free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'stretch' of https://github.com/bashrc/freedombone

This commit is contained in:
Bob Mottram 2018-01-22 18:51:01 +00:00
parent e22ae06746 f724959e98
commit 079fb21212
30 changed files with 501 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/EN/app_mumble.org
View File

@ -49,8 +49,8 @@ Search for and install Plumble.
Press the plus button to add a Mumble server. Press the plus button to add a Mumble server.
Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the *About* screen of the *Administrator control panel*, your username (which can also be anything) and the mumble password which can be found in the *Passwords* section of the *Administrator control panel*. Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the *About* screen of the *Administrator control panel*, your username (which can also be anything) and the mumble password which can be found in the *Passwords* section of the *Administrator control panel*. Leave the port number unchanged.
Open the settings. Select General, then Connect via Tor. This will provide better protection, making it more difficult for adversaries to know who is talking to who. Open the settings. Select *General*, then *Connect via Tor*. This will provide better protection, making it more difficult for adversaries to know who is talking to who. If connecting through Tor is unreliable and causes crashes then unselect *Connect via Tor* on the *General settings* and then just use your ordinary domain name.
Selecting the server by pressing on it then connects you to the server so that you can chat with other connected users. Selecting the server by pressing on it then connects you to the server so that you can chat with other connected users.

2
doc/EN/fediverse.org
View File

@ -39,5 +39,5 @@ It may seem like a good idea and it may seem like you're doing a service to the
#+BEGIN_CENTER #+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]] This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
#+END_CENTER #+END_CENTER

2
doc/EN/homeserver.org
View File

@ -153,5 +153,5 @@ man freedombone-image
#+end_src #+end_src
#+BEGIN_CENTER #+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion
#+END_CENTER #+END_CENTER

2
doc/EN/index.org
View File

@ -42,5 +42,5 @@ If you find bugs, or want to add a new app to this system see the [[./devguide.h
Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/current][available here]]. Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/current][available here]].
#+BEGIN_CENTER #+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]] This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
#+END_CENTER #+END_CENTER

2
doc/EN/mesh.org
View File

@ -35,5 +35,5 @@ Systems only need to be within wifi range of each other for the mesh to be creat
Like [[https://libremesh.org][LibreMesh]], this system uses a combination of [[https://en.wikipedia.org/wiki/B.A.T.M.A.N.][batman-adv]] on network layer 2 and [[http://bmx6.net][BMX]] on layer 3. Routing protocols [[http://www.olsr.org][OLSR2]] and [[https://www.irif.fr/~jch/software/babel][Babel]] are also selectable. Like [[https://libremesh.org][LibreMesh]], this system uses a combination of [[https://en.wikipedia.org/wiki/B.A.T.M.A.N.][batman-adv]] on network layer 2 and [[http://bmx6.net][BMX]] on layer 3. Routing protocols [[http://www.olsr.org][OLSR2]] and [[https://www.irif.fr/~jch/software/babel][Babel]] are also selectable.
#+BEGIN_CENTER #+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion
#+END_CENTER #+END_CENTER

2
doc/EN/mesh_images.org
View File

@ -37,7 +37,7 @@ The MultiWriter tool is also available within mesh client images, so that you ca
[[file:images/mesh_netbook.jpg]] [[file:images/mesh_netbook.jpg]]
#+END_CENTER #+END_CENTER
"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size. "Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
#+begin_src bash #+begin_src bash
sudo apt-get install xz-utils wget sudo apt-get install xz-utils wget

6
doc/EN/support.org
View File

@ -18,13 +18,11 @@
* Contact details * Contact details
This site can also be accessed via a Tor browser at *http://pazyv7nkllp76hqr.onion* This site can also be accessed via a Tor browser at *http://7ec7btgr6m7c5r3h.onion*
*Email:* bob@freedombone.net *Email:* bob@freedombone.net
*PGP/GPG Key ID:* EA982E38 *PGP/GPG Fingerprint:* 9ABB82C00ABF39F82680487DCC2536191FA7C33F
*PGP/GPG Fingerprint:* D538 1159 CD7A 2F80 2F06 ABA0 0452 CC7C EA98 2E38
*XMPP:* bob@freedombone.net with OMEMO or OTR *XMPP:* bob@freedombone.net with OMEMO or OTR

67
src/freedombone-app-ghost
View File

@ -228,14 +228,21 @@ function backup_local_ghost {
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain") GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi fi
ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
if [ -d $ghost_path ]; then
suspend_site ${GHOST_DOMAIN_NAME} suspend_site ${GHOST_DOMAIN_NAME}
systemctl stop ghost systemctl stop ghost
ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
if [ -d $ghost_path ]; then
backup_directory_to_usb $ghost_path ghostcontent backup_directory_to_usb $ghost_path ghostcontent
fi
ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
if [ -d $ghost_path ]; then
backup_directory_to_usb $ghost_path ghostcurrent
fi
systemctl start ghost systemctl start ghost
restart_site restart_site
fi
} }
function restore_local_ghost { function restore_local_ghost {
@ -254,12 +261,31 @@ function restore_local_ghost {
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/ cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
else else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/ cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
fi fi
chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
temp_restore_dir=/root/tempghostcurrent
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir ghostcurrent
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
fi
chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
rm -rf $temp_restore_dir
fi
systemctl start ghost systemctl start ghost
restart_site restart_site
fi fi
@ -271,15 +297,27 @@ function backup_remote_ghost {
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain") GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi fi
suspend_site ${GHOST_DOMAIN_NAME}
temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
if [ -d $temp_backup_dir ]; then if [ -d $temp_backup_dir ]; then
suspend_site ${GHOST_DOMAIN_NAME}
backup_directory_to_friend $temp_backup_dir ghostcontent backup_directory_to_friend $temp_backup_dir ghostcontent
restart_site
else else
restart_site
echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}" echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
exit 2578 exit 2578
fi fi
temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
if [ -d $temp_backup_dir ]; then
backup_directory_to_friend $temp_backup_dir ghostcurrent
else
restart_site
echo $"Ghost domain specified but not found in $temp_backup_dir"
exit 78353
fi
restart_site
} }
function restore_remote_ghost { function restore_remote_ghost {
@ -298,12 +336,31 @@ function restore_remote_ghost {
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/ cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
else else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/ cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
fi fi
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
temp_restore_dir=/root/tempghostcurrent
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir ghostcurrent
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
fi
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
rm -rf $temp_restore_dir
fi
systemctl start ghost systemctl start ghost
restart_site restart_site
} }

2
src/freedombone-app-koel
View File

@ -39,7 +39,7 @@ KOEL_CODE=
KOEL_ONION_PORT=8118 KOEL_ONION_PORT=8118
KOEL_PORT=9002 KOEL_PORT=9002
KOEL_REPO="https://github.com/phanan/koel" KOEL_REPO="https://github.com/phanan/koel"
KOEL_COMMIT='70464a' KOEL_COMMIT='8e9b021aa09f2b1460977bdd52fff14ea2bc1607'
KOEL_ADMIN_PASSWORD= KOEL_ADMIN_PASSWORD=
koel_variables=(ONION_ONLY koel_variables=(ONION_ONLY

20
src/freedombone-app-lychee
View File

@ -163,11 +163,22 @@ function restore_local_lychee {
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi fi
if [ $LYCHEE_DOMAIN_NAME ]; then if [ $LYCHEE_DOMAIN_NAME ]; then
suspend_site ${LYCHEE_DOMAIN_NAME}
function_check lychee_create_database function_check lychee_create_database
lychee_create_database lychee_create_database
function_check restore_database function_check restore_database
restore_database lychee ${LYCHEE_DOMAIN_NAME} restore_database lychee ${LYCHEE_DOMAIN_NAME}
if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
MARIADB_PASSWORD=
fi
restart_site
chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
fi fi
} }
@ -195,12 +206,21 @@ function restore_remote_lychee {
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi fi
suspend_site ${LYCHEE_DOMAIN_NAME}
function_check restore_database_from_friend function_check restore_database_from_friend
function_check lychee_create_database function_check lychee_create_database
lychee_create_database lychee_create_database
restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME} restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME}
if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
MARIADB_PASSWORD=
fi
restart_site restart_site
chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/ chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
} }

26
src/freedombone-app-mumble
View File

@ -43,6 +43,7 @@ MUMBLE_DATABASE="mumble-server.sqlite"
MUMBLE_CONFIG_FILE="mumble-server.ini" MUMBLE_CONFIG_FILE="mumble-server.ini"
mumble_variables=(MY_USERNAME mumble_variables=(MY_USERNAME
DEFAULT_DOMAIN_NAME
MUMBLE_PORT MUMBLE_PORT
ONION_ONLY ONION_ONLY
ADMIN_USERNAME) ADMIN_USERNAME)
@ -84,6 +85,21 @@ function upgrade_mumble {
if [ -d /etc/letsencrypt ]; then if [ -d /etc/letsencrypt ]; then
usermod -a -G ssl-cert mumble-server usermod -a -G ssl-cert mumble-server
fi fi
if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
systemctl restart mumble
fi
else
if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
usermod -a -G ssl-cert mumble-server
sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
systemctl restart mumble
fi
fi
} }
function backup_local_mumble { function backup_local_mumble {
@ -242,7 +258,7 @@ function install_mumble {
if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
fi fi
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
fi fi
@ -265,7 +281,7 @@ function install_mumble {
# Make an ssl cert for the server # Make an ssl cert for the server
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
function_check check_certificates function_check check_certificates
@ -307,12 +323,12 @@ function install_mumble {
echo 'allowping=False' >> /etc/mumble-server.ini echo 'allowping=False' >> /etc/mumble-server.ini
fi fi
sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
else else
sed -i "s|#sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini sed -i "s|#sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
sed -i "s|#sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini sed -i "s|#sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
fi fi
sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
sed -i 's|users=100|users=10|g' /etc/mumble-server.ini sed -i 's|users=100|users=10|g' /etc/mumble-server.ini

99
src/freedombone-app-pleroma
View File

@ -58,6 +58,8 @@ PLEROMA_TITLE='Pleroma Server'
# Number of months after which posts expire # Number of months after which posts expire
PLEROMA_EXPIRE_MONTHS=3 PLEROMA_EXPIRE_MONTHS=3
pleroma_expire_posts_script=/usr/bin/pleroma-expire-posts
blocking_script_file=/usr/bin/pleroma-blocking
pleroma_variables=(ONION_ONLY pleroma_variables=(ONION_ONLY
PLEROMA_DOMAIN_NAME PLEROMA_DOMAIN_NAME
@ -70,6 +72,81 @@ pleroma_variables=(ONION_ONLY
MY_EMAIL_ADDRESS MY_EMAIL_ADDRESS
MY_USERNAME) MY_USERNAME)
function create_pleroma_blocklist {
echo '#!/bin/bash' > $blocking_script_file
echo "if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then" >> $blocking_script_file
echo ' exit 0' >> $blocking_script_file
echo 'fi' >> $blocking_script_file
echo 'cd /etc/postgresql' >> $blocking_script_file
echo 'while read blocked; do' >> $blocking_script_file
echo ' if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
echo ' if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
echo " sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
echo " sudo -u postgres psql -d pleroma -c \"DELETE FROM users WHERE nickname ilike '%\${blocked}%'\"" >> $blocking_script_file
echo ' if [[ "$blocked" != *"@"* ]]; then' >> $blocking_script_file
echo " sudo -u postgres psql -d pleroma -c \"DELETE FROM websub_server_subscriptions WHERE callback like '%\${blocked}%'\"" >> $blocking_script_file
echo ' fi' >> $blocking_script_file
echo ' fi' >> $blocking_script_file
echo ' fi' >> $blocking_script_file
echo "done </root/${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file
chmod +x $blocking_script_file
if ! grep -q "$blocking_script_file" /etc/crontab; then
echo "*/2 * * * * root $blocking_script_file > /dev/null" >> /etc/crontab
fi
}
function expire_pleroma_posts {
domain_name=$1
expire_months=$3
if [ ! $expire_months ]; then
expire_months=3
fi
expire_days=$((expire_months * 30))
# files are what take up most of the backup time, so don't keep them for very long
expire_days_files=7
# To prevent the database size from growing endlessly this script expires posts
# after a number of months
if [ ! -d /etc/pleroma ]; then
return
fi
echo '#!/bin/bash' > $pleroma_expire_posts_script
echo "plmonths=\"$PLEROMA_EXPIRE_MONTHS\"" >> $pleroma_expire_posts_script
echo 'if [ ${#plmonths} -eq 0 ]; then' >> $pleroma_expire_posts_script
echo ' exit 1' >> $pleroma_expire_posts_script
echo 'fi' >> $pleroma_expire_posts_script
echo 'if [[ "$plmonths" == "0" ]]; then' >> $pleroma_expire_posts_script
echo ' exit 2' >> $pleroma_expire_posts_script
echo 'fi' >> $pleroma_expire_posts_script
echo 'oldate=$(date +%Y-%m-%d --date="$plmonths months ago")' >> $pleroma_expire_posts_script
echo 'cd /etc/postgresql' >> $pleroma_expire_posts_script
echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
chmod +x $pleroma_expire_posts_script
pleroma_expire_script=/etc/cron.daily/pleroma-expire
echo '#!/bin/bash' > $pleroma_expire_script
echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script
echo "$pleroma_expire_posts_script 2> /dev/null" >> $pleroma_expire_script
chmod +x $pleroma_expire_script
# remove any old cron job
if grep -q "pleroma-expire" /etc/crontab; then
sed -i "/pleroma-expire/d" /etc/crontab
rm /usr/bin/pleroma-expire
fi
# remove old expire script
if [ -f /etc/cron.weekly/clear-pleroma-database ]; then
rm /etc/cron.weekly/clear-pleroma-database
fi
}
function pleroma_recompile { function pleroma_recompile {
# necessary after parameter changes # necessary after parameter changes
chown -R pleroma:pleroma $PLEROMA_DIR chown -R pleroma:pleroma $PLEROMA_DIR
@ -80,6 +157,7 @@ function pleroma_recompile {
if [ -f /etc/systemd/system/pleroma.service ]; then if [ -f /etc/systemd/system/pleroma.service ]; then
systemctl restart pleroma systemctl restart pleroma
fi fi
} }
function logging_on_pleroma { function logging_on_pleroma {
@ -353,6 +431,7 @@ function pleroma_set_title {
function pleroma_set_expire_months { function pleroma_set_expire_months {
PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain") PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
read_config_param "PLEROMA_DOMAIN_NAME"
read_config_param "PLEROMA_EXPIRE_MONTHS" read_config_param "PLEROMA_EXPIRE_MONTHS"
data=$(tempfile 2>/dev/null) data=$(tempfile 2>/dev/null)
@ -378,7 +457,8 @@ function pleroma_set_expire_months {
PLEROMA_EXPIRE_MONTHS=$new_expiry_months PLEROMA_EXPIRE_MONTHS=$new_expiry_months
write_config_param "PLEROMA_EXPIRE_MONTHS" "$PLEROMA_EXPIRE_MONTHS" write_config_param "PLEROMA_EXPIRE_MONTHS" "$PLEROMA_EXPIRE_MONTHS"
# TODO expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
create_pleroma_blocklist
dialog --title $"Set Pleroma post expiry period" \ dialog --title $"Set Pleroma post expiry period" \
--msgbox $"Expiry period set to $PLEROMA_EXPIRE_MONTHS months" 6 60 --msgbox $"Expiry period set to $PLEROMA_EXPIRE_MONTHS months" 6 60
@ -499,6 +579,7 @@ function pleroma_add_emoji {
} }
function configure_interactive_pleroma { function configure_interactive_pleroma {
read_config_param PLEROMA_DOMAIN_NAME
read_config_param PLEROMA_EXPIRE_MONTHS read_config_param PLEROMA_EXPIRE_MONTHS
while true while true
do do
@ -531,6 +612,16 @@ function configure_interactive_pleroma {
} }
function upgrade_pleroma { function upgrade_pleroma {
read_config_param PLEROMA_DOMAIN_NAME
read_config_param PLEROMA_EXPIRE_MONTHS
if [ ! -f $pleroma_expire_posts_script ]; then
expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
fi
if [ ! -f $blocking_script_file ]; then
create_pleroma_blocklist
fi
CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit") CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit")
if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then
return return
@ -542,6 +633,9 @@ function upgrade_pleroma {
sudo -u pleroma mix deps.get sudo -u pleroma mix deps.get
pleroma_recompile pleroma_recompile
expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
create_pleroma_blocklist
} }
function backup_local_pleroma { function backup_local_pleroma {
@ -688,6 +782,7 @@ function remove_pleroma {
remove_completion_param install_pleroma remove_completion_param install_pleroma
sed -i '/pleroma domain/d' $COMPLETION_FILE sed -i '/pleroma domain/d' $COMPLETION_FILE
sed -i '/pleroma commit/d' $COMPLETION_FILE sed -i '/pleroma commit/d' $COMPLETION_FILE
sed -i "/$blocking_script_file/d" /etc/crontab
function_check remove_ddns_domain function_check remove_ddns_domain
remove_ddns_domain $PLEROMA_DOMAIN_NAME remove_ddns_domain $PLEROMA_DOMAIN_NAME
@ -900,6 +995,8 @@ function install_pleroma {
fi fi
fi fi
create_pleroma_blocklist
# daemon # daemon
echo '[Unit]' > /etc/systemd/system/pleroma.service echo '[Unit]' > /etc/systemd/system/pleroma.service
echo 'Description=Pleroma social network' >> /etc/systemd/system/pleroma.service echo 'Description=Pleroma social network' >> /etc/systemd/system/pleroma.service

34
src/freedombone-app-riot
View File

@ -65,6 +65,10 @@ function add_user_riot {
echo '0' echo '0'
} }
function riot_remove_bad_links {
sed -i '/riot.im/d' /var/www/$RIOT_DOMAIN_NAME/htdocs/home.html
}
function install_interactive_riot { function install_interactive_riot {
if [[ $ONION_ONLY != "no" ]]; then if [[ $ONION_ONLY != "no" ]]; then
RIOT_DOMAIN_NAME='riot.local' RIOT_DOMAIN_NAME='riot.local'
@ -177,6 +181,7 @@ function upgrade_riot {
riot_download riot_download
sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE} sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE}
riot_remove_bad_links
systemctl restart nginx systemctl restart nginx
} }
@ -246,23 +251,25 @@ function install_riot {
riot_download riot_download
cd /var/www/$RIOT_DOMAIN_NAME/htdocs cd /var/www/$RIOT_DOMAIN_NAME/htdocs
cp config.sample.json config.json
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json riot_config_file="config.${RIOT_DOMAIN_NAME}.json"
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json cp config.sample.json $riot_config_file
sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file
sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," config.json sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file
else else
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json cp config.sample.json $riot_config_file
sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" config.json sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file
sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," config.json sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file
fi fi
sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file
sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file
sed -i 's|https://piwik.riot.im/||g' $riot_config_file
RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT}) RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
@ -340,6 +347,7 @@ function install_riot {
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $RIOT_DOMAIN_NAME add_ddns_domain $RIOT_DOMAIN_NAME
riot_remove_bad_links
chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
systemctl restart nginx systemctl restart nginx

40
src/freedombone-app-syncthing
View File

@ -13,7 +13,7 @@
# License # License
# ======= # =======
# #
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net> # Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by # it under the terms of the GNU Affero General Public License as published by
@ -318,14 +318,6 @@ function restore_local_syncthing {
mkdir -p $SYNCTHING_SHARED_DATA mkdir -p $SYNCTHING_SHARED_DATA
fi fi
cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/ cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
systemctl start syncthing
systemctl start cron
exit 37904
fi
rm -rf ${temp_restore_dir}shared rm -rf ${temp_restore_dir}shared
fi fi
@ -340,9 +332,17 @@ function restore_local_syncthing {
restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME
if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then
cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/ cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/Sync ]; then
mkdir /home/$USERNAME/Sync
fi
if [ -d /root/Sync ]; then
cp -r /root/Sync/* /home/$USERNAME/Sync/
rm -rf /root/Sync
else else
cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/ cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
fi fi
fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
set_user_permissions set_user_permissions
@ -425,7 +425,7 @@ function restore_remote_syncthing {
if [ ! -d $SYNCTHING_CONFIG_PATH ]; then if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
mkdir -p $SYNCTHING_CONFIG_PATH mkdir -p $SYNCTHING_CONFIG_PATH
fi fi
cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/ cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
systemctl start syncthing systemctl start syncthing
systemctl start cron systemctl start cron
@ -439,17 +439,11 @@ function restore_remote_syncthing {
temp_restore_dir=/root/tempsyncthingshared temp_restore_dir=/root/tempsyncthingshared
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir syncthingshared restore_directory_from_friend $temp_restore_dir syncthingshared
#cp -r $temp_restore_dir/* /
if [ ! -d $SYNCTHING_SHARED_DATA ]; then if [ ! -d $SYNCTHING_SHARED_DATA ]; then
mkdir -p $SYNCTHING_SHARED_DATA mkdir -p $SYNCTHING_SHARED_DATA
fi fi
cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/ cp -r ${temp_restore_dir}/* $SYNCTHING_SHARED_DATA/
if [ ! "$?" = "0" ]; then rm -rf ${temp_restore_dir}
systemctl start syncthing
systemctl start cron
exit 37904
fi
rm -rf $temp_restore_dir
fi fi
if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
@ -466,7 +460,15 @@ function restore_remote_syncthing {
if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then
cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
else else
cp -r $temp_restore_dir/* /home/$USERNAME/Sync/ if [ ! -d /home/$USERNAME/Sync ]; then
mkdir /home/$USERNAME/Sync
fi
if [ -d /root/Sync ]; then
cp -r /root/Sync/* /home/$USERNAME/Sync/
rm -rf /root/Sync
else
cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
fi
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir

38
src/freedombone-app-xmpp
View File

@ -407,6 +407,25 @@ function upgrade_xmpp {
update_prosody_modules update_prosody_modules
xmpp_onion_addresses /etc/prosody/prosody.cfg.lua xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
if grep -q "/etc/ssl/certs/xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
chown prosody:prosody /etc/prosody/xmpp.dhparam
sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if grep -q "/etc/ssl/private/xmpp.key" /etc/prosody/prosody.cfg.lua; then
if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem ]; then
sed -i "s|/etc/ssl/private/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
fi
fi
if grep -q "/etc/ssl/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
sed -i "s|/etc/ssl/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
fi
fi
curr_prosody_filename=$(cat $COMPLETION_FILE | grep "prosody_filename" | awk -F ':' '{print $2}') curr_prosody_filename=$(cat $COMPLETION_FILE | grep "prosody_filename" | awk -F ':' '{print $2}')
if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then
if [ -d ${INSTALL_DIR}/${prosody_filename} ]; then if [ -d ${INSTALL_DIR}/${prosody_filename} ]; then
@ -1051,9 +1070,28 @@ function install_xmpp {
chmod -R 700 /etc/prosody/conf.d chmod -R 700 /etc/prosody/conf.d
usermod -a -G www-data prosody usermod -a -G www-data prosody
# Avoid STIG failures
if [ -f /usr/lib/ssl/private/xmpp.key ]; then
chown root:root /usr/lib/ssl/private/xmpp.key
fi
if [ -f /usr/lib/ssl/certs/xmpp.crt ]; then
chown root:root /usr/lib/ssl/certs/xmpp.crt
fi
if [ -f /usr/lib/ssl/certs/xmpp.dhparam ]; then
chown root:root /usr/lib/ssl/certs/xmpp.dhparam
fi
if [ -d /etc/letsencrypt ]; then if [ -d /etc/letsencrypt ]; then
usermod -a -G ssl-cert prosody usermod -a -G ssl-cert prosody
fi fi
if [ -f /etc/ssl/certs/xmpp.dhparam ]; then
cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
chown prosody:prosody /etc/prosody/xmpp.dhparam
sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
apt-mark -q hold prosody apt-mark -q hold prosody
systemctl restart prosody systemctl restart prosody

9
src/freedombone-controlpanel
View File

@ -1326,10 +1326,15 @@ function reset_tripwire {
return return
fi fi
if [ ! -f /etc/tripwire/${HOSTNAME}-local.key ]; then if [ ! -f /etc/tripwire/${HOSTNAME}-local.key ]; then
if [ -f /etc/tripwire/${PROJECT_NAME}-local.key ]; then
mv /etc/tripwire/${PROJECT_NAME}-local.key /etc/tripwire/${HOSTNAME}-local.key
mv /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/${HOSTNAME}-site.key
else
echo $'Error: missing local key' echo $'Error: missing local key'
any_key any_key
return return
fi fi
fi
clear clear
echo $'Turing off logging...' echo $'Turing off logging...'
${PROJECT_NAME}-logging off ${PROJECT_NAME}-logging off
@ -1921,7 +1926,7 @@ function domain_blocking_add {
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
dialog --title $"Block a domain or user" \ dialog --title $"Block a domain or user" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the domain name or GNU Social/postActiv nick@domain that you wish to block" 8 60 "" 2>$data --inputbox $"Enter the domain name or GNU Social/postActiv/Pleroma nick@domain that you wish to block" 8 60 "" 2>$data
sel=$? sel=$?
case $sel in case $sel in
0) 0)
@ -1933,7 +1938,7 @@ function domain_blocking_add {
dialog --title $"Block a domain" \ dialog --title $"Block a domain" \
--msgbox $"The domain $blocked_domain has been blocked" 6 40 --msgbox $"The domain $blocked_domain has been blocked" 6 40
else else
dialog --title $"Block a GNU Social/postActiv nickname" \ dialog --title $"Block a GNU Social/postActiv/Pleroma nickname" \
--msgbox $"$blocked_domain has been blocked" 6 40 --msgbox $"$blocked_domain has been blocked" 6 40
fi fi
fi fi

2
src/freedombone-image
View File

@ -547,7 +547,7 @@ if [[ $VARIANT == 'meshclient' || $VARIANT == 'meshusb' ]]; then
fi fi
if [ ! $IMAGE_SIZE_SPECIFIED ]; then if [ ! $IMAGE_SIZE_SPECIFIED ]; then
IMAGE_SIZE=7.9G IMAGE_SIZE=15.0G
fi fi
fi fi

26
src/freedombone-restore-local
View File

@ -13,7 +13,7 @@
# License # License
# ======= # =======
# #
# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net> # Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by # it under the terms of the GNU Affero General Public License as published by
@ -464,6 +464,9 @@ function restore_gpg {
if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then
cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.gnupg ]; then
mkdir /home/$USERNAME/.gnupg
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/ cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -543,6 +546,9 @@ function restore_spamassassin {
if [ -d $temp_restore_dir/home/$USERNAME ]; then if [ -d $temp_restore_dir/home/$USERNAME ]; then
cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/ cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.spamassassin ]; then
mkdir /home/$USERNAME/.spamassassin
fi
cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/ cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -611,6 +617,9 @@ function restore_user_ssh_keys {
if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.ssh ]; then
mkdir /home/$USERNAME/.ssh
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/ cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -644,6 +653,9 @@ function restore_user_config {
if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then
cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.config ]; then
mkdir /home/$USERNAME/.config
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.config/ cp -r $temp_restore_dir/* /home/$USERNAME/.config/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -677,6 +689,9 @@ function restore_user_monkeysphere {
if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.monkeysphere ]; then
mkdir /home/$USERNAME/.monkeysphere
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -718,6 +733,9 @@ function restore_user_fin {
if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.fin ]; then
mkdir /home/$USERNAME/.fin
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.fin/ cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -751,6 +769,9 @@ function restore_user_local {
if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.local ]; then
mkdir /home/$USERNAME/.local
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.local/ cp -r $temp_restore_dir/* /home/$USERNAME/.local/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -837,6 +858,9 @@ function restore_personal_settings {
if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
else else
if [ ! -d /home/$USERNAME/personal ]; then
mkdir /home/$USERNAME/personal
fi
cp -r $temp_restore_dir/* /home/$USERNAME/personal/ cp -r $temp_restore_dir/* /home/$USERNAME/personal/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then

26
src/freedombone-restore-remote
View File

@ -13,7 +13,7 @@
# License # License
# ======= # =======
# #
# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net> # Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by # it under the terms of the GNU Affero General Public License as published by
@ -419,6 +419,9 @@ function restore_gpg {
if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then
cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/ cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.gnupg ]; then
mkdir /home/$USERNAME/.gnupg
fi
cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/ cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -488,6 +491,9 @@ function restore_spamassassin {
if [ -d $temp_restore_dir/home/$USERNAME ]; then if [ -d $temp_restore_dir/home/$USERNAME ]; then
cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/ cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.spamassassin ]; then
mkdir /home/$USERNAME/.spamassassin
fi
cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/ cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -542,6 +548,9 @@ function restore_ssh_keys {
if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.ssh ]; then
mkdir /home/$USERNAME/.ssh
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/ cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -573,6 +582,9 @@ function restore_user_config {
if [ -d $temp_restore_dir/home/$USERNAME ]; then if [ -d $temp_restore_dir/home/$USERNAME ]; then
cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.config ]; then
mkdir /home/$USERNAME/.config
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.config/ cp -r $temp_restore_dir/* /home/$USERNAME/.config/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -604,6 +616,9 @@ function restore_user_monkeysphere {
if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.monkeysphere ]; then
mkdir /home/$USERNAME/.monkeysphere
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/ cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -643,6 +658,9 @@ function restore_user_fin {
if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.fin ]; then
mkdir /home/$USERNAME/.fin
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.fin/ cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -674,6 +692,9 @@ function restore_user_local {
if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/ cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
else else
if [ ! -d /home/$USERNAME/.local ]; then
mkdir /home/$USERNAME/.local
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.local/ cp -r $temp_restore_dir/* /home/$USERNAME/.local/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
@ -754,6 +775,9 @@ function restore_personal_settings {
fi fi
mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
else else
if [ ! -d /home/$USERNAME/personal ]; then
mkdir /home/$USERNAME/personal
fi
cp -r $temp_restore_dir/* /home/$USERNAME/personal/ cp -r $temp_restore_dir/* /home/$USERNAME/personal/
fi fi
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then

3
src/freedombone-utils-firewall
View File

@ -547,6 +547,9 @@ function firewall_block_domain {
if [ -f /usr/bin/postactiv-firewall ]; then if [ -f /usr/bin/postactiv-firewall ]; then
/usr/bin/postactiv-firewall /usr/bin/postactiv-firewall
fi fi
if [ -f /usr/bin/pleroma-blocking ]; then
/usr/bin/pleroma-blocking
fi
fi fi
} }

8
src/freedombone-utils-mesh
View File

@ -107,12 +107,12 @@ function mesh_protocol_init {
fi fi
} }
function get_ipv4_wlan { function get_ipv6_wlan {
echo $(ip -o -f inet addr show dev "$IFACE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}') echo $(ifconfig ${IFACE} | grep inet6 | awk -F ' ' '{print $2}')
} }
function mesh_hotspot_ip_address { function mesh_hotspot_ip_address {
echo $(ip -o -f inet addr show dev "${BRIDGE}" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}') echo $(ifconfig ${BRIDGE} | grep inet6 | awk -F ' ' '{print $2}')
} }
function global_rate_limit { function global_rate_limit {
@ -368,7 +368,7 @@ function enable_mesh_scuttlebot {
if [ -f /etc/scuttlebot/.ssb/config ]; then if [ -f /etc/scuttlebot/.ssb/config ]; then
ethernet_connected=$(cat /sys/class/net/eth0/carrier) ethernet_connected=$(cat /sys/class/net/eth0/carrier)
if [[ "$ethernet_connected" != "0" ]]; then if [[ "$ethernet_connected" != "0" ]]; then
sed -i "s|\"host\": .*|\"host\": \"$(get_ipv4_wlan)\",|g" /etc/scuttlebot/.ssb/config sed -i "s|\"host\": .*|\"host\": \"$(get_ipv6_wlan)\",|g" /etc/scuttlebot/.ssb/config
systemctl restart scuttlebot systemctl restart scuttlebot
else else
if [ ! -f /etc/nginx/sites-available/git_ssb ]; then if [ ! -f /etc/nginx/sites-available/git_ssb ]; then

4
src/freedombone-utils-ssh
View File

@ -59,8 +59,8 @@ function configure_ssh {
if ! grep -q 'HostbasedAuthentication' /etc/ssh/sshd_config; then if ! grep -q 'HostbasedAuthentication' /etc/ssh/sshd_config; then
echo 'HostbasedAuthentication no' >> /etc/ssh/sshd_config echo 'HostbasedAuthentication no' >> /etc/ssh/sshd_config
fi fi
sed 's|#HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config sed -i 's|#HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
sed 's|HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config sed -i 's|HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
sed -i 's|#PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config sed -i 's|#PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config
sed -i 's|PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config sed -i 's|PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config
sed -i 's|#IgnoreRhosts.*|IgnoreRhosts yes|g' /etc/ssh/sshd_config sed -i 's|#IgnoreRhosts.*|IgnoreRhosts yes|g' /etc/ssh/sshd_config

49
src/freedombone-utils-web
View File

@ -756,81 +756,85 @@ function configure_firewall_for_web_access {
function update_default_domain { function update_default_domain {
echo $'Updating default domain' echo $'Updating default domain'
if [[ $ONION_ONLY == 'no' ]]; then if [[ $ONION_ONLY == 'no' ]]; then
if [ -d /etc/prosody ]; then
if [ -f /etc/mumble-server.ini ]; then if [ -f /etc/mumble-server.ini ]; then
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if ! grep -q "mumble.pem" /etc/mumble-server.ini; then if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
systemctl restart mumble systemctl restart mumble
fi fi
else else
if ! grep -q "${DEFAULT_DOMAIN_NAME}.pem" /etc/mumble-server.ini; then if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
usermod -a -G ssl-cert mumble-server usermod -a -G ssl-cert mumble-server
sed -i "s|sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
sed -i "s|sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
systemctl restart mumble systemctl restart mumble
fi fi
fi fi
fi fi
if [ -d /etc/prosody ]; then
if [ ! -d /etc/prosody/certs ]; then if [ ! -d /etc/prosody/certs ]; then
mkdir /etc/prosody/certs mkdir /etc/prosody/certs
fi fi
cp /etc/ssl/private/xmpp* /etc/prosody/certs cp /etc/ssl/private/xmpp* /etc/prosody/certs
cp /etc/ssl/certs/xmpp* /etc/prosody/certs cp /etc/ssl/certs/xmpp* /etc/prosody/certs
if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
usermod -a -G ssl-cert prosody usermod -a -G ssl-cert prosody
if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
fi fi
if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/conf.avail/xmpp.cfg.lua; then if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
fi fi
if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/prosody.cfg.lua; then if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/prosody.cfg.lua; then
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
fi fi
if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
fi
fi fi
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
fi fi
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
fi fi
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
fi fi
if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then
sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
fi
fi fi
chown -R prosody:default /etc/prosody chown -R prosody:default /etc/prosody
chmod -R 700 /etc/prosody/certs/* chmod -R 700 /etc/prosody/certs/*
chmod 600 /etc/prosody/prosody.cfg.lua chmod 600 /etc/prosody/prosody.cfg.lua
if [ -d $INSTALL_DIR/prosody-modules ]; then
cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/ cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
cp -r $INSTALL_DIR/prosody-modules/* /usr/lib/prosody/modules/
fi
chown -R prosody:prosody /var/lib/prosody/prosody-modules chown -R prosody:prosody /var/lib/prosody/prosody-modules
chown -R prosody:prosody /usr/lib/prosody/modules
systemctl reload prosody systemctl reload prosody
fi fi
if [ -d /home/znc/.znc ]; then if [ -d /home/znc/.znc ]; then
echo $'znc found' echo $'znc found'
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
pkill znc pkill znc
cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem
chown znc:znc /home/znc/.znc/znc.pem chown znc:znc /home/znc/.znc/znc.pem
chmod 700 /home/znc/.znc/znc.pem chmod 700 /home/znc/.znc/znc.pem
sed -i "s|CertFile =.*|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/ngircd/ngircd.conf sed -i "s|CertFile =.*|CertFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/ngircd/ngircd.conf
sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf
sed -i "s|KeyFile =.*|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" /etc/ngircd/ngircd.conf sed -i "s|KeyFile =.*|KeyFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem" /etc/ngircd/ngircd.conf
echo $'irc certificates updated' echo $'irc certificates updated'
systemctl restart ngircd systemctl restart ngircd
@ -839,16 +843,17 @@ function update_default_domain {
fi fi
if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if [ -d /etc/dovecot ]; then if [ -d /etc/dovecot ]; then
if ! grep -q "ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then if ! grep -q "ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/dovecot/conf.d/10-ssl.conf; then
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
systemctl restart dovecot systemctl restart dovecot
fi fi
fi fi
if [ -d /etc/exim4 ]; then if [ -d /etc/exim4 ]; then
# Unfortunately there doesn't appear to be any other way than copying certs here
cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem /etc/exim4/ cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem /etc/exim4/
chown root:Debian-exim /etc/exim4/*.pem chown root:Debian-exim /etc/exim4/*.pem
chmod 640 /etc/exim4/*.pem chmod 640 /etc/exim4/*.pem

29
website/EN/app_mumble.html
View File

@ -3,10 +3,10 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2016-12-10 Sat 15:19 --> <!-- 2018-01-21 Sun 11:01 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title> <title>&lrm;</title>
<meta name="generator" content="Org mode" /> <meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" /> <meta name="author" content="Bob Mottram" />
<meta name="description" content="How to use Mumble" <meta name="description" content="How to use Mumble"
@ -71,6 +71,7 @@
pre.src-fortran:before { content: 'Fortran'; } pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; } pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; } pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; } pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; } pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; } pre.src-latex:before { content: 'LaTeX'; }
@ -188,7 +189,7 @@
@licstart The following is the entire license notice for the @licstart The following is the entire license notice for the
JavaScript code in this tag. JavaScript code in this tag.
Copyright (C) 2012-2013 Free Software Foundation, Inc. Copyright (C) 2012-2017 Free Software Foundation, Inc.
The JavaScript code in this tag is free software: you can The JavaScript code in this tag is free software: you can
redistribute it and/or modify it under the terms of the GNU redistribute it and/or modify it under the terms of the GNU
@ -251,18 +252,18 @@ for the JavaScript code in this tag.
Mumble is a well known VoIP system originally used for gaming, but which works just as well for any general conference calls or meetings. Mumble is a well known VoIP system originally used for gaming, but which works just as well for any general conference calls or meetings.
</p> </p>
<div id="outline-container-orgb69e7cf" class="outline-2"> <div id="outline-container-org208d455" class="outline-2">
<h2 id="orgb69e7cf">Text chat</h2> <h2 id="org208d455">Text chat</h2>
<div class="outline-text-2" id="text-orgb69e7cf"> <div class="outline-text-2" id="text-org208d455">
<p> <p>
In addition to voice it is also possible to do text chat via mumble. The security of this is pretty good provided that you do it via Plumble and Orbot on mobile, but compared to other options such as XMPP/Conversations or Tox the security is not as good, since the mumble server currently doesn't support forward secrecy. In addition to voice it is also possible to do text chat via mumble. The security of this is pretty good provided that you do it via Plumble and Orbot on mobile, but compared to other options such as XMPP/Conversations or Tox the security is not as good, since the mumble server currently doesn't support forward secrecy.
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-orgd3559d7" class="outline-2"> <div id="outline-container-orge57116e" class="outline-2">
<h2 id="orgd3559d7">Using with Ubuntu</h2> <h2 id="orge57116e">Using with Ubuntu</h2>
<div class="outline-text-2" id="text-orgd3559d7"> <div class="outline-text-2" id="text-orge57116e">
<p> <p>
First ensure that tor is installed. Within a terminal: First ensure that tor is installed. Within a terminal:
</p> </p>
@ -298,9 +299,9 @@ Click on "add new" to add a new server and enter the <b>default domain name</b>
</div> </div>
</div> </div>
<div id="outline-container-org0e1c0da" class="outline-2"> <div id="outline-container-orgb9f0d9d" class="outline-2">
<h2 id="org0e1c0da">Using with Android</h2> <h2 id="orgb9f0d9d">Using with Android</h2>
<div class="outline-text-2" id="text-org0e1c0da"> <div class="outline-text-2" id="text-orgb9f0d9d">
<p> <p>
Install <a href="https://f-droid.org/">F-Droid</a> Install <a href="https://f-droid.org/">F-Droid</a>
</p> </p>
@ -318,11 +319,11 @@ Press the plus button to add a Mumble server.
</p> </p>
<p> <p>
Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the <b>About</b> screen of the <b>Administrator control panel</b>, your username (which can also be anything) and the mumble password which can be found in the <b>Passwords</b> section of the <b>Administrator control panel</b>. Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the <b>About</b> screen of the <b>Administrator control panel</b>, your username (which can also be anything) and the mumble password which can be found in the <b>Passwords</b> section of the <b>Administrator control panel</b>. Leave the port number unchanged.
</p> </p>
<p> <p>
Open the settings. Select General, then Connect via Tor. This will provide better protection, making it more difficult for adversaries to know who is talking to who. Open the settings. Select <b>General</b>, then <b>Connect via Tor</b>. This will provide better protection, making it more difficult for adversaries to know who is talking to who. If connecting through Tor is unreliable and causes crashes then unselect <b>Connect via Tor</b> on the <b>General settings</b> and then just use your ordinary domain name.
</p> </p>
<p> <p>

42
website/EN/fediverse.html
View File

@ -3,10 +3,10 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2017-06-27 Tue 13:17 --> <!-- 2018-01-21 Sun 11:13 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title> <title>&lrm;</title>
<meta name="generator" content="Org mode" /> <meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" /> <meta name="author" content="Bob Mottram" />
<meta name="description" content="Homesteading the Fediverse" <meta name="description" content="Homesteading the Fediverse"
@ -252,54 +252,54 @@ for the JavaScript code in this tag.
Some things you might want to know about the Fediverse: Some things you might want to know about the Fediverse:
</p> </p>
<div id="outline-container-orgdcdb846" class="outline-2"> <div id="outline-container-org7ef0ae3" class="outline-2">
<h2 id="orgdcdb846">Keep the number of users on each server small</h2> <h2 id="org7ef0ae3">Keep the number of users on each server small</h2>
<div class="outline-text-2" id="text-orgdcdb846"> <div class="outline-text-2" id="text-org7ef0ae3">
<p> <p>
The importance of this can't be overstated. Servers with lots of users always eventually have problems where the interests of the users are not the same as the interests of the server administrator. If you are the server administrator, or if there are only a small squad-size group of people on the server, then it's a lot easier to resolve differences and everyone's interests are likely to be similar. The importance of this can't be overstated. Servers with lots of users always eventually have problems where the interests of the users are not the same as the interests of the server administrator. If you are the server administrator, or if there are only a small squad-size group of people on the server, then it's a lot easier to resolve differences and everyone's interests are likely to be similar.
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-org51ce16d" class="outline-2"> <div id="outline-container-orgb78d10c" class="outline-2">
<h2 id="org51ce16d">Drama will happen</h2> <h2 id="orgb78d10c">Drama will happen</h2>
<div class="outline-text-2" id="text-org51ce16d"> <div class="outline-text-2" id="text-orgb78d10c">
<p> <p>
It's inevitable in any social network, but fortunately your options for dealing with it are better than they are in the giant proprietary monoliths. In the proprietary world Google or Facebook don't give a damn about the fate of individual users. On a server with a small number of users if you're getting griefed then the administrator is likely to care and be able to do something about it. It's inevitable in any social network, but fortunately your options for dealing with it are better than they are in the giant proprietary monoliths. In the proprietary world Google or Facebook don't give a damn about the fate of individual users. On a server with a small number of users if you're getting griefed then the administrator is likely to care and be able to do something about it.
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-org449c739" class="outline-2"> <div id="outline-container-orgac5dc10" class="outline-2">
<h2 id="org449c739">Don't be afraid to block</h2> <h2 id="orgac5dc10">Don't be afraid to block</h2>
<div class="outline-text-2" id="text-org449c739"> <div class="outline-text-2" id="text-orgac5dc10">
<p> <p>
Especially if other servers are publishing content which may not be legal in your jurisdiction then don't be afraid to use domain or user blocking from the <b>Administrator control panel</b>. The same applies if users on other servers are trying to harass you. Blocking creates politics and drama but <span class="underline">this is a feature not a bug</span>. It allows you to craft your own distinct community and user experience while also existing in the wider federation. It's hard to do this on sites like Twitter or Facebook. Try to keep blocking to a minimum though and avoid doing it for insubstantial reasons. If you have other users on your server then publish the blocked domains list somewhere they can see. That avoids disappointment and enables you to have a discussion about the validity of blocking decisions. Especially if other servers are publishing content which may not be legal in your jurisdiction then don't be afraid to use domain or user blocking from the <b>Administrator control panel</b>. The same applies if users on other servers are trying to harass you. Blocking creates politics and drama but <span class="underline">this is a feature not a bug</span>. It allows you to craft your own distinct community and user experience while also existing in the wider federation. It's hard to do this on sites like Twitter or Facebook. Try to keep blocking to a minimum though and avoid doing it for insubstantial reasons. If you have other users on your server then publish the blocked domains list somewhere they can see. That avoids disappointment and enables you to have a discussion about the validity of blocking decisions.
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-org3692a0e" class="outline-2"> <div id="outline-container-orgec4f5cf" class="outline-2">
<h2 id="org3692a0e">Network structure maps on to social structure</h2> <h2 id="orgec4f5cf">Network structure maps on to social structure</h2>
<div class="outline-text-2" id="text-org3692a0e"> <div class="outline-text-2" id="text-orgec4f5cf">
<p> <p>
Over time follows and blocking rules come to match the underlying social geography of affinity groups. Blocking will happen and users will move around or start new servers. Drama related to blocking will dissipate. Over time follows and blocking rules come to match the underlying social geography of affinity groups. Blocking will happen and users will move around or start new servers. Drama related to blocking will dissipate.
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-org05184eb" class="outline-2"> <div id="outline-container-org07b0224" class="outline-2">
<h2 id="org05184eb">Keep your follows under the Dunbar number</h2> <h2 id="org07b0224">Keep your follows under the Dunbar number</h2>
<div class="outline-text-2" id="text-org05184eb"> <div class="outline-text-2" id="text-org07b0224">
<p> <p>
Keep the number of other users you're following and who are also active to under a couple of hundred. Any more than that and you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will dissolve in a sea of entropy. There are no algorithmic timelines, and even if they're introduced then they create their own problems as an opaque form of censorship. <span class="underline">Real community happens at tribal scale</span>. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true. Keep the number of other users you're following and who are also active to under a couple of hundred. Any more than that and you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will dissolve in a sea of entropy. There are no algorithmic timelines, and even if they're introduced then they create their own problems as an opaque form of censorship. <span class="underline">Real community happens at tribal scale</span>. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true.
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-orgfbf8e98" class="outline-2"> <div id="outline-container-org07a661a" class="outline-2">
<h2 id="orgfbf8e98">Avoid big public servers</h2> <h2 id="org07a661a">Avoid big public servers</h2>
<div class="outline-text-2" id="text-orgfbf8e98"> <div class="outline-text-2" id="text-org07a661a">
<p> <p>
It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided. It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided.
</p> </p>
@ -308,7 +308,7 @@ It may seem like a good idea and it may seem like you're doing a service to the
<div class="org-center"> <div class="org-center">
<p> <p>
This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a> This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
</p> </p>
</div> </div>
</div> </div>

4
website/EN/homeserver.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2017-12-28 Thu 21:15 --> <!-- 2018-01-21 Sun 11:15 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title> <title>&lrm;</title>
@ -478,7 +478,7 @@ Of course, this is just one way in which you can install the Freedombone system.
<div class="org-center"> <div class="org-center">
<p> <p>
This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a> This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>
</p> </p>
</div> </div>
</div> </div>

4
website/EN/index.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2017-12-20 Wed 13:53 --> <!-- 2018-01-21 Sun 11:15 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title> <title>&lrm;</title>
@ -299,7 +299,7 @@ Ready made disk images which can be copied onto USB or microSD drives are <a hre
<div class="org-center"> <div class="org-center">
<p> <p>
This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a> This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
</p> </p>
</div> </div>
</div> </div>

4
website/EN/mesh.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2018-01-17 Wed 23:49 --> <!-- 2018-01-21 Sun 11:15 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title> <title>&lrm;</title>
@ -284,7 +284,7 @@ Like <a href="https://libremesh.org">LibreMesh</a>, this system uses a combinati
<div class="org-center"> <div class="org-center">
<p> <p>
This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a> This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>
</p> </p>
</div> </div>
</div> </div>

40
website/EN/mesh_images.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2017-12-29 Fri 23:16 --> <!-- 2018-01-18 Thu 18:15 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title> <title>&lrm;</title>
@ -246,13 +246,13 @@ for the JavaScript code in this tag.
<center><h1>Mesh Network: Images</h1></center> <center><h1>Mesh Network: Images</h1></center>
<div id="outline-container-org92a36a4" class="outline-2"> <div id="outline-container-orgff89f51" class="outline-2">
<h2 id="org92a36a4">Pre-built Disk Images</h2> <h2 id="orgff89f51">Pre-built Disk Images</h2>
<div class="outline-text-2" id="text-org92a36a4"> <div class="outline-text-2" id="text-orgff89f51">
</div> </div>
<div id="outline-container-orgf74ea4c" class="outline-3"> <div id="outline-container-orgd2bd6dc" class="outline-3">
<h3 id="orgf74ea4c">Writing many images quickly</h3> <h3 id="orgd2bd6dc">Writing many images quickly</h3>
<div class="outline-text-3" id="text-orgf74ea4c"> <div class="outline-text-3" id="text-orgd2bd6dc">
<p> <p>
There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>. There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>.
</p> </p>
@ -280,9 +280,9 @@ The MultiWriter tool is also available within mesh client images, so that you ca
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-orgdd8f201" class="outline-3"> <div id="outline-container-orgaa45ffa" class="outline-3">
<h3 id="orgdd8f201">Client images</h3> <h3 id="orgaa45ffa">Client images</h3>
<div class="outline-text-3" id="text-orgdd8f201"> <div class="outline-text-3" id="text-orgaa45ffa">
<div class="org-center"> <div class="org-center">
<div class="figure"> <div class="figure">
@ -292,7 +292,7 @@ The MultiWriter tool is also available within mesh client images, so that you ca
</div> </div>
<p> <p>
"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size. "Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
</p> </p>
<div class="org-src-container"> <div class="org-src-container">
@ -331,16 +331,16 @@ sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-n
</div> </div>
</div> </div>
<div id="outline-container-org231f975" class="outline-3"> <div id="outline-container-org6ca93ec" class="outline-3">
<h3 id="org231f975">Router images</h3> <h3 id="org6ca93ec">Router images</h3>
<div class="outline-text-3" id="text-org231f975"> <div class="outline-text-3" id="text-org6ca93ec">
<p> <p>
Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do. Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
</p> </p>
</div> </div>
<div id="outline-container-orgbe92b46" class="outline-4"> <div id="outline-container-org69b5cfa" class="outline-4">
<h4 id="orgbe92b46">Beaglebone Black</h4> <h4 id="org69b5cfa">Beaglebone Black</h4>
<div class="outline-text-4" id="text-orgbe92b46"> <div class="outline-text-4" id="text-org69b5cfa">
<div class="org-center"> <div class="org-center">
<div class="figure"> <div class="figure">
@ -377,9 +377,9 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
</div> </div>
</div> </div>
<div id="outline-container-orgd948176" class="outline-2"> <div id="outline-container-org6b309a0" class="outline-2">
<h2 id="orgd948176">Building Disk Images</h2> <h2 id="org6b309a0">Building Disk Images</h2>
<div class="outline-text-2" id="text-orgd948176"> <div class="outline-text-2" id="text-org6b309a0">
<p> <p>
It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it. It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
</p> </p>

66
website/EN/support.html
View File

@ -3,10 +3,10 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2017-06-27 Tue 13:16 --> <!-- 2018-01-21 Sun 11:14 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title> <title>&lrm;</title>
<meta name="generator" content="Org mode" /> <meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" /> <meta name="author" content="Bob Mottram" />
<meta name="description" content="Turn the Beaglebone Black into a personal communications server" <meta name="description" content="Turn the Beaglebone Black into a personal communications server"
@ -248,11 +248,11 @@ for the JavaScript code in this tag.
<h1>Support</h1> <h1>Support</h1>
</center> </center>
<div id="outline-container-orgb1a7204" class="outline-2"> <div id="outline-container-org3dddbf5" class="outline-2">
<h2 id="orgb1a7204">Contact details</h2> <h2 id="org3dddbf5">Contact details</h2>
<div class="outline-text-2" id="text-orgb1a7204"> <div class="outline-text-2" id="text-org3dddbf5">
<p> <p>
This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a></b> This site can also be accessed via a Tor browser at <b><a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a></b>
</p> </p>
<p> <p>
@ -260,11 +260,7 @@ This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkl
</p> </p>
<p> <p>
<b>PGP/GPG Key ID:</b> EA982E38 <b>PGP/GPG Fingerprint:</b> 9ABB82C00ABF39F82680487DCC2536191FA7C33F
</p>
<p>
<b>PGP/GPG Fingerprint:</b> D538 1159 CD7A 2F80 2F06 ABA0 0452 CC7C EA98 2E38
</p> </p>
<p> <p>
@ -277,22 +273,22 @@ This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkl
</div> </div>
</div> </div>
<div id="outline-container-orga7a8570" class="outline-2"> <div id="outline-container-org654de23" class="outline-2">
<h2 id="orga7a8570">Things which would be nice to have</h2> <h2 id="org654de23">Things which would be nice to have</h2>
<div class="outline-text-2" id="text-orga7a8570"> <div class="outline-text-2" id="text-org654de23">
</div> </div>
<div id="outline-container-orgce3bc4d" class="outline-3"> <div id="outline-container-org9171145" class="outline-3">
<h3 id="orgce3bc4d">Ideas</h3> <h3 id="org9171145">Ideas</h3>
<div class="outline-text-3" id="text-orgce3bc4d"> <div class="outline-text-3" id="text-org9171145">
<p> <p>
Know of some fabulous web system which could run on Freedombone, but currently doesn't? Contact the above, and be prepared to make a compelling argument for why it should be included. Know of some fabulous web system which could run on Freedombone, but currently doesn't? Contact the above, and be prepared to make a compelling argument for why it should be included.
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-org1104d91" class="outline-3"> <div id="outline-container-org71c7a97" class="outline-3">
<h3 id="org1104d91">Money</h3> <h3 id="org71c7a97">Money</h3>
<div class="outline-text-3" id="text-org1104d91"> <div class="outline-text-3" id="text-org71c7a97">
<p> <p>
At the present time this project is not seeking any funding. There is no crowdfunding campaign and no slick marketing video. Those aren't ruled out as future possibilities, but for now they're just not needed. At the present time this project is not seeking any funding. There is no crowdfunding campaign and no slick marketing video. Those aren't ruled out as future possibilities, but for now they're just not needed.
</p> </p>
@ -303,27 +299,27 @@ If you find this project useful then you may wish to consider donating to <a hre
</div> </div>
</div> </div>
<div id="outline-container-orge4c8d46" class="outline-3"> <div id="outline-container-org012655b" class="outline-3">
<h3 id="orge4c8d46">Testing and reporting bugs</h3> <h3 id="org012655b">Testing and reporting bugs</h3>
<div class="outline-text-3" id="text-orge4c8d46"> <div class="outline-text-3" id="text-org012655b">
<p> <p>
Testing of the install on different hardware. Also pentesting on test installations to find vulnerabilities. Testing of the install on different hardware. Also pentesting on test installations to find vulnerabilities.
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-org3ea4978" class="outline-3"> <div id="outline-container-org2ec5168" class="outline-3">
<h3 id="org3ea4978">Web design and artwork</h3> <h3 id="org2ec5168">Web design and artwork</h3>
<div class="outline-text-3" id="text-org3ea4978"> <div class="outline-text-3" id="text-org2ec5168">
<p> <p>
A better design for this website would be nice to have. Photos, icons or other artwork are all welcome. I've always liked the cartoon artwork of the <a href="https://www.mediagoblin.org/">Mediagoblin</a> project, and attractive graphics can help to get people initially interested. A better design for this website would be nice to have. Photos, icons or other artwork are all welcome. I've always liked the cartoon artwork of the <a href="https://www.mediagoblin.org/">Mediagoblin</a> project, and attractive graphics can help to get people initially interested.
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-orgac92852" class="outline-3"> <div id="outline-container-org76b8351" class="outline-3">
<h3 id="orgac92852">More education and promotion</h3> <h3 id="org76b8351">More education and promotion</h3>
<div class="outline-text-3" id="text-orgac92852"> <div class="outline-text-3" id="text-org76b8351">
<div class="org-center"> <div class="org-center">
<div class="figure"> <div class="figure">
@ -341,18 +337,18 @@ Raising awareness beyond the near zero current level, overcoming fear and parano
</div> </div>
</div> </div>
<div id="outline-container-orgf1745de" class="outline-3"> <div id="outline-container-org5332549" class="outline-3">
<h3 id="orgf1745de">Translations</h3> <h3 id="org5332549">Translations</h3>
<div class="outline-text-3" id="text-orgf1745de"> <div class="outline-text-3" id="text-org5332549">
<p> <p>
To add translations modify the json files within the <b>locale</b> subdirectory. Then make a pull request on the <a href="https://github.com/bashrc/freedombone">Github site</a>. To add translations modify the json files within the <b>locale</b> subdirectory. Then make a pull request on the <a href="https://github.com/bashrc/freedombone">Github site</a>.
</p> </p>
</div> </div>
</div> </div>
<div id="outline-container-org6cc7753" class="outline-3"> <div id="outline-container-orgd4e3504" class="outline-3">
<h3 id="org6cc7753">Packaging</h3> <h3 id="orgd4e3504">Packaging</h3>
<div class="outline-text-3" id="text-org6cc7753"> <div class="outline-text-3" id="text-orgd4e3504">
<p> <p>
Helping to package GNU Social and Hubzilla for Debian would be beneficial. Helping to package GNU Social and Hubzilla for Debian would be beneficial.
</p> </p>