'set folder="~/Maildir"' >> /etc/Muttrc + echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc + echo 'set mbox="~/Maildir"' >> /etc/Muttrc + echo 'set record="+Sent"' >> /etc/Muttrc + echo 'set postponed="+Drafts"' >> /etc/Muttrc + echo 'set trash="+Trash"' >> /etc/Muttrc + echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc + echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc + echo 'set editor="emacs"' >> /etc/Muttrc + echo 'set header_cache="+.cache"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo 'macro index S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc + echo 'macro pager S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc + echo 'macro index H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc + echo 'macro pager H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# set up the sidebar' >> /etc/Muttrc + echo 'set sidebar_width=22' >> /etc/Muttrc + echo 'set sidebar_visible=yes' >> /etc/Muttrc + echo "set sidebar_delim='|'" >> /etc/Muttrc + echo 'set sidebar_sort=yes' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo 'set rfc2047_parameters' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# Show inbox and sent items' >> /etc/Muttrc + echo 'mailboxes = =Sent' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc + echo 'color sidebar_new yellow default' >> /etc/Muttrc + echo 'color normal white default' >> /etc/Muttrc + echo 'color hdrdefault brightcyan default' >> /etc/Muttrc + echo 'color signature green default' >> /etc/Muttrc + echo 'color attachment brightyellow default' >> /etc/Muttrc + echo 'color quoted green default' >> /etc/Muttrc + echo 'color quoted1 white default' >> /etc/Muttrc + echo 'color tilde blue default' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc + echo '# ctrl-o to open selected folder' >> /etc/Muttrc + echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc + echo 'bind index \Cn sidebar-next' >> /etc/Muttrc + echo 'bind index \Co sidebar-open' >> /etc/Muttrc + echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc + echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc + echo 'bind pager \Co sidebar-open' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc + echo "macro index,pager \Cb 'toggle sidebar_visible' 'toggle sidebar'" >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# esc-m Mark new messages as read' >> /etc/Muttrc + echo 'macro index m "T~N;WNT~O;WO\CT~T" "mark all messages read"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# Collapsing threads' >> /etc/Muttrc + echo 'macro index [ "" "collapse/uncollapse thread"' >> /etc/Muttrc + echo 'macro index ] "" "collapse/uncollapse all threads"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# threads containing new messages' >> /etc/Muttrc + echo 'uncolor index "~(~N)"' >> /etc/Muttrc + echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# new messages themselves' >> /etc/Muttrc + echo 'uncolor index "~N"' >> /etc/Muttrc + echo 'color index brightyellow default "~N"' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# GPG/PGP integration' >> /etc/Muttrc + echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc + echo 'set pgp_timeout=1800' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc + echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc + echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc + echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc + echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc + echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc + echo 'set fcc_clear # Keep cleartext copy of sent encrypted mail' >> /etc/Muttrc + echo 'unset smime_is_default' >> /etc/Muttrc + echo '' >> /etc/Muttrc + echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc + echo 'source ~/.mutt-alias' >> /etc/Muttrc + echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc + echo 'macro index,pager A "abook --add-email-quiet" "add the sender address to abook"' >> /etc/Muttrc + + cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc + touch /home/$MY_USERNAME/.mutt-alias + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias + + echo 'email_client' >> $COMPLETION_FILE +} + +function email_archiving { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "email_archiving" $COMPLETION_FILE; then + return + fi + + if [ ! -d $INSTALL_DIR ]; then + mkdir $INSTALL_DIR + fi + cd $INSTALL_DIR + git clone https://github.com/bashrc/cleanup-maildir + cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin + echo '#!/bin/bash' > /etc/cron.daily/archivemail + echo "MUTTRC=/home/$MY_USERNAME/.muttrc" >> /etc/cron.daily/archivemail + echo "python /usr/bin/cleanup-maildir --archive-folder='archive' --maildir-root='/home/$MY_USERNAME/Maildir' archive ''" >> /etc/cron.daily/archivemail + echo "chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir/archive-*" >> /etc/cron.daily/archivemail + echo 'if [ -f $MUTTRC ]; then' >> /etc/cron.daily/archivemail + echo ' MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /etc/cron.daily/archivemail + echo ' BACKUP_DIRECTORY=archive-$(date +"%Y")' >> /etc/cron.daily/archivemail + echo ' if [[ $MUTT_MAILBOXES != *$BACKUP_DIRECTORY* ]]; then' >> /etc/cron.daily/archivemail + echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" $MUTTRC' >> /etc/cron.daily/archivemail + echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /etc/cron.daily/archivemail + echo ' fi' >> /etc/cron.daily/archivemail + echo 'fi' >> /etc/cron.daily/archivemail + echo 'exit 0' >> /etc/cron.daily/archivemail + chmod +x /etc/cron.daily/archivemail + + echo 'email_archiving' >> $COMPLETION_FILE +} + +function folders_for_mailing_lists { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "folders_for_mailing_lists" $COMPLETION_FILE; then + return + fi + echo '#!/bin/bash' > /usr/bin/addmailinglist + echo 'MYUSERNAME=$1' >> /usr/bin/addmailinglist + echo 'MAILINGLIST=$2' >> /usr/bin/addmailinglist + echo 'SUBJECTTAG=$3' >> /usr/bin/addmailinglist + echo 'MUTTRC=/home/$MYUSERNAME/.muttrc' >> /usr/bin/addmailinglist + echo 'PM=/home/$MYUSERNAME/.procmailrc' >> /usr/bin/addmailinglist + echo 'LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST' >> /usr/bin/addmailinglist + echo '' >> /usr/bin/addmailinglist + echo '# Exit if the list was already added' >> /usr/bin/addmailinglist + echo 'if grep -q "=$MAILINGLIST" $MUTTRC; then' >> /usr/bin/addmailinglist + echo ' exit 1' >> /usr/bin/addmailinglist + echo 'fi' >> /usr/bin/addmailinglist + echo '' >> /usr/bin/addmailinglist + echo 'if ! [[ $MYUSERNAME && $MAILINGLIST && $SUBJECTTAG ]]; then' >> /usr/bin/addmailinglist + echo ' echo "addmailinglist [user name] [mailing list name] [subject tag]"' >> /usr/bin/addmailinglist + echo ' exit 1' >> /usr/bin/addmailinglist + echo 'fi' >> /usr/bin/addmailinglist + echo '' >> /usr/bin/addmailinglist + echo 'if [ ! -d "$LISTDIR" ]; then' >> /usr/bin/addmailinglist + echo ' mkdir -m 700 $LISTDIR' >> /usr/bin/addmailinglist + echo ' mkdir -m 700 $LISTDIR/tmp' >> /usr/bin/addmailinglist + echo ' mkdir -m 700 $LISTDIR/new' >> /usr/bin/addmailinglist + echo ' mkdir -m 700 $LISTDIR/cur' >> /usr/bin/addmailinglist + echo 'fi' >> /usr/bin/addmailinglist + echo '' >> /usr/bin/addmailinglist + echo 'chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR' >> /usr/bin/addmailinglist + echo 'echo "" >> $PM' >> /usr/bin/addmailinglist + echo 'echo ":0" >> $PM' >> /usr/bin/addmailinglist + echo 'echo " * ^Subject:.*()\[$SUBJECTTAG\]" >> $PM' >> /usr/bin/addmailinglist + echo 'echo "$LISTDIR/new" >> $PM' >> /usr/bin/addmailinglist + echo 'chown $MYUSERNAME:$MYUSERNAME $PM' >> /usr/bin/addmailinglist + echo '' >> /usr/bin/addmailinglist + echo 'if [ ! -f "$MUTTRC" ]; then' >> /usr/bin/addmailinglist + echo ' cp /etc/Muttrc $MUTTRC' >> /usr/bin/addmailinglist + echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addmailinglist + echo 'fi' >> /usr/bin/addmailinglist + echo '' >> /usr/bin/addmailinglist + echo 'PROCMAILLOG=/home/$MYUSERNAME/log' >> /usr/bin/addmailinglist + echo 'if [ ! -d $PROCMAILLOG ]; then' >> /usr/bin/addmailinglist + echo ' mkdir $PROCMAILLOG' >> /usr/bin/addmailinglist + echo ' chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG' >> /usr/bin/addmailinglist + echo 'fi' >> /usr/bin/addmailinglist + echo '' >> /usr/bin/addmailinglist + echo 'MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /usr/bin/addmailinglist + echo 'if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then' >> /usr/bin/addmailinglist + echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC' >> /usr/bin/addmailinglist + echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addmailinglist + echo 'fi' >> /usr/bin/addmailinglist + echo 'exit 0' >> /usr/bin/addmailinglist + chmod +x /usr/bin/addmailinglist + echo 'folders_for_mailing_lists' >> $COMPLETION_FILE +} + +# Ensure that the from field is correct when sending email from Mutt +function email_from_address { + if grep -Fxq "email_from_address" $COMPLETION_FILE; then + return + fi + + if [ ! -f /home/$MY_USERNAME/.muttrc ]; then + return + fi + if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then + sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" /home/$MY_USERNAME/.muttrc + else + echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc + fi + + echo 'email_from_address' >> $COMPLETION_FILE +} + +function folders_for_email_addresses { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "folders_for_email_addresses" $COMPLETION_FILE; then + return + fi + echo '#!/bin/bash' > /usr/bin/addemailtofolder + echo 'MYUSERNAME=$1' >> /usr/bin/addemailtofolder + echo 'EMAILADDRESS=$2' >> /usr/bin/addemailtofolder + echo 'MAILINGLIST=$3' >> /usr/bin/addemailtofolder + echo 'MUTTRC=/home/$MYUSERNAME/.muttrc' >> /usr/bin/addemailtofolder + echo 'PM=/home/$MYUSERNAME/.procmailrc' >> /usr/bin/addemailtofolder + echo 'LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST' >> /usr/bin/addemailtofolder + echo '' >> /usr/bin/addemailtofolder + echo 'if ! [[ $MYUSERNAME && $EMAILADDRESS && $MAILINGLIST ]]; then' >> /usr/bin/addemailtofolder + echo ' echo "addemailtofolder [user name] [email address] [mailing list name]"' >> /usr/bin/addemailtofolder + echo ' exit 1' >> /usr/bin/addemailtofolder + echo 'fi' >> /usr/bin/addemailtofolder + echo '' >> /usr/bin/addemailtofolder + echo 'if [ ! -d "$LISTDIR" ]; then' >> /usr/bin/addemailtofolder + echo ' mkdir -m 700 $LISTDIR' >> /usr/bin/addemailtofolder + echo ' mkdir -m 700 $LISTDIR/tmp' >> /usr/bin/addemailtofolder + echo ' mkdir -m 700 $LISTDIR/new' >> /usr/bin/addemailtofolder + echo ' mkdir -m 700 $LISTDIR/cur' >> /usr/bin/addemailtofolder + echo 'fi' >> /usr/bin/addemailtofolder + echo 'chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR' >> /usr/bin/addemailtofolder + echo 'echo "" >> $PM' >> /usr/bin/addemailtofolder + echo 'echo ":0" >> $PM' >> /usr/bin/addemailtofolder + echo 'echo " * ^From: $EMAILADDRESS" >> $PM' >> /usr/bin/addemailtofolder + echo 'echo "$LISTDIR/new" >> $PM' >> /usr/bin/addemailtofolder + echo 'chown $MYUSERNAME:$MYUSERNAME $PM' >> /usr/bin/addemailtofolder + echo 'if [ ! -f "$MUTTRC" ]; then' >> /usr/bin/addemailtofolder + echo ' cp /etc/Muttrc $MUTTRC' >> /usr/bin/addemailtofolder + echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addemailtofolder + echo 'fi' >> /usr/bin/addemailtofolder + echo 'PROCMAILLOG=/home/$MYUSERNAME/log' >> /usr/bin/addemailtofolder + echo 'if [ ! -d $PROCMAILLOG ]; then' >> /usr/bin/addemailtofolder + echo ' mkdir $PROCMAILLOG' >> /usr/bin/addemailtofolder + echo ' chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG' >> /usr/bin/addemailtofolder + echo 'fi' >> /usr/bin/addemailtofolder + echo 'MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /usr/bin/addemailtofolder + echo 'if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then' >> /usr/bin/addemailtofolder + echo ' if ! grep -q "=$MAILINGLIST" $MUTTRC; then' >> /usr/bin/addemailtofolder + echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC' >> /usr/bin/addemailtofolder + echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addemailtofolder + echo ' fi' >> /usr/bin/addemailtofolder + echo 'fi' >> /usr/bin/addemailtofolder + echo 'exit 0' >> /usr/bin/addemailtofolder + chmod +x /usr/bin/addemailtofolder + echo 'folders_for_email_addresses' >> $COMPLETION_FILE +} + +function create_public_mailing_list { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then + return + fi + if [ ! $PUBLIC_MAILING_LIST ]; then + return + fi + # does the mailing list have a separate domain name? + if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then + PUBLIC_MAILING_LIST_DOMAIN_NAME=$DOMAIN_NAME + fi + + PUBLIC_MAILING_LIST_USER="mlmmj" + + apt-get -y --force-yes install mlmmj + adduser --system $PUBLIC_MAILING_LIST_USER + addgroup $PUBLIC_MAILING_LIST_USER + adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER + + echo '' + echo "Creating the $PUBLIC_MAILING_LIST mailing list" + echo '' + + # create the list + mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER + + echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros + echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros + echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros + + # router + echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj + + # transport + echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj + + if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi + if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi + + + if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi + if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then + sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs + fi + + if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then + sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary + fi + newaliases + update-exim4.conf.template -r + update-exim4.conf + service exim4 restart + + if ! grep -q "$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Public mailing list' >> /home/$MY_USERNAME/README + echo '===================' >> /home/$MY_USERNAME/README + echo "To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README + echo "cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DOMAIN_NAME" >> /home/$MY_USERNAME/README + fi + + addmailinglist $MY_USERNAME "$PUBLIC_MAILING_LIST" "$PUBLIC_MAILING_LIST" + + echo 'create_public_mailing_list' >> $COMPLETION_FILE +} + +function create_private_mailing_list { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + # This installation doesn't work, results in ruby errors + # There is currently no schleuder package for Debian jessie + if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then + return + fi + if [ ! $PRIVATE_MAILING_LIST ]; then + return + fi + if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then + echo 'The name of the private mailing list should not be the' + echo 'same as your username' + exit 10 + fi + if [ ! $MY_GPG_PUBLIC_KEY ]; then + echo 'To create a private mailing list you need to specify a file' + echo 'containing your exported GPG key within MY_GPG_PUBLIC_KEY at' + echo 'the top of the script' + exit 11 + fi + apt-get -y --force-yes install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev + gem install schleuder + schleuder-fix-gem-dependencies + schleuder-init-setup --gem + # NOTE: this is version number sensitive and so might need changing + ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder + sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf + sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf + schleuder-newlist $PRIVATE_MAILING_LIST@$DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive + addemailtofolder $MY_USERNAME $PRIVATE_MAILING_LIST@$DOMAIN_NAME $PRIVATE_MAILING_LIST + + echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder + + echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder + chown -R schleuder:schleuder /var/lib/schleuder + update-exim4.conf.template -r + update-exim4.conf + service exim4 restart + useradd -d /var/schleuderlists -s /bin/false schleuder + adduser Debian-exim schleuder + usermod -a -G mail schleuder + #exim -d -bt $PRIVATE_MAILING_LIST@$DOMAIN_NAME + echo 'create_private_mailing_list' >> $COMPLETION_FILE +} + +function import_email { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + EMAIL_COMPLETE_MSG=' *** Freedombone mailbox installation is complete ***' + if grep -Fxq "import_email" $COMPLETION_FILE; then + if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then + create_backup_script + create_restore_script + backup_to_friends_servers + intrusion_detection + echo '' + echo "$EMAIL_COMPLETE_MSG" + if [ -d $USB_MOUNT ]; then + umount $USB_MOUNT + rm -rf $USB_MOUNT + echo ' You can now remove the USB drive' + fi + exit 0 + fi + return + fi + if [ $IMPORT_MAILDIR ]; then + if [ -d $IMPORT_MAILDIR ]; then + echo 'Transfering email files' + cp -r $IMPORT_MAILDIR /home/$MY_USERNAME + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir + else + echo "Email import directory $IMPORT_MAILDIR not found" + exit 9 + fi + fi + echo 'import_email' >> $COMPLETION_FILE + if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then + create_backup_script + create_restore_script + backup_to_friends_servers + intrusion_detection + # unmount any attached usb drive + echo '' + echo "$EMAIL_COMPLETE_MSG" + echo '' + if [ -d $USB_MOUNT ]; then + umount $USB_MOUNT + rm -rf $USB_MOUNT + echo ' You can now remove the USB drive' + fi + exit 0 + fi +} + +function install_web_server { + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "install_web_server" $COMPLETION_FILE; then + return + fi + # remove apache + apt-get -y remove --purge apache2 + if [ -d /etc/apache2 ]; then + rm -rf /etc/apache2 + fi + # install nginx + apt-get -y --force-yes install nginx php5-fpm git + + # limit the number of php processes + sed -i 's/; process.max = 128/process.max = 32/g' /etc/php5/fpm/php-fpm.conf + sed -i 's/;process_control_timeout = 0/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf + + if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then + echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf + fi + + if [ ! -d /etc/nginx ]; then + echo "ERROR: nginx does not appear to have installed. $CHECK_MESSAGE" + exit 51 + fi + + # Nginx settings + echo 'user www-data;' > /etc/nginx/nginx.conf + #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf + echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo 'events {' >> /etc/nginx/nginx.conf + echo ' worker_connections 50;' >> /etc/nginx/nginx.conf + echo ' # multi_accept on;' >> /etc/nginx/nginx.conf + echo '}' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo 'http {' >> /etc/nginx/nginx.conf + echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf + echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf + echo ' # Note that the Owncloud web interface seems to require a rate of around 140r/s' >> /etc/nginx/nginx.conf + echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf + echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf + echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf + echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf + echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf + echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' # Basic Settings' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' sendfile on;' >> /etc/nginx/nginx.conf + echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf + echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf + echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf + echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf + echo ' server_tokens off;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf + echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf + echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' # Logging Settings' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf + echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ###' >> /etc/nginx/nginx.conf + echo ' # Gzip Settings' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' gzip on;' >> /etc/nginx/nginx.conf + echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf + echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf + echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf + echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf + echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf + echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf + echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf + echo '}' >> /etc/nginx/nginx.conf + + # install a script to easily enable and disable nginx virtual hosts + if [ ! -d $INSTALL_DIR ]; then + mkdir $INSTALL_DIR + fi + cd $INSTALL_DIR + git clone https://github.com/perusio/nginx_ensite + cd $INSTALL_DIR/nginx_ensite + cp nginx_* /usr/sbin + nginx_dissite default + echo 'install_web_server' >> $COMPLETION_FILE +} + +function configure_php { + sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini + sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini + sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini + sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini + sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini +} + +function install_mariadb { + if grep -Fxq "install_mariadb" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install python-software-properties debconf-utils + apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db + add-apt-repository 'deb http://mariadb.biz.net.id//repo/10.1/debian sid main' + apt-get -y --force-yes install software-properties-common + apt-get -y update + + get_mariadb_password + if [ ! $MARIADB_PASSWORD ]; then + MARIADB_PASSWORD=$(openssl rand -base64 32) + echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE + chmod 600 $DATABASE_PASSWORD_FILE + + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'MariaDB / MySql' >> /home/$MY_USERNAME/README + echo '===============' >> /home/$MY_USERNAME/README + echo "Your MariaDB password is: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD" + debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD" + apt-get -y --force-yes install mariadb-server + + if [ ! -d /etc/mysql ]; then + echo "ERROR: mariadb-server does not appear to have installed. $CHECK_MESSAGE" + exit 54 + fi + + mysqladmin -u root password "$MARIADB_PASSWORD" + echo 'install_mariadb' >> $COMPLETION_FILE +} + +function backup_databases_script_header { + if [ ! -f /usr/bin/backupdatabases ]; then + # daily + echo '#!/bin/sh' > /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo -n 'MYSQL_PASSWORD=$(cat ' >> /usr/bin/backupdatabases + echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/backupdatabases + echo 'umask 0077' >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases + echo "if [ -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backupdatabases + echo ' exit 1' >> /usr/bin/backupdatabases + echo 'fi' >> /usr/bin/backupdatabases + chmod 600 /usr/bin/backupdatabases + chmod +x /usr/bin/backupdatabases + + echo '#!/bin/sh' > /etc/cron.daily/backupdatabasesdaily + echo '/usr/bin/backupdatabases' >> /etc/cron.daily/backupdatabasesdaily + chmod 600 /etc/cron.daily/backupdatabasesdaily + chmod +x /etc/cron.daily/backupdatabasesdaily + + # weekly + echo '#!/bin/sh' > /etc/cron.weekly/backupdatabasesweekly + echo '' >> /etc/cron.weekly/backupdatabasesweekly + echo 'umask 0077' >> /etc/cron.weekly/backupdatabasesweekly + + chmod 600 /etc/cron.weekly/backupdatabasesweekly + chmod +x /etc/cron.weekly/backupdatabasesweekly + + # monthly + echo '#!/bin/sh' > /etc/cron.monthly/backupdatabasesmonthly + echo '' >> /etc/cron.monthly/backupdatabasesmonthly + echo 'umask 0077' >> /etc/cron.monthly/backupdatabasesmonthly + + chmod 600 /etc/cron.monthly/backupdatabasesmonthly + chmod +x /etc/cron.monthly/backupdatabasesmonthly + fi +} + +function repair_databases_script { + if grep -Fxq "repair_databases_script" $COMPLETION_FILE; then + return + fi + if [ ! -f $DATABASE_PASSWORD_FILE ]; then + return + fi + + echo '#!/bin/bash' > /usr/bin/repairdatabase + echo '' >> /usr/bin/repairdatabase + echo 'DATABASE=$1' >> /usr/bin/repairdatabase + echo "EMAIL=$MY_EMAIL_ADDRESS" >> /usr/bin/repairdatabase + echo '' >> /usr/bin/repairdatabase + echo -n 'MYSQL_ROOT_PASSWORD=$(cat ' >> /usr/bin/repairdatabase + echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/repairdatabase + echo 'TEMPFILE=/root/repairdatabase_$DATABASE' >> /usr/bin/repairdatabase + echo '' >> /usr/bin/repairdatabase + echo 'umask 0077' >> /usr/bin/repairdatabase + echo '' >> /usr/bin/repairdatabase + echo '# check the database' >> /usr/bin/repairdatabase + echo 'mysqlcheck -c -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE > $TEMPFILE' >> /usr/bin/repairdatabase + echo '' >> /usr/bin/repairdatabase + echo '# Attempt to repair the database if it contains errors' >> /usr/bin/repairdatabase + echo 'if grep -q "Error" "$TEMPFILE"; then' >> /usr/bin/repairdatabase + echo ' mysqlcheck -u root --password=$MYSQL_ROOT_PASSWORD --auto-repair $DATABASE' >> /usr/bin/repairdatabase + echo 'else' >> /usr/bin/repairdatabase + echo ' # No errors were found, so exit' >> /usr/bin/repairdatabase + echo ' rm -f $TEMPFILE' >> /usr/bin/repairdatabase + echo ' exit 0' >> /usr/bin/repairdatabase + echo 'fi' >> /usr/bin/repairdatabase + echo 'rm -f $TEMPFILE' >> /usr/bin/repairdatabase + echo '' >> /usr/bin/repairdatabase + echo '# Check the database again' >> /usr/bin/repairdatabase + echo 'mysqlcheck -c -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE > $TEMPFILE' >> /usr/bin/repairdatabase + echo '' >> /usr/bin/repairdatabase + echo '# If it still contains errors then restore from backup' >> /usr/bin/repairdatabase + echo 'if grep -q "Error" "$TEMPFILE"; then' >> /usr/bin/repairdatabase + echo ' mysql -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE -o < /var/backups/${DATABASE}_daily.sql' >> /usr/bin/repairdatabase + echo '' >> /usr/bin/repairdatabase + echo ' # Send a warning email' >> /usr/bin/repairdatabase + echo ' echo "$DATABASE database corruption could not be repaired. Restored from backup." | mail -s "Freedombone database maintenance" $EMAIL' >> /usr/bin/repairdatabase + echo ' rm -f $TEMPFILE' >> /usr/bin/repairdatabase + echo '' >> /usr/bin/repairdatabase + echo ' exit 1' >> /usr/bin/repairdatabase + echo 'fi' >> /usr/bin/repairdatabase + echo 'rm -f $TEMPFILE' >> /usr/bin/repairdatabase + echo '' >> /usr/bin/repairdatabase + echo 'exit 0' >> /usr/bin/repairdatabase + chmod 600 /usr/bin/repairdatabase + chmod +x /usr/bin/repairdatabase + + echo '#!/bin/bash' > /etc/cron.hourly/repair + echo '' >> /etc/cron.hourly/repair + chmod 600 /etc/cron.hourly/repair + chmod +x /etc/cron.hourly/repair + + echo 'repair_databases_script' >> $COMPLETION_FILE +} + +function install_owncloud_music_app { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "install_owncloud_music_app" $COMPLETION_FILE; then + return + fi + + cd /usr/share/owncloud/apps + git clone https://github.com/owncloud/music music + + if grep -q "Music player in Owncloud" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Music player in Owncloud' >> /home/$MY_USERNAME/README + echo '========================' >> /home/$MY_USERNAME/README + echo 'To enable the music app within ouwncloud log in to the Owncloud' >> /home/$MY_USERNAME/README + echo 'administrator account then go to Apps on the left hand dropdown' >> /home/$MY_USERNAME/README + echo 'menu and enable the music app. You can then log out and log back' >> /home/$MY_USERNAME/README + echo 'in as your Owncloud user and select music from the left hand' >> /home/$MY_USERNAME/README + echo 'dropdown menu.' >> /home/$MY_USERNAME/README + fi + + echo 'install_owncloud_music_app' >> $COMPLETION_FILE +} + +function add_ddns_domain { + if [ ! $CURRENT_DDNS_DOMAIN ]; then + echo 'ddns domain not specified' + exit 5638 + fi + if [ ! -f /etc/inadyn.conf ]; then + echo 'Unable to find inadyn configuration file /etc/inadyn.conf' + exit 5745 + fi + if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then + echo '' >> /etc/inadyn.conf + echo "system default@$DDNS_PROVIDER" >> /etc/inadyn.conf + echo ' ssl' >> /etc/inadyn.conf + if [ $DDNS_USERNAME ]; then + echo " username $DDNS_USERNAME" >> /etc/inadyn.conf + fi + if [ $DDNS_PASSWORD ]; then + echo " password $DDNS_PASSWORD" >> /etc/inadyn.conf + fi + fi + + if ! grep -q "$CURRENT_DDNS_DOMAIN" /etc/inadyn.conf; then + if [ $CURRENT_DDNS_CODE ]; then + echo " alias $CURRENT_DDNS_DOMAIN,$CURRENT_DDNS_CODE" >> /etc/inadyn.conf + else + echo " alias $CURRENT_DDNS_DOMAIN" >> /etc/inadyn.conf + fi + fi + chmod 600 /etc/inadyn.conf + service inadyn restart + + # clear the arguments + CURRENT_DDNS_DOMAIN= + CURRENT_DDNS_CODE= +} + +function install_owncloud { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + OWNCLOUD_COMPLETION_MSG1=" *** Freedombone $SYSTEM_TYPE is now installed ***" + OWNCLOUD_COMPLETION_MSG2="Open $OWNCLOUD_DOMAIN_NAME in a web browser to complete the setup" + if grep -Fxq "install_owncloud" $COMPLETION_FILE; then + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then + install_owncloud_music_app + create_backup_script + create_restore_script + backup_to_friends_servers + intrusion_detection + # unmount any attached usb drive + if [ -d $USB_MOUNT ]; then + umount $USB_MOUNT + rm -rf $USB_MOUNT + fi + echo '' + echo "$OWNCLOUD_COMPLETION_MSG1" + echo "$OWNCLOUD_COMPLETION_MSG2" + exit 0 + fi + return + fi + # if this is exclusively a cloud setup + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then + OWNCLOUD_DOMAIN_NAME=$DOMAIN_NAME + OWNCLOUD_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE + fi + if [ ! $OWNCLOUD_DOMAIN_NAME ]; then + return + fi + if ! [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then + if [ $SYSTEM_TYPE ]; then + return + fi + fi + apt-get -y --force-yes install owncloud + install_mariadb + get_mariadb_password + + get_mariadb_owncloud_admin_password + if [ ! $OWNCLOUD_ADMIN_PASSWORD ]; then + OWNCLOUD_ADMIN_PASSWORD=$(openssl rand -base64 32) + fi + + if ! grep -q "Owncloud database user" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Owncloud' >> /home/$MY_USERNAME/README + echo '========' >> /home/$MY_USERNAME/README + echo 'Owncloud database user: owncloudadmin' >> /home/$MY_USERNAME/README + echo "Owncloud database password: $OWNCLOUD_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + echo 'Owncloud database name: owncloud' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'After creating an administrator account then create a user account via' >> /home/$MY_USERNAME/README + echo "the Users dropdown menu entry. The username should be '$MY_USERNAME'." >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'On mobile devices you can download the Owncloud client via F-Droid.' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'To synchronise calendar entries with Android "install CalDAV Sync Adapter"' >> /home/$MY_USERNAME/README + echo 'using F-Droid then go to settings/accounts and add a CalDav account with' >> /home/$MY_USERNAME/README + echo "the URL https://$OWNCLOUD_DOMAIN_NAME/remote.php/caldav/principals/$MY_USERNAME" >> /home/$MY_USERNAME/README + echo 'and the username and password shown above.' >> /home/$MY_USERNAME/README + fi + + echo "create database owncloud; +CREATE USER 'owncloudadmin'@'localhost' IDENTIFIED BY '$OWNCLOUD_ADMIN_PASSWORD'; +GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloudadmin'@'localhost'; +quit" > $INSTALL_DIR/batch.sql + chmod 600 $INSTALL_DIR/batch.sql + mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql + shred -zu $INSTALL_DIR/batch.sql + + if [ ! -d /var/www/$OWNCLOUD_DOMAIN_NAME ]; then + mkdir /var/www/$OWNCLOUD_DOMAIN_NAME + fi + if [ -d /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs ]; then + rm -rf /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs + fi + + ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs + + echo 'server {' > /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' listen 80;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " error_log /var/log/nginx/$OWNCLOUD_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " error_log /var/log/nginx/$OWNCLOUD_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " ssl_certificate /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " ssl_certificate_key /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " ssl_dhparam /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' fastcgi_param HTTPS on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo " # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME + + configure_php + + if [ ! -f /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key ]; then + makecert $OWNCLOUD_DOMAIN_NAME + fi + + # Ensure that the database gets backed up locally, if remote + # backups are not being used + backup_databases_script_header + echo '' >> /usr/bin/backupdatabases + echo '# Backup Owncloud database' >> /usr/bin/backupdatabases + echo 'TEMPFILE=/root/owncloud.sql' >> /usr/bin/backupdatabases + echo 'DAILYFILE=/var/backups/owncloud_daily.sql' >> /usr/bin/backupdatabases + echo 'mysqldump --password="$MYSQL_PASSWORD" owncloud > $TEMPFILE' >> /usr/bin/backupdatabases + echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases + echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases + echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases + echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases + echo ' mysql -u root --password="$MYSQL_PASSWORD" owncloud -o < $DAILYFILE' >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo ' # Send a warning email' >> /usr/bin/backupdatabases + echo ' echo "Unable to create a backup of the Owncloud database. Attempted to restore from yesterdays backup" | mail -s "Owncloud backup" $EMAIL' >> /usr/bin/backupdatabases + echo ' else' >> /usr/bin/backupdatabases + echo ' # Send a warning email' >> /usr/bin/backupdatabases + echo ' echo "Unable to create a backup of the Owncloud database." | mail -s "Owncloud backup" $EMAIL' >> /usr/bin/backupdatabases + echo ' fi' >> /usr/bin/backupdatabases + echo 'else' >> /usr/bin/backupdatabases + echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases + echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases + echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases + echo 'fi' >> /usr/bin/backupdatabases + + nginx_ensite $OWNCLOUD_DOMAIN_NAME + service php5-fpm restart + service nginx restart + + # update the dynamic DNS + CURRENT_DDNS_DOMAIN=$OWNCLOUD_DOMAIN_NAME + CURRENT_DDNS_CODE=$OWNCLOUD_FREEDNS_SUBDOMAIN_CODE + add_ddns_domain + + echo 'install_owncloud' >> $COMPLETION_FILE + + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then + install_owncloud_music_app + create_backup_script + create_restore_script + backup_to_friends_servers + intrusion_detection + # unmount any attached usb drive + if [ -d $USB_MOUNT ]; then + umount $USB_MOUNT + rm -rf $USB_MOUNT + fi + echo '' + echo "$OWNCLOUD_COMPLETION_MSG1" + echo "$OWNCLOUD_COMPLETION_MSG2" + exit 0 + fi +} + +function install_xmpp { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "install_xmpp" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install prosody + + if [ ! -d /etc/prosody ]; then + echo "ERROR: prosody does not appear to have installed. $CHECK_MESSAGE" + exit 52 + fi + + if [ ! -f "/etc/ssl/private/xmpp.key" ]; then + makecert xmpp + fi + chown prosody:prosody /etc/ssl/private/xmpp.key + chown prosody:prosody /etc/ssl/certs/xmpp.* + cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua + + sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua + sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua + if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then + sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then + sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then + sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then + sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then + sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua + fi + + sed -i "s/example.com/$DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua + sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua + + if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then + echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua + fi + ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua + + sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua + sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua + if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then + sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua + fi + if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then + sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua + fi + if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then + sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua + fi + if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then + sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua + fi + if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then + sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua + fi + sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua + if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then + sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua + fi + if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then + echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua + fi + sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua + sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua + sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua + sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua + sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua + sed -i "s/example.com/$DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua + + service prosody restart + touch /home/$MY_USERNAME/README + + if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then + XMPP_PASSWORD=$(openssl rand -base64 8) + prosodyctl register $MY_USERNAME $DOMAIN_NAME $XMPP_PASSWORD + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'XMPP' >> /home/$MY_USERNAME/README + echo '====' >> /home/$MY_USERNAME/README + echo "Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README + echo 'You can change it with: ' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + echo 'install_xmpp' >> $COMPLETION_FILE +} + +function install_watchdog_script { + if grep -Fxq "install_watchdog_script" $COMPLETION_FILE; then + return + fi + echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + # application specific stuff is added later + chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME + + if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then + echo "*/1 * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab + fi + + echo 'install_watchdog_script' >> $COMPLETION_FILE +} + +function install_irc_server { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "install_irc_server" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install ngircd + + if [ ! -d /etc/ngircd ]; then + echo "ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE" + exit 53 + fi + + if [ ! -f /etc/ssl/private/ngircd.key ]; then + makecert ngircd + fi + + echo '**************************************************' > /etc/ngircd/motd + echo '* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd + echo '* *' >> /etc/ngircd/motd + echo '* Freedom in the Cloud *' >> /etc/ngircd/motd + echo '**************************************************' >> /etc/ngircd/motd + sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf + sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf + sed -i "s/irc.example.net/$DOMAIN_NAME/g" /etc/ngircd/ngircd.conf + sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DOMAIN_NAME|g" /etc/ngircd/ngircd.conf + sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf + sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf + sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf + sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf + sed -i 's/;Ports = 6697, 9999/Ports = 6697, 9999/g' /etc/ngircd/ngircd.conf + sed -i 's/;Name = #ngircd/Name = #freedombone/g' /etc/ngircd/ngircd.conf + sed -i 's/;Topic = Our ngircd testing channel/Topic = Freedombone chat channel/g' /etc/ngircd/ngircd.conf + sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf + sed -i 's|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#freedombone.key|g' /etc/ngircd/ngircd.conf + sed -i 's/;CloakHost = cloaked.host/CloakHost = freedombone/g' /etc/ngircd/ngircd.conf + IRC_SALT=$(openssl rand -base64 32) + IRC_OPERATOR_PASSWORD=$(openssl rand -base64 8) + sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf + sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf + sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf + sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf + sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf + sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf + service ngircd start + + # keep the daemon running + echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' service ngircd start' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + + if ! grep -q "IRC Server" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'IRC Server' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo 'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " /server add -auto -ssl $DOMAIN_NAME 6697" >> /home/$MY_USERNAME/README + echo " /connect $DOMAIN_NAME" >> /home/$MY_USERNAME/README + echo ' /join #freedombone' >> /home/$MY_USERNAME/README + fi + + echo 'install_irc_server' >> $COMPLETION_FILE +} + +function get_wiki_admin_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "Wiki password" /home/$MY_USERNAME/README; then + WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi +} + +function install_wiki { + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "install_wiki" $COMPLETION_FILE; then + return + fi + # if everything is being installed or if this is exclusively a writer setup + if [[ ! $SYSTEM_TYPE || $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then + WIKI_DOMAIN_NAME=$DOMAIN_NAME + WIKI_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE + fi + if [ ! $WIKI_DOMAIN_NAME ]; then + return + fi + apt-get -y --force-yes install dokuwiki + + if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then + mkdir /var/www/$WIKI_DOMAIN_NAME + fi + if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then + rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs + fi + if [ ! -f /etc/ssl/private/$WIKI_DOMAIN_NAME.key ]; then + makecert $WIKI_DOMAIN_NAME + fi + + ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs + + mkdir /var/lib/dokuwiki/custom + cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php + ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php + + chown www-data /var/lib/dokuwiki/custom + chown www-data /var/lib/dokuwiki/custom/local.php + chmod 600 /var/lib/dokuwiki/custom/local.php + + sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php + sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php + + sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php + + # set the admin user + sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php + + # disallow registration of new users + if ! grep -q "disableactions" /etc/dokuwiki/local.php; then + echo "$conf['disableactions'] = 'register'" >> /etc/dokuwiki/local.php + fi + if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then + echo "$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php + fi + + if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then + echo "$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php + fi + if ! grep -q "authtype" /etc/dokuwiki/local.php; then + echo "$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php + fi + + get_wiki_admin_password + if [ ! $WIKI_ADMIN_PASSWORD ]; then + WIKI_ADMIN_PASSWORD=$(openssl rand -base64 16) + fi + HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') + echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php + chmod 640 /var/lib/dokuwiki/acl/users.auth.php + + if ! grep -q "video/ogg" /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then + echo 'ogv video/ogg' >> /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf + echo 'mp4 video/mp4' >> /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf + echo 'webm video/webm' >> /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf + fi + + echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " error_log /var/log/nginx/$WIKI_DOMAIN_NAME_error.log;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " error_log /var/log/nginx/$WIKI_DOMAIN_NAME_error_ssl.log;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " ssl_certificate /etc/ssl/certs/$WIKI_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " ssl_certificate_key /etc/ssl/private/$WIKI_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " ssl_dhparam /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + + configure_php + + nginx_ensite $WIKI_DOMAIN_NAME + service php5-fpm restart + service nginx restart + + # update the dynamic DNS + CURRENT_DDNS_DOMAIN=$WIKI_DOMAIN_NAME + CURRENT_DDNS_CODE=$WIKI_FREEDNS_SUBDOMAIN_CODE + add_ddns_domain + + # add some post-install instructions + if ! grep -q "Wiki password" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Wiki' >> /home/$MY_USERNAME/README + echo '====' >> /home/$MY_USERNAME/README + echo "Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README + echo "Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + echo 'install_wiki' >> $COMPLETION_FILE +} + +function get_blog_admin_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "Your blog password is" /home/$MY_USERNAME/README; then + FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi +} + +function install_blog { + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "install_blog" $COMPLETION_FILE; then + return + fi + if [ ! $FULLBLOG_DOMAIN_NAME ]; then + return + fi + + if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then + mkdir /var/www/$FULLBLOG_DOMAIN_NAME + fi + + cd /var/www/$FULLBLOG_DOMAIN_NAME + git clone https://github.com/danpros/htmly htdocs + chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs + + if [ ! -f /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key ]; then + makecert $FULLBLOG_DOMAIN_NAME + fi + + echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/$FULLBLOG_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/$FULLBLOG_DOMAIN_NAME_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " ssl_certificate /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " ssl_certificate_key /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " ssl_dhparam /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + + configure_php + + # blog settings + cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|site.url.*|site.url = 'https://$FULLBLOG_DOMAIN_NAME'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + + # create a user password + get_blog_admin_password + if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then + FULLBLOG_ADMIN_PASSWORD=$(openssl rand -base64 16) + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'HTMLy Blog' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo "Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README + echo "Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + echo "Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README + echo 'Edit your blog title and time zone at:' >> /home/$MY_USERNAME/README + echo " /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + # create a user + cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/username.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + HASHED_BLOG_PASSWORD="$(echo -n $FULLBLOG_ADMIN_PASSWORD | sha256sum | awk -F ' ' '{print $1}')" + sed -i "s|yourpassword|$HASHED_BLOG_PASSWORD|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + sed -i 's/encryption = clear/encryption = "sha256"/g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + + nginx_ensite $FULLBLOG_DOMAIN_NAME + service php5-fpm restart + service nginx restart + + # update the dynamic DNS + CURRENT_DDNS_DOMAIN=$FULLBLOG_DOMAIN_NAME + CURRENT_DDNS_CODE=$FULLBLOG_FREEDNS_SUBDOMAIN_CODE + add_ddns_domain + + echo 'install_blog' >> $COMPLETION_FILE +} + +function install_gnu_social { + if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then + return + fi + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if [ ! $MICROBLOG_DOMAIN_NAME ]; then + return + fi + + install_mariadb + get_mariadb_password + repair_databases_script + + apt-get -y --force-yes install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser + + if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then + mkdir /var/www/$MICROBLOG_DOMAIN_NAME + fi + if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then + mkdir /var/www/$MICROBLOG_DOMAIN_NAME/htdocs + fi + + cd $INSTALL_DIR + git clone $MICROBLOG_REPO gnusocial + + rm -rf /var/www/$MICROBLOG_DOMAIN_NAME/htdocs + mv gnusocial /var/www/$MICROBLOG_DOMAIN_NAME/htdocs + chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs + chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs + chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/avatar + chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/background + chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/file + chmod +x /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php + + get_mariadb_gnusocial_admin_password + if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then + MICROBLOG_ADMIN_PASSWORD=$(openssl rand -base64 32) + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'GNU Social' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo "Your MariaDB gnusocial admin password is: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + echo "create database gnusocial; +CREATE USER 'gnusocialadmin'@'localhost' IDENTIFIED BY '$MICROBLOG_ADMIN_PASSWORD'; +GRANT ALL PRIVILEGES ON gnusocial.* TO 'gnusocialadmin'@'localhost'; +quit" > $INSTALL_DIR/batch.sql + chmod 600 $INSTALL_DIR/batch.sql + mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql + shred -zu $INSTALL_DIR/batch.sql + + if [ ! -f "/etc/aliases" ]; then + touch /etc/aliases + fi + if grep -q "www-data: root" /etc/aliases; then + echo 'www-data: root' >> /etc/aliases + fi + if grep -q "/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" /etc/aliases; then + echo "*: /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" >> /etc/aliases + fi + newaliases + + # update the dynamic DNS + CURRENT_DDNS_DOMAIN=$MICROBLOG_DOMAIN_NAME + CURRENT_DDNS_CODE=$MICROBLOG_FREEDNS_SUBDOMAIN_CODE + add_ddns_domain + + echo 'server {' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' listen 80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/$MICROBLOG_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' index index.php index.html index.htm;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' ssl on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' location ~* ^/(.*)\.(ico|css|js|gif|png|jpg|bmp|JPG|jpeg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*)$ /$1 break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' expires max;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/$MICROBLOG_DOMAIN_NAME_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + + configure_php + + if [ ! -f /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key ]; then + makecert $MICROBLOG_DOMAIN_NAME + fi + + # Ensure that the database gets backed up locally, if remote + # backups are not being used + backup_databases_script_header + echo '' >> /usr/bin/backupdatabases + echo '# Backup the GNU Social database' >> /usr/bin/backupdatabases + echo 'TEMPFILE=/root/gnusocial.sql' >> /usr/bin/backupdatabases + echo 'DAILYFILE=/var/backups/gnusocial_daily.sql' >> /usr/bin/backupdatabases + echo 'mysqldump --password="$MYSQL_PASSWORD" gnusocial > $TEMPFILE' >> /usr/bin/backupdatabases + echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases + echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases + echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases + echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases + echo ' mysql -u root --password="$MYSQL_PASSWORD" gnusocial -o < $DAILYFILE' >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo ' # Send a warning email' >> /usr/bin/backupdatabases + echo ' echo "Unable to create a backup of the GNU Social database. Attempted to restore from yesterdays backup" | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases + echo ' else' >> /usr/bin/backupdatabases + echo ' # Send a warning email' >> /usr/bin/backupdatabases + echo ' echo "Unable to create a backup of the GNU Social database." | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases + echo ' fi' >> /usr/bin/backupdatabases + echo 'else' >> /usr/bin/backupdatabases + echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases + echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases + echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases + echo 'fi' >> /usr/bin/backupdatabases + + echo '' >> /etc/cron.weekly/backupdatabasesweekly + echo '# GNU Social' >> /etc/cron.weekly/backupdatabasesweekly + echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly + echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly + echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly + echo 'if [ -f /var/backups/gnusocial_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly + echo ' cp -f /var/backups/gnusocial_daily.sql /var/backups/gnusocial_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly + echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly + + echo '' >> /etc/cron.monthly/backupdatabasesmonthly + echo '# GNU Social' >> /etc/cron.monthly/backupdatabasesmonthly + echo 'if [ -f /var/backups/gnusocial_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly + echo ' cp -f /var/backups/gnusocial_monthly.sql /var/backups/gnusocial_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly + echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly + echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly + echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly + echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly + + echo '/usr/bin/repairdatabase gnusocial' >> /etc/cron.hourly/repair + + nginx_ensite $MICROBLOG_DOMAIN_NAME + service php5-fpm restart + service nginx restart + + # some post-install instructions for the user + if ! grep -q "To set up your microblog" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Microblog' >> /home/$MY_USERNAME/README + echo '=========' >> /home/$MY_USERNAME/README + echo "To set up your microblog go to" >> /home/$MY_USERNAME/README + echo "https://$MICROBLOG_DOMAIN_NAME/install.php" >> /home/$MY_USERNAME/README + echo 'and enter the following settings:' >> /home/$MY_USERNAME/README + echo ' - Set a name for the site' >> /home/$MY_USERNAME/README + echo ' - Server SSL: enable' >> /home/$MY_USERNAME/README + echo ' - Hostname: localhost' >> /home/$MY_USERNAME/README + echo ' - Type: MySql/MariaDB' >> /home/$MY_USERNAME/README + echo ' - Name: gnusocial' >> /home/$MY_USERNAME/README + echo ' - DB username: root' >> /home/$MY_USERNAME/README + echo " - DB Password; $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README + echo " - Administrator nickname: $MY_USERNAME" >> /home/$MY_USERNAME/README + echo " - Administrator password: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + echo ' - Subscribe to announcements: ticked' >> /home/$MY_USERNAME/README + echo ' - Site profile: Community' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'When the install is complete you will see a lot of warnings' >> /home/$MY_USERNAME/README + echo 'but just ignore those and navigate to ' >> /home/$MY_USERNAME/README + echo "https://$MICROBLOG_DOMAIN_NAME and you can then " >> /home/$MY_USERNAME/README + echo 'complete the configuration via the *Admin* section on the header' >> /home/$MY_USERNAME/README + echo 'bar. Some recommended admin settings are:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Under the *Site* settings:' >> /home/$MY_USERNAME/README + echo ' Text limit: 140' >> /home/$MY_USERNAME/README + echo ' Dupe Limit: 60000' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Under the *User* settings:' >> /home/$MY_USERNAME/README + echo ' Bio limit: 1000' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Under the *Access* settings:' >> /home/$MY_USERNAME/README + echo ' /Invite only/ ticked' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + echo 'install_gnu_social' >> $COMPLETION_FILE +} + +function install_redmatrix { + if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then + return + fi + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + # if this is exclusively a social setup + if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then + REDMATRIX_DOMAIN_NAME=$DOMAIN_NAME + REDMATRIX_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE + fi + if [ ! $REDMATRIX_DOMAIN_NAME ]; then + return + fi + + install_mariadb + get_mariadb_password + repair_databases_script + + apt-get -y --force-yes install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git + + if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME ]; then + mkdir /var/www/$REDMATRIX_DOMAIN_NAME + fi + if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs ]; then + mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs + fi + + if [ ! -f /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/index.php ]; then + cd $INSTALL_DIR + git clone $REDMATRIX_REPO redmatrix + + rm -rf /var/www/$REDMATRIX_DOMAIN_NAME/htdocs + mv redmatrix /var/www/$REDMATRIX_DOMAIN_NAME/htdocs + chown -R www-data:www-data /var/www/$REDMATRIX_DOMAIN_NAME/htdocs + git clone $REDMATRIX_ADDONS_REPO /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/addon + # some extra themes + git clone https://github.com/DeadSuperHero/redmatrix-themes /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/redmatrix-themes1 + cp -r /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/redmatrix-themes1/* view/theme/ + fi + + get_mariadb_redmatrix_admin_password + if [ ! $REDMATRIX_ADMIN_PASSWORD ]; then + REDMATRIX_ADMIN_PASSWORD=$(openssl rand -base64 32) + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Red Matrix' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo "Your MariaDB Red Matrix admin password is: $REDMATRIX_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + echo "create database redmatrix; +CREATE USER 'redmatrixadmin'@'localhost' IDENTIFIED BY '$REDMATRIX_ADMIN_PASSWORD'; +GRANT ALL PRIVILEGES ON redmatrix.* TO 'redmatrixadmin'@'localhost'; +quit" > $INSTALL_DIR/batch.sql + chmod 600 $INSTALL_DIR/batch.sql + mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql + shred -zu $INSTALL_DIR/batch.sql + + if ! grep -q "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs" /etc/crontab; then + echo "12,22,32,42,52 * * * * root cd /var/www/$REDMATRIX_DOMAIN_NAME/htdocs; /usr/bin/timeout 240 /usr/bin/php include/poller.php" >> /etc/crontab + fi + + # update the dynamic DNS + CURRENT_DDNS_DOMAIN=$REDMATRIX_DOMAIN_NAME + CURRENT_DDNS_CODE=$REDMATRIX_FREEDNS_SUBDOMAIN_CODE + add_ddns_domain + + echo 'server {' > /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' listen 80;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " server_name $REDMATRIX_DOMAIN_NAME;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " root /var/www/$REDMATRIX_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " error_log /var/log/nginx/$REDMATRIX_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " root /var/www/$REDMATRIX_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " server_name $REDMATRIX_DOMAIN_NAME;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " error_log /var/log/nginx/$REDMATRIX_DOMAIN_NAME_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' ssl on;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " ssl_certificate /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " ssl_certificate_key /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " ssl_dhparam /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME + + configure_php + + if [ ! -f /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key ]; then + makecert $REDMATRIX_DOMAIN_NAME + fi + + if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3 ]; then + mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3 + fi + if [ ! -d "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store" ]; then + mkdir "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store" + fi + if [ ! -d "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]" ]; then + mkdir "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]" + fi + if [ ! -d "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3" ]; then + mkdir "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3" + chmod 777 "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3" + fi + chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl + chown -R www-data:www-data "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store" + chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3 + + # Ensure that the database gets backed up locally, if remote + # backups are not being used + backup_databases_script_header + echo '' >> /usr/bin/backupdatabases + echo '# Backup the Red Matrix database' >> /usr/bin/backupdatabases + echo 'TEMPFILE=/root/redmatrix.sql' >> /usr/bin/backupdatabases + echo 'DAILYFILE=/var/backups/redmatrix_daily.sql' >> /usr/bin/backupdatabases + echo 'mysqldump --password="$MYSQL_PASSWORD" redmatrix > $TEMPFILE' >> /usr/bin/backupdatabases + echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases + echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases + echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases + echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases + echo ' mysql -u root --password="$MYSQL_PASSWORD" redmatrix -o < $DAILYFILE' >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo ' # Send a warning email' >> /usr/bin/backupdatabases + echo ' echo "Unable to create a backup of the Red Matrix database. Attempted to restore from yesterdays backup" | mail -s "Red Matrix backup" $EMAIL' >> /usr/bin/backupdatabases + echo ' else' >> /usr/bin/backupdatabases + echo ' # Send a warning email' >> /usr/bin/backupdatabases + echo ' echo "Unable to create a backup of the Red Matrix database." | mail -s "Red Matrix backup" $EMAIL' >> /usr/bin/backupdatabases + echo ' fi' >> /usr/bin/backupdatabases + echo 'else' >> /usr/bin/backupdatabases + echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases + echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases + echo '' >> /usr/bin/backupdatabases + echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases + echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases + echo 'fi' >> /usr/bin/backupdatabases + + echo '' >> /etc/cron.weekly/backupdatabasesweekly + echo '# Red Matrix' >> /etc/cron.weekly/backupdatabasesweekly + echo 'if [ -f /var/backups/redmatrix_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly + echo ' cp -f /var/backups/redmatrix_weekly.sql /var/backups/redmatrix_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly + echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly + echo 'if [ -f /var/backups/redmatrix_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly + echo ' cp -f /var/backups/redmatrix_daily.sql /var/backups/redmatrix_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly + echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly + + echo '' >> /etc/cron.monthly/backupdatabasesmonthly + echo '# Red Matrix' >> /etc/cron.monthly/backupdatabasesmonthly + echo 'if [ -f /var/backups/redmatrix_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly + echo ' cp -f /var/backups/redmatrix_monthly.sql /var/backups/redmatrix_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly + echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly + echo 'if [ -f /var/backups/redmatrix_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly + echo ' cp -f /var/backups/redmatrix_weekly.sql /var/backups/redmatrix_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly + echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly + + echo '/usr/bin/repairdatabase redmatrix' >> /etc/cron.hourly/repair + + nginx_ensite $REDMATRIX_DOMAIN_NAME + service php5-fpm restart + service nginx restart + service cron restart + + # some post-install instructions for the user + if ! grep -q "To set up your Red Matrix" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo "To set up your Red Matrix site go to" >> /home/$MY_USERNAME/README + echo "https://$REDMATRIX_DOMAIN_NAME" >> /home/$MY_USERNAME/README + echo 'You will need to have a non self-signed SSL certificate in order' >> /home/$MY_USERNAME/README + echo "to use Red Matrix. Put the public certificate in /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt" >> /home/$MY_USERNAME/README + echo "and the private certificate in /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key." >> /home/$MY_USERNAME/README + echo 'If there is an intermediate certificate needed (such as with StartSSL) then' >> /home/$MY_USERNAME/README + echo 'this will need to be concatenated onto the end of the crt file, like this:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " cat /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.bundle.crt" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo "Then change ssl_certificate to /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.bundle.crt" >> /home/$MY_USERNAME/README + echo "within /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + echo 'install_redmatrix' >> $COMPLETION_FILE +} + +function script_for_attaching_usb_drive { + if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then + return + fi + echo '#!/bin/bash' > /usr/bin/attach-music + echo 'remove-music' >> /usr/bin/attach-music + echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music + echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music + echo 'fi' >> /usr/bin/attach-music + echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music + echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music + echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music + echo 'service minidlna restart' >> /usr/bin/attach-music + echo 'minidlnad -R' >> /usr/bin/attach-music + chmod +x /usr/bin/attach-music + ln -s /usr/bin/attach-music /usr/bin/attach-usb + ln -s /usr/bin/attach-music /usr/bin/attach-videos + ln -s /usr/bin/attach-music /usr/bin/attach-pictures + ln -s /usr/bin/attach-music /usr/bin/attach-media + + echo '#!/bin/bash' > /usr/bin/remove-music + echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music + echo " umount $USB_MOUNT" >> /usr/bin/remove-music + echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music + echo 'fi' >> /usr/bin/remove-music + chmod +x /usr/bin/remove-music + ln -s /usr/bin/remove-music /usr/bin/detach-music + ln -s /usr/bin/remove-music /usr/bin/detach-usb + ln -s /usr/bin/remove-music /usr/bin/remove-usb + ln -s /usr/bin/remove-music /usr/bin/detach-media + ln -s /usr/bin/remove-music /usr/bin/remove-media + ln -s /usr/bin/remove-music /usr/bin/detach-videos + ln -s /usr/bin/remove-music /usr/bin/remove-videos + ln -s /usr/bin/remove-music /usr/bin/detach-pictures + ln -s /usr/bin/remove-music /usr/bin/remove-pictures + + echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE +} + +function install_dlna_server { + if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then + return + fi + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + apt-get -y --force-yes install minidlna + + if [ ! -f /etc/minidlna.conf ]; then + echo "ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE" + exit 55 + fi + + sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf + if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then + echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf + fi + if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then + echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf + fi + if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then + echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf + fi + if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then + echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf + fi + if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then + echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf + fi + sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf + sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf + sed -i 's/#friendly_name=/friendly_name="Freedombone Media"/g' /etc/minidlna.conf + sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf + sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf + sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf + sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf + service minidlna force-reload + service minidlna reload + + sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf + if ! grep -q "max_user_watches" $COMPLETION_FILE; then + echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf + fi + /sbin/sysctl -p + + + echo 'install_dlna_server' >> $COMPLETION_FILE +} + +function install_mediagoblin { + # These instructions don't work and need fixing + return + if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then + return + fi + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + # if this is exclusively a writer setup + if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then + MEDIAGOBLIN_DOMAIN_NAME=$DOMAIN_NAME + MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE + fi + if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then + return + fi + apt-get -y --force-yes install git-core python python-dev python-lxml python-imaging python-virtualenv + apt-get -y --force-yes install python-gst-1.0 libjpeg8-dev sqlite3 libapache2-mod-fcgid gstreamer1.0-plugins-base gstreamer1.0-plugins-bad gstreamer1.0-plugins-good gstreamer1.0-plugins-ugly gstreamer1.0-libav python-numpy python-scipy libsndfile1-dev + apt-get -y --force-yes install postgresql postgresql-client python-psycopg2 python-pip autotools-dev automake + + sudo -u postgres createuser -A -D mediagoblin + sudo -u postgres createdb -E UNICODE -O mediagoblin mediagoblin + + adduser --system mediagoblin + + MEDIAGOBLIN_DOMAIN_ROOT="/srv/$MEDIAGOBLIN_DOMAIN_NAME" + MEDIAGOBLIN_PATH="$MEDIAGOBLIN_DOMAIN_ROOT/mediagoblin" + MEDIAGOBLIN_PATH_BIN="$MEDIAGOBLIN_PATH/mediagoblin/bin" + + if [ ! -d $MEDIAGOBLIN_DOMAIN_ROOT ]; then + mkdir -p $MEDIAGOBLIN_DOMAIN_ROOT + fi + cd $MEDIAGOBLIN_DOMAIN_ROOT + chown -hR mediagoblin: $MEDIAGOBLIN_DOMAIN_ROOT + su -c "cd $MEDIAGOBLIN_DOMAIN_ROOT; git clone git://gitorious.org/mediagoblin/mediagoblin.git" - mediagoblin + su -c "cd $MEDIAGOBLIN_PATH; git submodule init" - mediagoblin + su -c "cd $MEDIAGOBLIN_PATH; git submodule update" - mediagoblin + + #su -c 'cd $MEDIAGOBLIN_PATH; ./experimental-bootstrap.sh' - mediagoblin + #su -c 'cd $MEDIAGOBLIN_PATH; ./configure' - mediagoblin + #su -c 'cd $MEDIAGOBLIN_PATH; make' - mediagoblin + + su -c "cd $MEDIAGOBLIN_PATH; virtualenv --system-site-packages ." - mediagoblin + su -c "cd $MEDIAGOBLIN_PATH_BIN; python setup.py develop" - mediagoblin + + su -c "cp $MEDIAGOBLIN_PATH/mediagoblin.ini $MEDIAGOBLIN_PATH/mediagoblin_local.ini" - mediagoblin + su -c "cp $MEDIAGOBLIN_PATH/paste.ini $MEDIAGOBLIN_PATH/paste_local.ini" - mediagoblin + + # update the dynamic DNS + CURRENT_DDNS_DOMAIN=$MEDIAGOBLIN_DOMAIN_NAME + CURRENT_DDNS_CODE=$MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE + add_ddns_domain + + # see https://wiki.mediagoblin.org/Deployment / uwsgi with configs + apt-get -y --force-yes install uwsgi uwsgi-plugin-python nginx-full supervisor + + echo 'server {' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' default_type application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' # Gzip' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' gzip_types text/plain text/html application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' error_log /var/log/nginx/mg.error.log error;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' #include global/common.conf;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' client_max_body_size 100m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo " root $MEDIAGOBLIN_PATH/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo " alias $MEDIAGOBLIN_PATH/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo " alias $MEDIAGOBL_PATH/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' uwsgi_pass unix:///tmp/mg.uwsgi.sock;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' uwsgi_param SCRIPT_NAME "/";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' include uwsgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + + echo 'uwsgi:' > /etc/uwsgi/apps-available/mg.yaml + echo ' uid: mediagoblin' >> /etc/uwsgi/apps-available/mg.yaml + echo ' gid: mediagoblin' >> /etc/uwsgi/apps-available/mg.yaml + echo ' socket: /tmp/mg.uwsgi.sock' >> /etc/uwsgi/apps-available/mg.yaml + echo ' chown-socket: www-data:www-data' >> /etc/uwsgi/apps-available/mg.yaml + echo ' plugins: python' >> /etc/uwsgi/apps-available/mg.yaml + echo " home: $MEDIAGOBLIN_PATH/" >> /etc/uwsgi/apps-available/mg.yaml + echo " chdir: $MEDIAGOBLIN_PATH/" >> /etc/uwsgi/apps-available/mg.yaml + echo " ini-paste: $MEDIAGOBLIN_PATH/paste_local.ini" >> /etc/uwsgi/apps-available/mg.yaml + + echo '[program:celery]' > /etc/supervisor/conf.d/mediagoblin.conf + echo "command=$MEDIAGOBLIN_PATH_BIN/celery worker -l debug" >> /etc/supervisor/conf.d/mediagoblin.conf + echo '' >> /etc/supervisor/conf.d/mediagoblin.conf + echo '; Set PYTHONPATH to the directory containing celeryconfig.py' >> /etc/supervisor/conf.d/mediagoblin.conf + echo "environment=PYTHONPATH='$MEDIAGOBLIN_PATH',MEDIAGOBLIN_CONFIG='$MEDIAGOBLIN_PATH/mediagoblin_local.ini',CELERY_CONFIG_MODULE='mediagoblin.init.celery.from_celery'" >> /etc/supervisor/conf.d/mediagoblin.conf + echo '' >> /etc/supervisor/conf.d/mediagoblin.conf + echo "directory=$MEDIAGOBLIN_PATH/" >> /etc/supervisor/conf.d/mediagoblin.conf + echo 'user=mediagoblin' >> /etc/supervisor/conf.d/mediagoblin.conf + echo 'numprocs=1' >> /etc/supervisor/conf.d/mediagoblin.conf + echo '; uncomment below to enable logs saving' >> /etc/supervisor/conf.d/mediagoblin.conf + echo ";stdout_logfile=/var/log/nginx/celeryd_stdout.log" >> /etc/supervisor/conf.d/mediagoblin.conf + echo ";stderr_logfile=/var/log/nginx/celeryd_stderr.log" >> /etc/supervisor/conf.d/mediagoblin.conf + echo 'autostart=true' >> /etc/supervisor/conf.d/mediagoblin.conf + echo 'autorestart=false' >> /etc/supervisor/conf.d/mediagoblin.conf + echo 'startsecs=10' >> /etc/supervisor/conf.d/mediagoblin.conf + echo '' >> /etc/supervisor/conf.d/mediagoblin.conf + echo '; Need to wait for currently executing tasks to finish at shutdown.' >> /etc/supervisor/conf.d/mediagoblin.conf + echo '; Increase this if you have very long running tasks.' >> /etc/supervisor/conf.d/mediagoblin.conf + echo 'stopwaitsecs = 600' >> /etc/supervisor/conf.d/mediagoblin.conf + + ln -s /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME /etc/nginx/sites-enabled/ + ln -s /etc/uwsgi/apps-available/mg.yaml /etc/uwsgi/apps-enabled/ + + # change settings + sed -i "s/notice@mediagoblin.example.org/$MY_EMAIL_ADDRESS/g" $MEDIAGOBLIN_PATH/mediagoblin_local.ini + sed -i 's/email_debug_mode = true/email_debug_mode = false/g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini + sed -i 's|# sql_engine = postgresql:///mediagoblin|sql_engine = postgresql:///mediagoblin|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini + + # add extra media types + if grep -q "media_types.audio" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then + echo '[[mediagoblin.media_types.audio]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini + fi + if grep -q "media_types.video" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then + echo '[[mediagoblin.media_types.video]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini + fi + if grep -q "media_types.stl" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then + echo '[[mediagoblin.media_types.stl]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini + fi + + su -c "cd $MEDIAGOBLIN_PATH_BIN; pip install scikits.audiolab" - mediagoblin + su -c "cd $MEDIAGOBLIN_PATH_BIN; gmg dbupdate" - mediagoblin + + # systemd init scripts + + echo '[Unit]' > /etc/systemd/system/gmg.service + echo 'Description=Mediagoblin' >> /etc/systemd/system/gmg.service + echo '' >> /etc/systemd/system/gmg.service + echo '[Service]' >> /etc/systemd/system/gmg.service + echo 'Type=forking' >> /etc/systemd/system/gmg.service + echo 'User=mediagoblin' >> /etc/systemd/system/gmg.service + echo 'Group=mediagoblin' >> /etc/systemd/system/gmg.service + echo '#Environment=CELERY_ALWAYS_EAGER=true' >> /etc/systemd/system/gmg.service + echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/gmg.service + echo "WorkingDirectory=$MEDIAGOBLIN_PATH" >> /etc/systemd/system/gmg.service + echo "ExecStart=$MEDIAGOBLIN_PATH_BIN/paster serve $MEDIAGOBLIN_PATH/paste_local.ini --pid-file=/var/run/mediagoblin/paster.pid --log-file=/var/log/nginx/mediagoblin_paster.log --daemon --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543" >> /etc/systemd/system/gmg.service + echo "ExecStop=$MEDIAGOBLIN_PATH_BIN/paster serve --pid-file=/var/run/mediagoblin/paster.pid $MEDIAGOBLIN_PATH/paste_local.ini stop" >> /etc/systemd/system/gmg.service + echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/gmg.service + echo '' >> /etc/systemd/system/gmg.service + echo '[Install]' >> /etc/systemd/system/gmg.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gmg.service + + + echo '[Unit]' > /etc/systemd/system/gmg-celeryd.service + echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/gmg-celeryd.service + echo '' >> /etc/systemd/system/gmg-celeryd.service + echo '[Service]' >> /etc/systemd/system/gmg-celeryd.service + echo 'User=mediagoblin' >> /etc/systemd/system/gmg-celeryd.service + echo 'Group=mediagoblin' >> /etc/systemd/system/gmg-celeryd.service + echo 'Type=simple' >> /etc/systemd/system/gmg-celeryd.service + echo "WorkingDirectory=$MEDIAGOBLIN_PATH" >> /etc/systemd/system/gmg-celeryd.service + echo "Environment='MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_PATH/mediagoblin_local.ini' CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery" >> /etc/systemd/system/gmg-celeryd.service + echo "ExecStart=$MEDIAGOBLIN_PATH_BIN/celeryd" >> /etc/systemd/system/gmg-celeryd.service + echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/gmg-celeryd.service + echo '' >> /etc/systemd/system/gmg-celeryd.service + echo '[Install]' >> /etc/systemd/system/gmg-celeryd.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gmg-celeryd.service + + systemctl start gmg.service + systemctl start gmg-celeryd.service + + echo 'install_mediagoblin' >> $COMPLETION_FILE +} + +function create_upgrade_script { + if grep -Fxq "create_upgrade_script" $COMPLETION_FILE; then + return + fi + echo '#!/bin/bash' > /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'apt-get -y update' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'apt-get -y --force-yes upgrade' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then + echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo '# Red Matrix' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo "cd /var/www/$REDMATRIX_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo "cd /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/addon" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + fi + if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then + echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo '# GNU Social' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo "cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + fi + if grep -Fxq "install_blog" $COMPLETION_FILE; then + echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo '# Blog' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo "cd /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + fi + if grep -Fxq "install_owncloud_music_app" $COMPLETION_FILE; then + echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo '# Owncloud music app' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo "cd /usr/share/owncloud/apps/music" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + fi + if grep -Fxq "install_cjdns" $COMPLETION_FILE; then + echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo '# cjdns' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo "cd /etc/cjdns" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + fi + echo 'exit 0' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + chmod +x /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + echo 'create_upgrade_script' >> $COMPLETION_FILE +} + +function intrusion_detection { + if grep -Fxq "intrusion_detection" $COMPLETION_FILE; then + return + fi + apt-get -y --force-yes install tripwire + apt-get -y --force-yes autoremove + cd /etc/tripwire + cp site.key $DOMAIN_NAME-site.key + echo '' + echo '' + echo '*** Installing intrusion detection. Press Enter when asked for the local and site passphrases. ***' + echo '' + echo '' + tripwire --init + + # make a script for easy resetting of the tripwire + echo '#!/bin/sh' > /usr/bin/reset-tripwire + echo 'tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt' >> /usr/bin/reset-tripwire + chmod +x /usr/bin/reset-tripwire + + reset-tripwire + sed -i 's/SYSLOGREPORTING =true/#SYSLOGREPORTING =false/g' /etc/tripwire/twcfg.txt + sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt + reset-tripwire + + echo 'intrusion_detection' >> $COMPLETION_FILE +} + +# see http://adammelton.com/tor_dongle.php +# Attach the BeagleBone to a PC via USB and then have an enthernet +# connection to the internet router +function create_tor_dongle { + if grep -Fxq "create_tor_dongle" $COMPLETION_FILE; then + return + fi + if [[ $SYSTEM_TYPE != "$VARIANT_TOR_DONGLE" ]]; then + return + fi + + apt-get -y --force-yes install tor tor-arm + + # firewall + iptables -A INPUT -i usb0 -p tcp --dport 9050 -j ACCEPT + iptables -A INPUT -i usb0 -p tcp --dport 9051 -j ACCEPT + save_firewall_settings + + # tor settings + sed -i "s/#SocksPort 192.168.0.1:9100/SocksPort 192.168.7.2:9050/g" /etc/tor/torrc + sed -i 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc + sed -i 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc + if ! grep -q "DisableDebuggerAttachment" /etc/tor/torrc; then + echo 'DisableDebuggerAttachment 0' >> /etc/tor/torrc + fi + + # ensure that USB networking is enabled + echo '# The loopback network interface' > /etc/network/interfaces + echo 'auto lo' >> /etc/network/interfaces + echo 'iface lo inet loopback' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# The primary network interface' >> /etc/network/interfaces + echo 'auto eth0' >> /etc/network/interfaces + echo 'iface eth0 inet dhcp' >> /etc/network/interfaces + echo '' >> /etc/network/interfaces + echo '# USB network interface' >> /etc/network/interfaces + echo 'iface usb0 inet static' >> /etc/network/interfaces + echo ' address 192.168.7.2' >> /etc/network/interfaces + echo ' netmask 255.255.255.0' >> /etc/network/interfaces + echo ' network 192.168.7.0' >> /etc/network/interfaces + echo ' gateway 192.168.7.1' >> /etc/network/interfaces + + if ! grep -q "Tor Dongle" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Tor Dongle' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo 'Connect your PC to the Beaglebone via the USB cable' >> /home/$MY_USERNAME/README + echo 'and the Beaglebone ethernet to your internet router.' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Within your network proxy settings set the SOCKS host' >> /home/$MY_USERNAME/README + echo 'to 192.168.7.2 and the port to 9050, with remote' >> /home/$MY_USERNAME/README + echo 'DNS enabled. There should be no proxying for localhost' >> /home/$MY_USERNAME/README + echo 'and 127.0.0.1' >> /home/$MY_USERNAME/README + fi + + echo 'Freedombone Tor Dongle installation is complete' + cat /home/$MY_USERNAME/README + + service networking restart + service tor restart + exit 873 +} + +# see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy +# Local Redirection and Anonymizing Middlebox +function route_outgoing_traffic_through_tor { + if grep -Fxq "route_outgoing_traffic_through_tor" $COMPLETION_FILE; then + return + fi + if [[ $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then + return + fi + apt-get -y --force-yes install tor tor-arm + + ### set variables + # Destinations you don't want routed through Tor + _non_tor="192.168.1.0/24 192.168.0.0/24" + + # The user that Tor runs as + _tor_uid="debian-tor" + + # Tor's TransPort + _trans_port="9040" + + # Your internal interface + _int_if="eth0" + + ### Set iptables *nat + iptables -t nat -A OUTPUT -o lo -j RETURN + iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN + iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53 + + # Allow clearnet access for hosts in $_non_tor + for _clearnet in $_non_tor; do + iptables -t nat -A OUTPUT -d $_clearnet -j RETURN + iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN + done + + # Redirect all other pre-routing and output to Tor + iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port + iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53 + iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port + + ### set iptables *filter + iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT + + # Allow clearnet access for hosts in $_non_tor + for _clearnet in $_non_tor 127.0.0.0/8; do + iptables -A OUTPUT -d $_clearnet -j ACCEPT + done + + # Allow only Tor output + iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT + iptables -A OUTPUT -j REJECT + + save_firewall_settings + + if ! grep -q "fs.file-max" /etc/sysctl.conf; then + echo "fs.file-max=100000" >> /etc/sysctl.conf + /sbin/sysctl -p + fi + + echo 'domain localdomain' > /etc/resolv.conf + echo 'search localdomain' >> /etc/resolv.conf + echo 'nameserver 127.0.0.1' >> /etc/resolv.conf + + if ! grep -q "VirtualAddrNetworkIPv4" /etc/tor/torrc; then + echo 'VirtualAddrNetworkIPv4 10.192.0.0/10' >> /etc/tor/torrc + fi + + if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then + echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc + fi + + if ! grep -q "TransPort" /etc/tor/torrc; then + echo 'TransPort 9040' >> /etc/tor/torrc + fi + + if ! grep -q "TransListenAddress 127.0.0.1" /etc/tor/torrc; then + echo 'TransListenAddress 127.0.0.1' >> /etc/tor/torrc + fi + + if ! grep -q "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then + echo "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc + fi + + if ! grep -q "DNSPort" /etc/tor/torrc; then + echo 'DNSPort 53' >> /etc/tor/torrc + fi + + if ! grep -q "DNSListenAddress 127.0.0.1" /etc/tor/torrc; then + echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc + fi + + if ! grep -q "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then + echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc + fi + + echo 'route_outgoing_traffic_through_tor' >> $COMPLETION_FILE +} + +# A command to create a git repository for a project +function create_git_project { + if grep -Fxq "create_git_project" $COMPLETION_FILE; then + return + fi + apt-get -y install git + + echo '#!/bin/bash' > /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo 'GIT_PROJECT_NAME=$1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo 'if [ ! $GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo ' echo "Please specify a project name, without any spaces"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo ' exit 1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo 'if [ ! -d /home/$USER/projects/$GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo ' mkdir -p /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo 'cd /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo 'git init --bare' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo -n 'echo "Your project has been created, ' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo 'use the following command to clone the repository"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo -n " git clone ssh://$MY_USERNAME@$DOMAIN_NAME:$SSH_PORT" >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo '/home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND + chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND + + echo 'create_git_project' >> $COMPLETION_FILE +} + +# Create daily backups of any projects on Github +# Then if Github goes away, turns evil, is censored or has +# outages then you still have access to your projects +function backup_github_projects { + if grep -Fxq "backup_github_projects" $COMPLETION_FILE; then + return + fi + if [ ! $GITHUB_USERNAME ]; then + return 731 + fi + if [ ! $GITHUB_BACKUP_DIRECTORY ]; then + return 732 + fi + apt-get -y install git + + # create a github backups directory if needed + if [ ! -d $GITHUB_BACKUP_DIRECTORY ]; then + mkdir -p $GITHUB_BACKUP_DIRECTORY + fi + + # get the backup utility + cd $INSTALL_DIR + git clone https://github.com/josegonzalez/python-github-backup + + # install it + cd $INSTALL_DIR/python-github-backup + python setup.py install + + # add a daily cron entry + echo '#!/bin/bash' > /etc/cron.daily/github + echo "github-backup $GITHUB_USERNAME -o $GITHUB_BACKUP_DIRECTORY --repositories" >> /etc/cron.daily/github + echo 'exit 0' >> /etc/cron.daily/github + chmod +x /etc/cron.daily/github + + # do an initial backup + /etc/cron.daily/github + + echo 'backup_github_projects' >> $COMPLETION_FILE +} + +function install_dynamicdns { + if grep -Fxq "install_dynamicdns" $COMPLETION_FILE; then + return + fi + apt-get -y install inadyn curl + + if [ ! -f /etc/inadyn.conf ]; then + echo 'Unable to find inadyn configuration file /etc/inadyn.conf' + exit 57894 + fi + + sed -i "s/# bind eth.*/# bind eth0/g" /etc/inadyn.conf + + # clear existing settings + sed -i 's/system //g' /etc/inadyn.conf + sed -i 's/# Your username//g' /etc/inadyn.conf + sed -i 's/username //g' /etc/inadyn.conf + sed -i 's/# Your password//g' /etc/inadyn.conf + sed -i 's/password //g' /etc/inadyn.conf + sed -i 's/# Your hostname. This option can appear multiple times//g' /etc/inadyn.conf + sed -i 's/alias //g' /etc/inadyn.conf + + echo 'install_dynamicdns' >> $COMPLETION_FILE +} + +function install_final { + if grep -Fxq "install_final" $COMPLETION_FILE; then + return + fi + # unmount any attached usb drive + if [ -d $USB_MOUNT ]; then + umount $USB_MOUNT + rm -rf $USB_MOUNT + fi + echo 'install_final' >> $COMPLETION_FILE + echo '' + echo ' *** Freedombone installation is complete. Rebooting... ***' + echo '' + if [ -f "/home/$MY_USERNAME/README" ]; then + echo "See /home/$MY_USERNAME/README for post-installation instructions." + echo '' + fi + reboot +} + + +read_configuration +parse_args +install_not_on_BBB +remove_default_user +configure_firewall +configure_firewall_for_ssh +configure_firewall_for_dns +configure_firewall_for_ftp +configure_firewall_for_web_access +configure_firewall_for_cjdns +remove_proprietary_repos +change_debian_repos +enable_backports +configure_dns +install_dynamicdns +initial_setup +enforce_good_passwords +install_editor +change_login_message +update_the_kernel +enable_zram +random_number_generator +set_your_domain_name +time_synchronisation +configure_internet_protocol +create_git_project +install_cjdns +install_cjdns_tools +backup_github_projects +configure_ssh +check_hwrng +search_for_attached_usb_drive +regenerate_ssh_keys +script_to_make_self_signed_certificates +create_upgrade_script +route_outgoing_traffic_through_tor +install_watchdog_script +configure_email +create_procmail +#spam_filtering +configure_imap +configure_gpg +encrypt_incoming_email +encrypt_outgoing_email +email_client +email_archiving +email_from_address +configure_firewall_for_email +folders_for_mailing_lists +folders_for_email_addresses +create_public_mailing_list +#create_private_mailing_list +encrypt_all_email +import_email +script_for_attaching_usb_drive +install_web_server +configure_firewall_for_web_server +install_owncloud +install_owncloud_music_app +install_xmpp +configure_firewall_for_xmpp +install_irc_server +configure_firewall_for_irc +install_wiki +install_blog +install_gnu_social +install_redmatrix +install_dlna_server +configure_firewall_for_dlna +install_mediagoblin +repair_databases_script +create_backup_script +create_restore_script +backup_to_friends_servers +restore_from_friend +create_tor_dongle +intrusion_detection +install_final +echo 'Freedombone installation is complete' +exit 0 diff --git a/src/freedombone-prep b/src/freedombone-prep new file mode 100755 index 00000000..d7d9cdb8 --- /dev/null +++ b/src/freedombone-prep @@ -0,0 +1,150 @@ +#!/bin/bash +# This script installs the Debian image to the microSD card, and should +# be run on your laptop/desktop with the microSD card plugged in. + +# License +# ======= +# +# Copyright (C) 2014-2015 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Version number of this script +VERSION="1.00" + +# typically /dev/sdb or /dev/sdc, depending upon how +# many drives there are on your system +MICROSD_DRIVE=$1 + +# IP address of the router (gateway) +ROUTER_IP_ADDRESS="192.168.1.254" + +# The fixed IP address of the Beaglebone Black on your local network +BBB_FIXED_IP_ADDRESS="192.168.1.55" + +MICROSD_MOUNT_POINT="/media/$USER" + +DEBIAN_FILE_NAME="debian-jessie-console-armhf-2014-08-13" + +# Downloads for the Debian installer +DOWNLOAD_LINK1="https://rcn-ee.net/deb/rootfs/jessie/$DEBIAN_FILE_NAME.tar.xz" +DOWNLOAD_LINK2="http://ynezz.ibawizard.net/beagleboard/jessie/$DEBIAN_FILE_NAME.tar.xz" + +if [ ! MICROSD_DRIVE ]; then + echo 'You need to specify a drive for the connected microSD.' + echo 'This can most easily be found by removing the microSD, then' + echo 'running:' + echo '' + echo ' ls /dev/sd*' + echo '' + echo 'Then plugging the microSD back in and entering the same command again' + exit 1 +fi + +if [ ! -b ${MICROSD_DRIVE}1 ]; then + echo "The microSD drive could not be found at ${MICROSD_DRIVE}1" + exit 2 +fi + +if [ ! -d ~/freedombone ]; then + mkdir ~/freedombone +fi +cd ~/freedombone +if [ ! -f ~/freedombone/$DEBIAN_FILE_NAME.tar.xz ]; then + wget $DOWNLOAD_LINK1 +fi +if [ ! -f ~/freedombone/$DEBIAN_FILE_NAME.tar.xz ]; then + # try another site + wget $DOWNLOAD_LINK2 + if [ ! -f ~/freedombone/$DEBIAN_FILE_NAME.tar.xz ]; then + echo 'The Debian installer could not be downloaded' + exit 3 + fi +fi + +echo 'Extracting files...' +tar xJf $DEBIAN_FILE_NAME.tar.xz +if [ ! -d ~/freedombone/$DEBIAN_FILE_NAME ]; then + echo "Couldn't extract files" + exit 4 +fi +cd $DEBIAN_FILE_NAME +sudo ./setup_sdcard.sh --mmc $MICROSD_DRIVE --dtb beaglebone + +echo '' +echo '' +read -p "Eject the microSD card, re-insert it and wait a minute for it to mount, then press any key to continue... " -n1 -s + +if [ ! -b ${MICROSD_DRIVE}1 ]; then + echo '' + echo "The microSD drive could not be found at ${MICROSD_DRIVE}1" + read -p "Wait for the drive to mount then press any key... " -n1 -s + if [ ! -b ${MICROSD_DRIVE}1 ]; then + echo "microSD drive not found at ${MICROSD_DRIVE}1" + exit 5 + fi +fi + +sudo cp $MICROSD_MOUNT_POINT/BOOT/bbb-uEnv.txt $MICROSD_MOUNT_POINT/BOOT/uEnv.txt + +sudo sed -i 's/iface eth0 inet dhcp/iface eth0 inet static/g' $MICROSD_MOUNT_POINT/rootfs/etc/network/interfaces +sudo sed -i '/iface eth0 inet static/a\ dns-nameservers 213.73.91.35 85.214.20.141' $MICROSD_MOUNT_POINT/rootfs/etc/network/interfaces +sudo sed -i "/iface eth0 inet static/a\ gateway $ROUTER_IP_ADDRESS" $MICROSD_MOUNT_POINT/rootfs/etc/network/interfaces +sudo sed -i '/iface eth0 inet static/a\ netmask 255.255.255.0' $MICROSD_MOUNT_POINT/rootfs/etc/network/interfaces +sudo sed -i "/iface eth0 inet static/a\ address $BBB_FIXED_IP_ADDRESS" $MICROSD_MOUNT_POINT/rootfs/etc/network/interfaces +sudo sed -i '/iface usb0 inet static/,/ gateway 192.168.7.1/ s/^/#/' $MICROSD_MOUNT_POINT/rootfs/etc/network/interfaces + +sudo sed -i 's/nameserver.*/nameserver 213.73.91.35/g' $MICROSD_MOUNT_POINT/rootfs/etc/resolv.conf +sudo sed -i '/nameserver 213.73.91.35/a\nameserver 85.214.20.141' $MICROSD_MOUNT_POINT/rootfs/etc/resolv.conf + +clear +echo '*** Initial microSD card setup is complete ***' +echo '' +echo 'The microSD card can now be removed and inserted into the Beaglebone Black.' +echo 'Once the Beaglebone has booted then you can log in with:' +echo '' +echo " ssh debian@$BBB_FIXED_IP_ADDRESS" +echo '' +echo 'The password is "temppwd". You can then become the root user by typing:' +echo '' +echo ' su' +echo '' +echo 'Using the password "root". Change the root user password by typing:' +echo '' +echo ' passwd' +echo '' +echo "If you can't log in as root then try typing 'exit' and then:" +echo '' +echo " ssh root@$BBB_FIXED_IP_ADDRESS" +echo '' +echo 'Then create a user for the system with:' +echo '' +echo ' adduser [username]' +echo '' +echo 'Enter the command "exit" a couple of times to get back to your main system' +echo 'then log back in as the user you just created with:' +echo '' +echo ' ssh [username]@$BBB_FIXED_IP_ADDRESS' +echo '' +echo 'and use the "su" command to become the root user again. You can then load' +echo 'the freedombone main installation script with:' +echo '' +echo ' apt-get -y install git' +echo ' git clone https://github.com/bashrc/freedombone.git' +echo ' cd freedombone' +echo '' +echo 'Finally you can run the freedombone installer with:' +echo '' +echo ' ./install-freedombone.sh [domain] [username] [subdomain code] [variant]' +exit 0 diff --git a/tor_dongle_setup.sh b/src/freedombone-tordongle similarity index 100% rename from tor_dongle_setup.sh rename to src/freedombone-tordongle diff --git a/index.css b/website/index.css similarity index 100% rename from index.css rename to website/index.css