free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'stretch' of https://github.com/bashrc/freedombone

This commit is contained in:
Bob Mottram 2017-07-12 19:54:54 +01:00
parent a5a89f34c7 5104a16044
commit 1547479013
149 changed files with 6090 additions and 3523 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -27,7 +27,7 @@ install:
cp img/backgrounds/${APP}_*.png ${DESTDIR}${PREFIX}/share
cp img/avatars/* ${DESTDIR}/usr/share/${APP}/avatars
cp src/* ${DESTDIR}${PREFIX}/bin
cp src/${APP}-controlpanel ${DESTDIR}${PREFIX}/bin/control
# cp src/${APP}-controlpanel ${DESTDIR}${PREFIX}/bin/control
cp src/${APP}-mesh-batman ${DESTDIR}${PREFIX}/bin/batman
cp src/${APP}-backup-local ${DESTDIR}${PREFIX}/bin/backup
cp src/${APP}-backup-local ${DESTDIR}${PREFIX}/bin/backup2friends
@ -46,6 +46,7 @@ install:
chown -R root: /usr/share/${APP}
chmod -R +r /usr/share/${APP}
# bash -c "./translate install"
/usr/local/bin/${APP}-prepare-scripts
uninstall:
rm -f ${PREFIX}/share/${APP}_*.png
rm -f ${PREFIX}/share/man/man1/backup.1.gz
@ -61,6 +62,9 @@ uninstall:
rm -f ${PREFIX}/bin/restorefromfriend
rm -f ${PREFIX}/bin/batman
rm -rf /etc/${APP}
rm -f ${PREFIX}/bin/control
rm -f ${PREFIX}/bin/controluser
rm -f ${PREFIX}/bin/addremove
bash -c "./translate uninstall"
clean:
rm -f \#* \.#* debian/*.substvars debian/*.log src/*~

41
doc/EN/app_radicale.org
View File

@ -1,41 +0,0 @@
#+TITLE:
#+AUTHOR: Bob Mottram
#+EMAIL: bob@freedombone.net
#+KEYWORDS: freedombone, radicale
#+DESCRIPTION: How to use Radicale
#+OPTIONS: ^:nil toc:nil
#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
#+BEGIN_CENTER
[[file:images/logo.png]]
#+END_CENTER
#+BEGIN_EXPORT html
<center>
<h1>Radicale</h1>
</center>
#+END_EXPORT
Radicale is a calendar server which allows your to synchronise your calendar across all your devices. Support for CalDAV within various client systems can be quite patchy/flaky though, so use it with caution.
* Installation
Log into your system with:
#+begin_src bash
ssh myusername@mydomain -p 2222
#+end_src
Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
Select *Add/Remove Apps* then *radicale*. If you don't already have an SSL/TLS certificate for your main domain then go to the security settings and create a new Let's Encrypt cert for it. That will ensure that your calendar events have some minimal level of protection from passive surveillance.
* Setting up on Android
Via F-droid install *DAVdroid*.
There seems to be a problem with Let's Encrypt certificates with this app, but it's possible to get around it. Open DAVdroid and select the side *menu* followed by *Settings*. Enable *Distrust system certificates* and press *Reset untrusted certificates*.
Exit from settings and press the *plus button* to add an account. Select *Login with URL and user name*. The URL should be https://yourmaindomainname/radicale/. Remember to include the trailing slash on the URL. If you installed Freedombone from a disk image then enter your username and the password which was shown at the start of installation. If not then the password for Radicale will be within *Passwords* section of the *Administrator control panel*.
You will be prompted to approve the Let's Encrypt cerificate for your domain name, and once that's done then you should see your account as a large yellow box. Press on that and ensure that *Addresses* and *calendar* are selected.
Now go to your calendar app and press the plus icon to add an event. You should notice that the calendar account selected is your username on the Freedombone system.

34
doc/EN/app_scuttlebot.org
View File

@ -1,34 +0,0 @@
#+TITLE:
#+AUTHOR: Bob Mottram
#+EMAIL: bob@freedombone.net
#+KEYWORDS: freedombone, scuttlebot
#+DESCRIPTION: How to use Scuttlebot
#+OPTIONS: ^:nil toc:nil
#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
#+BEGIN_CENTER
[[file:images/logo.png]]
#+END_CENTER
#+BEGIN_EXPORT html
<center>
<h1>Scuttlebot</h1>
</center>
#+END_EXPORT
This is a type of /followbot/ for the [[https://www.scuttlebutt.nz][Secure Scuttlebutt]] peer-to-peer messaging system. It's purpose is to follow your friends and keep a log of their messages so that if you are offline for a while when you return you can sync with this system to get all of the missed messages. This avoid the problem common in messaging systems of /everyone needing to be online all of the time/.
The Secure Scuttlebutt system has message encryption, but no protection of the metadata. It lives only on the clearnet. So this system is more about ensuring that messages get correctly delivered and appear in the right chronological order in unreliable situations where network availability may be intermittent, rather than defending against surveillance adversaries.
* Installation
Log into your system with:
#+begin_src bash
ssh myusername@mydomain -p 2222
#+end_src
Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
Select *Add/Remove Apps*. If Vim is selected then you might want to unselect and uninstall it first, then select *scuttlebot*.
Install your favourite Scuttlebutt client onto your laptop, then select *Join Pub*. ssh into your Freedombone system and go to the *Administrator control panel* then select *App settings* followed by *scuttlebot*. You can then create an invite and paste it into your client.

9
doc/EN/apps.org
View File

@ -115,19 +115,10 @@ An alternative federated social networking system compatible with GNU Social. It
A shell based XMPP client which you can run on the Freedombone server via ssh.
[[./app_profanity.html][How to use it]]
* Radicale
Calendar system compatible with CalDAV and CardDAV. Synch your calendar events easily and securely across all your devices.
[[./app_radicale.html][How to use it]]
* Riot Web
A browser based user interface for the Matrix federated communications system, including WebRTC audio and video chat.
[[./app_riot.html][How to use it]]
* Scuttlebot
A pub service to help synchronize your messages.
[[./app_scuttlebot.html][How to use it]]
* SearX
A metasearch engine for customised and private web searches.

2
doc/EN/beaglebone.org
View File

@ -41,6 +41,7 @@ On your laptop or desktop prepare a microSD card image as follows. To create an
sudo apt-get install git
git clone https://github.com/bashrc/freedombone
cd freedombone
git checkout stretch
sudo make install
freedombone-image --setup debian
#+end_src
@ -51,6 +52,7 @@ Or on Arch/Parabola:
sudo pacman -S git
git clone https://github.com/bashrc/freedombone
cd freedombone
git checkout stretch
sudo make install
freedombone-image --setup parabola
#+end_src

3
doc/EN/debianinstall.org
View File

@ -18,7 +18,7 @@
Although the image builder supports a variety of architectures there may still be some which aren't supported. These especially include systems which have a proprietary boot blob, such as the Raspberry Pi boards.
It's still possible to install the system onto these unsupported devices if you need to. First you'll need to ensure that you have *Debian Jessie* installed and can get ssh access to the system. Then either via ssh, or directly on the target device in the case of an old laptop or netbook:
It's still possible to install the system onto these unsupported devices if you need to. First you'll need to ensure that you have *Debian Stretch* installed and can get ssh access to the system. Then either via ssh, or directly on the target device in the case of an old laptop or netbook:
#+BEGIN_SRC bash
su
@ -26,6 +26,7 @@ apt-get update
apt-get -qy install build-essential git dialog
git clone https://github.com/bashrc/freedombone
cd freedombone
git checkout stretch
make install
freedombone makeconfig
#+END_SRC

10
doc/EN/devguide.org
View File

@ -89,6 +89,16 @@ myappname_variables=(ONION_ONLY
MYAPPNAME_ONION_PORT
MYAPPNAME_DB_PASSWORD)
function logging_on_myappname {
echo -n ''
# Commands to turn on logging go here
}
function logging_off_myappname {
echo -n ''
# Commands to turn off logging go here
}
function change_password_myappname {
PASSWORD_USERNAME="$1"
PASSWORD_NEW="$2"

6
doc/EN/faq.org
View File

@ -46,6 +46,7 @@
| [[Why does my email keep getting rejected as spam by Gmail/etc?]] |
| [[Tor is censored/blocked in my area. What can I do?]] |
| [[I want to block a particular domain from getting its content into my social network sites]] |
| [[The mesh system doesn't boot from USB drive]] |
#+END_CENTER
@ -332,3 +333,8 @@ ssh username@domainname -p 2222
#+end_src
Select /Administrator controls/ then /Domain blocking/.
* The mesh system doesn't boot from USB drive
If the system doesn't boot and reports an error which includes */dev/mapper/loop0p1* then reboot with *Ctrl-Alt-Del* and when you see the grub menu press *e* and manually change */dev/mapper/loop0p1* to */dev/sdb1*, then press *Ctrl-x*. If that doesn't work then reboot and try */dev/sdc1* instead.
After the system has booted successfully the problem should resolve itself on subsequent reboots.

2
doc/EN/fediverse.org
View File

@ -39,5 +39,5 @@ It may seem like a good idea and it may seem like you're doing a service to the
#+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
#+END_CENTER

4
doc/EN/homeserver.org
View File

@ -23,6 +23,7 @@ First install freedombone onto your local system (not the target hardware that y
sudo apt-get install git
git clone https://github.com/bashrc/freedombone
cd freedombone
git checkout stretch
sudo make install
freedombone-image --setup debian
freedombone-image -t i386 --onion yes
@ -34,6 +35,7 @@ Or on Arch/Parabola:
sudo pacman -S git
git clone https://github.com/bashrc/freedombone
cd freedombone
git checkout stretch
sudo make install
freedombone-image --setup parabola
freedombone-image -t i386 --onion yes
@ -148,5 +150,5 @@ man freedombone-image
#+end_src
#+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
#+END_CENTER

15
doc/EN/index.org
View File

@ -16,9 +16,12 @@
-- Lucas Nussbaum
#+end_quote
#+BEGIN_CENTER
[[file:images/beaglebone_logo.jpg]]
#+END_CENTER
#+BEGIN_EXPORT html
<center>
<h1><a href="./release3.html">New version 3 (Stretch)</a></h1>
</center>
#+END_EXPORT
So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups. Freedombone enables you to do all of that in a self-hosted way, where you keep control of your data and it resides in your own home.
@ -28,9 +31,7 @@ And here's how [[./beaglebone.html][on a Beaglebone Black]].
Or you can install [[./debianinstall.html][onto an existing Debian system]].
Want to make a community mesh network which doesn't depend upon the internet?
[[./mesh.html][You can do that too]].
Want to make a community mesh network which doesn't depend upon the internet? The [[./mesh.html][Freedombone Mesh]] is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
After installation it's possible that you might want some advice on how to run your system and set up apps to work nicely with it.
@ -45,5 +46,5 @@ If you find bugs, or want to add a new app to this system see the [[./devguide.h
Ready made disk images which can be copied onto USB or microSD drives are [[./downloads][available here]] and also [[http://www.postactiv.com/freedombone/2.00/index.html][mirrored here]].
#+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
#+END_CENTER

7
doc/EN/installation.org
View File

@ -35,6 +35,7 @@ Install the freedombone commands onto your laptop/desktop:
sudo apt-get install git build-essential dialog
git clone https://github.com/bashrc/freedombone
cd freedombone
git checkout stretch
sudo make install
#+END_SRC
@ -80,7 +81,7 @@ freedombone-image -t beaglebone -s 8G -m http://ftp.de.debian.org/debian
Before installing Freedombone you will need a few things.
* Have some domains, or subdomains, registered with a dynamic DNS service. For the full install you may need two "official" purchased domains or be using a subdomain provider which is supported by Let's Encrypt.
* System with a new installation of Debian Jessie or a downloaded/prepared disk image
* System with a new installation of Debian Stretch or a downloaded/prepared disk image
* Ethernet connection between the system and your internet router
* That it is possible to forward ports from the internet router to the system, typically via firewall settings
* Have ssh access to the system, typically via fbone@freedombone.local on port 2222
@ -88,7 +89,7 @@ Before installing Freedombone you will need a few things.
There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.
** On a Laptop, Netbook or Desktop machine
If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Jessie onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Stretch onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
#+BEGIN_SRC bash
su
@ -96,6 +97,7 @@ apt-get update
apt-get -y install git dialog build-essential
git clone https://github.com/bashrc/freedombone
cd freedombone
git checkout stretch
make install
freedombone menuconfig
#+END_SRC
@ -223,6 +225,7 @@ sudo apt-get update
sudo apt-get install git dialog haveged build-essential
git clone https://github.com/bashrc/freedombone
cd freedombone
git checkout stretch
sudo make install
freedombone-client
#+END_SRC

86
doc/EN/mesh.org
View File

@ -22,6 +22,8 @@
| [[What the system can do]] | - | [[Disk Images]] | - | [[Building Disk Images]] | - | [[How to use it]] |
|------------------------+---+-------------+---+----------------------+---+---------------|
The Freedombone Mesh is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small business internal office communications, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies. The down side is that you can't access any internet content. The upside is that you can securely communicate with anyone on the local mesh. No ISPs. No payments or subscriptions beyond the cost of obtaining the hardware. Systems need to be within wifi range of each other for the mesh to be created. It can be an ultra-convenient way to do purely local communications.
* What the system can do
@ -41,6 +43,20 @@ Mesh networks are useful as a quick way to make a fully decentralised communicat
This system should be quite scalable. Both qTox and IPFS are based upon distributed hash tables (DHT) so that each peer does not need to store the full index of data for the entire network. Caching or pinning of IPFS data and its content addressability means that if a file or blog becomes popular then performance should improve as the number of downloads increases, which is the opposite of the client/server paradigm.
* Disk Images
** Writing many images quickly
There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the *dd* command is used for writing to the target drive, but to write to multiple drives you can use a tool such as [[https://wiki.gnome.org/Apps/MultiWriter][GNOME MultiWriter]].
For example on Arch/Parabola:
#+begin_src bash
sudo pacman -S gnome-multi-writer
#+end_src
Or on Debian based systems:
#+begin_src bash
sudo apt-get install gnome-multi-writer
#+end_src
** Client images
#+BEGIN_CENTER
@ -51,13 +67,13 @@ This system should be quite scalable. Both qTox and IPFS are based upon distribu
#+begin_src bash
sudo apt-get install xz-utils wget
wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-2.00_all-i386.img.xz
wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-2.00_all-i386.img.xz.sig
gpg --verify freedombone-meshclient-2.00_all-i386.img.xz.sig
sha256sum freedombone-meshclient-2.00_all-i386.img.xz
403cf1cc2bc5272e5921d3ebefc351540928141bc65641b6d16f2262a933cb4e
unxz freedombone-meshclient-2.00_all-i386.img.xz
sudo dd bs=1M if=freedombone-meshclient-2.00_all-i386.img of=/dev/sdX conv=fdatasync
wget https://freedombone.net/downloads/v3/freedombone-meshclient-3_all-i386.img.xz
wget https://freedombone.net/downloads/v3/freedombone-meshclient-3_all-i386.img.xz.sig
gpg --verify freedombone-meshclient-3_all-i386.img.xz.sig
sha256sum freedombone-meshclient-3_all-i386.img.xz
74f9eaad479f84d3bf9cb002067074d35a97028145e781c5746c74577f777ee5
unxz freedombone-meshclient-3_all-i386.img.xz
sudo dd bs=1M if=freedombone-meshclient-3_all-i386.img of=/dev/sdX conv=fdatasync
#+end_src
To get a number of systems onto the mesh repeat the /dd/ command to create however many bootable USB drives you need.
@ -66,13 +82,13 @@ If you're in an emergency and don't have Atheros wifi dongles then there is also
#+begin_src bash
sudo apt-get install xz-utils wget
wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-insecure-2.00_all-i386.img.xz
wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-insecure-2.00_all-i386.img.xz.sig
gpg --verify freedombone-meshclient-insecure-2.00_all-i386.img.xz.sig
sha256sum freedombone-meshclient-insecure-2.00_all-i386.img.xz
7cda1a52acad7d18156ea238d7eb550479a5f882ac45c8cf9b9e56077fb26be9
unxz freedombone-meshclient-insecure-2.00_all-i386.img.xz
sudo dd bs=1M if=freedombone-meshclient-insecure-2.00_all-i386.img of=/dev/sdX conv=fdatasync
wget https://freedombone.net/downloads/v3/freedombone-meshclient-insecure-3_all-i386.img.xz
wget https://freedombone.net/downloads/v3/freedombone-meshclient-insecure-3_all-i386.img.xz.sig
gpg --verify freedombone-meshclient-insecure-3_all-i386.img.xz.sig
sha256sum freedombone-meshclient-insecure-3_all-i386.img.xz
f1c5df24a4bfca47bd5c41dfd2568925e63a1abf83aecf0250480b4b8edc071d
unxz freedombone-meshclient-insecure-3_all-i386.img.xz
sudo dd bs=1M if=freedombone-meshclient-insecure-3_all-i386.img of=/dev/sdX conv=fdatasync
#+end_src
** Router images
@ -86,13 +102,13 @@ The above picture shows a Beaglebone Black with the image copied onto a microSD
#+begin_src bash
sudo apt-get install xz-utils wget
wget https://freedombone.net/downloads/v2.00/freedombone-mesh-2.00_beaglebone-armhf.img.xz
wget https://freedombone.net/downloads/v2.00/freedombone-mesh-2.00_beaglebone-armhf.img.xz.sig
gpg --verify freedombone-mesh-2.00_beaglebone-armhf.img.xz.sig
sha256sum freedombone-mesh-2.00_beaglebone-armhf.img.xz
daf8c82f111ae8714cffc52633156554c23d5feafabbe85cb15925e0373a3ff4
unxz freedombone-mesh-2.00_beaglebone-armhf.img.xz
sudo dd bs=1M if=freedombone-mesh-2.00_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
wget https://freedombone.net/downloads/v3/freedombone-mesh-3_beaglebone-armhf.img.xz
wget https://freedombone.net/downloads/v3/freedombone-mesh-3_beaglebone-armhf.img.xz.sig
gpg --verify freedombone-mesh-3_beaglebone-armhf.img.xz.sig
sha256sum freedombone-mesh-3_beaglebone-armhf.img.xz
ab783ea807da1144bd076f7b43e54b5f4376ecf1ea1f86f56ac76c3469325802
unxz freedombone-mesh-3_beaglebone-armhf.img.xz
sudo dd bs=1M if=freedombone-mesh-3_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
#+end_src
If you have a few Beaglebone Blacks to use as routers then repeat the /dd/ command to create however many microSD cards you need.
@ -102,22 +118,20 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
* Building Disk Images
It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
First you will need to create an image. On a Debian based system (tested on Debian Jessie and Trisquel 7):
First you will need to create an image. On a Debian based system (tested on Debian Stretch):
#+begin_src bash
sudo apt-get -y install build-essential libc6-dev-i386 wget \
gcc-multilib g++-multilib git python-docutils mktorrent \
vmdebootstrap xz-utils dosfstools btrfs-tools extlinux \
python-distro-info mbr qemu-user-static binfmt-support \
u-boot-tools qemu
wget https://freedombone.net/downloads/freedombone-mesh-13-09-2016.tar.gz
wget https://freedombone.net/downloads/freedombone-mesh-13-09-2016.tar.gz.sig
gpg --verify freedombone-mesh-13-09-2016.tar.gz.sig
sha256sum freedombone-mesh-13-09-2016.tar.gz
3e279f8ed762afb682bec6bd463830087354dd2f24020f3b0de51143585ab0ed
tar -xzvf freedombone-mesh-13-09-2016.tar.gz
sudo apt-get -y install git wget build-essential
wget https://freedombone.net/downloads/v3/freedombone-3.tar.gz
wget https://freedombone.net/downloads/freedombone-3.tar.gz.sig
gpg --verify freedombone-3.tar.gz.sig
sha256sum freedombone-3.tar.gz
b99853322871efd298a9efd78d22323e0e7424a5cdb5097b4cc55ef45a220ebb
tar -xzvf freedombone-3.tar.gz
cd freedombone
git checkout stretch
sudo make install
freedombone-image --setup debian
freedombone-image -t i386 -v meshclient
#+end_src
@ -166,6 +180,10 @@ When you first boot from the USB drive the system will create some encryption ke
After a minute or two if you are within wifi range and there is at least one other user on the network then you should see additional icons appear on the desktop, such as /Other Users/ and /Chat/.
** Boot trouble
If the system doesn't boot and reports an error which includes */dev/mapper/loop0p1* then reboot with *Ctrl-Alt-Del* and when you see the grub menu press *e* and manually change */dev/mapper/loop0p1* to */dev/sdb1*, then press *Ctrl-x*. If that doesn't work then reboot and try */dev/sdc1* instead.
After the system has booted successfully the problem should resolve itself on subsequent reboots.
** Set the Date
On the ordinary internet the date and time of your system would be set automatically via NTP. But this is not the internet and so you will need to manually ensure that your date and time settings are correct. You might need to periodically do this if your clock drifts. It's not essential that the time on your system be highly accurate, but if it drifts too far or goes back to epoch then things could become a little confusing in regard to the order of blog posts.
@ -240,5 +258,5 @@ You can also visit other blogs, edit or delete your previous entry and also chan
#+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
#+END_CENTER

73
doc/EN/release3.org Normal file
View File

@ -0,0 +1,73 @@
#+TITLE:
#+AUTHOR: Bob Mottram
#+EMAIL: bob@freedombone.net
#+KEYWORDS: freedombone
#+DESCRIPTION: Version 3
#+OPTIONS: ^:nil toc:nil
#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
#+BEGIN_CENTER
[[file:images/release3.jpg]]
#+END_CENTER
#+BEGIN_EXPORT html
<center>
<h2>Building an internet run by the users, for the users</h2>
</center>
#+END_EXPORT
The internet may still be mostly in the clutches of a few giant megacorporations and dubious governments with sketchy agendas, but it doesn't have to remain that way. With the third version of the Freedombone system there is now more scope than before to take back your privacy, have ownership of personal data and run your own online communities without undesirable intermediaries.
Freedombone version 3 is based on Debian 9 (Stretch). It was released in July 2017 and includes:
* Faster initial setup
* More [[./apps.html][installable apps]], including CryptPad, Koel, NextCloud, PostActiv, Friendica and Matrix/RiotWeb
* Automated [[https://github.com/hardenedlinux/STIG-4-Debian][security tests]]
* Improved XMPP configuration for support of the [[https://conversations.im][Conversations]] app features
* Improved blocking controls for a better federated network experience
* Uses [[https://en.wikipedia.org/wiki/EdDSA][elliptic curve]] based GPG keys for better performance on low power single board computers
* Pre-downloaded repos distributed within images for faster and more autonomous app installs
* Installation
The simplest way to install is from a pre-made disk image. Images can be [[https://freedombone.net/downloads/v3][downloaded here]]. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere.
Copy the image to a microSD card or USB thumb drive, replacing sdX with the identifier of the USB thumb drive. Don't include any numbers (so for example use sdc instead of sdc1).
#+BEGIN_SRC bash
unxz downloadedimagefile.img.xz
dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
#+END_SRC
And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.
Plug the microSD or USB drive into the target hardware which you want to use as a server and power on. If you're using an old laptop or netbook as the server then you will need to set the BIOS to boot from USB.
As the system boots for the first time the login is:
#+BEGIN_SRC bash
username: fbone
password: freedombone
#+END_SRC
If you're installing from a microSD card on a single board computer without a screen and keyboard attached then you can ssh into it with:
#+BEGIN_SRC bash
ssh fbone@freedombone.local -p 2222
#+END_SRC
Using the initial password "freedombone". If you have trouble accessing the server then make sure you have Avahi installed and [[https://en.wikipedia.org/wiki/Multicast_DNS][mDNS]] enabled.
You will then be shown a new randomly generated password. It's very important that you write this down somewhere or transfer it to a password manager before going further, because you'll need this to log in later.
More detailed installation instructions are linked from [[./index.html][the main site]].
* Upgrading from a previous install
To upgrade from the Debian Jessie version first create a master keydrive. Go to the *Administrator control panel* and select *Backup and restore* then *Backup GPG key to USB (master keydrive)*. Insert a LUKS encrypted USB drive. When that is done Create a full backup by selecting *Backup data to USB drive* and using another LUKS encrypted USB drive.
Follow the installation infstructions for the new Freedombone version, as described in the previous section. When the new system starts installing it will ask if you want to restore your GPG keys. Select *yes* and plug in your master keydrive.
When the initial setup is complete go to the *Administrator control panel* and select *Backup and restore* then *Restore data from USB drive* followed by *all*. Insert the backup USB drive which you made previously. This will restore the base system, including any emails.
You can now go to *Add/Remove apps* on the *Administrator control panel* and add the apps you want. Once they're installed you can recover their content and settings from *Backup and Restore*.

2
doc/EN/support.org
View File

@ -18,7 +18,7 @@
* Contact details
This site can also be accessed via a Tor browser at *http://2tp3f6vtvhkqpuc6.onion*
This site can also be accessed via a Tor browser at *http://pazyv7nkllp76hqr.onion*
*Email:* bob@freedombone.net

BIN
image_build/bbb-4.9.0.tar.gz Normal file
View File

Binary file not shown.

280
image_build/debootstrap/scripts/stretch
View File

@ -5,207 +5,207 @@ variants - buildd fakechroot minbase scratchbox
keyring /usr/share/keyrings/debian-archive-keyring.gpg
if doing_variant fakechroot; then
test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started"
test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started"
fi
case $ARCH in
alpha|ia64) LIBC="libc6.1" ;;
kfreebsd-*) LIBC="libc0.1" ;;
hurd-*) LIBC="libc0.3" ;;
*) LIBC="libc6" ;;
alpha|ia64) LIBC="libc6.1" ;;
kfreebsd-*) LIBC="libc0.1" ;;
hurd-*) LIBC="libc0.3" ;;
*) LIBC="libc6" ;;
esac
work_out_debs () {
required="$(get_debs Priority: required)"
required="$(get_debs Priority: required)"
if doing_variant - || doing_variant fakechroot; then
#required="$required $(get_debs Priority: important)"
# ^^ should be getting debconf here somehow maybe
base="$(get_debs Priority: important)"
elif doing_variant buildd || doing_variant scratchbox; then
base="apt build-essential"
elif doing_variant minbase; then
base="apt"
fi
if doing_variant - || doing_variant fakechroot; then
#required="$required $(get_debs Priority: important)"
# ^^ should be getting debconf here somehow maybe
base="$(get_debs Priority: important)"
elif doing_variant buildd || doing_variant scratchbox; then
base="apt build-essential"
elif doing_variant minbase; then
base="apt"
fi
if doing_variant fakechroot; then
# ldd.fake needs binutils
required="$required binutils"
fi
if doing_variant fakechroot; then
# ldd.fake needs binutils
required="$required binutils"
fi
case $MIRRORS in
https://*)
base="$base apt-transport-https ca-certificates"
;;
esac
case $MIRRORS in
https://*)
base="$base apt-transport-https ca-certificates"
;;
esac
}
first_stage_install () {
case "$CODENAME" in
etch|etch-m68k|jessie|lenny|squeeze|wheezy) ;;
*) setup_merged_usr ;;
esac
case "$CODENAME" in
etch|etch-m68k|stretch|jessie|lenny|squeeze|wheezy) ;;
*) setup_merged_usr ;;
esac
extract $required
extract $required
mkdir -p "$TARGET/var/lib/dpkg"
: >"$TARGET/var/lib/dpkg/status"
: >"$TARGET/var/lib/dpkg/available"
mkdir -p "$TARGET/var/lib/dpkg"
: >"$TARGET/var/lib/dpkg/status"
: >"$TARGET/var/lib/dpkg/available"
setup_etc
if [ ! -e "$TARGET/etc/fstab" ]; then
echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
fi
setup_etc
if [ ! -e "$TARGET/etc/fstab" ]; then
echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
fi
setup_devices
setup_devices
}
second_stage_install () {
setup_dynamic_devices
setup_dynamic_devices
x_feign_install () {
local pkg="$1"
local deb="$(debfor $pkg)"
local ver="$(in_target dpkg-deb -f "$deb" Version)"
x_feign_install () {
local pkg="$1"
local deb="$(debfor $pkg)"
local ver="$(in_target dpkg-deb -f "$deb" Version)"
mkdir -p "$TARGET/var/lib/dpkg/info"
mkdir -p "$TARGET/var/lib/dpkg/info"
echo \
echo \
"Package: $pkg
Version: $ver
Maintainer: unknown
Status: install ok installed" >> "$TARGET/var/lib/dpkg/status"
touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
}
touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
}
x_feign_install dpkg
x_feign_install dpkg
x_core_install () {
smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
}
x_core_install () {
smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
}
p () {
baseprog="$(($baseprog + ${1:-1}))"
}
p () {
baseprog="$(($baseprog + ${1:-1}))"
}
if doing_variant fakechroot; then
setup_proc_fakechroot
elif doing_variant scratchbox; then
true
else
setup_proc
in_target /sbin/ldconfig
fi
if doing_variant fakechroot; then
setup_proc_fakechroot
elif doing_variant scratchbox; then
true
else
setup_proc
in_target /sbin/ldconfig
fi
DEBIAN_FRONTEND=noninteractive
DEBCONF_NONINTERACTIVE_SEEN=true
export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
DEBIAN_FRONTEND=noninteractive
DEBCONF_NONINTERACTIVE_SEEN=true
export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
baseprog=0
bases=7
baseprog=0
bases=7
p; progress $baseprog $bases INSTCORE "Installing core packages" #1
info INSTCORE "Installing core packages..."
p; progress $baseprog $bases INSTCORE "Installing core packages" #1
info INSTCORE "Installing core packages..."
p; progress $baseprog $bases INSTCORE "Installing core packages" #2
ln -sf mawk "$TARGET/usr/bin/awk"
x_core_install base-passwd
x_core_install base-files
p; progress $baseprog $bases INSTCORE "Installing core packages" #3
x_core_install dpkg
p; progress $baseprog $bases INSTCORE "Installing core packages" #2
ln -sf mawk "$TARGET/usr/bin/awk"
x_core_install base-passwd
x_core_install base-files
p; progress $baseprog $bases INSTCORE "Installing core packages" #3
x_core_install dpkg
if [ ! -e "$TARGET/etc/localtime" ]; then
ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
fi
if [ ! -e "$TARGET/etc/localtime" ]; then
ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
fi
if doing_variant fakechroot; then
install_fakechroot_tools
fi
if doing_variant fakechroot; then
install_fakechroot_tools
fi
p; progress $baseprog $bases INSTCORE "Installing core packages" #4
x_core_install $LIBC
p; progress $baseprog $bases INSTCORE "Installing core packages" #4
x_core_install $LIBC
p; progress $baseprog $bases INSTCORE "Installing core packages" #5
x_core_install perl-base
p; progress $baseprog $bases INSTCORE "Installing core packages" #5
x_core_install perl-base
p; progress $baseprog $bases INSTCORE "Installing core packages" #6
rm "$TARGET/usr/bin/awk"
x_core_install mawk
p; progress $baseprog $bases INSTCORE "Installing core packages" #6
rm "$TARGET/usr/bin/awk"
x_core_install mawk
p; progress $baseprog $bases INSTCORE "Installing core packages" #7
if doing_variant -; then
x_core_install debconf
fi
p; progress $baseprog $bases INSTCORE "Installing core packages" #7
if doing_variant -; then
x_core_install debconf
fi
baseprog=0
bases=$(set -- $required; echo $#)
baseprog=0
bases=$(set -- $required; echo $#)
info UNPACKREQ "Unpacking required packages..."
info UNPACKREQ "Unpacking required packages..."
exec 7>&1
exec 7>&1
smallyes '' |
(repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages. This will be attempted up to five times." "" \
dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) |
dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING
smallyes '' |
(repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages. This will be attempted up to five times." "" \
dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) |
dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING
info CONFREQ "Configuring required packages..."
info CONFREQ "Configuring required packages..."
echo \
echo \
"#!/bin/sh
exit 101" > "$TARGET/usr/sbin/policy-rc.d"
chmod 755 "$TARGET/usr/sbin/policy-rc.d"
chmod 755 "$TARGET/usr/sbin/policy-rc.d"
mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
echo \
mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
echo \
"#!/bin/sh
echo
echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
chmod 755 "$TARGET/sbin/start-stop-daemon"
chmod 755 "$TARGET/sbin/start-stop-daemon"
setup_dselect_method apt
setup_dselect_method apt
smallyes '' |
(in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) |
dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING
smallyes '' |
(in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) |
dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING
baseprog=0
bases="$(set -- $base; echo $#)"
baseprog=0
bases="$(set -- $base; echo $#)"
info UNPACKBASE "Unpacking the base system..."
info UNPACKBASE "Unpacking the base system..."
setup_available $required $base
done_predeps=
while predep=$(get_next_predep); do
# We have to resolve dependencies of pre-dependencies manually because
# dpkg --predep-package doesn't handle this.
predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps")
# XXX: progress is tricky due to how dpkg_progress works
# -- cjwatson 2009-07-29
p; smallyes '' |
in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep)
base=$(without "$base" "$predep")
done_predeps="$done_predeps $predep"
done
setup_available $required $base
done_predeps=
while predep=$(get_next_predep); do
# We have to resolve dependencies of pre-dependencies manually because
# dpkg --predep-package doesn't handle this.
predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps")
# XXX: progress is tricky due to how dpkg_progress works
# -- cjwatson 2009-07-29
p; smallyes '' |
in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep)
base=$(without "$base" "$predep")
done_predeps="$done_predeps $predep"
done
smallyes '' |
(repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages. This will be re-attempted up to five times." "" \
dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) |
dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING
smallyes '' |
(repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages. This will be re-attempted up to five times." "" \
dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) |
dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING
info CONFBASE "Configuring the base system..."
info CONFBASE "Configuring the base system..."
smallyes '' |
(repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages. This will be re-attempted up to five times." "" \
dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) |
dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING
smallyes '' |
(repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages. This will be re-attempted up to five times." "" \
dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) |
dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING
mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
rm -f "$TARGET/usr/sbin/policy-rc.d"
mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
rm -f "$TARGET/usr/sbin/policy-rc.d"
progress $bases $bases CONFBASE "Configuring base system"
info BASESUCCESS "Base system installed successfully."
progress $bases $bases CONFBASE "Configuring base system"
info BASESUCCESS "Base system installed successfully."
}

BIN
img/gnusocial_sprite.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 56 KiB

After

Width:  |  Height:  |  Size: 51 KiB

BIN
img/postactiv_sprite.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
img/release3.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 55 KiB

BIN
man/freedombone-image.1.gz
View File

Binary file not shown.

BIN
man/freedombone.1.gz
View File

Binary file not shown.

14
src/freedombone
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -65,6 +65,18 @@ if [[ $command_options == "menuconfig-onion" ]]; then
ONION_ONLY="yes"
fi
if [[ $command_options == "menuconfig-gnusocial" ]]; then
MINIMAL_INSTALL="yes"
ONION_ONLY="no"
SOCIALINSTANCE='gnusocial'
fi
if [[ $command_options == "menuconfig-postactiv" ]]; then
MINIMAL_INSTALL="yes"
ONION_ONLY="no"
SOCIALINSTANCE='postactiv'
fi
if [ ! $CONFIGURATION_FILE ]; then
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
fi

10
src/freedombone-addcert
View File

@ -59,10 +59,6 @@ DH_KEYLENGTH=2048
INSTALL_DIR=/root/build
LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
MY_EMAIL_ADDRESS=
FRIENDS_MIRRORS_SERVER=
FRIENDS_MIRRORS_PASSWORD=
FRIENDS_MIRRORS_SSH_PORT=
MY_MIRRORS_PASSWORD=
function show_help {
echo ''
@ -222,7 +218,8 @@ function add_cert_letsencrypt {
fi
if [ ! -f /usr/bin/certbot ]; then
apt-get -yq install certbot -t jessie-backports
apt-get -yq install certbot
groupadd ssl-cert
if [ ! -f /usr/bin/certbot ]; then
echo $'LetsEncrypt certbot failed to install'
exit 762830
@ -311,7 +308,7 @@ function add_cert_selfsigned {
openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
-subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
-newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \
-out /etc/ssl/certs/${CERTFILE}.crt
chmod 400 /etc/ssl/private/${CERTFILE}.key
chmod 640 /etc/ssl/certs/${CERTFILE}.crt
@ -359,7 +356,6 @@ function create_cert {
fi
}
read_repo_servers
create_cert
generate_dh_params
restart_web_server

8
src/freedombone-addremove
View File

@ -38,11 +38,13 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
PROJECT_INSTALL_DIR=/usr/bin
fi
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
# Start including files
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
for f in $UTILS_FILES
do
@ -55,6 +57,8 @@ do
source $f
done
# End including files
function mark_unselected_apps_as_removed {
# Initially mark the apps not chosen on first install as being removed
# otherwise they may be automatically installed on the next update

42
src/freedombone-adduser
View File

@ -136,25 +136,27 @@ chmod 700 /home/$ADD_USERNAME/.gnupg
chmod 600 /home/$ADD_USERNAME/.gnupg/*
# Generate a GPG key
echo 'Key-Type: 1' > /home/$ADD_USERNAME/gpg-genkey.conf
echo 'Key-Length: 4096' >> /home/$ADD_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: 1' >> /home/$ADD_USERNAME/gpg-genkey.conf
echo 'Subkey-Length: 4096' >> /home/$ADD_USERNAME/gpg-genkey.conf
echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf
echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf
echo "Name-Real: $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf
echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf
chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf
su -c "gpg --batch --gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
shred -zu /home/$ADD_USERNAME/gpg-genkey.conf
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg
su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
userdel -r $ADD_USERNAME
exit 7
fi
gpg_agent_setup $ADD_USERNAME
# add a monkeysphere subkey
#echo $'Adding monkeysphere subkey'
@ -162,28 +164,28 @@ fi
#echo $'Adding monkeysphere subkey to ssh-agent'
#su -c "monkeysphere s" - $ADD_USERNAME
# add authorized GPG email address
mkdir /home/$ADD_USERNAME/.monkeysphere
chmod 755 /home/$ADD_USERNAME/.monkeysphere
echo "$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>" > /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
chmod 644 /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.monkeysphere
echo $'Updating monkeysphere users'
monkeysphere-authentication update-users
#mkdir /home/$ADD_USERNAME/.monkeysphere
#chmod 755 /home/$ADD_USERNAME/.monkeysphere
#echo "$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>" > /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
#chmod 644 /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
#chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.monkeysphere
#echo $'Updating monkeysphere users'
#monkeysphere-authentication update-users
if [ -f /home/$ADD_USERNAME/.muttrc ]; then
# encrypt outgoing mail to the "sent" folder
if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then
echo '' >> /home/$ADD_USERNAME/.muttrc
echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
else
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
fi
if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
else
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
fi
fi
@ -227,14 +229,14 @@ do
done
if [ -f /etc/nginx/.htpasswd ]; then
if ! grep "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME
fi
fi
# add user menu on ssh login
if ! grep -q 'control' /home/$ADD_USERNAME/.bashrc; then
echo 'control' >> /home/$ADD_USERNAME/.bashrc
if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then
echo 'controluser' >> /home/$ADD_USERNAME/.bashrc
fi
${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD"

8
src/freedombone-app-batman
View File

@ -39,6 +39,14 @@ BATMAN_CELLID='any'
batman_variables=(MY_USERNAME
BATMAN_CELLID)
function logging_on_batman {
echo -n ''
}
function logging_off_batman {
echo -n ''
}
function install_interactive_batman {
echo -n ''
APP_INSTALLED=1

26
src/freedombone-app-cryptpad
View File

@ -42,6 +42,14 @@ CRYPTPAD_DIR=/etc/cryptpad
cryptpad_variables=(ONION_ONLY)
function logging_on_cryptpad {
echo -n ''
}
function logging_off_cryptpad {
echo -n ''
}
function remove_user_cryptpad {
remove_username="$1"
}
@ -157,6 +165,7 @@ function remove_cryptpad {
if [ -f /etc/systemd/system/cryptpad.service ]; then
rm /etc/systemd/system/cryptpad.service
fi
systemctl daemon-reload
function_check remove_nodejs
remove_nodejs cryptpad
@ -190,8 +199,16 @@ function install_cryptpad_main {
rm -rf $CRYPTPAD_DIR
fi
function_check git_clone
git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
if [ -d /repos/cryptpad ]; then
mkdir $CRYPTPAD_DIR
cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR
cd $CRYPTPAD_DIR
git pull
else
function_check git_clone
git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
fi
if [ ! -d $CRYPTPAD_DIR ]; then
echo $'Unable to clone cryptpad repo'
exit 783251
@ -286,6 +303,7 @@ function install_cryptpad {
npm install
npm install -g bower@1.8.0
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
su -c 'bower install' - cryptpad
cp config.example.js config.js
if [ ! -f config.js ]; then
@ -333,6 +351,10 @@ function install_cryptpad {
fi
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# install again
cd $CRYPTPAD_DIR
su -c 'bower install' - cryptpad
systemctl restart nginx
APP_INSTALLED=1

8
src/freedombone-app-dlna
View File

@ -38,6 +38,14 @@ dlna_variables=(SYSTEM_TYPE
INSTALLED_WITHIN_DOCKER
MY_USERNAME)
function logging_on_dlna {
echo -n ''
}
function logging_off_dlna {
echo -n ''
}
function configure_interactive_dlna {
while true
do

351
src/freedombone-app-dokuwiki
View File

@ -34,10 +34,13 @@ IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
DOKUWIKI_DOMAIN_NAME=
DOKUWIKI_ADMIN_PASSWORD=
DOKUWIKI_TITLE="${PROJECT_NAME} Dokuwiki"
DOKUWIKI_CODE=
DOKUWIKI_ONION_PORT=8089
DOKUWIKI_ADMIN_PASSWORD=
DOKUWIKI_TITLE="${PROJECT_NAME} Dokuwiki"
DOKUWIKI_REPO="https://github.com/splitbrain/dokuwiki"
DOKUWIKI_COMMIT='be15c01c0b982cf1a75b5af031bf077143c63f39'
dokuwiki_variables=(ONION_ONLY
MY_USERNAME
@ -46,6 +49,14 @@ dokuwiki_variables=(ONION_ONLY
DOKUWIKI_CODE
DDNS_PROVIDER)
function logging_on_dokuwiki {
echo -n ''
}
function logging_off_dokuwiki {
echo -n ''
}
function install_interactive_dokuwiki {
if [[ $ONION_ONLY != "no" ]]; then
DOKUWIKI_TITLE=$'My Dokuwiki'
@ -63,15 +74,18 @@ function change_password_dokuwiki {
curr_username="$1"
new_user_password="$2"
if grep "$curr_username:" /var/lib/dokuwiki/acl/users.auth.php; then
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
existing_user=$(cat /var/lib/dokuwiki/acl/users.auth.php | grep "$curr_username:" | hean -n 1)
existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1)
if [[ "$existing_user" == *":admin,"* ]]; then
sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/lib/dokuwiki/acl/users.auth.php
sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
else
sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/lib/dokuwiki/acl/users.auth.php
sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
fi
chmod 640 /var/lib/dokuwiki/acl/users.auth.php
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password"
fi
}
@ -80,17 +94,22 @@ function add_user_dokuwiki {
new_username="$1"
new_user_password="$2"
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/lib/dokuwiki/acl/users.auth.php
chmod 640 /var/lib/dokuwiki/acl/users.auth.php
echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password"
}
function remove_user_dokuwiki {
remove_username="$1"
if grep "$remove_username:" /var/lib/dokuwiki/acl/users.auth.php; then
sed -i "/$remove_username:/d" /var/lib/dokuwiki/acl/users.auth.php
read_config_param "DOKUWIKI_DOMAIN_NAME"
if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki
fi
}
@ -100,24 +119,37 @@ function reconfigure_dokuwiki {
}
function upgrade_dokuwiki {
echo -n ''
function_check set_repo_commit
set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
}
function backup_local_dokuwiki {
source_directory=/var/lib/dokuwiki
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
function_check backup_directory_to_usb
# backup the data
source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
if [ -d $source_directory ]; then
dest_directory=dokuwiki
function_check backup_directory_to_usb
dest_directory=dokuwikidat
backup_directory_to_usb $source_directory $dest_directory
fi
# backup the users
source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl
if [ -d $source_directory ]; then
dest_directory=dokuwikiacl
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
backup_directory_to_usb $source_directory $dest_directory
backup_directory_to_usb /etc/dokuwiki dokuwiki2
fi
}
function restore_local_dokuwiki {
function restore_local_dokuwiki_legacy {
if [ -d /var/lib/dokuwiki ]; then
echo $"Restoring Dokuwiki installation"
echo $"Restoring Legacy Dokuwiki installation"
function_check get_completion_param
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
temp_restore_dir=/root/tempdokuwiki
function_check restore_directory_from_usb
if [ -d ${USB_MOUNT}/backup/dokuwiki ]; then
@ -125,87 +157,133 @@ function restore_local_dokuwiki {
else
restore_directory_from_usb ${temp_restore_dir} wiki
fi
cp -r ${temp_restore_dir}/var/lib/dokuwiki/* /var/lib/dokuwiki/
# restore the data
cp -r ${temp_restore_dir}/var/lib/dokuwiki/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
if [ ! "$?" = "0" ]; then
function_check restore_directory_from_usb
set_user_permissions
function_check backup_unmount_drive
backup_unmount_drive
exit 868
rm -rf ${temp_restore_dir}
exit 73562
fi
if [ -d ${USB_MOUNT}/backup/wiki2 ]; then
restore_directory_from_usb ${temp_restore_dir}2 wiki2
else
restore_directory_from_usb ${temp_restore_dir}2 dokuwiki2
fi
cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/
# restore the users
cp -r ${temp_restore_dir}/var/lib/dokuwiki/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl
cp -r ${temp_restore_dir}/var/lib/dokuwiki/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf
if [ ! "$?" = "0" ]; then
function_check set_user_permissions
function_check restore_directory_from_usb
set_user_permissions
function_check backup_unmount_drive
backup_unmount_drive
exit 869
rm -rf ${temp_restore_dir}
exit 23985
fi
rm -rf ${temp_restore_dir}
rm -rf ${temp_restore_dir}2
#rm -rf /var/lib/dokuwiki/data/cache/*
#rm -rf /var/lib/dokuwiki/data/meta/*
chmod -R 755 /var/lib/dokuwiki/data
chown -R www-data:www-data /var/lib/dokuwiki/data
chown -R www-data:www-data /var/lib/dokuwiki/*
# Ensure that the bundled SSL cert is being used
if [ -f /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.bundle.crt ]; then
sed -i "s|${DOKUWIKI_DOMAIN_NAME}.crt|${DOKUWIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${DOKUWIKI_DOMAIN_NAME}
fi
if [ -d /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME} ]; then
ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${DOKUWIKI_DOMAIN_NAME}.key
ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.pem
fi
echo $"Restore of Dokuwiki complete"
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
echo $"Restore of Legacy Dokuwiki complete"
fi
}
function restore_local_dokuwiki {
if [ -d ${USB_MOUNT}/backup/dokuwiki ]; then
restore_local_dokuwiki_legacy
return
fi
echo $"Restoring Dokuwiki installation"
function_check get_completion_param
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
# restore the data
temp_restore_dir=/root/tempdokuwikidat
function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir} dokuwikidat
cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
if [ ! "$?" = "0" ]; then
function_check restore_directory_from_usb
set_user_permissions
function_check backup_unmount_drive
backup_unmount_drive
rm -rf ${temp_restore_dir}
exit 683352
fi
rm -rf ${temp_restore_dir}
# restore the users
temp_restore_dir=/root/tempdokuwikiacl
function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir} dokuwikiacl
cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
if [ ! "$?" = "0" ]; then
function_check restore_directory_from_usb
set_user_permissions
function_check backup_unmount_drive
backup_unmount_drive
rm -rf ${temp_restore_dir}
exit 456495
fi
rm -rf ${temp_restore_dir}
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
echo $"Restore of Dokuwiki complete"
}
function backup_remote_dokuwiki {
if [ -d /etc/dokuwiki ]; then
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then
echo $"Backing up dokuwiki"
backup_directory_to_friend /var/lib/dokuwiki dokuwiki
backup_directory_to_friend /etc/dokuwiki dokuwiki2
backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl
fi
}
function restore_remote_dokuwiki {
if [ -d $SERVER_DIRECTORY/backup/dokuwiki ]; then
function_check get_completion_param
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
echo $"Restoring Dokuwiki installation $DOKUWIKI_DOMAIN_NAME"
function_check restore_directory_from_friend
restore_directory_from_friend /root/tempdokuwiki dokuwiki
cp -r /root/tempdokuwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/
DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
function_check get_completion_param
function_check restore_directory_from_friend
if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then
echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME"
restore_directory_from_friend /root/tempdokuwikidat dokuwikidat
cp -r /root/tempdokuwikidat/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
if [ ! "$?" = "0" ]; then
exit 868
exit 92634
fi
restore_directory_from_friend /root/tempdokuwiki2 dokuwiki2
cp -r /root/tempdokuwiki2/etc/dokuwiki/* /etc/dokuwiki/
if [ ! "$?" = "0" ]; then
exit 869
fi
rm -rf /root/tempdokuwiki
rm -rf /root/tempdokuwiki2
#rm -rf /var/lib/dokuwiki/data/cache/*
#rm -rf /var/lib/dokuwiki/data/meta/*
chmod -R 755 /var/lib/dokuwiki/data
chown -R www-data:www-data /var/lib/dokuwiki/data
chown -R www-data:www-data /var/lib/dokuwiki/*
# Ensure that the bundled SSL cert is being used
if [ -f /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.bundle.crt ]; then
sed -i "s|${DOKUWIKI_DOMAIN_NAME}.crt|${DOKUWIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${DOKUWIKI_DOMAIN_NAME}
fi
if [ -d /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME} ]; then
ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${DOKUWIKI_DOMAIN_NAME}.key
ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.pem
fi
echo $"Restore of Dokuwiki complete"
rm -rf /root/tempdokuwikidat
echo $"Restore of Dokuwiki data complete"
fi
if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then
echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME"
restore_directory_from_friend /root/tempdokuwikiacl dokuwikiacl
cp -r /root/tempdokuwikidat/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
if [ ! "$?" = "0" ]; then
exit 735287
fi
rm -rf /root/tempdokuwikiacl
echo $"Restore of Dokuwiki users complete"
fi
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
}
function remove_dokuwiki {
@ -219,7 +297,6 @@ function remove_dokuwiki {
if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
fi
apt-get -yq remove --purge dokuwiki
if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME
fi
@ -244,60 +321,53 @@ function install_dokuwiki {
if [ ! $DOKUWIKI_DOMAIN_NAME ]; then
return
fi
apt-get -yq install dokuwiki
apt-get -yq remove --purge apache*
apt-get -yq install php-common php-cli php-curl php-gd php-mcrypt git
apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
apt-get -yq install php-memcached memcached
if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
mkdir /var/www/$DOKUWIKI_DOMAIN_NAME
fi
if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then
cd /var/www/$DOKUWIKI_DOMAIN_NAME
if [ -d /repos/dokuwiki ]; then
mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
git pull
else
function_check git_clone
git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
fi
cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT
set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT"
fi
apt-get -yq remove --purge apache2-bin*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo $'Removed Apache installation after Dokuwiki install'
fi
if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
mkdir /var/www/$DOKUWIKI_DOMAIN_NAME
fi
if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
fi
echo '<?php' > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php
ln -s /usr/share/dokuwiki /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
if [ ! -d /var/lib/dokuwiki/custom ]; then
mkdir /var/lib/dokuwiki/custom
fi
cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
if [ ! -f /etc/dokuwiki/local.php ]; then
ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
fi
chown www-data /var/lib/dokuwiki/custom
chown www-data /var/lib/dokuwiki/custom/local.php
chown -R www-data /etc/dokuwiki
chown -R www-data /usr/share/dokuwiki/lib/
chmod 600 /var/lib/dokuwiki/custom/local.php
chmod -R 755 /usr/share/dokuwiki/lib
sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
sed -i "s|Debian Dokuwiki|$DOKUWIKI_TITLE|g" /etc/dokuwiki/local.php
sed -i "s|Debian DokuWiki|$DOKUWIKI_TITLE|g" /etc/dokuwiki/local.php
# set the admin user
sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
# disallow registration of new users
if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
fi
if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
fi
if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
fi
if ! grep -q "authtype" /etc/dokuwiki/local.php; then
echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
fi
chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
if [ -f $IMAGE_PASSWORD_FILE ]; then
DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
@ -307,17 +377,18 @@ function install_dokuwiki {
fi
fi
HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
chmod 640 /var/lib/dokuwiki/acl/users.auth.php
echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf
if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
echo 'ogv video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
fi
if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf
if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
echo 'mp4 video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
fi
if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
echo 'webm video/webm' >> /etc/dokuwiki/mime.conf
if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
echo 'webm video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
fi
DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT})
@ -379,10 +450,11 @@ function install_dokuwiki {
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
@ -457,10 +529,11 @@ function install_dokuwiki {
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
@ -491,7 +564,7 @@ function install_dokuwiki {
nginx_ensite $DOKUWIKI_DOMAIN_NAME
systemctl restart php5-fpm
systemctl restart php7.0-fpm
systemctl restart nginx
function_check add_ddns_domain

14
src/freedombone-app-emacs
View File

@ -36,6 +36,14 @@ SHOW_ON_ABOUT=0
emacs_variables=(USB_MOUNT
MY_USERNAME)
function logging_on_emacs {
echo -n ''
}
function logging_off_emacs {
echo -n ''
}
function reconfigure_emacs {
echo -n ''
}
@ -133,7 +141,7 @@ function restore_remote_emacs {
}
function remove_emacs {
apt-get -yq remove --purge emacs24
apt-get -yq remove --purge emacs
update-alternatives --set editor /usr/bin/nano
sed -i '/install_emacs/d' $COMPLETION_FILE
@ -156,8 +164,8 @@ function remove_emacs {
}
function install_emacs {
apt-get -yq install emacs24
update-alternatives --set editor /usr/bin/emacs24
apt-get -yq install emacs
update-alternatives --set editor /usr/bin/emacs
# A minimal emacs configuration
#echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs

48
src/freedombone-app-etherpad
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -52,6 +52,14 @@ etherpad_variables=(ONION_ONLY
DDNS_PROVIDER
MY_USERNAME)
function logging_on_etherpad {
echo -n ''
}
function logging_off_etherpad {
echo -n ''
}
function etherpad_password_hash {
echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
}
@ -62,7 +70,7 @@ function change_password_etherpad {
read_config_param ETHERPAD_DOMAIN_NAME
if grep "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
@ -302,6 +310,11 @@ function reconfigure_etherpad {
}
function upgrade_etherpad {
CURR_ETHERPAD_COMMIT=$(get_completion_param "etherpad commit")
if [[ "$CURR_ETHERPAD_COMMIT" == "$ETHERPAD_COMMIT" ]]; then
return
fi
read_config_param "ETHERPAD_DOMAIN_NAME"
function_check set_repo_commit
@ -355,6 +368,11 @@ function restore_local_etherpad {
if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
MARIADB_PASSWORD=
fi
}
@ -400,6 +418,11 @@ function restore_remote_etherpad {
if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
MARIADB_PASSWORD=
fi
}
@ -415,6 +438,7 @@ function remove_etherpad {
systemctl disable etherpad
rm /etc/systemd/system/etherpad.service
fi
systemctl daemon-reload
nginx_dissite $ETHERPAD_DOMAIN_NAME
remove_certs $ETHERPAD_DOMAIN_NAME
if [ -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
@ -431,9 +455,11 @@ function remove_etherpad {
remove_completion_param install_etherpad
sed -i '/etherpad/d' $COMPLETION_FILE
remove_backup_database_local etherpad
deluser --remove-all-files etherpad
remove_nodejs etherpad
groupdel -f etherpad
userdel -r etherpad
function_check remove_ddns_domain
remove_ddns_domain $ETHERPAD_DOMAIN_NAME
}
@ -444,6 +470,8 @@ function install_etherpad {
exit 7359
fi
check_ram_availability 2000
if [ -f $IMAGE_PASSWORD_FILE ]; then
ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
@ -472,8 +500,17 @@ function install_etherpad {
mkdir /var/www/$ETHERPAD_DOMAIN_NAME
fi
if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
function_check git_clone
git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
if [ -d /repos/etherpad ]; then
mkdir /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
cp -r -p /repos/etherpad/. /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
git pull
else
function_check git_clone
git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
fi
if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
echo $'Unable to clone etherpad repo'
exit 56382
@ -612,6 +649,7 @@ function install_etherpad {
set_completion_param "etherpad domain" "$ETHERPAD_DOMAIN_NAME"
systemctl restart mariadb
systemctl enable etherpad
systemctl daemon-reload
systemctl start etherpad

59
src/freedombone-app-friendica
View File

@ -50,6 +50,14 @@ friendica_variables=(ONION_ONLY
FRIENDICA_REPO
FRIENDICA_ADDONS_REPO)
function logging_on_friendica {
echo -n ''
}
function logging_off_friendica {
echo -n ''
}
function remove_user_friendica {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp friendica
@ -213,6 +221,11 @@ function reconfigure_friendica {
}
function upgrade_friendica {
CURR_FRIENDICA_COMMIT=$(get_completion_param "friendica commit")
if [[ "$CURR_FRIENDICA_COMMIT" == "$FRIENDICA_COMMIT" ]]; then
return
fi
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
function_check set_repo_commit
@ -247,6 +260,11 @@ function restore_local_friendica {
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
MARIADB_PASSWORD=
fi
}
@ -282,6 +300,11 @@ function restore_remote_friendica {
if [ -d /root/tempfriendica ]; then
rm -rf /root/tempfriendica
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
MARIADB_PASSWORD=
}
function remove_friendica {
@ -327,9 +350,9 @@ function install_friendica {
function_check repair_databases_script
repair_databases_script
apt-get -yq install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
apt-get -yq install php5-dev imagemagick php5-imagick
apt-get -yq install php5-memcached
apt-get -yq install php-common php-cli php-curl php-gd php-mysql php-mcrypt git
apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
apt-get -yq install php-memcached
if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
mkdir /var/www/$FRIENDICA_DOMAIN_NAME
@ -340,8 +363,17 @@ function install_friendica {
if [ ! -f $FRIENDICA_PATH/index.php ]; then
cd $INSTALL_DIR
function_check git_clone
git_clone $FRIENDICA_REPO friendica
if [ -d /repos/friendica ]; then
mkdir friendica
cp -r -p /repos/friendica/. friendica
cd friendica
git pull
else
function_check git_clone
git_clone $FRIENDICA_REPO friendica
fi
git checkout $FRIENDICA_COMMIT -b $FRIENDICA_COMMIT
set_completion_param "friendica commit" "$FRIENDICA_COMMIT"
@ -425,11 +457,12 @@ function install_friendica {
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
@ -493,11 +526,12 @@ function install_friendica {
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
@ -588,7 +622,8 @@ function install_friendica {
chown www-data:www-data $FRIENDICA_PATH/.htconfig.php
chmod 755 $FRIENDICA_PATH/.htconfig.php
systemctl restart php5-fpm
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
systemctl restart cron

131
src/freedombone-app-ghost
View File

@ -9,6 +9,7 @@
# Freedom in the Cloud
#
# Ghost blog
# Only works with nodejs version ^6.9.0
#
# License
# =======
@ -37,8 +38,8 @@ GHOST_DOMAIN_NAME=
GHOST_CODE=
GHOST_ONION_PORT=8104
GHOST_PORT=2368
GHOST_VERSION='0.11.8'
GHOST_HASH='244faad0b16eb1b90c8095f1e536db65299a3a2d85a20af76342be3707522b38'
GHOST_VERSION='0.11.10'
GHOST_HASH='cccdf02d46112f1671739696f2b1888a90a5c3bdf2fae45e8e81d538a8e0f487'
GHOST_DOWNLOAD_URL="https://github.com/TryGhost/Ghost/releases/download/${GHOST_VERSION}/Ghost-${GHOST_VERSION}.zip"
ghost_variables=(GHOST_DOMAIN_NAME
@ -48,6 +49,14 @@ ghost_variables=(GHOST_DOMAIN_NAME
DDNS_PROVIDER
MY_USERNAME)
function logging_on_ghost {
echo -n ''
}
function logging_off_ghost {
echo -n ''
}
function ghost_replace_jquery {
sed -i "s|code.jquery.com/jquery-${previous_jquery_version}.min.js|$GHOST_DOMAIN_NAME/jquery-${jquery_version}.js|g" content/themes/casper/default.hbs
sed -i "s|code.jquery.com/jquery-${previous_jquery_version}.min.js|$GHOST_DOMAIN_NAME/jquery-${jquery_version}.js|g" core/server/data/migration/fixtures/004/01-move-jquery-with-alert.js
@ -170,7 +179,7 @@ function upgrade_ghost {
GHOST_PATH=/var/www/$GHOST_DOMAIN_NAME/htdocs
cd $GHOST_PATH
if [ ! -f ghost-${GHOST_VERSION}.zip ]; then
if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
wget ${GHOST_DOWNLOAD_URL}
fi
if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
@ -233,6 +242,28 @@ function restore_local_ghost {
function_check restore_database
restore_database ghost ${GHOST_DOMAIN_NAME}
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
sed -i "s|password :.*|password : '${MARIADB_PASSWORD}',|g" $ghost_config
MARIADB_PASSWORD=
# install any missing packages
if [ ! -d /var/www/${GHOST_DOMAIN_NAME}/htdocs/node_modules/intl ]; then
cd /var/www/${GHOST_DOMAIN_NAME}/htdocs
npm install passport-http-bearer@1.0.1
npm install amperize@0.3.4
npm install bcryptjs@2.4.3
npm install knex@0.12.9
npm install bookshelf@0.10.2
npm install cookie-session@1.2.0
npm install ghost-gql@0.0.6
npm install intl@1.2.5
npm install sanitize-html@1.14.1
npm install showdown-ghost@0.3.6
npm install superagent@3.5.2
npm install mysql@2.1.1
fi
systemctl start ghost
restart_site
fi
@ -273,6 +304,29 @@ function restore_remote_ghost {
ghost_create_database
restore_database_from_friend ghost ${GHOST_DOMAIN_NAME}
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
sed -i "s|password :.*|password : '${MARIADB_PASSWORD}',|g" $ghost_config
MARIADB_PASSWORD=
# install any missing packages
if [ ! -d /var/www/${GHOST_DOMAIN_NAME}/htdocs/node_modules/intl ]; then
cd /var/www/${GHOST_DOMAIN_NAME}/htdocs
npm install passport-http-bearer@1.0.1
npm install amperize@0.3.4
npm install bcryptjs@2.4.3
npm install knex@0.12.9
npm install bookshelf@0.10.2
npm install cookie-session@1.2.0
npm install ghost-gql@0.0.6
npm install intl@1.2.5
npm install sanitize-html@1.14.1
npm install showdown-ghost@0.3.6
npm install superagent@3.5.2
npm install mysql@2.1.1
fi
systemctl start ghost
restart_site
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs/
@ -286,6 +340,7 @@ function remove_ghost {
systemctl stop ghost
systemctl disable ghost
rm /etc/systemd/system/ghost.service
systemctl daemon-reload
function_check remove_nodejs
remove_nodejs ghost
@ -296,7 +351,6 @@ function remove_ghost {
read_config_param "GHOST_DOMAIN_NAME"
nginx_dissite $GHOST_DOMAIN_NAME
remove_certs ${GHOST_DOMAIN_NAME}
deluser --remove-all-files ghost
if [ -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME ]; then
rm -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME
fi
@ -311,6 +365,9 @@ function remove_ghost {
sed -i '/Ghost/d' $COMPLETION_FILE
sed -i '/ghost/d' $COMPLETION_FILE
groupdel -f ghost
userdel -r ghost
function_check remove_ddns_domain
remove_ddns_domain $GHOST_DOMAIN_NAME
}
@ -318,6 +375,9 @@ function remove_ghost {
function ghost_create_config {
ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
function_check get_mariadb_password
get_mariadb_password
echo "var path = require('path')," > $ghost_config
echo ' config;' >> $ghost_config
echo '' >> $ghost_config
@ -393,7 +453,9 @@ function install_ghost {
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs
fi
cd /var/www/$GHOST_DOMAIN_NAME/htdocs
wget ${GHOST_DOWNLOAD_URL}
if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
wget ${GHOST_DOWNLOAD_URL}
fi
if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
echo $'Unable to download ghost'
rm -rf /var/www/$GHOST_DOMAIN_NAME
@ -418,6 +480,60 @@ function install_ghost {
install_nodejs ghost
sed -i "/sqlite/d" /var/www/${GHOST_DOMAIN_NAME}/htdocs/package.json
cd /var/www/$GHOST_DOMAIN_NAME/htdocs
npm install -g jison@0.4.13 --save
npm install moment-timezone@0.5.13
npm install express@4.15.3
npm install lodash@4.17.4
npm install uuid@3.0.1
npm install bluebird@3.5.0
npm install chalk@1.1.3
npm install intl-messageformat@1.3.0
npm install validator@7.0.0
npm install express-hbs@1.0.4
npm install glob@7.1.2
npm install unidecode@0.1.8
npm install csv-parser@1.11.0
npm install archiver@1.3.0
npm install fs-extra@3.0.1
npm install extract-zip-fork@1.5.1
npm install moment@2.18.1
npm install nodemailer@4.0.1
npm install html-to-text@3.3.0
npm install gscan@1.1.0
npm install body-parser@1.17.2
npm install compression@1.6.2
npm install morgan@1.8.2
npm install semver@5.3.0
npm install path-match@1.2.4
npm install downsize@0.0.8
npm install rss@1.2.2
npm install cheerio@1.0.0-rc.1
npm install passport@0.3.2
npm install xml@1.0.1
npm install multer@1.3.0
npm install oauth2orize@1.8.0
npm install connect-slashes@1.3.1
npm install cors@2.8.3
npm install netjet@1.1.3
npm install jsonpath@0.2.11
npm install image-size@0.5.4
npm install passport-oauth2-client-password@0.1.2
npm install passport-http-bearer@1.0.1
npm install amperize@0.3.4
npm install bcryptjs@2.4.3
npm install knex@0.12.9
npm install bookshelf@0.10.2
npm install cookie-session@1.2.0
npm install ghost-gql@0.0.6
npm install intl@1.2.5
npm install sanitize-html@1.14.1
npm install showdown-ghost@0.3.6
npm install superagent@3.5.2
npm install mysql@2.1.1
npm install mariasql@0.2.6
npm install --production
function_check install_mariadb
@ -432,7 +548,7 @@ function install_ghost {
ghost_create_config
adduser --system --home=/var/www/${GHOST_DOMAIN_NAME}/htdocs/ --group ghost
chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs/
chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
echo '[Unit]' > /etc/systemd/system/ghost.service
echo 'Description=Ghost Blog' >> /etc/systemd/system/ghost.service
@ -540,6 +656,7 @@ function install_ghost {
if [[ $ONION_ONLY != 'no' ]]; then
sed -i "s|url: .*|url: 'http://${GHOST_ONION_HOSTNAME}',|g" /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
systemctl restart mariadb
systemctl restart ghost
fi
@ -549,12 +666,14 @@ function install_ghost {
nginx_ensite $GHOST_DOMAIN_NAME
systemctl restart nginx
systemctl restart mariadb
${PROJECT_NAME}-pass -u $MY_USERNAME -a ghost -p "$GHOST_ADMIN_PASSWORD"
function_check add_ddns_domain
add_ddns_domain $GHOST_DOMAIN_NAME
chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
if ! grep -q "ghost version:" ${COMPLETION_FILE}; then
echo "ghost version:${GHOST_VERSION}" >> ${COMPLETION_FILE}

399
src/freedombone-app-gnusocial
View File

@ -37,18 +37,10 @@ GNUSOCIAL_DOMAIN_NAME=
GNUSOCIAL_CODE=
GNUSOCIAL_ONION_PORT=8087
GNUSOCIAL_REPO="https://git.gnu.io/gnu/gnu-social.git"
GNUSOCIAL_COMMIT='1517deeeb621a0256106d0108855e8827713e2cc'
GNUSOCIAL_COMMIT='05a9c11c476b384e5ef3f3cc83b66406fcf7a378'
GNUSOCIAL_ADMIN_PASSWORD=
GNUSOCIAL_BACKGROUND_IMAGE_URL=
GNUSOCIAL_MARKDOWN_REPO="https://git.gnu.io/chimo/markdown.git"
GNUSOCIAL_MARKDOWN_COMMIT='03c53942f94b3376f0946e6e1fe566cc21ccf232'
# Sharings plugin for gnusocial
SHARINGS_REPO="http://git.lasindias.club/bashrc/Sharings"
SHARINGS_COMMIT='d5c6c7f855d9afff9086c09ea706f38c859bc0d4'
SHARINGS_THEME_REPO="http://git.lasindias.club/manuel/SharingsTheme"
SHARINGS_THEME_COMMIT='7106c7ef03'
GNUSOCIAL_TITLE='Pleroma FE'
@ -61,16 +53,18 @@ gnusocial_variables=(ONION_ONLY
GNUSOCIAL_WELCOME_MESSAGE
GNUSOCIAL_BACKGROUND_IMAGE_URL
DDNS_PROVIDER
GNUSOCIAL_MARKDOWN_REPO
GNUSOCIAL_MARKDOWN_COMMIT
SHARINGS_REPO
SHARINGS_COMMIT
SHARINGS_THEME_REPO
SHARINGS_THEME_COMMIT
GNUSOCIAL_TITLE
GNUSOCIAL_EXPIRE_MONTHS
MY_USERNAME)
function logging_on_gnusocial {
echo -n ''
}
function logging_off_gnusocial {
echo -n ''
}
function gnusocial_fix_endless_reloads {
# This fixes a bug introduced with commit 5f7032dfee1fd202c14e76a9f8b37af35d584901
# and which causes OrFox to endlessly reload the page
@ -311,15 +305,14 @@ function configure_interactive_gnusocial {
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"GNU Social" \
--radiolist $"Choose an operation:" 17 70 8 \
--radiolist $"Choose an operation:" 16 70 7 \
1 $"Set a background image" off \
2 $"Set the title" off \
3 $"Set post expiry period (currently $GNUSOCIAL_EXPIRE_MONTHS months)" off \
4 $"Select Qvitter user interface" off \
5 $"Select Pleroma user interface" off \
6 $"Select Classic user interface" off \
7 $"Select Armadillo user interface" off \
8 $"Exit" on 2> $data
7 $"Exit" on 2> $data
sel=$?
case $sel in
1) return;;
@ -332,13 +325,17 @@ function configure_interactive_gnusocial {
4) gnusocial_use_qvitter gnusocial;;
5) gnusocial_use_pleroma gnusocial;;
6) gnusocial_use_classic gnusocial;;
7) gnusocial_use_armadillo gnusocial;;
8) break;;
7) break;;
esac
done
}
function upgrade_gnusocial {
CURR_GNUSOCIAL_COMMIT=$(get_completion_param "gnusocial commit")
if [[ "$CURR_GNUSOCIAL_COMMIT" == "$GNUSOCIAL_COMMIT" ]]; then
return
fi
if grep -q "gnusocial domain" $COMPLETION_FILE; then
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
fi
@ -364,7 +361,9 @@ function upgrade_gnusocial {
gnusocial_block_domain_script gnusocial $GNUSOCIAL_DOMAIN_NAME
gnusocial_hourly_script gnusocial $GNUSOCIAL_DOMAIN_NAME
upgrade_pleroma "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
if [ -d $INSTALL_DIR/pleroma ]; then
upgrade_pleroma "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
fi
install_gnusocial_default_background "gnusocial" "$GNUSOCIAL_DOMAIN_NAME"
chown -R www-data:www-data /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
}
@ -376,21 +375,34 @@ function backup_local_gnusocial {
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
fi
source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
if [ -d $source_directory ]; then
dest_directory=gnusocial
function_check suspend_site
suspend_site ${GNUSOCIAL_DOMAIN_NAME}
# don't backup more data than we need to
gnusocial-expire
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
function_check backup_database_to_usb
backup_database_to_usb gnusocial
function_check restart_site
restart_site
source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup
if [ ! -d $source_directory ]; then
mkdir $source_directory
fi
cp -p /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php $source_directory
if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static ]; then
cp -rp /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static $source_directory
fi
function_check suspend_site
suspend_site ${GNUSOCIAL_DOMAIN_NAME}
function_check backup_directory_to_usb
dest_directory=gnusocialconfig
backup_directory_to_usb $source_directory $dest_directory
source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file
dest_directory=gnusocialfile
backup_directory_to_usb $source_directory $dest_directory
function_check backup_database_to_usb
backup_database_to_usb gnusocial
function_check restart_site
restart_site
}
function restore_local_gnusocial {
@ -404,68 +416,116 @@ function restore_local_gnusocial {
gnusocial_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
# stop the daemons
cd $gnusocial_dir
su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
scripts/stopdaemons.sh
function_check gnusocial_create_database
gnusocial_create_database
restore_database gnusocial ${GNUSOCIAL_DOMAIN_NAME}
restore_database gnusocial
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
# start the daemons
cd $gnusocial_dir
su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir gnusocialconfig
if [ -d $temp_restore_dir ]; then
cp $temp_restore_dir$gnusocial_dir/backup/config.php $gnusocial_dir/
chown www-data:www-data $gnusocial_dir/config.php
cp -rp $temp_restore_dir$gnusocial_dir/static $gnusocial_dir/
chown -R www-data:www-data $gnusocial_dir/static
rm -rf $temp_restore_dir
fi
restore_directory_from_usb $temp_restore_dir gnusocialfile
if [ -d $temp_restore_dir ]; then
cp -rp $temp_restore_dir$gnusocial_dir/file $gnusocial_dir/
chown -R www-data:www-data $gnusocial_dir/file
rm -rf $temp_restore_dir
fi
gnusocial_update_after_restore gnusocial ${GNUSOCIAL_DOMAIN_NAME}
echo $"Restore of gnusocial complete"
fi
}
function backup_remote_gnusocial {
GNUSOCIAL_DOMAIN_NAME='gnusocial'
if grep -q "gnusocial domain" $COMPLETION_FILE; then
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
temp_backup_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
function_check suspend_site
suspend_site ${GNUSOCIAL_DOMAIN_NAME}
function_check backup_database_to_friend
backup_database_to_friend gnusocial
echo $"Backing up GNU social installation"
function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir gnusocial
function_check restart_site
restart_site
else
echo $"gnusocial domain specified but not found in ${temp_backup_dir}"
fi
fi
# don't backup more data than we need to
gnusocial-expire
source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup
if [ ! -d $source_directory ]; then
mkdir $source_directory
fi
cp -p /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php $source_directory
if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static ]; then
cp -rp /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static $source_directory
fi
function_check suspend_site
suspend_site ${GNUSOCIAL_DOMAIN_NAME}
function_check backup_directory_to_friend
dest_directory=gnusocialconfig
backup_directory_to_friend $source_directory $dest_directory
source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file
dest_directory=gnusocialfile
backup_directory_to_friend $source_directory $dest_directory
function_check backup_database_to_friend
backup_database_to_friend gnusocial
function_check restart_site
restart_site
}
function restore_remote_gnusocial {
if grep -q "gnusocial domain" $COMPLETION_FILE; then
if ! grep -q "gnusocial domain" $COMPLETION_FILE; then
return
fi
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
if [ $GNUSOCIAL_DOMAIN_NAME ]; then
echo $"Restoring gnusocial"
GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
temp_restore_dir=/root/tempgnusocial
gnusocial_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
# stop the daemons
cd /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
cd $gnusocial_dir
scripts/stopdaemons.sh
function_check gnusocial_create_database
gnusocial_create_database
function_check restore_database_from_friend
restore_database_from_friend gnusocial ${GNUSOCIAL_DOMAIN_NAME}
if [ -d /root/tempgnusocial ]; then
rm -rf /root/tempgnusocial
restore_database_from_friend gnusocial
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
# start the daemons
cd /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir gnusocialconfig
if [ -d $temp_restore_dir ]; then
cp $temp_restore_dir$gnusocial_dir/backup/config.php $gnusocial_dir/
chown www-data:www-data $gnusocial_dir/config.php
cp -rp $temp_restore_dir$gnusocial_dir/static $gnusocial_dir/
chown -R www-data:www-data $gnusocial_dir/static
rm -rf $temp_restore_dir
fi
restore_directory_from_friend $temp_restore_dir gnusocialfile
if [ -d $temp_restore_dir ]; then
cp -rp $temp_restore_dir$gnusocial_dir/file $gnusocial_dir/
chown -R www-data:www-data $gnusocial_dir/file
rm -rf $temp_restore_dir
fi
gnusocial_update_after_restore gnusocial ${GNUSOCIAL_DOMAIN_NAME}
echo $"Restore of gnusocial complete"
fi
}
@ -486,8 +546,8 @@ function remove_gnusocial {
rm /etc/cron.hourly/gnusocial-daemons
fi
if [ -f /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts
su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
scripts/stopdaemons.sh
fi
kill_pid=$(ps aux | grep /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
kill -9 $kill_pid
@ -537,15 +597,24 @@ function install_gnusocial_main {
function_check repair_databases_script
repair_databases_script
apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
apt-get -yq install php5-memcached php5-intl exiftool
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME ]; then
mkdir /var/www/$GNUSOCIAL_DOMAIN_NAME
fi
if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then
function_check git_clone
git_clone $GNUSOCIAL_REPO /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
if [ -d /repos/gnusocial ]; then
mkdir /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
cp -r -p /repos/gnusocial/. /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
git pull
else
function_check git_clone
git_clone $GNUSOCIAL_REPO /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
fi
if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then
echo $'Unable to clone gnusocial repo'
exit 87525
@ -580,6 +649,8 @@ function install_gnusocial_main {
function_check add_ddns_domain
add_ddns_domain $GNUSOCIAL_DOMAIN_NAME
GNUSOCIAL_ONION_HOSTNAME=$(add_onion_service gnusocial 80 ${GNUSOCIAL_ONION_PORT})
gnusocial_nginx_site=/etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
@ -614,7 +685,8 @@ function install_gnusocial_main {
echo ' # PHP' >> $gnusocial_nginx_site
echo ' location ~ \.php {' >> $gnusocial_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $gnusocial_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $gnusocial_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $gnusocial_nginx_site
echo ' fastcgi_read_timeout 30;' >> $gnusocial_nginx_site
echo ' }' >> $gnusocial_nginx_site
echo '' >> $gnusocial_nginx_site
echo ' # Location' >> $gnusocial_nginx_site
@ -641,7 +713,7 @@ function install_gnusocial_main {
fi
echo 'server {' >> $gnusocial_nginx_site
echo " listen 127.0.0.1:$GNUSOCIAL_ONION_PORT default_server;" >> $gnusocial_nginx_site
echo " server_name $GNUSOCIAL_DOMAIN_NAME;" >> $gnusocial_nginx_site
echo " server_name $GNUSOCIAL_ONION_HOSTNAME;" >> $gnusocial_nginx_site
echo '' >> $gnusocial_nginx_site
function_check nginx_compress
nginx_compress $GNUSOCIAL_DOMAIN_NAME
@ -662,7 +734,8 @@ function install_gnusocial_main {
echo ' # PHP' >> $gnusocial_nginx_site
echo ' location ~ \.php {' >> $gnusocial_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $gnusocial_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $gnusocial_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $gnusocial_nginx_site
echo ' fastcgi_read_timeout 30;' >> $gnusocial_nginx_site
echo ' }' >> $gnusocial_nginx_site
echo '' >> $gnusocial_nginx_site
echo ' # Location' >> $gnusocial_nginx_site
@ -710,8 +783,6 @@ function install_gnusocial_main {
gnusocial_ssl='never'
fi
GNUSOCIAL_ONION_HOSTNAME=$(add_onion_service gnusocial 80 ${GNUSOCIAL_ONION_PORT})
GNUSOCIAL_SERVER=${GNUSOCIAL_DOMAIN_NAME}
if [[ $ONION_ONLY != 'no' ]]; then
GNUSOCIAL_SERVER=${GNUSOCIAL_ONION_HOSTNAME}
@ -770,7 +841,8 @@ function install_gnusocial_main {
# This improves performance
sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $gnusocial_config_file
systemctl restart php5-fpm
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
@ -784,159 +856,6 @@ function install_gnusocial_main {
install_completed gnusocial_main
}
function install_gnusocial_plugin_sharings {
if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins ]; then
echo $'No local/plugins directory found for the gnusocial'
exit 72945
fi
apt-get -yq install liblocale-msgfmt-perl gettext
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins "gnusocial sharings plugin commit" "$SHARINGS_COMMIT" $SHARINGS_REPO
if [[ $(app_is_installed gnusocial_plugin_sharings) == "1" ]]; then
return
fi
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins
function_check git_clone
git_clone $SHARINGS_REPO Sharings
if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings ]; then
echo $'Unable to clone gnusocial sharings plugin'
exit 36738
fi
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings
git stash
git checkout master
git branch -D $SHARINGS_COMMIT
git checkout $SHARINGS_COMMIT -b $SHARINGS_COMMIT
# enable the plugin
if ! grep -q "addPlugin('Sharings');" /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php; then
echo "addPlugin('Sharings');" >> /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php
fi
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
php scripts/checkschema.php
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings
php scripts/seedsharings.php
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
php scripts/upgrade.php
php scripts/checkschema.php
# Languages
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en/LC_MESSAGES
msgfmt -o Sharings.mo Sharings.po
if [ ! -f Sharings.po ]; then
echo $'English translations for gnusocial sharings plugin were not created'
exit 84352
fi
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en_GB/LC_MESSAGES
msgfmt -o Sharings.mo Sharings.po
if [ ! -f Sharings.po ]; then
echo $'English (GB) translations for gnusocial sharings plugin were not created'
exit 84352
fi
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en_US/LC_MESSAGES
msgfmt -o Sharings.mo Sharings.po
if [ ! -f Sharings.po ]; then
echo $'English (US) translations for gnusocial sharings plugin were not created'
exit 84352
fi
# Looks like this update function isn't supported by the current php version
sed -i 's|ActivityVerb::UPDATE, ||g' /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/SharingsPlugin.php
chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
set_completion_param gnusocial "sharings plugin commit" "$SHARINGS_COMMIT"
install_completed gnusocial_plugin_sharings
}
function install_gnusocial_plugin_sharings_theme {
if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins ]; then
echo $'No local/plugins directory found for the gnusocial'
exit 74458
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins "gnusocial sharings theme plugin commit" "$SHARINGS_THEME_COMMIT" $SHARINGS_THEME_REPO
if [[ $(app_is_installed gnusocial_plugin_sharings_theme) == "1" ]]; then
return
fi
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins
function_check git_clone
git_clone $SHARINGS_THEME_REPO SharingsTheme
if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/SharingsTheme ]; then
echo $'Unable to clone gnusocial sharings plugin theme'
exit 639253
fi
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/SharingsTheme
git stash
git checkout master
git branch -D $SHARINGS_THEME_COMMIT
git checkout $SHARINGS_THEME_COMMIT -b $SHARINGS_THEME_COMMIT
# enable the plugin
if ! grep -q "addPlugin('SharingsTheme');" /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php; then
echo "addPlugin('SharingsTheme');" >> /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php
fi
cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
php scripts/checkschema.php
chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
set_completion_param "gnusocial sharings plugin theme commit" "$SHARINGS_THEME_COMMIT"
install_completed gnusocial_plugin_sharings_theme
}
function install_gnusocial_markdown {
GNUSOCIAL_PATH=/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
# update to the next commit
function_check set_repo_commit
set_repo_commit $GNUSOCIAL_PATH/local/plugins/Markdown "gnusocial Markdown commit" "$GNUSOCIAL_MARKDOWN_COMMIT" $GNUSOCIAL_MARKDOWN_REPO
if [[ $(app_is_installed gnusocial_markdown) == "1" ]]; then
return
fi
if [ -d $GNUSOCIAL_PATH/local/plugins/Markdown ]; then
rm -rf $GNUSOCIAL_PATH/local/plugins/Markdown
fi
if [ ! -d $GNUSOCIAL_PATH/local/plugins ]; then
mkdir -p $GNUSOCIAL_PATH/local/plugins
fi
cd $GNUSOCIAL_PATH/local/plugins
function_check git_clone
git_clone $GNUSOCIAL_MARKDOWN_REPO Markdown
cd $GNUSOCIAL_PATH/local/plugins/Markdown
git checkout $GNUSOCIAL_MARKDOWN_COMMIT -b $GNUSOCIAL_MARKDOWN_COMMIT
gnusocial_config_file=$GNUSOCIAL_PATH/config.php
if ! grep -q "addPlugin('Markdown'" $gnusocial_config_file; then
echo "" >> $gnusocial_config_file
echo "// Markdown settings" >> $gnusocial_config_file
echo "addPlugin('Markdown');" >> $gnusocial_config_file
fi
set_completion_param "gnusocial markdown commit" "$GNUSOCIAL_MARKDOWN_COMMIT"
chown -R www-data:www-data $GNUSOCIAL_PATH
install_completed gnusocial_markdown
}
function install_gnusocial {
if [ ! $ONION_ONLY ]; then
ONION_ONLY='no'
@ -945,9 +864,9 @@ function install_gnusocial {
install_gnusocial_main
expire_gnusocial_posts "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_EXPIRE_MONTHS"
install_qvitter "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
install_gnusocial_markdown
#install_gnusocial_plugin_sharings
#install_gnusocial_plugin_sharings_theme
install_gnusocial_markdown "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
install_gnusocial_plugin_sharings "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
install_gnusocial_plugin_sharings_theme "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
# Currently Pleroma won't install on ARM systems
# because it uses node-sass which doesn't support ARM
@ -967,6 +886,14 @@ function install_gnusocial {
systemctl restart nginx
# Set qvitter to be the default UI. It's probably the most stable.
# And doesn't forget logins
gnusocial_use_qvitter gnusocial
if [ $GNUSOCIAL_BACKGROUND_IMAGE_URL ]; then
pleroma_set_background_image_from_url "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
fi
APP_INSTALLED=1
}

41
src/freedombone-app-gogs
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -51,6 +51,14 @@ gogs_variables=(ONION_ONLY
DDNS_PROVIDER
ARCHITECTURE)
function logging_on_gogs {
echo -n ''
}
function logging_off_gogs {
echo -n ''
}
function change_password_gogs {
curr_username="$1"
new_user_password="$2"
@ -102,12 +110,15 @@ function gogs_parameters {
ARCHITECTURE=$(uname -m)
if [[ ${ARCHITECTURE} == "arm"* ]]; then
CURR_ARCH=armv5
echo $"Using $CURR_ARCH"
fi
if [[ ${ARCHITECTURE} == "amd"* || ${ARCHITECTURE} == "x86_64" ]]; then
CURR_ARCH=amd64
echo $"Using $CURR_ARCH"
fi
if [[ ${ARCHITECTURE} == *"386" || ${ARCHITECTURE} == *"686" ]]; then
CURR_ARCH=386
echo $"Using $CURR_ARCH"
fi
fi
@ -192,6 +203,7 @@ function upgrade_gogs {
rm $INSTALL_DIR/gogs_config.ini
sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" ${COMPLETION_FILE}
systemctl restart mariadb
systemctl restart gogs
}
@ -275,6 +287,12 @@ function restore_local_gogs {
rm -rf ${temp_restore_dir}ssh
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
fi
GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
MARIADB_PASSWORD=
fi
}
@ -345,6 +363,12 @@ function restore_remote_gogs {
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
echo $"Restore of Gogs complete"
fi
GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
MARIADB_PASSWORD=
fi
}
@ -354,6 +378,7 @@ function remove_gogs {
fi
systemctl stop gogs
systemctl disable gogs
nginx_dissite ${GIT_DOMAIN_NAME}
remove_certs ${GIT_DOMAIN_NAME}
if [ -d /var/www/${GIT_DOMAIN_NAME} ]; then
@ -365,12 +390,16 @@ function remove_gogs {
function_check drop_database
drop_database gogs
rm /etc/systemd/system/gogs.service
systemctl daemon-reload
rm -rf /home/${GOGS_USERNAME}/*
remove_onion_service gogs ${GIT_ONION_PORT} 9418
remove_completion_param "install_gogs"
sed -i '/gogs /d' $COMPLETION_FILE
remove_backup_database_local gogs
groupdel -f gogs
userdel -r gogs
function_check remove_ddns_domain
remove_ddns_domain $GIT_DOMAIN_NAME
}
@ -382,6 +411,13 @@ function install_gogs {
adduser --disabled-login --gecos 'Gogs' $GOGS_USERNAME
if [ ! -d /home/$GOGS_USERNAME ]; then
echo $"/home/$GOGS_USERNAME directory not created"
exit 783528
fi
groupadd gogs
gogs_parameters
if [ ! -d ${INSTALL_DIR} ]; then
@ -575,7 +611,8 @@ function install_gogs {
GIT_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_gogs/hostname)
systemctl restart php5-fpm
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
set_completion_param "gogs domain" "$GIT_DOMAIN_NAME"

42
src/freedombone-app-htmly
View File

@ -50,6 +50,14 @@ htmly_variables=(HTMLY_REPO
DDNS_PROVIDER
MY_USERNAME)
function logging_on_htmly {
echo -n ''
}
function logging_off_htmly {
echo -n ''
}
function set_avatar_from_url {
AVATAR="$1"
@ -192,6 +200,11 @@ function reconfigure_htmly {
}
function upgrade_htmly {
CURR_HTMLY_COMMIT=$(get_completion_param "htmly commit")
if [[ "$CURR_HTMLY_COMMIT" == "$HTMLY_COMMIT" ]]; then
return
fi
read_config_param "HTMLY_DOMAIN_NAME"
function_check set_repo_commit
@ -462,11 +475,12 @@ function install_htmly_website {
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
@ -541,11 +555,12 @@ function install_htmly_website_onion {
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
@ -574,7 +589,16 @@ function install_htmly_from_repo {
fi
cd /var/www/$HTMLY_DOMAIN_NAME
git_clone $HTMLY_REPO htdocs
if [ -d /repos/htmly ]; then
mkdir htdocs
cp -r -p /repos/htmly/. htdocs
cd htdocs
git pull
else
git_clone $HTMLY_REPO htdocs
fi
cd htdocs
git checkout $HTMLY_COMMIT -b $HTMLY_COMMIT
set_completion_param "htmly commit" "$HTMLY_COMMIT"
@ -591,7 +615,7 @@ function install_htmly {
fi
# for the avatar changing command
apt-get -yq install imagemagick
apt-get -yq install imagemagick libfcgi0ldbl
function_check install_htmly_from_repo
install_htmly_from_repo
@ -627,7 +651,7 @@ function install_htmly {
function_check nginx_ensite
nginx_ensite $HTMLY_DOMAIN_NAME
systemctl restart php5-fpm
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a htmly -p "$HTMLY_ADMIN_PASSWORD"

78
src/freedombone-app-hubzilla
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -51,6 +51,14 @@ hubzilla_variables=(ONION_ONLY
HUBZILLA_REPO
HUBZILLA_ADDONS_REPO)
function logging_on_hubzilla {
echo -n ''
}
function logging_off_hubzilla {
echo -n ''
}
function remove_user_hubzilla {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp hubzilla
@ -196,6 +204,11 @@ function reconfigure_hubzilla {
}
function upgrade_hubzilla {
CURR_HUBZILLA_COMMIT=$(get_completion_param "hubzilla commit")
if [[ "$CURR_HUBZILLA_COMMIT" == "$HUBZILLA_COMMIT" ]]; then
return
fi
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
function_check set_repo_commit
@ -238,6 +251,11 @@ function restore_local_hubzilla {
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
MARIADB_PASSWORD=
fi
}
@ -273,6 +291,11 @@ function restore_remote_hubzilla {
if [ -d /root/temphubzilla ]; then
rm -rf /root/temphubzilla
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
MARIADB_PASSWORD=
}
function remove_hubzilla {
@ -304,7 +327,8 @@ function install_hubzilla {
fi
if [[ $ONION_ONLY != "no" ]]; then
return
echo $"Hubzilla won't work on an onion address"
exit 529925
fi
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
@ -318,9 +342,9 @@ function install_hubzilla {
function_check repair_databases_script
repair_databases_script
apt-get -yq install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
apt-get -yq install php5-dev imagemagick php5-imagick
apt-get -yq install php5-memcached
apt-get -yq install php-common php-cli php-curl php-gd php-mysql php-mcrypt git
apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
apt-get -yq install php-memcached memcached
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
mkdir /var/www/$HUBZILLA_DOMAIN_NAME
@ -331,22 +355,39 @@ function install_hubzilla {
if [ ! -f $HUBZILLA_PATH/index.php ]; then
cd $INSTALL_DIR
function_check git_clone
git_clone $HUBZILLA_REPO hubzilla
if [ -d /repos/hubzilla ]; then
mkdir hubzilla
cp -r -p /repos/hubzilla/. hubzilla
cd hubzilla
git pull
else
function_check git_clone
git_clone $HUBZILLA_REPO hubzilla
fi
git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
set_completion_param "hubzilla commit" "$HUBZILLA_COMMIT"
rm -rf $HUBZILLA_PATH
mv hubzilla $HUBZILLA_PATH
git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
if [ -d /repos/hubzilla-addons ]; then
mkdir $HUBZILLA_PATH/addon
cp -r -p /repos/hubzilla-addons/. $HUBZILLA_PATH/addon
cd $HUBZILLA_PATH/addon
git pull
else
git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
fi
cd $HUBZILLA_PATH/addon
git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
set_completion_param "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT"
# some extra themes
git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
#git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
#cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
chown -R www-data:www-data $HUBZILLA_PATH
fi
@ -420,11 +461,12 @@ function install_hubzilla {
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
@ -488,11 +530,12 @@ function install_hubzilla {
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
@ -583,7 +626,8 @@ function install_hubzilla {
chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
chmod 755 $HUBZILLA_PATH/.htconfig.php
systemctl restart php5-fpm
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
systemctl restart cron

26
src/freedombone-app-ipfs
View File

@ -48,6 +48,14 @@ ipfs_variables=(IPFS_GO_VERSION
IPFS_KEY_LENGTH
IPFS_PORT)
function logging_on_ipfs {
echo -n ''
}
function logging_off_ipfs {
echo -n ''
}
function install_interactive_ipfs {
echo -n ''
APP_INSTALLED=1
@ -58,6 +66,11 @@ function reconfigure_ipfs {
}
function upgrade_ipfs_go {
CURR_IPFS_COMMIT=$(get_completion_param "ipfs commit")
if [[ "$CURR_IPFS_COMMIT" == "$IPFS_COMMIT" ]]; then
return
fi
if [[ $(app_is_installed ipfs_go) == "0" ]]; then
return
fi
@ -155,6 +168,7 @@ function remove_ipfs_go {
systemctl disable ipfs
systemctl daemon-reload
rm /etc/systemd/system/ipfs.service
systemctl daemon-reload
rm -rf $GOPATH/src/github.com/ipfs
firewall_remove $IPFS_PORT tcp
remove_completion_param install_ipfs
@ -199,8 +213,7 @@ function mesh_install_ipfs_js {
return
fi
chroot ${rootdir} apt-get -yq install nodejs
chroot ${rootdir} apt-get -yq install npm curl
chroot ${rootdir} apt-get -yq install nodejs curl
chroot ${rootdir} apt-get -yq install libpam0g-dev fuse
if [ ! -f ${rootdir}/usr/bin/nodejs ]; then
@ -395,12 +408,15 @@ function mesh_install_ipfs_go {
ARCHITECTURE=$(uname -m)
if [[ $ARCHITECTURE == "arm"* ]]; then
IPFS_ARCH=arm
echo $"Using $IPFS_ARCH"
fi
if [[ $ARCHITECTURE == "amd"* || $ARCHITECTURE == "x86_64" ]]; then
IPFS_ARCH=amd64
echo $"Using $IPFS_ARCH"
fi
if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then
IPFS_ARCH=386
echo $"Using $IPFS_ARCH"
fi
fi
@ -451,6 +467,10 @@ function install_ipfs_go {
if [ ! -d /home/git ]; then
# add a gogs user account
adduser --disabled-login --gecos 'Gogs' git
if [ ! -d /home/git ]; then
echo $"/home/git directory not created"
exit 735272
fi
# install Go
if ! grep -q "export GOPATH=" ~/.bashrc; then
@ -510,7 +530,7 @@ function install_ipfs_go {
fi
# initialise
su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
su -c "$IPFS_PATH/ipfs init -b 2048" - $MY_USERNAME
if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
echo "IPFS could not be initialised for user $MY_USERNAME"
exit 7358

16
src/freedombone-app-irc
View File

@ -54,6 +54,14 @@ irc_variables=(MY_USERNAME
IRC_BUFFER_LENGTH
ONION_ONLY)
function logging_on_irc {
echo -n ''
}
function logging_off_irc {
echo -n ''
}
function irc_get_global_password {
echo $(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}')
}
@ -544,7 +552,7 @@ function install_irc_server {
else
sed -i 's|;SSLConnect.*|SSLConnect = no|g'
# comment out the second Ports entry
if ! grep ";Ports =" /etc/ngircd/ngircd.conf; then
if ! grep -q ";Ports =" /etc/ngircd/ngircd.conf; then
sed -i '0,/Ports =/! s/Ports =/;Ports =/' /etc/ngircd/ngircd.conf
fi
fi
@ -613,9 +621,13 @@ function install_irc_bouncer {
return
fi
apt-get -yq -t jessie-backports install znc
apt-get -yq install znc
adduser --disabled-login --gecos 'znc' znc
if [ ! -d /home/znc ]; then
echo $"/home/znc directory not created"
exit 7354262
fi
mkdir -p /home/znc/.znc/configs
mkdir -p /home/znc/.znc/users

18
src/freedombone-app-jitsi
View File

@ -51,24 +51,32 @@ jitsi_variables=(ONION_ONLY
DEFAULT_DOMAIN_NAME
MY_USERNAME)
function logging_on_jitsi {
echo -n ''
}
function logging_off_jitsi {
echo -n ''
}
function jitsi_disable_google_spyware {
# Presumably they included Google Analytics for benign reasons, but it's
# an obvious security problem. This should disable it.
sed -i "s|Google Analytics|Google Spyware deactivated|g" /usr/share/jitsi-meet/analytics.js
sed -i "s|www.google-analytics.com|${JITSI_DOMAIN_NAME}|g" /usr/share/jitsi-meet/analytics.js
if ! grep '//ga(' /usr/share/jitsi-meet/analytics.js; then
if ! grep -q '//ga(' /usr/share/jitsi-meet/analytics.js; then
sed -i 's|ga(|//ga(|g' /usr/share/jitsi-meet/analytics.js
fi
if ! grep '//action +' /usr/share/jitsi-meet/analytics.js; then
if ! grep -q '//action +' /usr/share/jitsi-meet/analytics.js; then
sed -i 's|action +|//action +|g' /usr/share/jitsi-meet/analytics.js
fi
sed -i "s|Google Analytics|Google Spyware deactivated|g" /usr/share/jitsi-meet/libs/analytics.js
sed -i "s|www.google-analytics.com|${JITSI_DOMAIN_NAME}|g" /usr/share/jitsi-meet/libs/analytics.js
if ! grep '//ga(' /usr/share/jitsi-meet/libs/analytics.js; then
if ! grep -q '//ga(' /usr/share/jitsi-meet/libs/analytics.js; then
sed -i 's|ga(|//ga(|g' /usr/share/jitsi-meet/libs/analytics.js
fi
if ! grep '//action +' /usr/share/jitsi-meet/libs/analytics.js; then
if ! grep -q '//action +' /usr/share/jitsi-meet/libs/analytics.js; then
sed -i 's|action +|//action +|g' /usr/share/jitsi-meet/libs/analytics.js
fi
}
@ -230,7 +238,7 @@ function install_jitsi {
remove_nodejs jitsi
exit 638352
fi
if ! grep "jitsi" /etc/apt/sources.list; then
if ! grep -q "jitsi" /etc/apt/sources.list; then
echo "deb http://download.jitsi.org/nightly/deb ${jitsi_deb_repo}/" >> /etc/apt/sources.list
fi
wget -qO - https://download.jitsi.org/nightly/deb/${jitsi_deb_repo}/archive.key | apt-key add -

78
src/freedombone-app-koel
View File

@ -39,7 +39,7 @@ KOEL_CODE=
KOEL_ONION_PORT=8118
KOEL_PORT=9002
KOEL_REPO="https://github.com/phanan/koel"
KOEL_COMMIT='70464a8977b1058f3bd0a4ec77877fe7894d8d84'
KOEL_COMMIT='70464a'
KOEL_ADMIN_PASSWORD=
koel_variables=(ONION_ONLY
@ -49,6 +49,14 @@ koel_variables=(ONION_ONLY
MY_EMAIL_ADDRESS
MY_USERNAME)
function logging_on_koel {
echo -n ''
}
function logging_off_koel {
echo -n ''
}
function koel_remove_gravatar {
cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" node_modules/browser-sync-ui/public/js/app.js.map
@ -323,7 +331,7 @@ function backup_local_koel {
source_directory=/var/www/${KOEL_DOMAIN_NAME}/htdocs
if [ -d $source_directory ]; then
systemctl stop koal
systemctl stop koel
dest_directory=koel
function_check suspend_site
@ -338,7 +346,7 @@ function backup_local_koel {
function_check restart_site
restart_site
systemctl start koal
systemctl start koel
fi
}
@ -349,7 +357,7 @@ function restore_local_koel {
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
if [ $KOEL_DOMAIN_NAME ]; then
echo $"Restoring koel"
systemctl stop koal
systemctl stop koel
temp_restore_dir=/root/tempkoel
koel_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
@ -361,7 +369,13 @@ function restore_local_koel {
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
systemctl start koal
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
cd /var/www/$KOEL_DOMAIN_NAME/htdocs
sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
MARIADB_PASSWORD=
systemctl start koel
fi
}
@ -370,7 +384,7 @@ function backup_remote_koel {
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
temp_backup_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
systemctl stop koal
systemctl stop koel
function_check suspend_site
suspend_site ${KOEL_DOMAIN_NAME}
@ -386,7 +400,7 @@ function backup_remote_koel {
function_check restart_site
restart_site
systemctl start koal
systemctl start koel
else
echo $"koel domain specified but not found in ${temp_backup_dir}"
fi
@ -397,7 +411,7 @@ function restore_remote_koel {
if grep -q "koel domain" $COMPLETION_FILE; then
echo $"Restoring koel"
systemctl stop koal
systemctl stop koel
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
@ -410,7 +424,12 @@ function restore_remote_koel {
rm -rf /root/tempkoel
fi
systemctl start koal
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
cd /var/www/$KOEL_DOMAIN_NAME/htdocs
sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
MARIADB_PASSWORD=
systemctl start koel
echo $"Restore of koel complete"
fi
@ -426,6 +445,7 @@ function remove_koel {
if [ -f /etc/systemd/system/koel.service ]; then
rm /etc/systemd/system/koel.service
fi
systemctl daemon-reload
function_check remove_nodejs
remove_nodejs koel
@ -479,15 +499,25 @@ function install_koel_main {
function_check repair_databases_script
repair_databases_script
apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
apt-get -yq install php5-memcached php5-intl exiftool
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl php-zip
apt-get -yq install php-memcached php-intl exiftool libfcgi0ldbl
apt-get -yq install ffmpeg
if [ ! -d /var/www/$KOEL_DOMAIN_NAME ]; then
mkdir /var/www/$KOEL_DOMAIN_NAME
fi
if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
function_check git_clone
git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs
if [ -d /repos/koel ]; then
mkdir /var/www/$KOEL_DOMAIN_NAME/htdocs
cp -r -p /repos/koel/. /var/www/$KOEL_DOMAIN_NAME/htdocs
cd /var/www/$KOEL_DOMAIN_NAME/htdocs
git pull
else
function_check git_clone
git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs
fi
if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
echo $'Unable to clone koel repo'
exit 365735
@ -554,7 +584,8 @@ function install_koel_main {
echo ' # PHP' >> $koel_nginx_site
echo ' location ~ \.php {' >> $koel_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $koel_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $koel_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
echo ' fastcgi_read_timeout 30;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Location' >> $koel_nginx_site
@ -612,7 +643,8 @@ function install_koel_main {
echo ' # PHP' >> $koel_nginx_site
echo ' location ~ \.php {' >> $koel_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $koel_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $koel_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
echo ' fastcgi_read_timeout 30;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Location' >> $koel_nginx_site
@ -661,7 +693,8 @@ function install_koel_main {
KOEL_SERVER=${KOEL_ONION_HOSTNAME}
fi
systemctl restart php5-fpm
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a koel -p "$KOEL_ADMIN_PASSWORD"
@ -691,8 +724,13 @@ function install_koel {
cat /home/$MY_USERNAME/freedombone/image_build/composer_install | php
fi
fi
npm install
npm install -g yarn
php composer.phar install
if [ ! "$?" = "0" ]; then
echo $'Unable to run composer install'
exit 7252198
fi
npm install
function_check get_mariadb_password
get_mariadb_password
@ -708,8 +746,13 @@ function install_koel {
sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
sed -i 's/MAIL_HOST=.*/MAIL_HOST=localhost/g' .env
sed -i 's/MAIL_PORT=.*/MAIL_PORT=25/g' .env
sed -i 's|FFMPEG_PATH=.*|FFMPEG_PATH=/usr/bin/ffmpeg|g' .env
php artisan koel:init
if [ ! "$?" = "0" ]; then
echo $"Can't install koel:init"
exit 78362
fi
koel_remove_gravatar
chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
@ -738,6 +781,7 @@ function install_koel {
fi
chown -R www-data:www-data /music
systemctl restart mariadb
systemctl restart nginx
APP_INSTALLED=1

40
src/freedombone-app-librevault
View File

@ -44,6 +44,14 @@ librevault_variables=(PROTOBUF_REPO
LIBREVAULT_REPO
LIBREVAULT_PORT)
function logging_on_librevault {
echo -n ''
}
function logging_off_librevault {
echo -n ''
}
function install_interactive_librevault {
echo -n ''
APP_INSTALLED=1
@ -55,6 +63,11 @@ function reconfigure_librevault {
}
function upgrade_librevault {
CURR_LIBREVAULT_COMMIT=$(get_completion_param "librevault commit")
if [[ "$CURR_LIBREVAULT_COMMIT" == "$LIBREVAULT_COMMIT" ]]; then
return
fi
function_check set_repo_commit
if [ -d $INSTALL_DIR/protobuf ]; then
@ -71,8 +84,8 @@ function upgrade_librevault {
fi
if [ -d $INSTALL_DIR/librevault/build ]; then
if ! grep -q "Librevault commit:$LIBREVAULT_COMMIT" $COMPLETION_FILE; then
set_repo_commit $INSTALL_DIR/librevault "Librevault commit" "$LIBREVAULT_COMMIT" $LIBREVAULT_REPO
if ! grep -q "librevault commit:$LIBREVAULT_COMMIT" $COMPLETION_FILE; then
set_repo_commit $INSTALL_DIR/librevault "librevault commit" "$LIBREVAULT_COMMIT" $LIBREVAULT_REPO
cd $INSTALL_DIR/librevault
git submodule update --init --recursive
cd $INSTALL_DIR/librevault/build
@ -108,6 +121,7 @@ function remove_librevault {
systemctl stop librevault
systemctl disable librevault
rm /etc/systemd/system/librevault.service
systemctl daemon-reload
remove_completion_param install_librevault
remove_completion_param configure_firewall_for_librevault
}
@ -130,15 +144,10 @@ function mesh_install_librevault {
chroot "$rootdir" apt-get -yq install autoconf automake libtool curl make unzip
# A workaround which allows c++14 to be installed
sed -i 's|jessie|stretch|g' $rootdir/etc/apt/sources.list
sed -i 's|stretch-backports|jessie-backports|g' $rootdir/etc/apt/sources.list
chroot "$rootdir" apt-get update
chroot "$rootdir" apt-get -yq install g++ gcc-6 g++-6 libboost-all-dev libssl-dev
chroot "$rootdir" apt-get -yq install protobuf-compiler libprotobuf-dev
chroot "$rootdir" apt-get -yq install qtbase5-dev libqt5svg5-dev libqt5websockets5-dev
chroot "$rootdir" apt-get -yq install libsqlite3-dev qttools5-dev qttools5-dev-tools libnatpmp-dev
sed -i 's|stretch|jessie|g' $rootdir/etc/apt/sources.list
chroot "$rootdir" apt-get update
if [ ! -d $rootdir$INSTALL_DIR ]; then
mkdir -p $rootdir$INSTALL_DIR
@ -228,16 +237,11 @@ function install_librevault {
apt-get -yq install autoconf automake libtool curl make unzip
# A workaround which allows c++14 to be installed
sed -i 's|jessie|stretch|g' /etc/apt/sources.list
sed -i 's|stretch-backports|jessie-backports|g' /etc/apt/sources.list
apt-get update
apt-get -yq install protobuf-compiler libprotobuf-dev
apt-get -yq install g++ gcc-6 g++-6 libboost-all-dev libssl-dev
apt-get -yq install qtbase5-dev libqt5svg5-dev libqt5websockets5-dev
apt-get -yq install libsqlite3-dev qttools5-dev qttools5-dev-tools libnatpmp-dev
apt-get -yq install gcc-6 g++-6 libboost-all-dev
sed -i 's|stretch|jessie|g' /etc/apt/sources.list
apt-get update
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
@ -254,7 +258,15 @@ function install_librevault {
set_completion_param "Protobuf commit" "$PROTOBUF_COMMIT"
git_clone $LIBREVAULT_REPO $INSTALL_DIR/librevault
if [ -d /repos/librevault ]; then
mkdir $INSTALL_DIR/librevault
cp -r -p /repos/librevault/. $INSTALL_DIR/librevault
cd $INSTALL_DIR/librevault
git pull
else
git_clone $LIBREVAULT_REPO $INSTALL_DIR/librevault
fi
cd $INSTALL_DIR/librevault
git checkout $LIBREVAULT_COMMIT -b $LIBREVAULT_COMMIT
git submodule update --init --recursive
@ -271,7 +283,7 @@ function install_librevault {
cmake --build .
make install
set_completion_param "Librevault commit" "$LIBREVAULT_COMMIT"
set_completion_param "librevault commit" "$LIBREVAULT_COMMIT"
LIBREVAULT_DAEMON=/etc/systemd/system/librevault-daemon.service
echo '[Unit]' > $LIBREVAULT_DAEMON

44
src/freedombone-app-lychee
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -46,6 +46,13 @@ lychee_variables=(LYCHEE_REPO
DDNS_PROVIDER
MY_USERNAME)
function logging_on_lychee {
echo -n ''
}
function logging_off_lychee {
echo -n ''
}
function lychee_create_database {
if [ -f ${IMAGE_PASSWORD_FILE} ]; then
@ -123,6 +130,11 @@ function reconfigure_lychee {
}
function upgrade_lychee {
CURR_LYCHEE_COMMIT=$(get_completion_param "lychee commit")
if [[ "$CURR_LYCHEE_COMMIT" == "$LYCHEE_COMMIT" ]]; then
return
fi
read_config_param "LYCHEE_DOMAIN_NAME"
function_check set_repo_commit
@ -262,11 +274,12 @@ function install_lychee_website {
echo ' try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
@ -331,11 +344,12 @@ function install_lychee_website_onion {
echo ' try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
@ -364,7 +378,16 @@ function install_lychee_from_repo {
fi
cd /var/www/$LYCHEE_DOMAIN_NAME
git_clone $LYCHEE_REPO htdocs
if [ -d /repos/lychee ]; then
mkdir htdocs
cp -r -p /repos/lychee/. htdocs
cd htdocs
git pull
else
git_clone $LYCHEE_REPO htdocs
fi
cd htdocs
git checkout $LYCHEE_COMMIT -b $LYCHEE_COMMIT
set_completion_param "lychee commit" "$LYCHEE_COMMIT"
@ -381,7 +404,7 @@ function install_lychee {
fi
# for the avatar changing command
apt-get -yq install imagemagick exif zip php5-mcrypt mcrypt
apt-get -yq install imagemagick exif zip php-mcrypt mcrypt libfcgi0ldbl
function_check install_lychee_from_repo
install_lychee_from_repo
@ -426,7 +449,8 @@ function install_lychee {
function_check lychee_create_database
lychee_create_database
systemctl restart php5-fpm
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a lychee -p "$LYCHEE_ADMIN_PASSWORD"

40
src/freedombone-app-mailpile
View File

@ -47,6 +47,14 @@ mailpile_variables=(MAILPILE_REPO
DDNS_PROVIDER
MY_USERNAME)
function logging_on_mailpile {
echo -n ''
}
function logging_off_mailpile {
echo -n ''
}
function remove_user_mailpile {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp mailpile
@ -83,24 +91,21 @@ function reconfigure_mailpile {
function upgrade_mailpile {
read_config_param "MAILPILE_DOMAIN_NAME"
upgrade_mp=
CURR_COMMIT=$MAILPILE_COMMIT
if grep -q "mailpile commit" $COMPLETION_FILE; then
CURR_COMMIT=$(get_completion_param "mailpile commit")
fi
if [[ "$CURR_COMMIT" != "$MAILPILE_COMMIT" ]]; then
upgrade_mp=1
if [[ "$CURR_COMMIT" == "$MAILPILE_COMMIT" ]]; then
return
fi
function_check set_repo_commit
set_repo_commit /var/www/$MAILPILE_DOMAIN_NAME/mail "mailpile commit" "$MAILPILE_COMMIT" $MAILPILE_REPO
if [ $upgrade_mp ]; then
cd /var/www/$MAILPILE_DOMAIN_NAME/mail
pip install -r requirements.txt
cd /var/www/$MAILPILE_DOMAIN_NAME/mail
pip install -r requirements.txt
chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail
fi
chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail
}
function backup_local_mailpile {
@ -226,6 +231,7 @@ function remove_mailpile {
systemctl stop mailpile
systemctl disable mailpile
rm /etc/systemd/system/mailpile.service
systemctl daemon-reload
read_config_param "MAILPILE_DOMAIN_NAME"
nginx_dissite $MAILPILE_DOMAIN_NAME
@ -238,7 +244,9 @@ function remove_mailpile {
fi
function_check remove_ddns_domain
remove_ddns_domain $MAILPILE_DOMAIN_NAME
deluser --remove-all-files mailpile
groupdel -f mailpile
userdel -r mailpile
remove_config_param MAILPILE_DOMAIN_NAME
remove_config_param MAILPILE_CODE
@ -272,7 +280,16 @@ function install_mailpile {
if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail ]; then
rm -rf /var/www/$MAILPILE_DOMAIN_NAME/mail
fi
git_clone $MAILPILE_REPO mail
if [ -d /repos/mailpile ]; then
mkdir mail
cp -r -p /repos/mailpile/. mail
cd mail
git pull
else
git_clone $MAILPILE_REPO mail
fi
cd mail
git checkout $MAILPILE_COMMIT -b $MAILPILE_COMMIT
set_completion_param "mailpile commit" "$MAILPILE_COMMIT"
@ -420,6 +437,9 @@ function install_mailpile {
chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
pip install jinja2==2.9.6
pip install pgpdump==1.5
systemctl enable mailpile
systemctl daemon-reload
systemctl start mailpile

69
src/freedombone-app-matrix
View File

@ -62,6 +62,30 @@ matrix_variables=(ONION_ONLY
MATRIX_DOMAIN_NAME
MATRIX_CODE)
function logging_on_matrix {
if [ -f /var/lib/matrix/homeserver.yaml ]; then
sed -i 's|log_file:.*|log_file: /etc/matrix/homeserver.log|g' /var/lib/matrix/homeserver.yaml
if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
fi
fi
}
function logging_off_matrix {
if [ -f /var/lib/matrix/homeserver.yaml ]; then
sed -i 's|log_file:.*|log_file: /dev/null|g' /var/lib/matrix/homeserver.yaml
if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
fi
if [ -f /etc/matrix/homeserver.log ]; then
$REMOVE_FILES_COMMAND /etc/matrix/homeserver.log
fi
if [ -f /etc/matrix/homeserver.log.1 ]; then
$REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.1
fi
fi
}
function matrix_nginx {
matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
@ -329,6 +353,12 @@ function upgrade_matrix {
if [ ! -d /etc/matrix ]; then
return
fi
CURR_MATRIX_COMMIT=$(get_completion_param "matrix commit")
if [[ "$CURR_MATRIX_COMMIT" == "$MATRIX_COMMIT" ]]; then
return
fi
systemctl stop turn
systemctl stop matrix
@ -478,13 +508,16 @@ function remove_matrix {
if [ -f /etc/systemd/system/matrix.service ]; then
rm /etc/systemd/system/matrix.service
fi
systemctl daemon-reload
apt-get -y remove --purge coturn
cd /etc/matrix
pip uninstall .
rm -rf $MATRIX_DATA_DIR
rm -rf /etc/matrix
deluser matrix
delgroup matrix
groupdel -f matrix
userdel -r matrix
remove_onion_service matrix ${MATRIX_ONION_PORT}
remove_onion_service matrix ${MATRIX_FEDERATION_ONION_PORT}
@ -497,8 +530,17 @@ function remove_matrix {
function install_home_server {
if [ ! -d /etc/matrix ]; then
function_check git_clone
git_clone $MATRIX_REPO /etc/matrix
if [ -d /repos/matrix ]; then
mkdir /etc/matrix
cp -r -p /repos/matrix/. /etc/matrix
cd /etc/matrix
git pull
else
function_check git_clone
git_clone $MATRIX_REPO /etc/matrix
fi
if [ ! -d /etc/matrix ]; then
echo $'Unable to clone matrix repo'
exit 6724683
@ -575,14 +617,19 @@ function install_home_server {
sleep 5
if [ ! -f $MATRIX_DATA_DIR/homeserver.db ]; then
echo $'No matrix home server database was created'
exit 23782
# On low power systems more sleeping may be needed
sleep 10
if [ ! -f $MATRIX_DATA_DIR/homeserver.db ]; then
echo $'No matrix home server database was created'
exit 23782
fi
fi
chmod -R 700 $MATRIX_DATA_DIR/homeserver.db
MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
systemctl reload tor
systemctl restart tor
if [ ! ${MATRIX_PASSWORD} ]; then
if [ -f ${IMAGE_PASSWORD_FILE} ]; then
@ -603,6 +650,12 @@ function install_home_server {
}
function install_matrix {
if [[ $ONION_ONLY != 'no' ]]; then
return
fi
check_ram_availability 1500
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
fi
@ -637,7 +690,7 @@ function install_matrix {
libjpeg62-turbo-dev libldap-2.4-2 \
libldap2-dev libsasl2-dev \
libsqlite3-dev libssl-dev \
libssl1.0.0 libtool libxml2 \
libssl1.1 libtool libxml2 \
libxml2-dev libxslt1-dev libxslt1.1 \
make python python-dev \
python-pip python-psycopg2 \

36
src/freedombone-app-mediagoblin
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -49,6 +49,14 @@ mediagoblin_variables=(ONION_ONLY
DEFAULT_DOMAIN_NAME
DDNS_PROVIDER)
function logging_on_mediagoblin {
echo -n ''
}
function logging_off_mediagoblin {
echo -n ''
}
function mediagoblin_fix_email {
# This is a crude hack and there may be a better solution
# The cause of verification problems might be that the mediagoblin user
@ -60,7 +68,7 @@ function mediagoblin_fix_email {
echo $'Unable to fix email sending'
exit 792532
fi
if ! grep 'import os' $mgfile; then
if ! grep -q 'import os' $mgfile; then
sed -i '/import sys/a import os' $mgfile
fi
sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
@ -235,6 +243,7 @@ function remove_mediagoblin {
systemctl stop mediagoblin
systemctl disable mediagoblin
rm /etc/systemd/system/mediagoblin.service
systemctl daemon-reload
function_check remove_onion_service
remove_onion_service mediagoblin ${MEDIAGOBLIN_ONION_PORT}
@ -251,8 +260,9 @@ function remove_mediagoblin {
sed -i '/mediagoblin/d' $COMPLETION_FILE
remove_nodejs mediagoblin
deluser mediagoblin
delgroup mediagoblin
groupdel -f mediagoblin
userdel -r mediagoblin
function_check remove_ddns_domain
remove_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
@ -279,7 +289,17 @@ function install_mediagoblin {
chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
chown -hR mediagoblin:www-data /var/lib/mediagoblin
chmod -R g+wx /var/lib/mediagoblin
su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
if [ -d /repos/mediagoblin ]; then
mkdir -p $MEDIAGOBLIN_BASE_DIR/mediagoblin
cp -r -p /repos/mediagoblin/. $MEDIAGOBLIN_BASE_DIR/mediagoblin
cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
git pull
chown -R mediagoblin:mediagoblin $MEDIAGOBLIN_BASE_DIR/mediagoblin
else
su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
fi
su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT" - mediagoblin
su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && git submodule sync" - mediagoblin
su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && git submodule update --force --init --recursive" - mediagoblin
@ -382,6 +402,7 @@ function install_mediagoblin {
echo ' include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
else
@ -438,6 +459,7 @@ function install_mediagoblin {
echo ' include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
@ -469,7 +491,7 @@ function install_mediagoblin {
sed -i 's|allow_reporting.*|allow_reporting = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
if ! grep '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then
if ! grep -q '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then
echo '[[[skip_transcode]]]' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
echo 'container_formats = Matroska, Ogg, ISO MP4/M4A' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
@ -496,7 +518,7 @@ function install_mediagoblin {
nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
systemctl restart php5-fpm
systemctl restart php7.0-fpm
systemctl restart nginx
function_check add_ddns_domain

51
src/freedombone-app-movim
View File

@ -47,6 +47,14 @@ movim_variables=(ONION_ONLY
DDNS_PROVIDER
MY_USERNAME)
function logging_on_movim {
echo -n ''
}
function logging_off_movim {
echo -n ''
}
function remove_user_movim {
remove_username="$1"
@ -152,6 +160,11 @@ function reconfigure_movim {
}
function upgrade_movim {
CURR_MOVIM_COMMIT=$(get_completion_param "movim commit")
if [[ "$CURR_MOVIM_COMMIT" == "$MOVIM_COMMIT" ]]; then
return
fi
if grep -q "movim domain" $COMPLETION_FILE; then
MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
fi
@ -211,6 +224,11 @@ function restore_local_movim {
rm -rf $temp_restore_dir
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php
MARIADB_PASSWORD=
echo $"Restore of movim complete"
fi
}
@ -254,6 +272,12 @@ function restore_remote_movim {
if [ -d /root/tempmovim ]; then
rm -rf /root/tempmovim
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
sed -i "s|'password'.*|'password' => '$MARIADB_PASSWORD',|g" db.inc.php
MARIADB_PASSWORD=
echo $"Restore of movim complete"
fi
}
@ -270,6 +294,7 @@ function remove_movim {
systemctl stop movim
systemctl disable movim
rm /etc/systemd/system/movim.service
systemctl daemon-reload
read_config_param "MY_USERNAME"
echo "Removing $MOVIM_DOMAIN_NAME"
@ -319,15 +344,24 @@ function install_movim {
function_check repair_databases_script
repair_databases_script
apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
apt-get -yq install php5-memcached php5-intl exiftool php5-imagick
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install php-memcached php-intl exiftool php-imagick libfcgi0ldbl
if [ ! -d /var/www/$MOVIM_DOMAIN_NAME ]; then
mkdir /var/www/$MOVIM_DOMAIN_NAME
fi
if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
function_check git_clone
git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs
if [ -d /repos/movim ]; then
mkdir /var/www/$MOVIM_DOMAIN_NAME/htdocs
cp -r -p /repos/movim/. /var/www/$MOVIM_DOMAIN_NAME/htdocs
cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
git pull
else
function_check git_clone
git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs
fi
if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
echo $'Unable to clone movim repo'
exit 76285
@ -435,7 +469,8 @@ function install_movim {
echo ' # PHP' >> $movim_nginx_site
echo ' location ~ \.php {' >> $movim_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $movim_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $movim_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
echo ' fastcgi_read_timeout 30;' >> $movim_nginx_site
echo ' }' >> $movim_nginx_site
echo '' >> $movim_nginx_site
echo ' # Location' >> $movim_nginx_site
@ -494,7 +529,8 @@ function install_movim {
echo ' # PHP' >> $movim_nginx_site
echo ' location ~ \.php {' >> $movim_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $movim_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $movim_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
echo ' fastcgi_read_timeout 30;' >> $movim_nginx_site
echo ' }' >> $movim_nginx_site
echo '' >> $movim_nginx_site
echo ' # Location' >> $movim_nginx_site
@ -549,8 +585,9 @@ function install_movim {
set_completion_param "movim domain" "$MOVIM_DOMAIN_NAME"
systemctl restart mariadb
systemctl start movim
systemctl restart php5-fpm
systemctl restart php7.0-fpm
systemctl restart nginx
APP_INSTALLED=1
}

16
src/freedombone-app-mumble
View File

@ -47,6 +47,22 @@ mumble_variables=(MY_USERNAME
ONION_ONLY
ADMIN_USERNAME)
function logging_on_mumble {
if [ -f /etc/mumble-server.ini ]; then
sed -i 's|logfile=.*|logfile=/var/log/mumble-server.log|g' /etc/mumble-server.ini
fi
}
function logging_off_mumble {
if [ -f /etc/mumble-server.ini ]; then
sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
if [ -d /var/log/mumble-server ]; then
$REMOVE_FILES_COMMAND /var/log/mumble-server/*
rm -rf /var/log/mumble-server
fi
fi
}
function install_interactive_mumble {
echo -n ''
APP_INSTALLED=1

83
src/freedombone-app-nextcloud
View File

@ -38,11 +38,9 @@ SHOW_ON_ABOUT=1
NEXTCLOUD_DOMAIN_NAME=
NEXTCLOUD_CODE=
NEXTCLOUD_ONION_PORT=8112
NEXTCLOUD_DOWNLOAD_URL='https://download.nextcloud.com/server/releases/nextcloud-'
NEXTCLOUD_VERSION='11.0.3'
NEXTCLOUD_REPO="https://github.com/nextcloud/server"
# Stable 11 branch
NEXTCLOUD_COMMIT='4fe02f6e3a812551661a3a7a7ceb4e1f3791cbd3'
# Stable 12 branch
NEXTCLOUD_COMMIT='5e22b330963d01feb636b24e7b1027b50b46e3c2'
NEXTCLOUD_ADMIN_PASSWORD=
nextcloud_variables=(ONION_ONLY
@ -51,6 +49,14 @@ nextcloud_variables=(ONION_ONLY
DDNS_PROVIDER
MY_USERNAME)
function logging_on_nextcloud {
echo -n ''
}
function logging_off_nextcloud {
echo -n ''
}
function remove_user_nextcloud {
remove_username="$1"
@ -178,6 +184,18 @@ function configure_interactive_nextcloud {
}
function upgrade_nextcloud {
CURR_NEXTCLOUD_COMMIT=$(get_completion_param "nextcloud commit")
if [[ "$CURR_NEXTCLOUD_COMMIT" == "$NEXTCLOUD_COMMIT" ]]; then
chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data
cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
sudo -u www-data ./occ maintenance:repair
sudo -u www-data ./occ files:cleanup
sudo -u www-data ./occ files:scan --all
sudo -u www-data ./occ maintenance:mode --off
return
fi
if grep -q "nextcloud domain" $COMPLETION_FILE; then
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
fi
@ -339,7 +357,7 @@ function remove_nextcloud {
function_check remove_nodejs
remove_nodejs pleroma-nextcloud
sed -i 's|env[PATH]|;env[PATH]|g' /etc/php5/fpm/pool.d/www.conf
sed -i 's|env[PATH]|;env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
read_config_param "NEXTCLOUD_DOMAIN_NAME"
read_config_param "MY_USERNAME"
@ -367,7 +385,7 @@ function remove_nextcloud {
function_check remove_ddns_domain
remove_ddns_domain $NEXTCLOUD_DOMAIN_NAME
systemctl restart nginx
systemctl restart php5-fpm
systemctl restart php7.0-fpm
}
function install_nextcloud_main {
@ -389,22 +407,32 @@ function install_nextcloud_main {
function_check repair_databases_script
repair_databases_script
apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
apt-get -yq install php5-memcached php5-intl memcached php5-memcached
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install php-intl memcached php-memcached libfcgi0ldbl
apt-get -yq install php-zip
# Ensure PATH is available to php
if [ ! -f /etc/php5/fpm/pool.d/www.conf ]; then
if [ ! -f /etc/php/7.0/fpm/pool.d/www.conf ]; then
echo $'No php www configuration file found'
exit 628757
fi
sed -i 's|;env[PATH]|env[PATH]|g' /etc/php5/fpm/pool.d/www.conf
sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME
fi
if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
function_check git_clone
git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
if [ -d /repos/nextcloud ]; then
mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
cp -r -p /repos/nextcloud/. /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
git pull
else
function_check git_clone
git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
fi
if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
echo $'Unable to clone nextcloud repo'
exit 87525
@ -463,7 +491,8 @@ function install_nextcloud_main {
echo ' # PHP' >> $nextcloud_nginx_site
echo ' location ~ \.php {' >> $nextcloud_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $nextcloud_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
echo ' fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
echo ' }' >> $nextcloud_nginx_site
echo '' >> $nextcloud_nginx_site
echo ' # Location' >> $nextcloud_nginx_site
@ -518,7 +547,8 @@ function install_nextcloud_main {
echo ' # PHP' >> $nextcloud_nginx_site
echo ' location ~ \.php {' >> $nextcloud_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $nextcloud_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
echo ' fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
echo ' }' >> $nextcloud_nginx_site
echo '' >> $nextcloud_nginx_site
echo ' # Location' >> $nextcloud_nginx_site
@ -592,7 +622,7 @@ function install_nextcloud_main {
NEXTCLOUD_SERVER=${NEXTCLOUD_ONION_HOSTNAME}
fi
systemctl restart php5-fpm
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
@ -600,26 +630,43 @@ function install_nextcloud_main {
${PROJECT_NAME}-pass -u $MY_USERNAME -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
chown -R www-data:www-data config
chown -R www-data:www-data data
if [ -d config ]; then
chown -R www-data:www-data config
fi
if [ -d data ]; then
chown -R www-data:www-data data
fi
chmod +x occ
./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
if [ ! -d data ]; then
echo $'Nextcloud data directory was not found. This probably means that the installation failed.'
echo ''
echo $'Install command was:'
echo "./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" --database mysql --database-user root --database-pass \"${MARIADB_PASSWORD}\""
exit 83522
fi
chown -R www-data:www-data config
chown -R www-data:www-data data
./occ check
./occ status
./occ app:list
./occ app:enable encryption
./occ config:system:set appstoreenabled --value=false
./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME
chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
chmod 0644 .htaccess
chmod 0750 data
chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
sudo -u www-data ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME
sudo -u www-data ./occ config:system:set trusted_domains 2 --value=$NEXTCLOUD_ONION_HOSTNAME
sudo -u www-data ./occ files:cleanup
sudo -u www-data ./occ files:scan --all
sudo -u www-data ./occ maintenance:repair
sudo -u www-data ./occ maintenance:mode --off
systemctl restart mariadb
# move the data directory
mv /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php

9
src/freedombone-app-pelican
View File

@ -49,6 +49,13 @@ pelican_variables=(MY_USERNAME
PELICAN_DOMAIN_NAME
PELICAN_BLOG_CODE)
function logging_on_pelican {
echo -n ''
}
function logging_off_pelican {
echo -n ''
}
function install_pelican_website {
if [[ $ONION_ONLY != 'no' ]]; then
@ -525,7 +532,7 @@ function remove_pelican {
function_check remove_onion_service
remove_onion_service pelican ${PELICAN_ONION_PORT}
remove_app pelican
systemctl reload tor
systemctl restart tor
}
function create_pelican_conf {

29
src/freedombone-app-pihole
View File

@ -54,6 +54,14 @@ pihole_variables=(ONION_ONLY
PIHOLE_DNS1
PIHOLE_DNS2)
function logging_on_pihole {
echo -n ''
}
function logging_off_pihole {
echo -n ''
}
function pihole_copy_files {
if [ ! -d /etc/.pihole ]; then
mkdir /etc/.pihole
@ -278,6 +286,11 @@ function reconfigure_pihole {
}
function upgrade_pihole {
CURR_PIHOLE_COMMIT=$(get_completion_param "pihole commit")
if [[ "$CURR_PIHOLE_COMMIT" == "$PIHOLE_COMMIT" ]]; then
return
fi
function_check set_repo_commit
set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
@ -351,6 +364,11 @@ function remove_pihole {
function install_pihole {
apt-get -yq install dnsmasq curl
adduser --disabled-login --gecos 'pi-hole' pihole
if [ ! -d /home/pihole ]; then
echo $"/home/pihole directory not created"
exit 538929
fi
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -a -G www-data pihole
@ -365,7 +383,16 @@ function install_pihole {
if [ ! -d $INSTALL_DIR/pihole ]; then
cd $INSTALL_DIR
git_clone $PIHOLE_REPO pihole
if [ -d /repos/pihole ]; then
mkdir pihole
cp -r -p /repos/pihole/. pihole
cd pihole
git pull
else
git_clone $PIHOLE_REPO pihole
fi
if [ ! -d $INSTALL_DIR/pihole ]; then
exit 523925
fi

228
src/freedombone-app-postactiv
View File

@ -37,7 +37,7 @@ POSTACTIV_DOMAIN_NAME=
POSTACTIV_CODE=
POSTACTIV_ONION_PORT=8100
POSTACTIV_REPO="https://git.postactiv.com/postActiv/postActiv.git"
POSTACTIV_COMMIT='65fcc4eb440380f2373d428e8dde23fcc73c9f08'
POSTACTIV_COMMIT='0531c469b44aab6a71230778ab4492eca889bb2c'
POSTACTIV_ADMIN_PASSWORD=
POSTACTIV_BACKGROUND_IMAGE_URL=
@ -55,6 +55,14 @@ postactiv_variables=(ONION_ONLY
POSTACTIV_EXPIRE_MONTHS
POSTACTIV_TITLE)
function logging_on_postactiv {
echo -n ''
}
function logging_off_postactiv {
echo -n ''
}
function postactiv_customise_logo {
domain_name=$1
@ -313,15 +321,14 @@ function configure_interactive_postactiv {
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"PostActiv" \
--radiolist $"Choose an operation:" 17 70 8 \
--radiolist $"Choose an operation:" 16 70 7 \
1 $"Set a background image" off \
2 $"Set the title" off \
3 $"Set post expiry period (currently $POSTACTIV_EXPIRE_MONTHS months)" off \
4 $"Select Qvitter user interface" off \
5 $"Select Pleroma user interface" off \
6 $"Select Classic user interface" off \
7 $"Select Armadillo user interface" off \
8 $"Exit" on 2> $data
7 $"Exit" on 2> $data
sel=$?
case $sel in
1) return;;
@ -334,8 +341,7 @@ function configure_interactive_postactiv {
4) gnusocial_use_qvitter postactiv;;
5) gnusocial_use_pleroma postactiv;;
6) gnusocial_use_classic postactiv;;
7) gnusocial_use_armadillo postactiv;;
8) break;;
7) break;;
esac
done
}
@ -375,6 +381,7 @@ function upgrade_postactiv {
postactiv_customise_logo
install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
chown -R www-data:www-data /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
systemctl restart mariadb
}
@ -384,21 +391,34 @@ function backup_local_postactiv {
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
fi
source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
if [ -d $source_directory ]; then
dest_directory=postactiv
function_check suspend_site
suspend_site ${POSTACTIV_DOMAIN_NAME}
# don't backup more data than we need to
postactiv-expire
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
function_check backup_database_to_usb
backup_database_to_usb postactiv
function_check restart_site
restart_site
source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
if [ ! -d $source_directory ]; then
mkdir $source_directory
fi
cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
fi
function_check suspend_site
suspend_site ${POSTACTIV_DOMAIN_NAME}
function_check backup_directory_to_usb
dest_directory=postactivconfig
backup_directory_to_usb $source_directory $dest_directory
source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
dest_directory=postactivfile
backup_directory_to_usb $source_directory $dest_directory
function_check backup_database_to_usb
backup_database_to_usb postactiv
function_check restart_site
restart_site
}
function restore_local_postactiv {
@ -407,68 +427,122 @@ function restore_local_postactiv {
fi
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
if [ $POSTACTIV_DOMAIN_NAME ]; then
echo $"Restoring postactiv"
temp_restore_dir=/root/temppostactiv
postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
# stop the daemons
cd $postactiv_dir
su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
scripts/stopdaemons.sh
function_check postactiv_create_database
postactiv_create_database
restore_database postactiv ${POSTACTIV_DOMAIN_NAME}
restore_database postactiv
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
# start the daemons
cd $postactiv_dir
su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir postactivconfig
if [ -d $temp_restore_dir ]; then
cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
chown www-data:www-data $postactiv_dir/config.php
cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
chown -R www-data:www-data $postactiv_dir/static
rm -rf $temp_restore_dir
fi
restore_directory_from_usb $temp_restore_dir postactivfile
if [ -d $temp_restore_dir ]; then
cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
chown -R www-data:www-data $postactiv_dir/file
rm -rf $temp_restore_dir
fi
gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
echo $"Restore of postactiv complete"
fi
}
function backup_remote_postactiv {
POSTACTIV_DOMAIN_NAME='postactiv'
if grep -q "postactiv domain" $COMPLETION_FILE; then
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
temp_backup_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
function_check suspend_site
suspend_site ${POSTACTIV_DOMAIN_NAME}
function_check backup_database_to_friend
backup_database_to_friend postactiv
function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir postactiv
function_check restart_site
restart_site
else
echo $"postactiv domain specified but not found in ${temp_backup_dir}"
fi
fi
# don't backup more data than we need to
postactiv-expire
source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
if [ ! -d $source_directory ]; then
mkdir $source_directory
fi
cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
fi
function_check suspend_site
suspend_site ${POSTACTIV_DOMAIN_NAME}
function_check backup_directory_to_friend
dest_directory=postactivconfig
backup_directory_to_friend $source_directory $dest_directory
source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
dest_directory=postactivfile
backup_directory_to_friend $source_directory $dest_directory
function_check backup_database_to_friend
backup_database_to_friend postactiv
function_check restart_site
restart_site
}
function restore_remote_postactiv {
if grep -q "postactiv domain" $COMPLETION_FILE; then
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
if ! grep -q "postactiv domain" $COMPLETION_FILE; then
return
fi
POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
if [ $POSTACTIV_DOMAIN_NAME ]; then
echo $"Restoring postactiv"
temp_restore_dir=/root/temppostactiv
postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
# stop the daemons
cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
cd $postactiv_dir
scripts/stopdaemons.sh
function_check postactiv_create_database
postactiv_create_database
function_check restore_database_from_friend
restore_database_from_friend postactiv ${POSTACTIV_DOMAIN_NAME}
if [ -d /root/temppostactiv ]; then
rm -rf /root/temppostactiv
restore_database_from_friend postactiv
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
# start the daemons
cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir postactivconfig
if [ -d $temp_restore_dir ]; then
cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
chown www-data:www-data $postactiv_dir/config.php
cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
chown -R www-data:www-data $postactiv_dir/static
rm -rf $temp_restore_dir
fi
restore_directory_from_friend $temp_restore_dir postactivfile
if [ -d $temp_restore_dir ]; then
cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
chown -R www-data:www-data $postactiv_dir/file
rm -rf $temp_restore_dir
fi
gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
echo $"Restore of postactiv complete"
fi
}
@ -488,8 +562,8 @@ function remove_postactiv {
rm /etc/cron.hourly/postactiv-daemons
fi
if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts
su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
scripts/stopdaemons.sh
fi
kill_pid=$(ps aux | grep /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
kill -9 $kill_pid
@ -540,15 +614,24 @@ function install_postactiv_main {
function_check repair_databases_script
repair_databases_script
apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
apt-get -yq install php5-memcached php5-intl exiftool
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
mkdir /var/www/$POSTACTIV_DOMAIN_NAME
fi
if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
function_check git_clone
git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
if [ -d /repos/postactiv ]; then
mkdir /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
cp -r -p /repos/postactiv/. /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
git pull
else
function_check git_clone
git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
fi
if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
echo $'Unable to clone postactiv repo'
exit 87525
@ -583,6 +666,8 @@ function install_postactiv_main {
function_check add_ddns_domain
add_ddns_domain $POSTACTIV_DOMAIN_NAME
POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT})
postactiv_nginx_site=/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
@ -617,7 +702,8 @@ function install_postactiv_main {
echo ' # PHP' >> $postactiv_nginx_site
echo ' location ~ \.php {' >> $postactiv_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $postactiv_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
echo ' fastcgi_read_timeout 30;' >> $postactiv_nginx_site
echo ' }' >> $postactiv_nginx_site
echo '' >> $postactiv_nginx_site
echo ' # Location' >> $postactiv_nginx_site
@ -644,7 +730,7 @@ function install_postactiv_main {
fi
echo 'server {' >> $postactiv_nginx_site
echo " listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;" >> $postactiv_nginx_site
echo " server_name $POSTACTIV_DOMAIN_NAME;" >> $postactiv_nginx_site
echo " server_name $POSTACTIV_ONION_HOSTNAME;" >> $postactiv_nginx_site
echo '' >> $postactiv_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME
@ -665,7 +751,8 @@ function install_postactiv_main {
echo ' # PHP' >> $postactiv_nginx_site
echo ' location ~ \.php {' >> $postactiv_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $postactiv_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
echo ' fastcgi_read_timeout 30;' >> $postactiv_nginx_site
echo ' }' >> $postactiv_nginx_site
echo '' >> $postactiv_nginx_site
echo ' # Location' >> $postactiv_nginx_site
@ -713,8 +800,6 @@ function install_postactiv_main {
postactiv_ssl='never'
fi
POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT})
POSTACTIV_SERVER=${POSTACTIV_DOMAIN_NAME}
if [[ $ONION_ONLY != 'no' ]]; then
POSTACTIV_SERVER=${POSTACTIV_ONION_HOSTNAME}
@ -776,7 +861,8 @@ function install_postactiv_main {
rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php
fi
systemctl restart php5-fpm
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
@ -798,11 +884,9 @@ function install_postactiv {
install_postactiv_main
install_qvitter "$POSTACTIV_DOMAIN_NAME" "postactiv"
#function_check install_nodejs
#install_nodejs pleroma-postactiv
install_armadillo_front_end "postactiv" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL"
install_gnusocial_markdown "$POSTACTIV_DOMAIN_NAME" "postactiv"
install_gnusocial_plugin_sharings "$POSTACTIV_DOMAIN_NAME" "postactiv"
install_gnusocial_plugin_sharings_theme "$POSTACTIV_DOMAIN_NAME" "postactiv"
# Currently Pleroma won't install on ARM systems
# because it uses node-sass which doesn't support ARM
@ -825,6 +909,14 @@ function install_postactiv {
systemctl restart nginx
# Set qvitter to be the default UI. It's probably the most stable.
# And doesn't forget logins
gnusocial_use_qvitter postactiv
if [ $POSTACTIV_BACKGROUND_IMAGE_URL ]; then
pleroma_set_background_image_from_url "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
fi
APP_INSTALLED=1
}

39
src/freedombone-app-profanity
View File

@ -48,6 +48,14 @@ xmpp_variables=(ONION_ONLY
DEFAULT_DOMAIN_NAME
XMPP_DOMAIN_CODE)
function logging_on_profanity {
echo -n ''
}
function logging_off_profanity {
echo -n ''
}
function remove_user_profanity {
remove_username="$1"
}
@ -198,7 +206,15 @@ function install_profanity {
apt-get -yq install libotr5-dev libgpgme11-dev python-dev libreadline-dev
# dependency for profanity not available in debian
git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode
if [ -d /repos/libmesode ]; then
mkdir $INSTALL_DIR/libmesode
cp -r -p /repos/libmesode/. $INSTALL_DIR/libmesode
cd $INSTALL_DIR/libmesode
git pull
else
git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode
fi
cd $INSTALL_DIR/libmesode
git checkout $LIBMESODE_COMMIT -b $LIBMESODE_COMMIT
./bootstrap.sh
@ -208,7 +224,15 @@ function install_profanity {
cp /usr/local/lib/libmesode* /usr/lib
# build profanity
git_clone $PROFANITY_REPO $INSTALL_DIR/profanity
if [ -d /repos/profanity ]; then
mkdir $INSTALL_DIR/profanity
cp -r -p /repos/profanity/. $INSTALL_DIR/profanity
cd $INSTALL_DIR/profanity
git pull
else
git_clone $PROFANITY_REPO $INSTALL_DIR/profanity
fi
cd $INSTALL_DIR/profanity
git checkout $PROFANITY_COMMIT -b $PROFANITY_COMMIT
./bootstrap.sh
@ -223,7 +247,16 @@ function install_profanity {
# install the omemo plugin
apt-get -yq install python-pip python-setuptools clang libffi-dev libssl-dev python-dev
git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin
if [ -d /repos/profanity-omemo ]; then
mkdir $INSTALL_DIR/profanity-omemo-plugin
cp -r -p /repos/profanity-omemo/. $INSTALL_DIR/profanity-omemo-plugin
cd $INSTALL_DIR/profanity-omemo-plugin
git pull
else
git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin
fi
cd $INSTALL_DIR/profanity-omemo-plugin
git checkout $PROFANITY_OMEMO_PLUGIN_COMMIT -b $PROFANITY_OMEMO_PLUGIN_COMMIT
if [ ! -f $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py ]; then

16
src/freedombone-app-radicale
View File

@ -31,7 +31,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim'
VARIANTS=''
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
@ -50,6 +50,14 @@ radicale_variables=(ONION_ONLY
RADICALE_PASSWORD
DEFAULT_DOMAIN_NAME)
function logging_on_radicale {
echo -n ''
}
function logging_off_radicale {
echo -n ''
}
function remove_user_radicale {
remove_username="$1"
@ -274,6 +282,7 @@ function remove_radicale {
if [ -f /etc/systemd/system/radicale.service ]; then
rm /etc/systemd/system/radicale.service
fi
systemctl daemon-reload
if [ -f /etc/nginx/sites-available/radicale ]; then
rm /etc/nginx/sites-available/radicale
fi
@ -282,7 +291,9 @@ function remove_radicale {
fi
firewall_remove ${RADICALE_PORT} tcp
deluser radicale
groupdel -f radicale
userdel -r radicale
function_check remove_onion_service
remove_onion_service radicale ${RADICALE_ONION_PORT}
@ -323,6 +334,7 @@ function install_radicale {
useradd -c "Radicale system account" -d /var/www/radicale -m -r -g radicale radicale
usermod -a -G www-data radicale
groupadd radicale
# create directories
if [ ! -d /var/log/radicale ]; then

37
src/freedombone-app-riot
View File

@ -46,8 +46,17 @@ riot_variables=(MY_USERNAME
RIOT_DOMAIN_NAME
MATRIX_DOMAIN_NAME
SYSTEM_TYPE
ONION_ONLY
DDNS_PROVIDER)
function logging_on_riot {
echo -n ''
}
function logging_off_riot {
echo -n ''
}
function remove_user_riot {
echo -n ''
}
@ -206,6 +215,10 @@ function remove_riot {
}
function install_riot {
if [[ $ONION_ONLY != 'no' ]]; then
return
fi
# check that matrix has been installed
if [ ! $MATRIX_DOMAIN_NAME ]; then
exit 687292
@ -217,6 +230,9 @@ function install_riot {
exit 827334
fi
function_check get_completion_param
MATRIX_ONION_DOMAIN_NAME=$(get_completion_param "matrix onion domain")
apt-get -yq install wget
if [ ! -d /var/www/$RIOT_DOMAIN_NAME/htdocs ]; then
@ -232,12 +248,21 @@ function install_riot {
cd /var/www/$RIOT_DOMAIN_NAME/htdocs
cp config.sample.json config.json
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"https://${MATRIX_DOMAIN_NAME}/\",|g" config.json
sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"https://${MATRIX_DOMAIN_NAME}/api\",|g" config.json
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
sed -i "/\"servers\":/a \"matrix.freedombone.net\"," config.json
if [[ $ONION_ONLY == 'no' ]]; then
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"https://${MATRIX_DOMAIN_NAME}/\",|g" config.json
sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"https://${MATRIX_DOMAIN_NAME}/api\",|g" config.json
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," config.json
else
sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/\",|g" config.json
sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/api\",|g" config.json
sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" config.json
sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," config.json
fi
RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})

93
src/freedombone-app-rss
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -53,6 +53,24 @@ rss_variables=(RSS_READER_REPO
USB_MOUNT
MY_USERNAME)
function logging_on_rss {
echo -n ''
}
function logging_off_rss {
echo -n ''
}
function remove_user_rss {
remove_username="$1"
}
function add_user_rss {
new_username="$1"
new_user_password="$2"
echo '0'
}
function install_interactive_rss {
echo -n ''
APP_INSTALLED=1
@ -86,6 +104,11 @@ function reconfigure_rss {
}
function upgrade_rss {
CURR_RSS_READER_COMMIT=$(get_completion_param "rss reader commit")
if [[ "$CURR_RSS_READER_COMMIT" == "$RSS_READER_COMMIT" ]]; then
return
fi
RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
if [[ $(app_is_installed rss) == "1" ]]; then
@ -180,6 +203,10 @@ function restore_local_rss {
rm -rf $temp_restore_dir
fi
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
MARIADB_PASSWORD=
}
function backup_remote_rss {
@ -238,6 +265,11 @@ function restore_remote_rss {
if [ -d /root/tempttrss ]; then
rm -rf /root/tempttrss
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
MARIADB_PASSWORD=
echo $"Restore of ttrss complete"
fi
}
@ -249,7 +281,8 @@ function remove_rss {
nginx_dissite $RSS_READER_DOMAIN_NAME
function_check remove_onion_service
remove_onion_service rss ${RSS_READER_ONION_PORT} ${RSS_MOBILE_READER_ONION_PORT}
remove_onion_service mobilerss ${RSS_MOBILE_READER_ONION_PORT}
remove_onion_service rss ${RSS_READER_ONION_PORT}
if [ -f /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
fi
@ -261,6 +294,7 @@ function remove_rss {
remove_completion_param install_rss
sed -i '/RSS /d' $COMPLETION_FILE
sed -i '/rss /d' $COMPLETION_FILE
sed -i '/rss_/d' $COMPLETION_FILE
remove_backup_database_local ttrss
}
@ -294,15 +328,27 @@ function install_rss_main {
function_check remove_onion_service
remove_onion_service rss ${RSS_READER_ONION_PORT} ${RSS_MOBILE_READER_ONION_PORT}
apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git
apt-get -yq install curl php-xml-parser php5-mcrypt
apt-get -yq install php-gettext php-curl php-gd php-mysql git
apt-get -yq install curl php-mcrypt libfcgi0ldbl
remove_onion_service mobilerss ${RSS_MOBILE_READER_ONION_PORT}
remove_onion_service rss ${RSS_READER_ONION_PORT}
if [ ! -d /etc/share ]; then
mkdir /etc/share
fi
cd /etc/share
function_check git_clone
git_clone $RSS_READER_REPO tt-rss
if [ -d /repos/rss ]; then
mkdir tt-rss
cp -r -p /repos/rss/. tt-rss
cd tt-rss
git pull
else
function_check git_clone
git_clone $RSS_READER_REPO tt-rss
fi
if [ ! -d $RSS_READER_PATH ]; then
echo $'Could not clone RSS reader repo'
exit 52925
@ -323,7 +369,12 @@ function install_rss_main {
rss_create_database
RSS_READER_ONION_HOSTNAME=$(add_onion_service rss 80 ${RSS_READER_ONION_PORT})
RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service rss_mobile 80 ${RSS_MOBILE_READER_ONION_PORT})
sleep 2
RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT})
set_completion_param "rss_mobile onion domain" "$RSS_MOBILE_READER_ONION_HOSTNAME"
echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo " listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
@ -337,7 +388,8 @@ function install_rss_main {
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
@ -375,7 +427,8 @@ function install_rss_main {
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
@ -396,7 +449,7 @@ function install_rss_main {
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
@ -420,7 +473,7 @@ function install_rss_main {
# generate a config file
RSS_FEED_CRYPT_KEY="$(create_password 24)"
echo '<?php' > $RSS_READER_PATH/config.php
echo " define ('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
echo " define('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
echo " define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
echo " define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
echo " define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
@ -482,13 +535,14 @@ function install_rss_main {
configure_php
nginx_ensite $RSS_READER_DOMAIN_NAME
systemctl restart php5-fpm
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
# daemon to update feeds
echo '[Unit]' > /etc/systemd/system/ttrss.service
echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
echo 'After=network.target mysql.service' >> /etc/systemd/system/ttrss.service
echo 'After=network.target mariadb.service' >> /etc/systemd/system/ttrss.service
echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
echo '' >> /etc/systemd/system/ttrss.service
echo '[Service]' >> /etc/systemd/system/ttrss.service
@ -570,8 +624,17 @@ function install_rss_mobile_reader {
fi
cd /etc/share
function_check git_clone
git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
if [ -d /repos/rss-mobile ]; then
mkdir ttrss-mobile
cp -r -p /repos/rss-mobile/. ttrss-mobile
cd ttrss-mobile
git pull
else
function_check git_clone
git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
fi
if [ ! -d $RSS_MOBILE_READER_PATH ]; then
echo $'Could not clone RSS mobile reader repo'
exit 24816

12
src/freedombone-app-scuttlebot
View File

@ -10,6 +10,7 @@
#
# scuttlebot pub application
# https://scuttlebot.io
# Problem: on occasion uses 100% of the CPU, severely impacting other services
#
# License
# =======
@ -29,7 +30,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim chat'
VARIANTS=''
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
@ -42,6 +43,14 @@ scuttlebot_variables=(MY_USERNAME
DEFAULT_DOMAIN_NAME
SYSTEM_TYPE)
function logging_on_scuttlebot {
echo -n ''
}
function logging_off_scuttlebot {
echo -n ''
}
function scuttlebot_create_invite {
invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')
@ -166,6 +175,7 @@ function remove_scuttlebot {
systemctl stop scuttlebot
systemctl disable scuttlebot
rm /etc/systemd/system/scuttlebot.service
systemctl daemon-reload
userdel -r scuttlebot

57
src/freedombone-app-searx
View File

@ -35,7 +35,7 @@ SHOW_ON_ABOUT=1
SHOW_ICANN_ADDRESS_ON_ABOUT=0
SEARX_REPO="https://github.com/asciimoo/searx"
SEARX_COMMIT='259735f30901ae884f8234f1f138c28a9e59713a'
SEARX_COMMIT='80460be8f69cea5f15c9d5ddbb63e4e48fde2dd0'
SEARX_PATH=/etc
SEARX_ONION_PORT=8094
SEARX_ONION_HOSTNAME=
@ -48,6 +48,14 @@ searx_variables=(SEARX_LOGIN_TEXT
SEARX_BACKGROUND_IMAGE_URL
SYSTEM_TYPE)
function logging_on_searx {
echo -n ''
}
function logging_off_searx {
echo -n ''
}
function searx_set_default_background {
if [ -f ~/freedombone/img/backgrounds/searx.jpg ]; then
cp ~/freedombone/img/backgrounds/searx.jpg /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
@ -737,6 +745,11 @@ function create_searx_config {
}
function upgrade_searx {
CURR_SEARX_COMMIT=$(get_completion_param "searx commit")
if [[ "$CURR_SEARX_COMMIT" == "$SEARX_COMMIT" ]]; then
return
fi
settings_file=${SEARX_PATH}/searx/searx/settings.yml
background_image=/etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
@ -789,6 +802,8 @@ function remove_searx {
systemctl stop searx
systemctl disable searx
rm /etc/systemd/system/searx.service
systemctl daemon-reload
function_check remove_onion_service
remove_onion_service searx ${SEARX_ONION_PORT}
userdel -r searx
@ -811,8 +826,15 @@ function install_searx {
exit 62429
fi
apt-get -yq install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
apt-get -yq install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi imagemagick
apt-get -yq install python-pip libyaml-dev python-werkzeug python-babel python-lxml
apt-get -yq install git build-essential libxslt-dev python-dev python-virtualenv zlib1g-dev uwsgi uwsgi-plugin-python imagemagick
apt-get -yq install apache2-utils
apt-get -yq remove --purge apache2-bin*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo $'Removed Apache installation'
fi
pip install --upgrade pip
@ -846,14 +868,35 @@ function install_searx {
exit 63738
fi
pip install requests --upgrade
if [ ! "$?" = "0" ]; then
echo $'Failed to install requests'
exit 357282
fi
pip install pygments --upgrade
if [ ! "$?" = "0" ]; then
echo $'Failed to install pygments'
exit 357282
fi
if [ ! -d $SEARX_PATH ]; then
mkdir -p $SEARX_PATH
fi
# clone the repo
cd $SEARX_PATH
function_check git_clone
git_clone $SEARX_REPO searx
if [ -d /repos/searx ]; then
mkdir searx
cp -r -p /repos/searx/. searx
cd searx
git pull
else
function_check git_clone
git_clone $SEARX_REPO searx
fi
git checkout $SEARX_COMMIT -b $SEARX_COMMIT
set_completion_param "searx commit" "$SEARX_COMMIT"
@ -915,7 +958,7 @@ function install_searx {
echo '}' >> /etc/nginx/sites-available/searx
# replace the secret key
if ! grep "searx key" $COMPLETION_FILE; then
if ! grep -q "searx key" $COMPLETION_FILE; then
SEARX_SECRET_KEY="$(create_password 30)"
set_completion_param "searx key" "${SEARX_SECRET_KEY}"
fi
@ -930,7 +973,7 @@ function install_searx {
nginx_ensite searx
# restart the web server
systemctl restart php5-fpm
systemctl restart php7.0-fpm
systemctl restart nginx
# start the daemon

12
src/freedombone-app-sip
View File

@ -50,6 +50,14 @@ sip_variables=(ONION_ONLY
TURN_TLS_PORT
TURN_NONCE)
function logging_on_sip {
echo -n ''
}
function logging_off_sip {
echo -n ''
}
function remove_user_sip {
remove_username="$1"
${PROJECT_NAME}-rmsipuser ${remove_username}
@ -146,7 +154,7 @@ function restore_local_sip {
exit 3679
fi
rm -rf $temp_restore_dir
service sipwitch restart
systemctl restart sipwitch
echo $"Restore of SIP settings complete"
fi
}
@ -212,7 +220,7 @@ function update_sipwitch_daemon {
return
fi
service sipwitch stop
systemctl stop sipwitch
# remove the original sipwitch daemon if it exists
if [ -f /etc/init.d/sipwitch ]; then

24
src/freedombone-app-syncthing
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -51,6 +51,14 @@ syncthing_variables=(SYNCTHING_ID
SYNCTHING_SHARED_DATA
USB_MOUNT)
function logging_on_syncthing {
echo -n ''
}
function logging_off_syncthing {
echo -n ''
}
function syncthing_create_ids_file {
if [ ! -f ~/.syncthing-server-id ]; then
return
@ -458,8 +466,9 @@ function remove_syncthing {
firewall_remove ${SYNCTHING_PORT}
systemctl stop syncthing
systemctl disable syncthing
apt-get -yq remove --purge syncthing
rm /etc/systemd/system/syncthing.service
systemctl daemon-reload
apt-get -yq remove --purge syncthing
sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab
remove_completion_param install_syncthing
remove_completion_param configure_firewall_for_syncthing
@ -475,12 +484,19 @@ function configure_firewall_for_syncthing {
mark_completed $FUNCNAME
}
function install_syncthing {
apt-get -yq install curl
function install_syncthing_repo {
if [ -f /etc/apt/sources.list.d/syncthing.list ]; then
return
fi
apt-get -yq install curl
curl -s https://syncthing.net/release-key.txt | apt-key add -
echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list
apt-get update
}
function install_syncthing {
install_syncthing_repo
apt-get -yq install syncthing
# This probably does need to run as root so that it can access the Sync directories

172
src/freedombone-app-tahoelafs
View File

@ -36,16 +36,14 @@ IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
SHOW_ICANN_ADDRESS_ON_ABOUT=0
TAHOELAFS_REPO="https://github.com/tahoe-lafs/tahoe-lafs"
TAHOELAFS_COMMIT='bb782b0331a60de438136a593bba18338d8d866b'
TAHOELAFS_PORT=50213
TAHOELAFS_STORAGE_PORT=50214
TAHOELAFS_ONION_PORT=8096
TAHOELAFS_STORAGE_ONION_PORT=8097
TAHOE_COMMAND="cd /home/tahoelafs/tahoelafs && venv/bin/tahoe"
tahoelafs_storage_file=/home/tahoelafs/client/private/servers.yaml
TAHOE_DIR=/home/tahoelafs
TAHOE_COMMAND='/usr/bin/tahoe'
tahoelafs_storage_file=$TAHOE_DIR/client/private/servers.yaml
TAHOELAFS_SHARES_NEEDED=3
TAHOELAFS_SHARES_HAPPY=7
@ -53,12 +51,19 @@ TAHOELAFS_SHARES_TOTAL=10
tahoelafs_variables=(ONION_ONLY
MY_USERNAME
TAHOELAFS_REPO
TAHOELAFS_PORT
TAHOELAFS_SHARES_NEEDED
TAHOELAFS_SHARES_HAPPY
TAHOELAFS_SHARES_TOTAL)
function logging_on_tahoelafs {
echo -n ''
}
function logging_off_tahoelafs {
echo -n ''
}
function add_user_tahoelafs {
if [[ $(app_is_installed tahoelafs) == "0" ]]; then
echo '0'
@ -68,7 +73,7 @@ function add_user_tahoelafs {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a tahoelafs -p "$new_user_password"
if grep "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/${new_username}:/d' /etc/nginx/.htpasswd-tahoelafs
fi
echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${new_username}
@ -78,7 +83,7 @@ function add_user_tahoelafs {
function remove_user_tahoelafs {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp tahoelafs
if grep "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/${remove_username}:/d' /etc/nginx/.htpasswd-tahoelafs
fi
}
@ -87,7 +92,7 @@ function change_password_tahoelafs {
change_username="$1"
change_password="$2"
${PROJECT_NAME}-pass -u $change_username -a tahoelafs -p "$change_password"
if grep "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/tahoe-${change_username}:/d' /etc/nginx/.htpasswd-tahoelafs
fi
echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${change_username}
@ -164,13 +169,13 @@ function edit_tahoelafs_shares {
TAHOELAFS_SHARES_TOTAL=${tl_total}
fi
sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" /home/tahoelafs/tahoelafs/client/tahoe.cfg
sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" /home/tahoelafs/tahoelafs/client/tahoe.cfg
sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" /home/tahoelafs/tahoelafs/client/tahoe.cfg
sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" $TAHOE_DIR/tahoelafs/client/tahoe.cfg
sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" $TAHOE_DIR/tahoelafs/client/tahoe.cfg
sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" $TAHOE_DIR/tahoelafs/client/tahoe.cfg
sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" /home/tahoelafs/tahoelafs/storage/tahoe.cfg
sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" /home/tahoelafs/tahoelafs/storage/tahoe.cfg
sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" /home/tahoelafs/tahoelafs/storage/tahoe.cfg
sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" $TAHOE_DIR/tahoelafs/storage/tahoe.cfg
sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" $TAHOE_DIR/tahoelafs/storage/tahoe.cfg
sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" $TAHOE_DIR/tahoelafs/storage/tahoe.cfg
systemctl restart tahoelafs-storage
systemctl restart tahoelafs-client
@ -263,7 +268,7 @@ function tahoelafs_setup_storage_config {
echo '[connections]' >> $config_file
echo 'tcp = tor' >> $config_file
chown -R tahoelafs:debian-tor /home/tahoelafs
chown -R tahoelafs:debian-tor $TAHOE_DIR
}
function install_interactive_tahoelafs {
@ -272,22 +277,11 @@ function install_interactive_tahoelafs {
}
function upgrade_tahoelafs {
if [ ! -d /home/tahoelafs/tahoelafs ]; then
return
fi
systemctl stop tahoelafs
function_check set_repo_commit
set_repo_commit /home/tahoelafs/tahoelafs "tahoelafs commit" "$TAHOELAFS_COMMIT" $TAHOELAFS_REPO
cd /home/tahoelafs/tahoelafs
git submodule update --init --recursive
virtualenv venv
venv/bin/pip install --editable .
chown -R tahoelafs:debian-tor /home/tahoelafs
systemctl start tahoelafs
echo -n ''
}
function backup_local_tahoelafs {
source_directory=/home/tahoelafs
source_directory=$TAHOE_DIR
if [ ! -d $source_directory ]; then
return
fi
@ -304,21 +298,21 @@ function restore_local_tahoelafs {
systemctl stop tahoelafs-client
temp_restore_dir=/root/temptahoelafs
restore_directory_from_usb $temp_restore_dir tahoelafs
mv /home/tahoelafs /home/tahoelafs-old
cp -r $temp_restore_dir/home/tahoelafs /home/tahoelafs
mv $TAHOE_DIR ${TAHOE_DIR}-old
cp -r $temp_restore_dir$TAHOE_DIR $TAHOE_DIR
if [ ! "$?" = "0" ]; then
mv /home/tahoelafs-old /home/tahoelafs
mv ${TAHOE_DIR}-old $TAHOE_DIR
exit 246833
fi
rm -rf /home/tahoelafs-old
chown -R tahoelafs:debian-tor /home/tahoelafs
rm -rf ${TAHOE_DIR}-old
chown -R tahoelafs:debian-tor $TAHOE_DIR
systemctl start tahoelafs-client
systemctl start tahoelafs-storage
echo $"Restore complete"
}
function backup_remote_tahoelafs {
source_directory=/home/tahoelafs
source_directory=$TAHOE_DIR
if [ ! -d $source_directory ]; then
return
fi
@ -337,14 +331,14 @@ function restore_remote_tahoelafs {
systemctl stop tahoelafs-client
temp_restore_dir=/root/temptahoelafs
restore_directory_from_friend $temp_restore_dir tahoelafs
mv /home/tahoelafs /home/tahoelafs-old
cp -r $temp_restore_dir/home/tahoelafs /home/tahoelafs
mv $TAHOE_DIR ${TAHOE_DIR}-old
cp -r $temp_restore_dir$TAHOE_DIR $TAHOE_DIR
if [ ! "$?" = "0" ]; then
mv /home/tahoelafs-old /home/tahoelafs
mv ${TAHOE_DIR}old $TAHOE_DIR
exit 623925
fi
rm -rf /home/tahoelafs-old
chown -R tahoelafs:debian-tor /home/tahoelafs
rm -rf ${$TAHOE_DIR}-old
chown -R tahoelafs:debian-tor $TAHOE_DIR
systemctl start tahoelafs-client
systemctl start tahoelafs-storage
echo $"Restore complete"
@ -370,10 +364,15 @@ function remove_tahoelafs {
systemctl stop tahoelafs-storage
systemctl disable tahoelafs-storage
rm /etc/systemd/system/tahoelafs-storage.service
systemctl daemon-reload
systemctl stop tahoelafs-client
systemctl disable tahoelafs-client
rm /etc/systemd/system/tahoelafs-client.service
systemctl daemon-reload
pip uninstall tahoe-lafs[tor]
apt-get -yq remove tahoe-lafs
if [ -d /var/lib/tahoelafs ]; then
rm -rf /var/lib/tahoelafs
@ -383,32 +382,18 @@ function remove_tahoelafs {
remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT}
remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} $(get_tahoelafs_nick)
sed -i '/HidServAuth /d' /etc/tor/torrc
deluser tahoelafs
if [ -d /home/tahoelafs ]; then
rm -rf /home/tahoelafs
groupdel -f tahoelafs
userdel -r tahoelafs
if [ -d $TAHOE_DIR ]; then
rm -rf $TAHOE_DIR
fi
remove_app tahoelafs
if [ -f /etc/nginx/.htpasswd-tahoelafs ]; then
shred -zu /etc/nginx/.htpasswd-tahoelafs
fi
remove_completion_param "tahoelafs commit"
systemctl reload tor
}
function install_tahoelafs_to_directory {
tahoe_dir=$1
git_clone $TAHOELAFS_REPO $tahoe_dir
cd $tahoe_dir
git checkout $TAHOELAFS_COMMIT -b $TAHOELAFS_COMMIT
git submodule update --init --recursive
virtualenv venv --distribute
venv/bin/pip uninstall --yes setuptools
venv/bin/pip install setuptools==11.3
venv/bin/pip install six==1.10.0 packaging==16.8 attrs==16.3.0 appdirs==1.4.2 pycrypto==2.1.0 cffi==1.9.1
venv/bin/pip install cryptography==1.7.2 markerlib==0.6.0 distribute==0.7.3
venv/bin/pip install txtorcon==0.18.0
venv/bin/pip install --editable .
onion_update
}
function create_tahoelafs_stealth_node {
@ -496,7 +481,7 @@ function create_tahoelafs_client {
}
function get_tahoelafs_furl {
furl=$(cat /home/tahoelafs/storage/private/storage.furl)
furl=$(cat $TAHOE_DIR/storage/private/storage.furl)
furl_1=$(echo "${furl}" | awk -F ' ' '{print $1}')
furl_2=$(echo "${furl}" | awk -F ':' '{print $5}')
echo "${furl_1}:${furl_2}"
@ -511,7 +496,7 @@ function get_tahoelafs_storage_hostname {
}
function get_tahoelafs_public_key {
echo "$(cat /home/tahoelafs/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')"
echo "$(cat $TAHOE_DIR/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')"
}
function add_tahoelafs_server {
@ -572,12 +557,12 @@ function create_tahoelafs_daemon {
echo 'Type=simple' >> $TAHOELAFS_DAEMON_FILE
echo "User=tahoelafs" >> $TAHOELAFS_DAEMON_FILE
echo "Group=debian-tor" >> $TAHOELAFS_DAEMON_FILE
echo "WorkingDirectory=/home/tahoelafs/tahoelafs" >> $TAHOELAFS_DAEMON_FILE
echo "ExecStart=/home/tahoelafs/tahoelafs/venv/bin/tahoe run /home/tahoelafs/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
echo "ExecStop=/home/tahoelafs/tahoelafs/venv/bin/tahoe stop /home/tahoelafs/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
echo "WorkingDirectory=${TAHOE_DIR}" >> $TAHOELAFS_DAEMON_FILE
echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
echo 'Restart=on-failure' >> $TAHOELAFS_DAEMON_FILE
echo 'RestartSec=10' >> $TAHOELAFS_DAEMON_FILE
echo "Environment=\"USER=tahoelafs\" \"HOME=/home/tahoelafs\"" >> $TAHOELAFS_DAEMON_FILE
echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"" >> $TAHOELAFS_DAEMON_FILE
echo '' >> $TAHOELAFS_DAEMON_FILE
echo '[Install]' >> $TAHOELAFS_DAEMON_FILE
echo 'WantedBy=multi-user.target' >> $TAHOELAFS_DAEMON_FILE
@ -627,7 +612,7 @@ function create_tahoelafs_web {
if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then
touch /etc/nginx/.htpasswd-tahoelafs
fi
if grep "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/${MY_USERNAME}:/d' /etc/nginx/.htpasswd-tahoelafs
fi
echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${MY_USERNAME}
@ -643,30 +628,42 @@ function install_tahoelafs {
fi
apt-get -yq install build-essential python-pip python-dev libffi-dev libssl-dev
apt-get -yq install libcrypto++-dev python-pycryptopp python-cffi python-virtualenv
apt-get -yq install libcrypto++-dev python-pycryptopp python-cffi
apt-get -yq install python-virtualenv apache2-utils
if [ -d $TAHOE_DIR ]; then
groupdel -f tahoelafs
userdel -r tahoelafs
rm -rf $TAHOE_DIR
fi
# create a user
if [ ! -d /home/tahoelafs ]; then
# add a gogs user account
adduser --disabled-login --gecos 'tahoe-lafs' tahoelafs
adduser tahoelafs debian-tor
adduser --disabled-login --gecos 'tahoe-lafs' tahoelafs
if [ ! -d $TAHOE_DIR ]; then
echo $"$TAHOE_DIR directory was not created"
exit 879335
fi
if [ -d /home/tahoelafs/Maildir ]; then
rm -rf /home/tahoelafs/Maildir
fi
adduser tahoelafs debian-tor
groupadd tahoelafs
install_tahoelafs_to_directory /home/tahoelafs/tahoelafs
apt-get -yq install tahoe-lafs
pip install tahoe-lafs[tor]
if [ -d $TAHOE_DIR/Maildir ]; then
rm -rf $TAHOE_DIR/Maildir
fi
# remove files we don't need
rm -rf /home/tahoelafs/.mutt
rm /home/tahoelafs/.emacs-mutt
rm /home/tahoelafs/.muttrc
rm /home/tahoelafs/.mutt-alias
rm /home/tahoelafs/.procmailrc
rm -rf $TAHOE_DIR/.mutt
rm $TAHOE_DIR/.emacs-mutt
rm $TAHOE_DIR/.muttrc
rm $TAHOE_DIR/.mutt-alias
rm $TAHOE_DIR/.procmailrc
# set permissions
chown -R tahoelafs:debian-tor /home/tahoelafs
chown -R tahoelafs:debian-tor $TAHOE_DIR
node_nick=$(get_tahoelafs_nick)
client_nick=${MY_USERNAME}-client
@ -677,14 +674,14 @@ function install_tahoelafs {
# create an onion address for client node
TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT})
create_tahoelafs_stealth_node /home/tahoelafs/storage /home/tahoelafs/client ${node_nick} ${client_nick}
create_tahoelafs_stealth_node $TAHOE_DIR/storage $TAHOE_DIR/client ${node_nick} ${client_nick}
# start the storage node
su -c '/home/tahoelafs/tahoelafs/venv/bin/python2 /home/tahoelafs/tahoelafs/venv/bin/tahoe start /home/tahoelafs/storage' - tahoelafs
su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs
create_tahoelafs_daemon "storage"
# start the client
su -c '/home/tahoelafs/tahoelafs/venv/bin/python2 /home/tahoelafs/tahoelafs/venv/bin/tahoe start /home/tahoelafs/client' - tahoelafs
su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/client" - tahoelafs
add_tahoelafs_server "$(get_tahoelafs_storage_hostname)" "$(get_tahoelafs_public_key)" "${node_nick}" "$(get_tahoelafs_furl)"
if ! grep -q "HidServAuth $(get_tahoelafs_storage_hostname)" /etc/tor/torrc; then
echo $'Unable to create tahoelafs server'
@ -696,11 +693,10 @@ function install_tahoelafs {
fi
create_tahoelafs_daemon "client"
set_completion_param "tahoelafs commit" "$TAHOELAFS_COMMIT"
set_completion_param "tahoelafs onion domain" "$TAHOELAFS_ONION_HOSTNAME"
create_tahoelafs_web
systemctl restart tor
onion_update
APP_INSTALLED=1
}

84
src/freedombone-app-tox
View File

@ -35,7 +35,7 @@ SHOW_ON_ABOUT=1
TOX_PORT=33445
TOXCORE_REPO="https://github.com/bashrc/toxcore"
TOXCORE_COMMIT='d3fa9f82bda3a8746917502c525237427ba17d45'
TOXCORE_COMMIT='532629d486e3361c7d8d95b38293cc7d61dc4ee5'
TOXID_REPO="https://github.com/bashrc/toxid"
TOX_BOOTSTRAP_ID_FILE=/var/lib/tox-bootstrapd/pubkey.txt
# These are some default nodes, but you can replace them with trusted nodes
@ -60,6 +60,14 @@ tox_variables=(SYSTEM_TYPE
TOX_PORT
TOX_NODES)
function logging_on_tox {
echo -n ''
}
function logging_off_tox {
echo -n ''
}
function remove_user_tox {
remove_username="$1"
@ -122,12 +130,24 @@ function mesh_tox_qtox {
mkdir -p ${rootdir}$INSTALL_DIR
fi
chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu52 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng12-0 libqrencode3 libsm6 libsodium13 libsqlite3-0 libssl1.0.0 libstdc++6 libtiff5 libudev1 libvpx1 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp5 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
chroot "${rootdir}" apt-get -yq install build-essential qt5-qmake qt5-default qttools5-dev-tools libqt5opengl5-dev libqt5svg5-dev libopenal-dev libxss-dev qrencode libqrencode-dev libglib2.0-dev libgdk-pixbuf2.0-dev libgtk2.0-dev libsqlcipher-dev libopus-dev libvpx-dev libavformat-dev libavdevice-dev libswscale-dev libavutil-dev libavcodec-dev libavcodec56 libavcodec57 libavfilter-dev libavfilter6
chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
chroot "${rootdir}" apt-get -yq install build-essential qt5-qmake qt5-default qttools5-dev-tools libqt5opengl5-dev libqt5svg5-dev libopenal-dev libxss-dev qrencode libqrencode-dev libglib2.0-dev libgdk-pixbuf2.0-dev libgtk2.0-dev libsqlcipher-dev libopus-dev libvpx-dev libavformat-dev libavdevice-dev libswscale-dev libavutil-dev libavcodec-dev libavcodec57 libavfilter-dev libavfilter6
mesh_install_ffmpeg
# ffmpeg
chroot "${rootdir}" apt-get -yq install build-essential
chroot "${rootdir}" apt-get -yq install ffmpeg libmp3lame-dev libvorbis-dev libtheora-dev
chroot "${rootdir}" apt-get -yq install libspeex-dev yasm pkg-config libopenjp2-7-dev
chroot "${rootdir}" apt-get -yq install libx264-dev mjpegtools libmjpegtools-dev libav-tools
if [ -d /repos/qtox ]; then
mkdir ${rootdir}$INSTALL_DIR/qtox
cp -r -p /repos/qtox/. ${rootdir}$INSTALL_DIR/qtox
cd ${rootdir}$INSTALL_DIR/qtox
git pull
else
git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox
fi
git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox
if [ ! -d ${rootdir}$INSTALL_DIR/qtox ]; then
exit 72428
fi
@ -323,8 +343,17 @@ function tox_avahi {
# install a command to obtain the Tox ID
cd $INSTALL_DIR
function_check git_clone
git_clone $TOXID_REPO $INSTALL_DIR/toxid
if [ -d /repos/toxid ]; then
mkdir $INSTALL_DIR/toxid
cp -r -p /repos/toxid/. $INSTALL_DIR/toxid
cd $INSTALL_DIR/toxid
git pull
else
function_check git_clone
git_clone $TOXID_REPO $INSTALL_DIR/toxid
fi
if [ ! -d $INSTALL_DIR/toxid ]; then
exit 63921
fi
@ -442,13 +471,13 @@ function mesh_tox_node {
if [ $rootdir ]; then
chroot ${rootdir} apt-get -yq install build-essential libtool autotools-dev
chroot ${rootdir} apt-get -yq install automake checkinstall check git yasm
chroot ${rootdir} apt-get -yq install libsodium13 libsodium-dev libcap2-bin
chroot ${rootdir} apt-get -yq install libsodium18 libsodium-dev libcap2-bin
chroot ${rootdir} apt-get -yq install libconfig9 libconfig-dev autoconf
chroot ${rootdir} apt-get -yq install libopus-dev libvpx-dev
else
apt-get -yq install build-essential libtool autotools-dev
apt-get -yq install automake checkinstall check git yasm
apt-get -yq install libsodium13 libsodium-dev libcap2-bin
apt-get -yq install libsodium18 libsodium-dev libcap2-bin
apt-get -yq install libconfig9 libconfig-dev autoconf
apt-get -yq install libopus-dev libvpx-dev
fi
@ -457,9 +486,16 @@ function mesh_tox_node {
mkdir -p ${rootdir}${INSTALL_DIR}
fi
if [ ! -d ${rootdir}${INSTALL_DIR}/toxcore ]; then
git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore
if [ ! "$?" = "0" ]; then
exit 429252
if [ -d /repos/toxcore ]; then
mkdir ${rootdir}${INSTALL_DIR}/toxcore
cp -r -p /repos/toxcore/. ${rootdir}${INSTALL_DIR}/toxcore
cd ${rootdir}${INSTALL_DIR}/toxcore
git pull
else
git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore
if [ ! "$?" = "0" ]; then
exit 429252
fi
fi
fi
cd ${rootdir}$INSTALL_DIR/toxcore
@ -580,7 +616,15 @@ function mesh_tox_avahi {
mkdir -p ${rootdir}${INSTALL_DIR}
fi
git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid
if [ -d /repos/toxid ]; then
mkdir ${rootdir}${INSTALL_DIR}/toxid
cp -r -p /repos/toxid/. ${rootdir}${INSTALL_DIR}/toxid
cd ${rootdir}${INSTALL_DIR}/toxid
git pull
else
git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid
fi
if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then
echo $'Unable to clone toxid repo'
exit 768352
@ -647,7 +691,14 @@ function mesh_tox_client {
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
echo '#!/bin/bash' > $TEMP_SCRIPT
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
echo 'if [ -d /repos/toxic ]; then' >> $TEMP_SCRIPT
echo " mkdir $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
echo " cp -r -p /repos/toxic/. $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
echo " cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
echo ' git pull' >> $TEMP_SCRIPT
echo 'else' >> $TEMP_SCRIPT
echo " git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
echo 'make' >> $TEMP_SCRIPT
@ -668,6 +719,7 @@ function mesh_tox_client {
/root/$TEMP_SCRIPT_NAME
fi
if [ ! "$?" = "0" ]; then
cat -n /root/fbtmp728353.sh
duration=$SECONDS
echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
echo $'Unable to make tox client'
@ -684,12 +736,12 @@ function mesh_tox_client {
}
function enable_tox_repo {
echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
cat >> $rootdir/root/gettoxkey.sh <<EOF
#!/bin/bash
wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- > /root/tox.key
wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key
apt-key add /root/tox.key
rm /root/tox.key
EOF

50
src/freedombone-app-turtl
View File

@ -59,6 +59,14 @@ turtl_variables=(ONION_ONLY
MY_EMAIL_ADDRESS
MY_USERNAME)
function logging_on_turtl {
echo -n ''
}
function logging_off_turtl {
echo -n ''
}
function change_password_turtl {
change_username="$1"
new_user_password="$2"
@ -90,7 +98,7 @@ function install_interactive_turtl {
}
function turtl_disable_registrations {
if grep "$TURTL_SIGNUP_STRING" $turtl_users_file; then
if grep -q "$TURTL_SIGNUP_STRING" $turtl_users_file; then
if [ -f $turtl_users_file ]; then
cp $turtl_users_file $TURTL_BASE_DIR/.users.lisp
sed -i '/(route (:post "\/users") (req res)/,/(send-json res user))))/{//!d}' $turtl_users_file
@ -102,7 +110,7 @@ function turtl_disable_registrations {
}
function turtl_enable_registrations {
if ! grep "$TURTL_SIGNUP_STRING" $turtl_users_file; then
if ! grep -q "$TURTL_SIGNUP_STRING" $turtl_users_file; then
if [ -f $TURTL_BASE_DIR/.users.lisp ]; then
cp $TURTL_BASE_DIR/.users.lisp $turtl_users_file
rm $TURTL_BASE_DIR/.users.lisp
@ -186,6 +194,11 @@ function reconfigure_turtl {
}
function upgrade_turtl {
CURR_TURTL_COMMIT=$(get_completion_param "turtl commit")
if [[ "$CURR_TURTL_COMMIT" == "$TURTL_COMMIT" ]]; then
return
fi
read_config_param "TURTL_DOMAIN_NAME"
function_check set_repo_commit
@ -351,11 +364,12 @@ function remove_turtl {
systemctl stop turtl
systemctl disable turtl
rm /etc/systemd/system/turtl.service
systemctl daemon-reload
remove_rethinkdb
remove_app turtl
remove_completion_param install_turtl
sed -i '/turtl/d' $COMPLETION_FILE
deluser turtl
nginx_dissite $TURTL_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME
@ -368,6 +382,9 @@ function remove_turtl {
rm -rf /etc/rethinkdb
rm -rf /var/lib/rethinkdb
rm -rf $TURTL_BASE_DIR
groupdel -f turtl
userdel -r turtl
}
@ -433,6 +450,11 @@ __ENDCONFIG__
# start the turtl server
systemctl restart rethinkdb
if [ ! -f $TURTL_BASE_DIR/quicklisp/setup.lisp ]; then
echo $"$TURTL_BASE_DIR/quicklisp/setup.lisp was not found"
exit 6238234
fi
echo '[Unit]' > /etc/systemd/system/turtl.service
echo 'Description=Note taking service' >> /etc/systemd/system/turtl.service
echo 'Documentation=http://turtl.it' >> /etc/systemd/system/turtl.service
@ -452,7 +474,7 @@ __ENDCONFIG__
if [[ "$check_architecture" != *"arm"* ]]; then
echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
else
echo "ExecStart=$TURTL_BASE_DIR/ccl/larmcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
fi
fi
echo '' >> /etc/systemd/system/turtl.service
@ -561,7 +583,16 @@ __ENDCONFIG__
wget https://beta.quicklisp.org/quicklisp.lisp
fi
if [ -d $TURTL_BASE_DIR ]; then
chown -R turtl:turtl $TURTL_BASE_DIR
fi
adduser --disabled-login --home=$TURTL_BASE_DIR --gecos 'turtl' turtl
if [ ! -d $TURTL_BASE_DIR ]; then
echo $"$TURTL_BASE_DIR directory not created"
exit 263493
fi
groupadd turtl
chown -R turtl:turtl $TURTL_BASE_DIR
if [[ "$check_architecture" != *"arm"* ]]; then
@ -581,7 +612,16 @@ __ENDCONFIG__
# install turtl API
cd $TURTL_BASE_DIR/
git clone $TURTL_REPO $TURTL_BASE_DIR/api
if [ -d /repos/turtl ]; then
mkdir $TURTL_BASE_DIR/api
cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api
cd $TURTL_BASE_DIR/api
git pull
else
git clone $TURTL_REPO $TURTL_BASE_DIR/api
fi
cd $TURTL_BASE_DIR/api
git checkout $TURTL_COMMIT -b $TURTL_COMMIT
set_completion_param "turtl commit" "$TURTL_COMMIT"

8
src/freedombone-app-vim
View File

@ -39,6 +39,14 @@ VIM_MUTT_EDITOR='vim \"+set nonumber\" \"+set insertmode\" \"+set spell\" +/^$/
vim_variables=(MY_USERNAME
VIM_MUTT_EDITOR)
function logging_on_vim {
echo -n ''
}
function logging_off_vim {
echo -n ''
}
function reconfigure_vim {
echo -n ''
}

8
src/freedombone-app-vpn
View File

@ -35,6 +35,14 @@ SHOW_ON_ABOUT=0
vpn_variables=()
function logging_on_vpn {
echo -n ''
}
function logging_off_vpn {
echo -n ''
}
function install_interactive_vpn {
echo -n ''
APP_INSTALLED=1

42
src/freedombone-app-xmpp
View File

@ -50,15 +50,6 @@ prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest
prosody_modules_filename='prosody-modules-20170514.tar.gz'
prosody_modules_hash='ef404c203317cc0de6da7aaec4f21765a57f630adfbf082cf2dd92b881c15f86'
LIBMESODE_REPO="https://github.com/boothj5/libmesode"
LIBMESODE_COMMIT='e3db0e9bfba61b2d82193874343a94a88f910800'
PROFANITY_REPO="https://github.com/boothj5/profanity"
PROFANITY_COMMIT='2fafaec8a7dc9bc01ee894d83214590598b32914'
PROFANITY_OMEMO_PLUGIN_REPO="https://github.com/ReneVolution/profanity-omemo-plugin"
PROFANITY_OMEMO_PLUGIN_COMMIT='3ec8ec173656bed9761b740b086123e07c749548'
xmpp_variables=(ONION_ONLY
INSTALLED_WITHIN_DOCKER
XMPP_CIPHERS
@ -68,6 +59,28 @@ xmpp_variables=(ONION_ONLY
DEFAULT_DOMAIN_NAME
XMPP_DOMAIN_CODE)
function logging_on_xmpp {
if [ -d /etc/prosody ]; then
if [ ! -d /var/log/prosody ]; then
mkdir /var/log/prosody
chown root:adm /var/log/prosody
fi
sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "error" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua
fi
}
function logging_off_xmpp {
if [ -d /etc/prosody ]; then
sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
$REMOVE_FILES_COMMAND /var/log/prosody/*
rm -rf /var/log/prosody
fi
}
function xmpp_add_onion_address {
domain_name="$1"
onion_address="$2"
@ -343,7 +356,7 @@ function update_prosody_modules {
fi
# change to using pep rather than profile modules
if grep '"pep"' /etc/prosody/prosody.cfg.lua; then
if grep -q '"pep"' /etc/prosody/prosody.cfg.lua; then
# This strange dance seems to fix occasional breakage of PEP
# Is there a better solution?
sed -i 's|"pep"|"profile"|g' /etc/prosody/prosody.cfg.lua
@ -352,7 +365,7 @@ function update_prosody_modules {
sed -i 's|"profile"|"pep"|g' /etc/prosody/prosody.cfg.lua
systemctl restart prosody
fi
if ! grep '"vcard"' /etc/prosody/prosody.cfg.lua; then
if ! grep -q '"vcard"' /etc/prosody/prosody.cfg.lua; then
systemctl stop prosody
sed -i '/"pep"/a "vcard";' /etc/prosody/prosody.cfg.lua
systemctl start prosody
@ -420,6 +433,9 @@ function upgrade_xmpp {
set_completion_param "prosody_filename" "${prosody_filename}"
fi
cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
chown -R prosody:prosody /var/lib/prosody/prosody-modules
systemctl restart prosody
}
@ -447,7 +463,7 @@ function restore_local_xmpp {
exit 725
fi
rm -rf $temp_restore_dir
service prosody restart
systemctl restart prosody
chown -R prosody:prosody /var/lib/prosody/*
echo $"Restore of xmpp settings complete"
fi
@ -472,7 +488,7 @@ function restore_remote_xmpp {
exit 725
fi
rm -rf $temp_restore_dir
service prosody restart
systemctl restart prosody
chown -R prosody:prosody /var/lib/prosody/*
echo $"Restore of xmpp settings complete"
fi

19
src/freedombone-app-zeronet
View File

@ -59,6 +59,14 @@ zeronet_variables=(TRACKER_PORT
ZERONET_DEFAULT_FORUM_TAGLINE
ZERONET_DEFAULT_MAIL_TAGLINE)
function logging_on_zeronet {
echo -n ''
}
function logging_off_zeronet {
echo -n ''
}
function install_interactive_zeronet {
echo -n ''
APP_INSTALLED=1
@ -432,7 +440,16 @@ function mesh_zeronet {
chroot "$rootdir" pip install msgpack-python --upgrade
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
if [ -d /repos/zeronet ]; then
mkdir $rootdir$MESH_INSTALL_DIR/zeronet
cp -r -p /repos/zeronet/. $rootdir$MESH_INSTALL_DIR/zeronet
cd $rootdir$MESH_INSTALL_DIR/zeronet
git pull
else
git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
fi
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
echo 'WARNING: Unable to clone zeronet'
return

37
src/freedombone-backup-local
View File

@ -42,6 +42,22 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
PROJECT_INSTALL_DIR=/usr/bin
fi
function please_wait {
local str width height length
width=$(tput cols)
height=$(tput lines)
str="Standby to backup to USB"
length=${#str}
clear
tput cup $((height / 2)) $(((width / 2) - (length / 2)))
echo "$str"
tput cup $((height * 3 / 5)) $(((width / 2)))
echo -n ''
}
please_wait
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
# include utils which allow function_check and drive mount
@ -51,6 +67,8 @@ do
source $f
done
clear
USB_DRIVE=/dev/sdb1
USB_MOUNT=/mnt/usb
@ -241,6 +259,22 @@ function prepare_directories {
fi
}
function backup_blocklist {
if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
return
fi
echo $"Backing up ${PROJECT_NAME} blocklist"
temp_backup_dir=/root/tempbackupblocklist
if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir
fi
if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
fi
backup_directory_to_usb $temp_backup_dir blocklist
rm -rf $temp_backup_dir
}
function backup_configfiles {
echo $"Backing up ${PROJECT_NAME} configuration files"
temp_backup_dir=/root/tempbackupconfig
@ -267,6 +301,7 @@ function backup_configfiles {
cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd
fi
backup_directory_to_usb $temp_backup_dir configfiles
rm -rf $temp_backup_dir
}
function backup_admin_readme {
@ -287,6 +322,7 @@ function backup_mariadb {
if [ ! -d $temp_backup_dir ]; then
mkdir $temp_backup_dir
fi
keep_database_running
mysqldump --lock-tables --password="$DATABASE_PASSWORD" mysql user > $temp_backup_dir/mysql.sql
if [ ! -s $temp_backup_dir/mysql.sql ]; then
echo $"Unable to backup mysql settings"
@ -316,6 +352,7 @@ prepare_directories
backup_directories
backup_apps local
backup_configfiles
backup_blocklist
backup_admin_readme
backup_mariadb
backup_extra_directories local

22
src/freedombone-backup-remote
View File

@ -92,7 +92,7 @@ function suspend_site {
fi
SUSPENDED_SITE="$1"
nginx_dissite $SUSPENDED_SITE
service nginx reload
systemctl reload nginx
}
function restart_site {
@ -101,10 +101,26 @@ function restart_site {
return
fi
nginx_ensite $SUSPENDED_SITE
service nginx reload
systemctl reload nginx
SUSPENDED_SITE=
}
function backup_blocklist {
if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
return
fi
echo $"Backing up ${PROJECT_NAME} blocklist"
temp_backup_dir=/root/tempbackupblocklist
if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir
fi
if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
fi
backup_directory_to_friend $temp_backup_dir blocklist
rm -rf $temp_backup_dir
}
function backup_configfiles {
echo $"Backing up ${PROJECT_NAME} configuration files"
temp_backup_dir=/root/tempbackupconfig
@ -305,6 +321,7 @@ function backup_mariadb {
if [ ! -d $temp_backup_dir ]; then
mkdir $temp_backup_dir
fi
keep_database_running
mysqldump --password=$DATABASE_PASSWORD mysql user > $temp_backup_dir/mysql.sql
if [ ! -s $temp_backup_dir/mysql.sql ]; then
echo $"Unable to backup MariaDB settings"
@ -385,6 +402,7 @@ fi
backup_configfiles
if [[ $TEST_MODE == "no" ]]; then
backup_blocklist
backup_users
backup_letsencrypt
backup_passwordstore

175
src/freedombone-base-email
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -48,9 +48,6 @@ GPG_KEYSERVER="hkp://keys.gnupg.net"
# whether to encrypt all incoming email with your public key
GPG_ENCRYPT_STORED_EMAIL="yes"
# gets set to yes if gpg keys are imported from usb
GPG_KEYS_IMPORTED="no"
# optionally you can provide your exported GPG key pair here
# Note that the private key file will be deleted after use
# If these are unspecified then a new GPG key will be created
@ -157,10 +154,12 @@ function configure_email_onion {
return
fi
echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/' >> /etc/tor/torrc
echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
if ! grep -q "hidden_service_email" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/' >> /etc/tor/torrc
echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
fi
function_check onion_update
onion_update
@ -168,8 +167,9 @@ function configure_email_onion {
function_check wait_for_onion_service
wait_for_onion_service email
if [[ $(onion_service_exists email) == "0" ]]; then
if [ ! -f /var/lib/tor/hidden_service_email/hostname ]; then
echo $"email onion site hostname not found"
systemctl restart tor
exit 782352
fi
@ -303,15 +303,15 @@ function encrypt_outgoing_email {
if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
echo '' >> /home/$MY_USERNAME/.muttrc
echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
else
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
fi
if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
else
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
fi
mark_completed $FUNCNAME
@ -365,7 +365,7 @@ function email_client {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
apt-get -yq install mutt-patched lynx abook urlview
apt-get -yq install lynx abook urlview mutt
if [ ! -f /etc/Muttrc ]; then
echo $"ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE"
@ -403,8 +403,6 @@ function email_client {
echo '# set up the sidebar' >> /etc/Muttrc
echo 'set sidebar_width=22' >> /etc/Muttrc
echo 'set sidebar_visible=yes' >> /etc/Muttrc
echo "set sidebar_delim='|'" >> /etc/Muttrc
echo 'set sidebar_sort=yes' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo 'set rfc2047_parameters' >> /etc/Muttrc
echo '' >> /etc/Muttrc
@ -652,8 +650,6 @@ function create_private_mailing_list {
if [ ! -d /etc/exim4 ]; then
return
fi
# This installation doesn't work, results in ruby errors
# There is currently no schleuder package for Debian jessie
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
@ -715,6 +711,14 @@ function create_private_mailing_list {
function split_gpg_key_into_fragments {
# split the gpg key into fragments if social key management is enabled
if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
if [ $IMAGE_PASSWORD_FILE ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" --passwordfile $IMAGE_PASSWORD_FILE
return
fi
fi
echo 'Splitting GPG key. You may need to enter your passphrase.'
${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
@ -1155,7 +1159,7 @@ function spam_filtering {
echo '#!/bin/bash' > /usr/bin/filterspam
echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam
echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam
echo ' if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterspam
echo ' if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterspam
echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
echo ' exit' >> /usr/bin/filterspam
@ -1177,7 +1181,7 @@ function spam_filtering {
echo '#!/bin/bash' > /usr/bin/filterham
echo 'for d in /home/*/ ; do' >> /usr/bin/filterham
echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham
echo ' if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterham
echo ' if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterham
echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
echo ' exit' >> /usr/bin/filterham
@ -1271,8 +1275,6 @@ function configure_imap {
return
fi
dpkg -P dovecot-imapd
dpkg -P dovecot-core
apt-get -yq install dovecot-imapd
if [ ! -d /etc/dovecot ]; then
@ -1280,19 +1282,9 @@ function configure_imap {
exit 48
fi
if [[ $ONION_ONLY == 'no' ]]; then
# obtain a cert for the default domain
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
echo $'Obtaining certificate for the main domain'
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
fi
fi
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
if [[ "$(cert_exists dovecot)" == "0" ]]; then
${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
check_certificates dovecot
fi
if [[ "$(cert_exists dovecot)" == "0" ]]; then
${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
check_certificates dovecot
fi
chmod 600 /etc/shadow
@ -1313,18 +1305,11 @@ function configure_imap {
fi
sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
else
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
fi
sed -i "s|#ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "1" ]]; then
sed -i "s|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = ${DH_KEYLENGTH}|g" /etc/dovecot/conf.d/10-ssl.conf
fi
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|#ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = ${DH_KEYLENGTH}|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i 's/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|#ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
@ -1374,7 +1359,7 @@ function configure_imap {
fi
# Separate logging, otherwise syslog is used
if ! grep "# logging" /etc/dovecot/dovecot.conf; then
if ! grep -q "# logging" /etc/dovecot/dovecot.conf; then
echo '' >> /etc/dovecot/dovecot.conf
echo '# logging' >> /etc/dovecot/dovecot.conf
echo 'log_path = /var/log/dovecot.log' >> /etc/dovecot/dovecot.conf
@ -1437,7 +1422,7 @@ function configure_imap_client_certs {
echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf
echo 'default_bits = 2048' >> /etc/ssl/dovecot-ca.cnf
echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
echo '' >> /etc/ssl/dovecot-ca.cnf
@ -1469,6 +1454,7 @@ function configure_imap_client_certs {
}
function create_gpg_subkey {
# Note: currently not used
if [ ! -d /etc/exim4 ]; then
return
fi
@ -1487,20 +1473,23 @@ function create_gpg_subkey {
KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g')
# Generate a GPG subkey
# Here a 2048bit length is used to be compatible with yubikey
echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
echo "Key-Grip: $KEYGRIP" > /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Length: 2048' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Key-Type: eddsa' > /home/$MY_USERNAME/gpg-genkey.conf
echo 'Key-Curve: Ed25519' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Key-Grip: $KEYGRIP" >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: eddsa' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Passphrase: $PROJECT_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
MY_GPG_SUBKEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
mark_completed $FUNCNAME
}
@ -1538,7 +1527,12 @@ function configure_gpg {
gpg_dir=/home/$MY_USERNAME/.gnupg
# if gpg keys directory was previously imported from usb
if [[ $GPG_KEYS_IMPORTED == "yes" && -d $gpg_dir ]]; then
if [ -d $gpg_dir ]; then
echo $'GPG directory exists'
else
echo $"GPG directory $gpg_dir was not found"
fi
if [ -d $gpg_dir ]; then
echo $'GPG keys were imported'
sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
@ -1582,12 +1576,15 @@ function configure_gpg {
echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found"
exit 2483
fi
if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found"
exit 5383
fi
su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
gpg_import_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY
gpg_import_private_key $MY_USERNAME $MY_GPG_PRIVATE_KEY
KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [[ $KEY_EXISTS == "no" ]]; then
echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported"
@ -1602,58 +1599,24 @@ function configure_gpg {
fi
else
# Generate a GPG key
echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
echo $'Generating a new GPG key'
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [[ $KEY_EXISTS == "no" ]]; then
echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
exit 6362
if [ -f $IMAGE_PASSWORD_FILE ]; then
gpg_create_key $MY_USERNAME $(printf `cat $IMAGE_PASSWORD_FILE`)
else
gpg_create_key $MY_USERNAME $PROJECT_NAME
fi
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $'GPG public key ID could not be obtained'
fi
MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
if grep -q "install_email" $COMPLETION_FILE; then
if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'# Change your GPG password' >> /home/$MY_USERNAME/README
echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
echo $'You can change the it with:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
echo ' passwd' >> /home/$MY_USERNAME/README
echo ' save' >> /home/$MY_USERNAME/README
echo ' quit' >> /home/$MY_USERNAME/README
fi
if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'# Publish your GPG public key' >> /home/$MY_USERNAME/README
echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
fi
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
gpg_export_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY_ID $MY_GPG_PUBLIC_KEY
fi
if [ ! -d /root/.gnupg ]; then
cp -r /home/$MY_USERNAME/.gnupg /root/
chmod 700 /root/.gnupg
chmod 600 /root/.gnupg/*
fi
gpg_agent_setup root
gpg_agent_setup $MY_USERNAME
mark_completed $FUNCNAME
}

2
src/freedombone-client
View File

@ -154,7 +154,7 @@ function configure_ssh_client {
ssh-keygen -t ed25519 -o -a 100
fi
if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then
ssh-keygen -t rsa -b 4096 -o -a 100
ssh-keygen -t rsa -b 2048 -o -a 100
fi
ssh_remove_small_moduli

188
src/freedombone-config
View File

@ -14,7 +14,7 @@
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -95,12 +95,7 @@ MINIMAL_INSTALL="yes"
DEFAULT_LANGUAGE='en_GB.UTF-8'
ONION_ONLY="no"
SELECTED_USERNAME=
# Mirrors settings
FRIENDS_MIRRORS_SERVER=
FRIENDS_MIRRORS_SSH_PORT=2222
FRIENDS_MIRRORS_PASSWORD=
MY_MIRRORS_PASSWORD=
SOCIALINSTANCE=
VALID_CODE=
@ -109,6 +104,20 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
PROJECT_INSTALL_DIR=/usr/bin
fi
function please_wait {
local str width height length
width=$(tput cols)
height=$(tput lines)
str=$"Please wait"
length=${#str}
clear
tput cup $((height / 2)) $(((width / 2) - (length / 2)))
echo "$str"
tput cup $((height * 3 / 5)) $(((width / 2)))
echo -n ''
}
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
@ -130,13 +139,14 @@ function show_help {
echo $'Creates an inventory of remote backup locations'
echo ''
echo ''
echo $' -h --help Show help'
echo $' -f --filename Configuration file (usually freedombone.cfg)'
echo $' -m --min Minimum password length (characters)'
echo $' -w --www Freedombone web site'
echo $' -b --bm Freedombone support Bitmessage address'
echo $' -o --onion [yes|no] Whether to only create .onion sites'
echo $' --minimal [yes|no] For minimalistic "consumer grade" installs'
echo $' -h --help Show help'
echo $' -f --filename Configuration file (usually freedombone.cfg)'
echo $' -m --min Minimum password length (characters)'
echo $' -w --www Freedombone web site'
echo $' -b --bm Freedombone support Bitmessage address'
echo $' -o --onion [yes|no] Whether to only create .onion sites'
echo $' --minimal [yes|no] For minimalistic "consumer grade" installs'
echo $' --social [gnusocial|postactiv] Create gnusocial/postactiv instance'
echo ''
exit 0
}
@ -170,9 +180,65 @@ function choose_email_address {
save_configuration_values
}
function choose_social_instance_domain_name {
DEFAULT_DOMAIN_DETAILS_COMPLETE=
while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \
--title $"Instance domain" \
--form $"\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
$"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
$"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
2> $data
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
esac
DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
if [ $DEFAULT_DOMAIN_NAME ]; then
validate_freedns_code "$DEFAULT_DOMAIN_CODE"
if [ ! $VALID_CODE ]; then
DEFAULT_DOMAIN_NAME=
fi
fi
else
dialog --backtitle $"Freedombone Configuration" \
--inputbox $"Enter your instance domain name:" 10 45 \
"$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
sel=$?
case $sel in
0) DEFAULT_DOMAIN_NAME=$(cat $data);;
1) exit 1;;
255) exit 1;;
esac
fi
if [ $DEFAULT_DOMAIN_NAME ]; then
TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
validate_domain_name
if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
DEFAULT_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else
DEFAULT_DOMAIN_DETAILS_COMPLETE="yes"
fi
fi
done
save_configuration_values
}
function choose_default_domain_name {
if [ $SOCIALINSTANCE ]; then
choose_social_instance_domain_name
return
fi
if [[ $ONION_ONLY != "no" ]]; then
DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
else
DEFAULT_DOMAIN_DETAILS_COMPLETE=
while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
@ -608,6 +674,9 @@ function choose_username {
if [ ${#possible_username} -gt 1 ]; then
if [[ $possible_username != $GENERIC_IMAGE_USERNAME ]]; then
MY_USERNAME=$(cat $data)
please_wait
echo ''
echo $'Creating user account'
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
useradd -m -s /bin/bash $MY_USERNAME
@ -665,6 +734,8 @@ function choose_username {
exit 6437
fi
save_configuration_values
please_wait
echo ''
}
function choose_full_name {
@ -691,6 +762,8 @@ function choose_full_name {
esac
done
save_configuration_values
please_wait
echo ''
}
function choose_system_variant {
@ -761,6 +834,12 @@ do
shift
FREEDOMBONE_WEBSITE="$1"
;;
--social)
shift
if [[ "$1" == 'gnusocial' || "$1" == 'postactiv' ]]; then
SOCIALINSTANCE="$1"
fi
;;
--minimal)
shift
MINIMAL_INSTALL="$1"
@ -776,48 +855,6 @@ do
shift
done
function set_main_repo {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Main Repository (Mirrors)" \
--form $"If you don't know what this means then just select Ok.\n\nIf you don't wish to use the default repositories they can be obtained from mirrored repos on another ${PROJECT_NAME} system.\n\nThe repositories are for applications which are not yet packaged for Debian." 18 65 4 \
$"URL:" 1 1 "$FRIENDS_MIRRORS_SERVER" 1 18 40 18 \
$"SSH Port:" 2 1 "$FRIENDS_MIRRORS_SSH_PORT" 2 18 10 10000 \
$"Password:" 3 1 "$FRIENDS_MIRRORS_PASSWORD" 3 18 40 10000 \
2> $data
sel=$?
case $sel in
1) return;;
255) return;;
esac
new_mirrors_url=$(cat $data | sed -n 1p)
new_mirrors_ssh_port=$(cat $data | sed -n 2p)
new_mirrors_password=$(cat $data | sed -n 3p)
if [ ${#new_mirrors_url} -lt 2 ]; then
return
fi
if [ ${#new_mirrors_ssh_port} -lt 1 ]; then
return
fi
if [ ${#new_mirrors_password} -lt 10 ]; then
dialog --title $"Main Repository" \
--msgbox $'Mirrors password was too short. Should be at least 10 characters.' 6 40
return
fi
if [[ $new_mirrors_url == *"."* ]]; then
FRIENDS_MIRRORS_SERVER=$new_mirrors_url
FRIENDS_MIRRORS_SSH_PORT=$new_mirrors_ssh_port
FRIENDS_MIRRORS_PASSWORD=$new_mirrors_password
dialog --title $"Main Repository" \
--msgbox $"Main repository set to $FRIENDS_MIRRORS_SERVER" 6 60
fi
save_configuration_values
}
function interactive_select_language {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
@ -968,12 +1005,18 @@ function interactive_select_language {
esac
save_configuration_values
please_wait
echo ''
echo 'Setting locale'
locale-gen "${DEFAULT_LANGUAGE}"
update-locale LANG=${DEFAULT_LANGUAGE}
update-locale LANGUAGE=${DEFAULT_LANGUAGE}
update-locale LC_MESSAGES=${DEFAULT_LANGUAGE}
update-locale LC_ALL=${DEFAULT_LANGUAGE}
update-locale LC_CTYPE=${DEFAULT_LANGUAGE}
please_wait
echo ''
}
function select_user {
@ -981,7 +1024,7 @@ function select_user {
users_array=($(ls /home))
delete=(mirrors git)
delete=(git)
for del in ${delete[@]}
do
users_array=(${users_array[@]/$del})
@ -1019,16 +1062,19 @@ function interactive_config {
interactive_select_language
if [[ $ONION_ONLY == "no" ]]; then
INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
if [ $SOCIALINSTANCE ]; then
INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
else
INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
if [[ $ONION_ONLY == "no" ]]; then
INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
else
INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
fi
fi
dialog --title $"Freedombone" --msgbox "$INITIAL_MESSAGE" 15 50
#choose_system_variant
set_main_repo
choose_username
choose_full_name
choose_social_key_management
@ -1040,6 +1086,24 @@ function interactive_config {
choose_email_address
interactive_key_recovery
if [[ "$SOCIALINSTANCE" == 'gnusocial' ]]; then
GNUSOCIAL_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
GNUSOCIAL_CODE=$DEFAULT_DOMAIN_CODE
write_config_param "GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_DOMAIN_NAME"
write_config_param "GNUSOCIAL_CODE" "$GNUSOCIAL_CODE"
write_config_param "SOCIALINSTANCE" "$SOCIALINSTANCE"
install_gnusocial
fi
if [[ "$SOCIALINSTANCE" == 'postactiv' ]]; then
POSTACTIV_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
POSTACTIV_CODE=$DEFAULT_DOMAIN_CODE
write_config_param "POSTACTIV_DOMAIN_NAME" "$POSTACTIV_DOMAIN_NAME"
write_config_param "POSTACTIV_CODE" "$POSTACTIV_CODE"
write_config_param "SOCIALINSTANCE" "$SOCIALINSTANCE"
install_postactiv
fi
# delete the temporary configuration file
if [ -f temp.cfg ]; then
shred -zu temp.cfg

318
src/freedombone-controlpanel
View File

@ -33,6 +33,33 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-controlpanel
export TEXTDOMAINDIR="/usr/share/locale"
if [[ $USER != 'root' ]]; then
# show the user version of the control panel
#${PROJECT_NAME}-controlpanel-user
controluser
exit 0
fi
function please_wait {
local str width height length
width=$(tput cols)
height=$(tput lines)
str=$"Please wait"
length=${#str}
clear
tput cup $((height / 2)) $(((width / 2) - (length / 2)))
echo "$str"
tput cup $((height * 3 / 5)) $(((width / 2)))
echo -n ''
}
please_wait
# Start including files
source /usr/local/bin/${PROJECT_NAME}-vars
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
for f in $UTILS_FILES
do
@ -45,6 +72,8 @@ do
source $f
done
# End including files
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
SELECTED_USERNAME=
SIP_CONFIGURATION_FILE=/etc/sipwitch.conf
@ -94,16 +123,11 @@ read_config_param SMTP_PROXY_USERNAME
read_config_param SMTP_PROXY_PASSWORD
read_config_param USB_DRIVE
read_config_param MY_USERNAME
read_config_param ONION_ONLY
if [[ $USB_DRIVE == *"dev"* ]]; then
USB_DRIVE=$(echo ${USB_DRIVE} | awk -F '/' '{print $3}' | sed 's|1||g' | sed 's|2||g')
fi
# Mirrors settings
FRIENDS_MIRRORS_SERVER=
FRIENDS_MIRRORS_SSH_PORT=2222
FRIENDS_MIRRORS_PASSWORD=
MY_MIRRORS_PASSWORD=
function any_key {
echo ' '
read -n1 -r -p $"Press any key to continue..." key
@ -123,7 +147,7 @@ function passwords_select_user {
users_array=($(ls /home))
delete=(mirrors git)
delete=(git)
for del in ${delete[@]}
do
users_array=(${users_array[@]/$del})
@ -165,6 +189,9 @@ function passwords_show_apps {
name+=("$a")
fi
done
i=$((i+1))
W+=($i "mariadb")
name+=("mariadb")
selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select App" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
@ -215,6 +242,13 @@ function view_or_change_passwords {
fi
fi
if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
CURR_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
dialog --title $"MariaDB database password" \
--msgbox "\n ${CURR_PASSWORD}" 7 40
return
fi
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title "$titlestr" \
@ -250,54 +284,6 @@ function check_for_updates {
any_key
}
function set_main_repo {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Main Repository (Mirrors)" \
--form $"If you do not wish to use the default repositories they can be obtained from mirrors on another ${PROJECT_NAME} server." 14 60 3 \
$"URL:" 1 1 "$FRIENDS_MIRRORS_SERVER" 1 14 40 15 \
$"SSH Port:" 2 1 "$FRIENDS_MIRRORS_SSH_PORT" 2 14 40 10000 \
$"Password:" 3 1 "$FRIENDS_MIRRORS_PASSWORD" 3 14 40 10000 \
2> $data
sel=$?
case $sel in
1) return;;
255) return;;
esac
new_mirrors_url=$(cat $data | sed -n 1p)
new_mirrors_ssh_port=$(cat $data | sed -n 2p)
new_mirrors_password=$(cat $data | sed -n 3p)
if [ ${#new_mirrors_url} -lt 2 ]; then
return
fi
if [ ${#new_mirrors_ssh_port} -lt 1 ]; then
return
fi
if [ ${#new_mirrors_password} -lt 10 ]; then
dialog --title $"Main Repository" \
--msgbox $'Mirrors password was too short. Should be at least 10 characters.' 6 40
return
fi
if [[ $new_mirrors_url == *"."* ]]; then
FRIENDS_MIRRORS_SERVER=$new_mirrors_url
FRIENDS_MIRRORS_SSH_PORT=$new_mirrors_ssh_port
FRIENDS_MIRRORS_PASSWORD=$new_mirrors_password
write_config_param "FRIENDS_MIRRORS_SERVER" "$FRIENDS_MIRRORS_SERVER"
write_config_param "FRIENDS_MIRRORS_SSH_PORT" "$FRIENDS_MIRRORS_SSH_PORT"
write_config_param "FRIENDS_MIRRORS_PASSWORD" "$FRIENDS_MIRRORS_PASSWORD"
# re-read the repos
read_repo_servers
dialog --title $"Main Repository" \
--msgbox $"Main repository set to $FRIENDS_MIRRORS_SERVER" 6 60
fi
}
function add_user {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
@ -390,6 +376,11 @@ function show_domains {
if grep -q "SHOW_ICANN_ADDRESS_ON_ABOUT=0" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then
icann_address='-'
fi
if [[ $ONION_ONLY != 'no' ]]; then
if [[ ${icann_address} != ${LOCAL_NAME}.local ]]; then
icann_address='-'
fi
fi
onion_address=$(get_app_onion_address "$app_name")
if [ ${#onion_address} -eq 0 ]; then
onion_address="-"
@ -469,20 +460,6 @@ function show_users {
echo ''
}
function show_mirrors_password {
if [ ! /home/mirrors ]; then
return
fi
read_config_param "MY_MIRRORS_PASSWORD"
echo 'Local Mirrors'
echo '============='
echo ''
echo -n "URL: "
echo "$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}') SSH Port: $SSH_PORT"
echo "Password: $MY_MIRRORS_PASSWORD"
echo ''
}
function show_tahoelafs {
if [ ! -f /home/tahoelafs/storage/private/storage.furl ]; then
return
@ -561,19 +538,17 @@ function show_tahoelafs_introducer {
}
function show_about {
clear
echo ''
echo $' Detecting installed apps...'
detect_apps
get_apps_installed_names
clear
echo "==== ${PROJECT_NAME} version ${VERSION} ($DEBIAN_VERSION) ===="
echo ''
show_ip_addresses
show_tor_bridges
show_ssh_public_key
show_domains
show_tahoelafs
show_mirrors_password
show_users
any_key
}
@ -583,7 +558,7 @@ function select_user {
users_array=($(ls /home))
delete=(mirrors git)
delete=(git)
for del in ${delete[@]}
do
users_array=(${users_array[@]/$del})
@ -1018,7 +993,8 @@ function create_keydrive_master {
dialog --title $"USB Master Keydrive" \
--msgbox $"Plug in a LUKS encrypted USB drive" 6 40
clear
${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME --master 'yes'
detect_usb_drive
${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME --master 'yes' -d $USB_DRIVE
any_key
}
@ -1030,7 +1006,8 @@ function create_keydrive_fragment {
dialog --title $"USB Fragment Keydrive" \
--msgbox $"Plug in a LUKS encrypted USB drive" 6 40
clear
${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME
detect_usb_drive
${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME -d $USB_DRIVE
any_key
}
@ -1064,6 +1041,7 @@ function restore_data_from_storage {
fi
utils_installed=(configfiles
blocklist
mariadb
letsencrypt
passwords
@ -1137,6 +1115,7 @@ function restore_data_from_storage {
$restore_command
retcode="$?"
if [[ "$retcode" != "0" ]]; then
any_key
if [[ "$1" == "local" ]]; then
dialog --title $"Restore all apps from USB" \
--msgbox $"Restore failed with code $retcode" 6 60
@ -1161,6 +1140,7 @@ function restore_data_from_storage {
$restore_command "${app_name}"
retcode="$?"
if [[ "$retcode" != "0" ]]; then
any_key
dialog --title $"Restore apps from USB" \
--msgbox $"Restore of ${app_name} failed with code $retcode" 6 60
return
@ -1346,7 +1326,7 @@ function shut_down_system {
1) return;;
255) return;;
esac
shutdown now
systemctl poweroff
}
function restart_system {
@ -1359,7 +1339,7 @@ function restart_system {
1) return;;
255) return;;
esac
reboot
systemctl reboot -i
}
function change_system_name {
@ -1404,7 +1384,7 @@ function set_dynamic_IP {
echo $'Changing to a dynamic IP address.'
echo ''
echo $"System is rebooting. You may need to close this terminal and log in from a new one."
reboot
systemctl reboot -i
fi
}
@ -1416,9 +1396,9 @@ function set_static_IP {
NEW_STATIC_IP=
NEW_STATIC_GATEWAY=
if grep -q 'iface eth0 inet static' /etc/network/interfaces; then
STATIC_IP=$(cat /etc/network/interfaces | grep "address " | head -n 1 | awk -F ' ' '{print $2}')
STATIC_GATEWAY=$(cat /etc/network/interfaces | grep "gateway " | head -n 1 | awk -F ' ' '{print $2}')
if [ -f /etc/network/interfaces.d/static ]; then
STATIC_IP=$(cat /etc/network/interfaces.d/static | grep "address " | head -n 1 | awk -F ' ' '{print $2}')
STATIC_GATEWAY=$(cat /etc/network/interfaces.d/static | grep "gateway " | head -n 1 | awk -F ' ' '{print $2}')
fi
# get the IP for the box
@ -1456,12 +1436,15 @@ Enter a static local IP address for this system.\n\nIt will typically be ${IPv4_
esac
if [[ "$NEW_STATIC_GATEWAY" == *"."* && "$NEW_STATIC_IP" == *"."* ]]; then
ip_addresses_have_changed=
if ! grep -q "address ${NEW_STATIC_IP}" /etc/network/interfaces; then
ip_addresses_have_changed=1
fi
if ! grep -q "gateway ${NEW_STATIC_GATEWAY}" /etc/network/interfaces; then
ip_addresses_have_changed=1
ip_addresses_have_changed=1
if [ -f /etc/network/interfaces.d/static ]; then
ip_addresses_have_changed=
if ! grep -q "address ${NEW_STATIC_IP}" /etc/network/interfaces.d/static; then
ip_addresses_have_changed=1
fi
if ! grep -q "gateway ${NEW_STATIC_GATEWAY}" /etc/network/interfaces.d/static; then
ip_addresses_have_changed=1
fi
fi
if [ $ip_addresses_have_changed ]; then
write_config_param "NETWORK_IS_STATIC" "1"
@ -1483,44 +1466,19 @@ Enter a static local IP address for this system.\n\nIt will typically be ${IPv4_
esac
fi
echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces
echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
echo 'source /etc/network/interfaces.d/*' >> /etc/network/interfaces
if [ ! $static_wifi_address ]; then
# wired network
remove_wifi_startup_script
echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces
echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The loopback network interface' >> /etc/network/interfaces
echo 'auto lo' >> /etc/network/interfaces
echo 'iface lo inet loopback' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The primary network interface' >> /etc/network/interfaces
echo 'auto eth0' >> /etc/network/interfaces
echo 'iface eth0 inet static' >> /etc/network/interfaces
echo " address ${NEW_STATIC_IP}" >> /etc/network/interfaces
echo ' netmask 255.255.255.0' >> /etc/network/interfaces
echo " gateway ${NEW_STATIC_GATEWAY}" >> /etc/network/interfaces
echo " dns-nameservers 213.73.91.35 85.214.20.141" >> /etc/network/interfaces
echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces
echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The secondary network interface' >> /etc/network/interfaces
echo '#auto eth1' >> /etc/network/interfaces
echo '#iface eth1 inet dhcp' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# WiFi Example' >> /etc/network/interfaces
echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces
echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces
echo '# wpa-ssid "essid"' >> /etc/network/interfaces
echo '# wpa-psk "password"' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces
echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces
echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces
echo '#iface usb0 inet static' >> /etc/network/interfaces
echo '# address 192.168.7.2' >> /etc/network/interfaces
echo '# netmask 255.255.255.0' >> /etc/network/interfaces
echo '# network 192.168.7.0' >> /etc/network/interfaces
echo '# gateway 192.168.7.1' >> /etc/network/interfaces
echo 'auto eth0' > /etc/network/interfaces.d/static
echo 'iface eth0 inet static' >> /etc/network/interfaces.d/static
echo " address ${NEW_STATIC_IP}" >> /etc/network/interfaces.d/static
echo ' netmask 255.255.255.0' >> /etc/network/interfaces.d/static
echo " gateway ${NEW_STATIC_GATEWAY}" >> /etc/network/interfaces.d/static
else
# wifi network
wifi_settings
@ -1540,7 +1498,7 @@ Enter a static local IP address for this system.\n\nIt will typically be ${IPv4_
--yesno $"\nFor the change to take effect your system will now need to reboot. Do this now?" 8 60
sel=$?
case $sel in
0) reboot;;
0) systemctl reboot -i;;
esac
fi
fi
@ -1645,6 +1603,10 @@ function hotspot_settings {
WIFI_PASSPHRASE=$TEMP_WIFI_PASSPHRASE
${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT $WIFI_EXTRA
if [ ! "$?" = "0" ]; then
echo $"Can't enable wifi hotspot"
any_key
fi
else
WIFI_HOTSPOT=$TEMP_WIFI_HOTSPOT
WIFI_SSID=$TEMP_WIFI_SSID
@ -1762,14 +1724,14 @@ function email_smtp_proxy {
# change muttrc
if [ $SMTP_PROXY_ENABLE != $'no' ]; then
if ! grep "set smtp_url" $MUTTRC_FILE; then
if ! grep -q "set smtp_url" $MUTTRC_FILE; then
echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> $MUTTRC_FILE
else
sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" $MUTTRC_FILE
fi
sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE
else
if grep "set smtp_url" $MUTTRC_FILE; then
if grep -q "set smtp_url" $MUTTRC_FILE; then
sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE
fi
fi
@ -1883,6 +1845,29 @@ function domain_blocking_add {
esac
}
function ip_blocking_add {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Block an IP address" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>$data
sel=$?
case $sel in
0)
blocked_ip=$(<$data)
if [ ${#blocked_ip} -gt 2 ]; then
if [[ "${blocked_ip}" == *'.'* ]]; then
firewall_block_ip $blocked_ip
if [[ "${blocked_ip}" != *'@'* ]]; then
dialog --title $"Block an IP address" \
--msgbox $"The IP address $blocked_ip has been blocked" 6 40
fi
fi
fi
;;
esac
}
function domain_blocking_remove {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
@ -1909,6 +1894,29 @@ function domain_blocking_remove {
esac
}
function ip_blocking_remove {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Unblock an IP address" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>$data
sel=$?
case $sel in
0)
unblocked_ip=$(<$data)
if [ ${#unblocked_ip} -gt 2 ]; then
if [[ "${unblocked_ip}" == *'.'* ]]; then
firewall_unblock_ip $unblocked_ip
if [[ "${unblocked_ip}" != *'@'* ]]; then
dialog --title $"Unblock an IP address" \
--msgbox $"The IP address $unblocked_ip has been unblocked" 6 40
fi
fi
fi
;;
esac
}
function domain_blocking_show {
if [ -f $FIREWALL_DOMAINS ]; then
clear
@ -1930,11 +1938,13 @@ function domain_blocking {
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Domain or User Blocking" \
--radiolist $"Choose an operation:" 12 60 4 \
--radiolist $"Choose an operation:" 14 60 6 \
1 $"Block a domain or user" off \
2 $"Unblock a domain or user" off \
3 $"Show blocked domains and users" off \
4 $"Back to main menu" on 2> $data
3 $"Block an IP address" off \
4 $"Unblock an IP address" off \
5 $"Show blocked domains and users" off \
6 $"Back to main menu" on 2> $data
sel=$?
case $sel in
1) break;;
@ -1943,8 +1953,10 @@ function domain_blocking {
case $(cat $data) in
1) domain_blocking_add;;
2) domain_blocking_remove;;
3) domain_blocking_show;;
4) break;;
3) ip_blocking_add;;
4) ip_blocking_remove;;
5) domain_blocking_show;;
6) break;;
esac
done
}
@ -2007,7 +2019,7 @@ function menu_wifi {
if [ -f /etc/hostapd/hostapd.conf ]; then
status_str=$'Hotspot ON'
else
if grep -q "# wifi enabled" /etc/network/interfaces; then
if [ -f /etc/network/interfaces.d/wifi ]; then
status_str=$'Wifi ON'
fi
fi
@ -2083,7 +2095,7 @@ function menu_top_level {
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Control Panel" \
--radiolist $"Choose an operation:" 29 70 21 \
--radiolist $"Choose an operation:" 28 70 20 \
1 $"About this system" off \
2 $"Passwords" off \
3 $"Backup and Restore" off \
@ -2097,19 +2109,19 @@ function menu_top_level {
11 $"Email Menu" off \
12 $"Domain or User Blocking" off \
13 $"Security Settings" off \
14 $"Set the main repository (repo mirrors)" off \
15 $"Change the name of this system" off \
16 $"Set a static local IP address" off \
17 $"Wifi menu" off \
18 $"Check for updates" off \
19 $"Power off the system" off \
20 $"Restart the system" off \
21 $"Exit" on 2> $data
14 $"Change the name of this system" off \
15 $"Set a static local IP address" off \
16 $"Wifi menu" off \
17 $"Check for updates" off \
18 $"Power off the system" off \
19 $"Restart the system" off \
20 $"Exit" on 2> $data
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
esac
please_wait
case $(cat $data) in
1) show_about;;
2) view_or_change_passwords;;
@ -2117,7 +2129,7 @@ function menu_top_level {
4) show_firewall;;
5) reset_tripwire;;
6) menu_app_settings;;
7) ${PROJECT_NAME}-addremove
7) /usr/local/bin/addremove
if [ ! "$?" = "0" ]; then
any_key
fi
@ -2128,31 +2140,23 @@ function menu_top_level {
11) menu_email;;
12) domain_blocking;;
13) security_settings;;
14) set_main_repo;;
15) change_system_name;;
16) set_static_IP;;
17) menu_wifi;;
18) check_for_updates;;
19) shut_down_system;;
20) restart_system;;
21) break;;
14) change_system_name;;
15) set_static_IP;;
16) menu_wifi;;
17) check_for_updates;;
18) shut_down_system;;
19) restart_system;;
20) break;;
esac
done
}
if [[ $USER != 'root' ]]; then
# show the user version of the control panel
${PROJECT_NAME}-controlpanel-user
exit 0
fi
if [ ! -f $COMPLETION_FILE ]; then
echo $'This command should only be run on an installed Freedombone system'
exit 1
fi
ADMIN_USER=$(get_completion_param "Admin user")
read_repo_servers
menu_top_level
clear
cat /etc/motd

16
src/freedombone-controlpanel-user
View File

@ -34,8 +34,10 @@ export TEXTDOMAIN=${PROJECT_NAME}-controlpanel-user
export TEXTDOMAINDIR="/usr/share/locale"
MY_EMAIL_ADDRESS=$USER@$HOSTNAME
GPG_ID=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "pub" | head -n 1 | awk -F '/' '{print $2}' | awk -F ' ' '{print $1}')
GPG_BACKUP_ID=$(gpg --fingerprint "(backup key)" | grep -i "pub" | head -n 1 | awk -F '/' '{print $2}' | awk -F ' ' '{print $1}')
GPG_ID=$(gpg --list-keys $MY_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
# Start including files
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
for f in $UTILS_FILES
@ -49,6 +51,8 @@ do
source $f
done
# End including files
function any_key {
echo ' '
read -n1 -r -p $"Press any key to continue..." key
@ -398,8 +402,8 @@ function block_unblock_subject {
}
function show_gpg_key {
GPG_FINGERPRINT=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "key fingerprint" | head -n 1 | awk -F '= ' '{print $2}')
GPG_DATE=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "pub" | head -n 1 | awk -F '/' '{print $2}' | awk -F ' ' '{print $2}')
GPG_FINGERPRINT=$(gpg --fingerprint $MY_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
GPG_DATE=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
dialog --title $"My PGP/GPG Key" \
--backtitle $"Freedombone User Control Panel" \
--msgbox $"Email Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE" 12 70
@ -619,7 +623,7 @@ function smtp_proxy {
fi
sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE
else
if grep "set smtp_url" $MUTTRC_FILE; then
if grep -q "set smtp_url" $MUTTRC_FILE; then
sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE
fi
fi
@ -750,7 +754,7 @@ function menu_admin {
clear
exit 0
fi
sudo ${PROJECT_NAME}-controlpanel
sudo /usr/local/bin/control
}
function sign_keys {

30
src/freedombone-freedns
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -33,8 +33,13 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-freedns
export TEXTDOMAINDIR="/usr/share/locale"
VERBOSE=
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
FREEDNS_WGET='wget -q --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
FREEDNS_WGET='wget --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
if [[ "$1" == "--verbose" || "$1" == "-v" ]]; then
VERBOSE=1
fi
if [ ! -f $CONFIGURATION_FILE ]; then
exit 0
@ -47,15 +52,14 @@ function item_in_array {
}
detected_codes=()
codelines=($(grep "_CODE=" $CONFIGURATION_FILE | uniq))
for line in "${codelines[@]}"
do
codelines=$(grep "_CODE=" $CONFIGURATION_FILE | uniq)
while read -r line; do
code=$(echo "$line" | awk -F '=' '{print $2}')
item_in_array "$code" "${detected_codes[@]}"
if [[ $? != 0 ]]; then
detected_codes+=("$code")
fi
done
done <<< "$codelines"
if [ ! -d $HOME/.freedns-update ]; then
mkdir $HOME/.freedns-update
@ -63,7 +67,19 @@ fi
cd $HOME/.freedns-update
for code in "${detected_codes[@]}"
do
$FREEDNS_WGET${code}
if [ $VERBOSE ]; then
echo $"command: $FREEDNS_WGET${code}="
$FREEDNS_WGET${code}=
else
if [ -f /tmp/freedns ]; then
rm /tmp/freedns
fi
$FREEDNS_WGET${code}= >> /tmp/freedns 2>&1
fi
done
if [ -f /tmp/freedns ]; then
rm /tmp/freedns
fi
exit 0

21
src/freedombone-image
View File

@ -93,7 +93,7 @@ NAMESERVER6='4.4.4.4'
# An optional freedombone configuration file
CONFIG_FILENAME=
DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
# Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
@ -138,6 +138,9 @@ INSECURE='no'
# a new identity at every shutdown/boot
AMNESIC='no'
# Is this a dedicated gnusocial or postactiv instance?
SOCIALINSTANCE=
# Versions used for Arch/Parabola setup
MBR_VERSION='1.1.11'
@ -400,6 +403,10 @@ do
shift
PROJECT_REPO="$1"
;;
--social|--instance)
shift
SOCIALINSTANCE="$1"
;;
-m|--mirror)
shift
MIRROR="$1"
@ -443,6 +450,10 @@ do
image_setup "$1"
exit 0
;;
--local|--localname)
shift
LOCAL_NAME="$1"
;;
*)
# unknown option
;;
@ -546,6 +557,10 @@ if [[ $AMNESIC != 'no' ]]; then
IMAGE_NAME="${IMAGE_NAME}-amnesic"
fi
if [[ "$SOCIALINSTANCE" == "gnusocial" || "$SOCIALINSTANCE" == "postactiv" ]]; then
IMAGE_NAME="${IMAGE_NAME}-${SOCIALINSTANCE}"
fi
cd $TEMPBUILD_DIR
make $IMAGE_TYPE \
MYUSERNAME="$USERNAME" \
@ -580,7 +595,9 @@ make $IMAGE_TYPE \
VARIANT="$VARIANT" \
MINIMUM_PASSWORD_LENGTH="$MINIMUM_PASSWORD_LENGTH" \
INSECURE="$INSECURE" \
AMNESIC="$AMNESIC"
AMNESIC="$AMNESIC" \
SOCIALINSTANCE="$SOCIALINSTANCE" \
LOCAL_NAME="$LOCAL_NAME"
if [ ! "$?" = "0" ]; then
echo $'Build failed'

361
src/freedombone-image-customise
View File

@ -30,6 +30,7 @@ set -e
set -x
PROJECT_NAME='freedombone'
LOCAL_NAME=${PROJECT_NAME}
INSTALL_DIR=/root/build
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
@ -106,6 +107,9 @@ MESH_INSTALL_DIR=/var/lib
# a new identity at every shutdown/boot
AMNESIC='no'
# Whether this is a dedicated gnusocial or postactiv instance
SOCIALINSTANCE=
# defines the initial keyboard layout
KEYBOARD_MAP='gb'
@ -174,17 +178,21 @@ EOF
}
configure_networking() {
chroot "$rootdir" apt-get -yq install resolvconf
if [[ "$MACHINE" == "beaglebonewifi" ]]; then
# Allow networking over USB in order to configure the
# wifi login settings
echo 'auto lo' > $rootdir/etc/network/interfaces
echo 'iface lo inet loopback' >> $rootdir/etc/network/interfaces
echo '' >> $rootdir/etc/network/interfaces
echo 'iface usb0 inet static' >> $rootdir/etc/network/interfaces
echo ' address 192.168.7.2' >> $rootdir/etc/network/interfaces
echo ' netmask 255.255.255.252' >> $rootdir/etc/network/interfaces
echo ' network 192.168.7.0' >> $rootdir/etc/network/interfaces
echo ' gateway 192.168.7.1' >> $rootdir/etc/network/interfaces
echo '# This file describes the network interfaces available on your system' > $rootdir/etc/network/interfaces
echo '# and how to activate them. For more information, see interfaces(5).' >> $rootdir/etc/network/interfaces
echo 'source /etc/network/interfaces.d/*' >> $rootdir/etc/network/interfaces
echo 'iface usb0 inet static' >> $rootdir/etc/network/interfaces.d/usb
echo ' address 192.168.7.2' >> $rootdir/etc/network/interfaces.d/usb
echo ' netmask 255.255.255.252' >> $rootdir/etc/network/interfaces.d/usb
echo ' network 192.168.7.0' >> $rootdir/etc/network/interfaces.d/usb
echo ' gateway 192.168.7.1' >> $rootdir/etc/network/interfaces.d/usb
return
fi
@ -193,41 +201,15 @@ configure_networking() {
fi
if [[ $GENERIC_IMAGE == "no" ]]; then
echo "# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
echo '# This file describes the network interfaces available on your system' > $rootdir/etc/network/interfaces
echo '# and how to activate them. For more information, see interfaces(5).' >> $rootdir/etc/network/interfaces
echo 'source /etc/network/interfaces.d/*' >> $rootdir/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
echo "auto eth0
iface eth0 inet static
address $BOX_IP_ADDRESS
netmask 255.255.255.0
gateway $ROUTER_IP_ADDRESS
dns-nameservers $NAMESERVER1 $NAMESERVER2
# Example to keep MAC address between reboots
#hwaddress ether B5:A2:BE:3F:1A:FE
# The secondary network interface
#auto eth1
#iface eth1 inet dhcp
# WiFi Example
#auto wlan0
#iface wlan0 inet dhcp
# wpa-ssid \"essid\"
# wpa-psk \"password\"
# Ethernet/RNDIS gadget (g_ether)
# ... or on host side, usbnet and random hwaddr
# Note on some boards, usb0 is automaticly setup with an init script
#iface usb0 inet static
# address 192.168.7.2
# netmask 255.255.255.0
# network 192.168.7.0
# gateway 192.168.7.1" > $rootdir/etc/network/interfaces
gateway $ROUTER_IP_ADDRESS" > $rootdir/etc/network/interfaces.d/static
hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )
a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
@ -235,12 +217,20 @@ iface eth0 inet static
c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
sed -i "s|#hwaddress ether.*|hwaddress ether de:$a:$b:$c:$d:$e|g" \
$rootdir/etc/network/interfaces
echo "hwaddress ether de:$a:$b:$c:$d:$e" > $rootdir/etc/network/interfaces.d/macaddress
fi
sed -i "s/nameserver.*/nameserver $NAMESERVER1/g" $rootdir/etc/resolv.conf
sed -i "/nameserver $NAMESERVER1/a\nameserver $NAMESERVER2" $rootdir/etc/resolv.conf
# configure DNS
resolvconf=$rootdir/etc/resolvconf/resolv.conf.d/head
echo 'domain localdomain' > $resolvconf
echo 'search localdomain' >> $resolvconf
echo "nameserver $NAMESERVER1" >> $resolvconf
echo "nameserver $NAMESERVER2" >> $resolvconf
echo "nameserver $NAMESERVER3" >> $resolvconf
echo "nameserver $NAMESERVER4" >> $resolvconf
echo "nameserver $NAMESERVER5" >> $resolvconf
echo "nameserver $NAMESERVER6" >> $resolvconf
chroot "$rootdir" resolvconf -u
if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
# change the motd to show further install instructions
@ -274,11 +264,12 @@ following commands, then enter your details.
}
configure_ssh() {
if [[ $VARIANT == "mesh" || $VARIANT == "meshclient" || $VARIANT == "meshusb" ]]; then
if [[ $VARIANT == "mesh"* ]]; then
return
fi
sed -i "s/Port .*/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
sed -i "s/#Port ${SSH_PORT}/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
if [[ "$SSH_PUBKEY" != "no" ]]; then
if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then
@ -287,6 +278,7 @@ configure_ssh() {
echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys
chroot $rootdir /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
sed -i 's|#PasswordAuthentication no|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
echo $"Using ssh public key:"
echo $SSH_PUBKEY
echo $'Password ssh authentication turned off'
@ -307,7 +299,7 @@ create_generic_image() {
fi
# Don't install any configuration. This will be a base system
if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
if [[ $VARIANT != "mesh"* ]]; then
CONFIG_FILENAME=
else
touch $rootdir/root/.initial_mesh_setup
@ -387,56 +379,67 @@ EOF
echo " cd /root/${PROJECT_NAME}" >> $rootdir/root/.bashrc
echo " git stash" >> $rootdir/root/.bashrc
echo " git pull" >> $rootdir/root/.bashrc
echo " git checkout jessie" >> $rootdir/root/.bashrc
echo " git checkout stretch" >> $rootdir/root/.bashrc
echo " make install" >> $rootdir/root/.bashrc
if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
if [[ $ONION_ONLY == "no" ]]; then
if [[ $MINIMAL_INSTALL == "no" ]]; then
echo " ${PROJECT_NAME} menuconfig-full" >> $rootdir/root/.bashrc
else
echo " ${PROJECT_NAME} menuconfig" >> $rootdir/root/.bashrc
fi
if [[ $VARIANT != "mesh"* && $VARIANT != "usb" ]]; then
if [[ "$SOCIALINSTANCE" == "gnusocial" ]]; then
echo " ${PROJECT_NAME} menuconfig-gnusocial" >> $rootdir/root/.bashrc
else
echo " ${PROJECT_NAME} menuconfig-onion" >> $rootdir/root/.bashrc
if [[ "$SOCIALINSTANCE" == "postactiv" ]]; then
echo " ${PROJECT_NAME} menuconfig-postactiv" >> $rootdir/root/.bashrc
else
if [[ $ONION_ONLY == "no" ]]; then
if [[ $MINIMAL_INSTALL == "no" ]]; then
echo " ${PROJECT_NAME} menuconfig-full" >> $rootdir/root/.bashrc
else
echo " ${PROJECT_NAME} menuconfig" >> $rootdir/root/.bashrc
fi
else
echo " ${PROJECT_NAME} menuconfig-onion" >> $rootdir/root/.bashrc
fi
fi
fi
else
echo " echo ''" >> $rootdir/root/.bashrc
fi
echo ' if [ "$?" = "0" ]; then' >> $rootdir/root/.bashrc
echo " if [ -f ~/${PROJECT_NAME}-completed.txt ]; then" >> $rootdir/root/.bashrc
echo " # Check that the initial setup really did complete" >> $rootdir/root/.bashrc
echo " if grep -q 'tripwire' ~/${PROJECT_NAME}-completed.txt; then" >> $rootdir/root/.bashrc
# Remove the initial setup files
echo ' rm /root/.initial_setup' >> $rootdir/root/.bashrc
echo ' rm /home/fbone/.initial_setup' >> $rootdir/root/.bashrc
echo " touch /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
echo ' shred -zu ~/login.txt' >> $rootdir/root/.bashrc
if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
echo ' SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)' >> $rootdir/root/.bashrc
echo ' rm /root/.initial_setup' >> $rootdir/root/.bashrc
echo ' rm /home/fbone/.initial_setup' >> $rootdir/root/.bashrc
echo " touch /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
echo ' shred -zu ~/login.txt' >> $rootdir/root/.bashrc
if [[ $VARIANT != "mesh"* && $VARIANT != "usb" ]]; then
echo ' SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)' >> $rootdir/root/.bashrc
echo ' if [ ${#SSH_ONION_HOSTNAME} -lt 2 ]; then' >> $rootdir/root/.bashrc
echo ' exit 62392' >> $rootdir/root/.bashrc
echo ' fi' >> $rootdir/root/.bashrc
echo ' if [ ${#SSH_ONION_HOSTNAME} -lt 2 ]; then' >> $rootdir/root/.bashrc
echo ' exit 62392' >> $rootdir/root/.bashrc
echo ' fi' >> $rootdir/root/.bashrc
fi
echo " if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then" >> $rootdir/root/.bashrc
echo " echo '[Unit]' > /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'Description=WifiStartup (Start wifi networking)' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'After=syslog.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'After=network.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'After=remote-fs.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo '[Service]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'Type=simple' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'User=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'Group=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo '[Install]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " systemctl enable wifistart" >> $rootdir/root/.bashrc
echo " systemctl daemon-reload" >> $rootdir/root/.bashrc
echo " if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then" >> $rootdir/root/.bashrc
echo " echo '[Unit]' > /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'Description=WifiStartup (Start wifi networking)' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'After=syslog.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'After=network.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'After=remote-fs.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo '[Service]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'Type=simple' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'User=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'Group=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo '[Install]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
echo " systemctl enable wifistart" >> $rootdir/root/.bashrc
echo " systemctl daemon-reload" >> $rootdir/root/.bashrc
echo ' fi' >> $rootdir/root/.bashrc
echo ' systemctl reboot -i' >> $rootdir/root/.bashrc
echo ' fi' >> $rootdir/root/.bashrc
echo ' reboot' >> $rootdir/root/.bashrc
echo ' fi' >> $rootdir/root/.bashrc
echo ' else' >> $rootdir/root/.bashrc
echo ' key=' >> $rootdir/root/.bashrc
@ -526,15 +529,15 @@ BATMAN_CELLID='02:BA:00:00:03:01'
WIFI_SSID='mesh'
# To avoid confusions these are obtained from the main project file
TOXID_REPO=
TOX_PORT=
TOXCORE_REPO=
TOXIC_REPO=
TOXCORE_COMMIT=
TOXIC_COMMIT=
#TOXID_REPO=
#TOX_PORT=
#TOXCORE_REPO=
#TOXIC_REPO=
#TOXCORE_COMMIT=
#TOXIC_COMMIT=
# These are some default nodes, but you can replace them with trusted nodes
# as you prefer. See https://wiki.tox.im/Nodes
TOX_NODES=
#TOX_NODES=
#TOX_NODES=(
# '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
# '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
@ -559,7 +562,7 @@ INSTALL_DIR=$HOME/build
INSTALLING_MESH=
initialise_mesh() {
if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
if [[ $VARIANT != "mesh"* ]]; then
return
fi
if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then
@ -581,11 +584,13 @@ initialise_mesh() {
# install proprietary wifi drivers
# see https://wiki.debian.org/iwlwifi
chroot "$rootdir" apt-get -yq install firmware-iwlwifi firmware-b43-installer firmware-brcm80211
chroot "$rootdir" apt-get -yq install firmware-iwlwifi firmware-b43-installer firmware-brcm80211 firmware-realtek
fi
INSTALLING_MESH=1
chroot "$rootdir" apt-get -yq install apt-transport-https
configure_firewall
install_avahi
install_batman
@ -767,13 +772,13 @@ function configure_user_interface {
chroot "$rootdir" apt-get -yq install libtheora-bin libvorbis-dev v4l-utils
# a sane editor
chroot "$rootdir" apt-get -yq install emacs24
chroot "$rootdir" apt-get -yq install emacs
# for wifi monitoring
chroot "$rootdir" apt-get -yq install horst
# for sound level control
chroot "$rootdir" apt-get -yq install alsa-utils
chroot "$rootdir" apt-get -yq install alsa-utils pavucontrol
# to play various media types
chroot "$rootdir" apt-get -yq install vlc
@ -941,7 +946,7 @@ EOF
if [[ $VARIANT == "usb" ]]; then
# tor
chroot "$rootdir" apt-get -y install tor
chroot "$rootdir" apt-get -yq install tor
# xmpp client
chroot "$rootdir" echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list
@ -970,7 +975,16 @@ function image_install_inadyn {
mkdir -p $rootdir/root/build
fi
chroot "$rootdir" apt-get -yq install build-essential curl libgnutls28-dev automake1.11 libconfuse-dev
git clone $INADYN_REPO $rootdir/root/build/inadyn
if [ -d /repos/inadyn ]; then
mkdir $rootdir/root/build/inadyn
cp -r -p /repos/inadyn/. $rootdir/root/build/inadyn
cd $rootdir/root/build/inadyn
git pull
else
git clone $INADYN_REPO $rootdir/root/build/inadyn
fi
if [ ! -d $rootdir/root/build/inadyn ]; then
echo 'Failed to clone inadyn'
exit 728252
@ -1020,14 +1034,18 @@ function image_setup_utils {
if [ $INSTALLING_MESH ]; then
return
fi
chroot "$rootdir" apt-get -yq install nfs-kernel-server
chroot "$rootdir" apt-get -yq install apt-transport-https
chroot "$rootdir" apt-get -yq remove --purge apache2-bin*
chroot "$rootdir" apt-get -yq dist-upgrade
chroot "$rootdir" apt-get -yq install ca-certificates
chroot "$rootdir" apt-get -yq install apt-utils
if [[ $ARCHITECTURE == 'amd64' ]]; then
chroot "$rootdir" apt-get -yq install linux-image-amd64 -t jessie-backports
chroot "$rootdir" apt-get -yq install linux-image-amd64
fi
if [[ $ARCHITECTURE == 'qemu'* || $ARCHITECTURE == 'amd64' || $ARCHITECTURE == 'x86_64' || $ARCHITECTURE == 'i686' || $ARCHITECTURE == 'i386' ]]; then
chroot "$rootdir" apt-get -yq install grub2
chroot "$rootdir" apt-get -yq install grub2 lvm2 initramfs-tools
fi
chroot "$rootdir" apt-get -yq install locales locales-all debconf
@ -1047,11 +1065,6 @@ function image_setup_utils {
rm $rootdir/root/sysctl.conf
# all the packages
chroot "$rootdir" apt-get -yq install apt-transport-https
chroot "$rootdir" apt-get -yq remove --purge apache*
chroot "$rootdir" apt-get -yq dist-upgrade
chroot "$rootdir" apt-get -yq install ca-certificates
chroot "$rootdir" apt-get -yq install apt-utils
chroot "$rootdir" apt-get -yq install cryptsetup libgfshare-bin obnam sshpass wget avahi-daemon
chroot "$rootdir" apt-get -yq install avahi-utils avahi-discover connect-proxy openssh-server
chroot "$rootdir" apt-get -yq install sudo git dialog build-essential avahi-daemon avahi-utils
@ -1065,8 +1078,11 @@ function image_setup_utils {
# Tor and ssh over tor
chroot "$rootdir" apt-get -yq install tor connect-proxy
chroot "$rootdir" connect-proxy
sed -i 's|#Log notice file.*|Log notice file /dev/null|g' $rootdir/etc/tor/torrc
sed -i 's|Log notice file.*|Log notice file /dev/null|g' $rootdir/etc/tor/torrc
sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_DAY_GB GBytes|g" $rootdir/etc/tor/torrc
sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_DAY_GB GBytes|g" $rootdir/etc/tor/torrc
if ! grep -q 'Host *.onion' $rootdir/root/.ssh/config; then
if [ ! -d $rootdir/root/.ssh ]; then
mkdir $rootdir/root/.ssh
@ -1130,14 +1146,14 @@ function image_setup_utils {
chroot "$rootdir" cd /root/build/tomb && make install
echo "tomb commit:$TOMB_COMMIT" >> $rootdir/root/freedombone-completed.txt
if ! grep '* hard maxsyslogins' $rootdir/etc/security/limits.conf; then
if ! grep -q '* hard maxsyslogins' $rootdir/etc/security/limits.conf; then
echo '* hard maxsyslogins 10' >> $rootdir/etc/security/limits.conf
else
sed -i 's|hard maxsyslogins.*|hard maxsyslogins 10|g' $rootdir/etc/security/limits.conf
fi
# Max logins for each user
if ! grep '* hard maxlogins' $rootdir/etc/security/limits.conf; then
if ! grep -q '* hard maxlogins' $rootdir/etc/security/limits.conf; then
echo '* hard maxlogins 2' >> $rootdir/etc/security/limits.conf
else
sed -i 's|hard maxlogins.*|hard maxlogins 2|g' $rootdir/etc/security/limits.conf
@ -1147,9 +1163,7 @@ function image_setup_utils {
chroot "$rootdir" apt-get -yq remove postfix
chroot "$rootdir" apt-get -yq install exim4 exim4-daemon-heavy sasl2-bin swaks libnet-ssleay-perl procmail
chroot "$rootdir" apt-get -yq install spamassassin
#chroot "$rootdir" apt-get -yq install dovecot-core dovecot-imapd
# TODO generate certs for exim and dovecot if needed on first boot
chroot "$rootdir" apt-get -yq install dovecot-imapd
#backup
chroot "$rootdir" apt-get -yq install obnam gnupg
@ -1166,7 +1180,7 @@ function image_setup_utils {
echo "gpgit commit:$GPGIT_COMMIT" >> $rootdir/root/freedombone-completed.txt
# email client
chroot "$rootdir" apt-get -yq install mutt-patched lynx abook urlview
chroot "$rootdir" apt-get -yq install lynx abook urlview mutt
git clone $CLEANUP_MAILDIR_REPO $rootdir/root/build/cleanup-maildir
cd $rootdir/root/build/cleanup-maildir
@ -1176,7 +1190,7 @@ function image_setup_utils {
# web server
chroot "$rootdir" apt-get -yq remove --purge apache2
chroot "$rootdir" apt-get -yq install nginx php5-fpm
chroot "$rootdir" apt-get -yq install nginx php-fpm
git clone $NGINX_ENSITE_REPO $rootdir/root/build/nginx_ensite
cd $rootdir/root/build/nginx_ensite
git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT
@ -1190,24 +1204,79 @@ function image_setup_utils {
fi
chroot "$rootdir" apt-get -yq install tripwire
# mirroring
# cmake
# filesystem optimisations
#sed -i 's|btrfs subvol=@|btrfs defaults,subvol=@,compress=lzo,ssd|g' $rootdir/etc/fstab
}
function image_install_nodejs {
if [ $INSTALLING_MESH ]; then
mesh_install_nodejs
#echo 'install_nodejs' >> ${rootdir}/root/${PROJECT_NAME}-completed.txt
}
function image_preinstall_repos {
if [[ $VARIANT == "mesh"* ]]; then
return
fi
chroot "$rootdir" apt-get -yq install nodejs
chroot "$rootdir" apt-get -yq install npm curl
if [ ! -f $rootdir/usr/bin/nodejs ]; then
echo $'nodejs was not installed'
exit 63962
if [ ! -d $rootdir/repos ]; then
mkdir $rootdir/repos
fi
}
git clone $CMAKE_REPO $rootdir/repos/cmake
git clone $INADYN_REPO $rootdir/repos/inadyn
git clone $TOMB_REPO $rootdir/repos/tomb
if [[ $SOCIALINSTANCE == "gnusocial" ]]; then
git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
git clone $PLEROMA_REPO $rootdir/repos/pleroma
return
fi
if [[ $SOCIALINSTANCE == "postactiv" ]]; then
git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
git clone $PLEROMA_REPO $rootdir/repos/pleroma
git clone $POSTACTIV_REPO $rootdir/repos/postactiv
return
fi
git clone $CRYPTPAD_REPO $rootdir/repos/cryptpad
git clone $DOKUWIKI_REPO $rootdir/repos/dokuwiki
git clone $ETHERPAD_REPO $rootdir/repos/etherpad
git clone $FRIENDICA_REPO $rootdir/repos/friendica
git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
git clone $PLEROMA_REPO $rootdir/repos/pleroma
git clone $POSTACTIV_REPO $rootdir/repos/postactiv
git clone $SHARINGS_REPO $rootdir/repos/sharings
git clone $HTMLY_REPO $rootdir/repos/htmly
git clone $HUBZILLA_REPO $rootdir/repos/hubzilla
git clone $HUBZILLA_ADDONS_REPO $rootdir/repos/hubzilla-addons
git clone $KOEL_REPO $rootdir/repos/koel
#git clone $LIBREVAULT_REPO $rootdir/repos/librevault
git clone $LYCHEE_REPO $rootdir/repos/lychee
git clone $MAILPILE_REPO $rootdir/repos/mailpile
git clone $MATRIX_REPO $rootdir/repos/matrix
git clone $MEDIAGOBLIN_REPO $rootdir/repos/mediagoblin
#git clone $MOVIM_REPO $rootdir/repos/movim
git clone $NEXTCLOUD_REPO $rootdir/repos/nextcloud
git clone $PIHOLE_REPO $rootdir/repos/pihole
git clone $PROFANITY_REPO $rootdir/repos/profanity
git clone $LIBMESODE_REPO $rootdir/repos/libmesode
git clone $PROFANITY_OMEMO_PLUGIN_REPO $rootdir/repos/profanity-omemo
git clone $RSS_READER_REPO $rootdir/repos/rss
git clone $RSS_MOBILE_READER_REPO $rootdir/repos/rss-mobile
git clone $SEARX_REPO $rootdir/repos/searx
git clone $TOXCORE_REPO $rootdir/repos/toxcore
git clone $TOXID_REPO $rootdir/repos/toxid
git clone $TOXIC_REPO $rootdir/repos/toxic
git clone $TURTL_REPO $rootdir/repos/turtl
#git clone $ZERONET_REPO $rootdir/repos/zeronet
#git clone $QTOX_REPO $rootdir/repos/qtox
}
##############################################################################
@ -1248,7 +1317,7 @@ if [ ! $DEBIAN_REPO ]; then
DEBIAN_REPO='ftp.de.debian.org'
fi
if [ ! $DEBIAN_VERSION ]; then
DEBIAN_VERSION='jessie'
DEBIAN_VERSION='stretch'
fi
set_apt_sources $BUILD_MIRROR
@ -1277,7 +1346,7 @@ if [ -n "$CUSTOM_SETUP" ]; then
chroot "$rootdir" gdebi -n /tmp/"$(basename $CUSTOM_SETUP)"
fi
if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "mesh" ]]; then
if [[ $VARIANT != "mesh"* ]]; then
chroot "$rootdir" apt-get install -y openssh-server
fi
chroot "$rootdir" apt-get install -y sudo git dialog build-essential
@ -1287,17 +1356,50 @@ chroot "$rootdir" apt-get install -y libnss-mdns libnss-myhostname libnss-gw-nam
chroot "$rootdir" apt-get install -y locales locales-all debconf wireless-tools wpasupplicant usbutils
if [[ $ARCHITECTURE == 'qemu'* || $ARCHITECTURE == 'i386' || $ARCHITECTURE == 'i686' || $ARCHITECTURE == 'amd64' || $ARCHITECTURE == 'x86_64' ]]; then
chroot "$rootdir" apt-get install -y cryptsetup zsh pinentry-curses iotop bc
chroot "$rootdir" apt-get install -y grub2 hostapd
chroot "$rootdir" apt-get install -y grub2 hostapd lvm2 initramfs-tools
fi
sed -i "s|#host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
sed -i "s|host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
sed -i "s|#host-name=.*|host-name=${LOCAL_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
sed -i "s|host-name=.*|host-name=${LOCAL_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
sed -i "s|use-ipv4=.*|use-ipv4=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
sed -i "s|use-ipv6=.*|use-ipv6=no|g" $rootdir/etc/avahi/avahi-daemon.conf
sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" $rootdir/etc/nsswitch.conf
# Add an ssh avahi service
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/ssh.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/ssh.service
echo '<service-group>' >> $rootdir/etc/avahi/services/ssh.service
echo ' <name replace-wildcards="yes">%h SSH</name>' >> $rootdir/etc/avahi/services/ssh.service
echo ' <service>' >> $rootdir/etc/avahi/services/ssh.service
echo ' <type>_ssh._tcp</type>' >> $rootdir/etc/avahi/services/ssh.service
echo " <port>$SSH_PORT</port>" >> $rootdir/etc/avahi/services/ssh.service
echo ' </service>' >> $rootdir/etc/avahi/services/ssh.service
echo '</service-group>' >> $rootdir/etc/avahi/services/ssh.service
# Ensure that the avahi daemon keeps running
WATCHDOG_SCRIPT_NAME="keepon"
echo '#!/bin/bash' > $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'LOGFILE=/var/log/keepon.log' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'CURRENT_DATE=$(date)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo "# keep avahi-daemon daemon running" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo "RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'if [ ! $RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo " systemctl start avahi-daemon" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo " echo \"avahi-daemon daemon restarted\" >> \$LOGFILE" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo "# End of avahi-daemon" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo "*/1 * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> $rootdir/etc/crontab
chroot "$rootdir" /bin/bash -x <<EOF
git clone $PROJECT_REPO /root/$PROJECT_NAME
cd /root/$PROJECT_NAME
git checkout jessie
git checkout stretch
make install
cp image_build/bbb-4.9.0.tar.gz /boot/bbb.tar.gz
EOF
chroot "$rootdir" ${PROJECT_NAME}-image-hardware-setup 2>&1 | \
@ -1308,7 +1410,11 @@ rm $rootdir/usr/sbin/policy-rc.d
# Set up HRNG for systems known to have one
# Otherwise install haveged
if [[ "$MACHINE" != "beaglebone"* ]]; then
chroot $rootdir apt-get -yq install haveged
# With some VMs, the hardware cycles counter is emulated and deterministic,
# and thus predictible, so havege should not be used
if [[ "$MACHINE" != "qemu"* ]]; then
chroot $rootdir apt-get -yq install haveged
fi
else
chroot $rootdir apt-get -yq install rng-tools
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools
@ -1356,6 +1462,7 @@ configure_user_interface
image_setup_utils
image_install_inadyn
image_install_nodejs
image_preinstall_repos
# remove downloaded packages
chroot $rootdir apt-get -y autoremove

67
src/freedombone-image-hardware-setup
View File

@ -56,14 +56,9 @@ beaglebone_setup_boot() {
initRd=initrd.img-$version
vmlinuz=vmlinuz-$version
bbb_loadaddr='0x80200000'
bbb_initrd_addr='0x81000000'
bbb_fdtaddr='0x80F80000'
if [[ "$bbb_version" == "wireless" ]]; then
bbb_loadaddr='0x82000000'
bbb_initrd_addr='0x88080000'
bbb_fdtaddr='0x88000000'
fi
bbb_loadaddr='0x82000000'
bbb_initrd_addr='0x88080000'
bbb_fdtaddr='0x88000000'
# uEnv.txt for Beaglebone
# based on https://github.com/beagleboard/image-builder/blob/master/target/boot/beagleboard.org.txt
@ -89,7 +84,7 @@ loadinitrd=load mmc \${mmcdev}:\${mmcpart} \${initrd_addr} \${initrd_file}; sete
loadfdt=load mmc \${mmcdev}:\${mmcpart} \${fdtaddr} /dtbs/\${fdtfile}
loadfiles=run loadkernel; run loadinitrd; run loadfdt
mmcargs=setenv bootargs console=tty0 console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags}
mmcargs=setenv bootargs init=/lib/systemd/systemd console=tty0 console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags} ifnames=0 slub_debug=FZP slab_nomerge page_poison=1
uenvcmd=run loadfiles; run mmcargs; bootz \${loadaddr} \${initrd_addr}:\${initrd_size} \${fdtaddr}
EOF
@ -123,15 +118,29 @@ beaglebone_repack_kernel() {
echo "info: repacking beaglebone kernel and initrd"
if [ ! $bbb_version ]; then
kernelVersion=$(ls /usr/lib/*/am335x-boneblack.dtb | head -1 | cut -d/ -f4)
else
kernelVersion=$(ls /usr/lib/*/am335x-boneblack-${1}.dtb | head -1 | cut -d/ -f4)
bbb_dtb='am335x-boneblack'
if [ $bbb_version ]; then
bbb_dtb="am335x-boneblack-${bbb_version}"
fi
kernelVersion=$(ls /usr/lib/*/${bbb_dtb}.dtb | head -1 | cut -d/ -f4)
version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
initRd=initrd.img-$version
vmlinuz=vmlinuz-$version
# optionally use a separately compiled kernel
bbb_dtb_file=/usr/lib/$kernelVersion/${bbb_dtb}.dtb
#if [ -f /boot/bbb.tar.gz ]; then
# cd /boot
# tar -xzvf /boot/bbb.tar.gz
# if [ -f /boot/bbb/dtbs/${bbb_dtb}.dtb ]; then
# if [ -f /boot/bbb/zImage ]; then
# bbb_dtb_file=/boot/bbb/dtbs/${bbb_dtb}.dtb
# vmlinuz=/boot/bbb/zImage
# fi
# fi
#fi
mkdir /tmp/initrd-repack
(cd /tmp/initrd-repack ; \
@ -142,27 +151,15 @@ beaglebone_repack_kernel() {
rm -rf /tmp/initrd-repack
if [ ! $bbb_version ]; then
(cd /boot ; \
cp /usr/lib/$kernelVersion/am335x-boneblack.dtb dtb ; \
cat $vmlinuz dtb >> temp-kernel ; \
mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
-C none -a 0x80200000 -e 0x80200000 -d temp-kernel uImage ; \
rm -f temp-kernel ; \
mkimage -A arm -O linux -T ramdisk -C gzip -a 0x81000000 -e 0x81000000 \
-n "Debian ramdisk ${version}" \
-d $initRd uInitrd )
else
(cd /boot ; \
cp /usr/lib/$kernelVersion/am335x-boneblack-${bbb_version}.dtb dtb ; \
cat $vmlinuz dtb >> temp-kernel ; \
mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
-C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
rm -f temp-kernel ; \
mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
-n "Debian ramdisk ${version}" \
-d $initRd uInitrd )
fi
(cd /boot ; \
cp ${bbb_dtb_file} dtb ; \
cat $vmlinuz dtb >> temp-kernel ; \
mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
-C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
rm -f temp-kernel ; \
mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
-n "Debian ramdisk ${version}" \
-d $initRd uInitrd )
}
a20_setup_boot() {
@ -206,7 +203,7 @@ setenv loadinitrd load mmc \${mmcdev}:\${mmcpart} \${initrd_addr} \${initrd_file
setenv loadfdt load mmc \${mmcdev}:\${mmcpart} \${fdtaddr} /dtbs/\${fdtfile}
setenv loadfiles run loadkernel\\; run loadinitrd\\; run loadfdt
setenv mmcargs setenv bootargs console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags}
setenv mmcargs setenv bootargs init=/lib/systemd/systemd console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags} ifnames=0 slub_debug=FZP slab_nomerge page_poison=1
run loadfiles; run mmcargs; bootz \${loadaddr} \${initrd_addr}:\${initrd_size} \${fdtaddr}
EOF

6
src/freedombone-image-make
View File

@ -77,6 +77,8 @@ export VARIANT
export MINIMUM_PASSWORD_LENGTH
export INSECURE
export AMNESIC
export SOCIALINSTANCE
export LOCAL_NAME
# Locate vmdebootstrap program fetched in Makefile
basedir=`pwd`
@ -90,7 +92,7 @@ fi
# Packages to install in all Freedombone environments
base_pkgs="apt base-files ifupdown initramfs-tools \
logrotate module-init-tools netbase rsyslog udev debian-archive-keyring"
logrotate kmod netbase rsyslog udev debian-archive-keyring"
# Packages needed on the beaglebone
beaglebone_pkgs="linux-image-armmp u-boot-tools u-boot"
@ -241,6 +243,8 @@ sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" $TEMP_CUSTOMISE3
sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" $TEMP_CUSTOMISE3
sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" $TEMP_CUSTOMISE3
sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" $TEMP_CUSTOMISE3
sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" $TEMP_CUSTOMISE3
sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" $TEMP_CUSTOMISE3
sed -i 's|#!/bin/bash||g' $TEMP_CUSTOMISE3
cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4

2
src/freedombone-image-makefile
View File

@ -31,7 +31,7 @@ MIRROR ?= http://httpredir.debian.org/debian
BUILD_MIRROR ?= http://httpredir.debian.org/debian
IMAGE_SIZE ?= 8G
IMAGE_NAME ?= 'full'
SUITE ?= jessie
SUITE ?= stretch
# include source packages in image?
SOURCE ?= false

18
src/freedombone-image-mesh
View File

@ -42,8 +42,6 @@ INSTALL_LOG=/var/log/${PROJECT_NAME}.log
DEFAULT_USERNAME=fbone
GO_VERSION=1.7
TOX_NODES=
#TOX_NODES=(
# '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
@ -74,6 +72,14 @@ IPFS_PORT=4001
CURRENT_BLOG_INDEX=/home/$MY_USERNAME/.blog-index
# Debian stretch has a problem where the formerly predictable wlan0 and eth0
# device names get assigned random names. This is a hacky workaround.
# Also adding net.ifnames=0 to kernel options on bootloader may work.
function enable_predictable_device_names {
ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules
update-initramfs -u
}
function create_avahi_mesh_service {
service_name=$1
service_type=$2
@ -112,7 +118,7 @@ function create_ram_disk {
function make_root_read_only {
if [ ! -d /home/$MY_USERNAME/Desktop ]; then
if ! grep 'ro,subvol=@' /etc/fstab; then
if ! grep -q 'ro,subvol=@' /etc/fstab; then
sed -i 's|subvol=@|ro,subvol=@|g' /etc/fstab
echo $'Root filesystem set to read only' >> $INSTALL_LOG
fi
@ -591,6 +597,7 @@ if [ -f $MESH_INSTALL_SETUP ]; then
#tomb slam all
tmp_ram_disk 100
enable_predictable_device_names
enable_batman_daemon
#create_ram_disk 1
#setup_amnesic_data
@ -625,7 +632,10 @@ if [ -f $MESH_INSTALL_SETUP ]; then
rm /usr/share/images/desktop-base/desktop-background
ln -s /usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png /usr/share/images/desktop-base/desktop-background
fi
reboot
if [ -f /etc/default/grub ]; then
update-grub
fi
systemctl reboot -i
fi
fi

198
src/freedombone-keydrive
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -50,37 +50,41 @@ function show_help {
while [[ $# > 1 ]]
do
key="$1"
key="$1"
case $key in
-h|--help)
show_help
;;
-u|--user)
case $key in
-h|--help)
show_help
;;
-u|--user)
shift
MY_USERNAME="$1"
;;
-d|--dev)
shift
if [[ "${1}" != '/dev/'* ]]; then
USB_DRIVE=/dev/${1}1
else
USB_DRIVE=${1}
fi
;;
-m|--master)
shift
MASTER_DRIVE="$1"
;;
-n|--fragments)
shift
KEY_FRAGMENTS=$1
;;
-f|--format)
shift
FORMAT="yes"
;;
*)
# unknown option
;;
esac
shift
MY_USERNAME="$1"
;;
-d|--dev)
shift
USB_DRIVE=/dev/${1}1
;;
-m|--master)
shift
MASTER_DRIVE="$1"
;;
-n|--fragments)
shift
KEY_FRAGMENTS=$1
;;
-f|--format)
shift
FORMAT="yes"
;;
*)
# unknown option
;;
esac
shift
done
if [ ! $MY_USERNAME ]; then
@ -94,68 +98,118 @@ if [ ! -d /home/$MY_USERNAME ]; then
fi
if [ ! -b $USB_DRIVE ]; then
echo $'Please attach a USB drive'
exit 65743
echo $'Please attach a USB drive'
exit 65743
fi
umount -f $USB_MOUNT
if [ ! -d $USB_MOUNT ]; then
mkdir $USB_MOUNT
mkdir $USB_MOUNT
fi
if [ -f /dev/mapper/encrypted_usb ]; then
rm -rf /dev/mapper/encrypted_usb
rm -rf /dev/mapper/encrypted_usb
fi
cryptsetup luksClose encrypted_usb
# optionally format the drive
if [[ $FORMAT == "yes" ]]; then
${PROJECT_NAME}-format ${USB_DRIVE::-1}
if [ ! "$?" = "0" ]; then
exit 36823
fi
${PROJECT_NAME}-format ${USB_DRIVE::-1}
if [ ! "$?" = "0" ]; then
exit 36823
fi
fi
cryptsetup luksOpen $USB_DRIVE encrypted_usb
if [ "$?" = "0" ]; then
USB_DRIVE=/dev/mapper/encrypted_usb
USB_DRIVE=/dev/mapper/encrypted_usb
fi
mount $USB_DRIVE $USB_MOUNT
if [ ! "$?" = "0" ]; then
echo $"There was a problem mounting the USB drive to $USB_MOUNT"
rm -rf $USB_MOUNT
exit 78543
echo $"There was a problem mounting the USB drive to $USB_MOUNT"
rm -rf $USB_MOUNT
exit 78543
fi
# optionally create a master drive which contains the full GPG keyring
if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]]; then
if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
echo $"No .gnupg directory was found for $MY_USERNAME"
umount -f $USB_MOUNT
rm -rf $USB_MOUNT
exit 73025
fi
cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
if [ -d /etc/letsencrypt ]; then
cp -rf /etc/letsencrypt $USB_MOUNT
echo $"LetsEncrypt keys copied to $USB_DRIVE"
fi
if [ -d $USB_MOUNT/.gnupg ]; then
echo $"GPG Keyring copied to $USB_DRIVE. You may now remove the drive."
else
echo $"Unable to copy gpg keyring to $USB_DRIVE"
fi
umount -f $USB_MOUNT
rm -rf $USB_MOUNT
exit 0
if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
echo $"No .gnupg directory was found for $MY_USERNAME"
umount -f $USB_MOUNT
rm -rf $USB_MOUNT
exit 73025
fi
# export the gpg key and backup key as text
# so that it may be imported at the beginning of new installs
GPG_TTY=$(tty)
export GPG_TTY
USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
gpgerrstr=$'error'
gpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_ID)
if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
echo $'Problem exporting public gpg key'
echo "$gpgkey"
exit 735282
fi
echo ''
echo $'Enter your gpg private key passphrase:'
gpgprivkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_ID)
if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
echo $'Problem exporting private gpg key'
echo "$gpgprivkey"
gpgprivkey=
exit 629362
fi
# Dummy password to get around not being able to create a key without passphrase
BACKUP_DUMMY_PASSWORD='backup'
backupgpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_BACKUP_ID)
if [[ "$backupgpgkey" == *"$gpgerrstr"* ]]; then
echo $'Problem exporting public gpg backup key'
echo "$backupgpgkey"
exit 735282
fi
backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_BACKUP_ID)
if [[ "$backupgpgprivkey" == *"$gpgerrstr"* ]]; then
echo $'Problem exporting private gpg backup key'
echo "$backupgpgprivkey"
backupgpgprivkey=
exit 629362
fi
echo "$gpgkey" > $USB_MOUNT/.mastergpgkey
echo "$gpgprivkey" >> $USB_MOUNT/.mastergpgkey
echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
if [ -d /etc/letsencrypt ]; then
cp -rf /etc/letsencrypt $USB_MOUNT
echo $"LetsEncrypt keys copied to $USB_DRIVE"
fi
if [ -d $USB_MOUNT/.gnupg ]; then
echo $"GPG Keyring copied to $USB_DRIVE. You may now remove the drive."
else
echo $"Unable to copy gpg keyring to $USB_DRIVE"
fi
umount -f $USB_MOUNT
rm -rf $USB_MOUNT
exit 0
fi
# Don't use the USB drive if it already contains a full keyring
if [ -d $USB_MOUNT/.gnupg ]; then
echo $'A full GPG keyring already exists on the USB drive.'
echo $'Either reformat the USB drive or use a different drive.'
umount -f $USB_MOUNT
rm -rf $USB_MOUNT
exit 3392
echo $'A full GPG keyring already exists on the USB drive.'
echo $'Either reformat the USB drive or use a different drive.'
umount -f $USB_MOUNT
rm -rf $USB_MOUNT
exit 3392
fi
# Append the username as a subdirectory.
@ -167,14 +221,14 @@ FRAGMENTS_DIR=$FRAGMENTS_DIR/$MY_USERNAME
# make a directory to contain the fragments
if [ ! -d $FRAGMENTS_DIR ]; then
mkdir -p $FRAGMENTS_DIR
echo $"Made directory $FRAGMENTS_DIR"
mkdir -p $FRAGMENTS_DIR
echo $"Made directory $FRAGMENTS_DIR"
fi
if [ ! -d $FRAGMENTS_DIR ]; then
echo $"There was a problem making the directory $FRAGMENTS_DIR"
umount -f $USB_MOUNT
rm -rf $USB_MOUNT
exit 6843
echo $"There was a problem making the directory $FRAGMENTS_DIR"
umount -f $USB_MOUNT
rm -rf $USB_MOUNT
exit 6843
fi
cd $FRAGMENTS_DIR

180
src/freedombone-logging
View File

@ -35,6 +35,53 @@ export TEXTDOMAINDIR="/usr/share/locale"
WEBSERVER_LOG_LEVEL='warn'
# Shredding could be used here, but especially on microSD
# or SSD it's debatable how useful shredding really is.
# Also the shred command can be very slow on Beaglebone Black
REMOVE_FILES_COMMAND='rm -rf'
APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
for f in $APP_FILES
do
source $f
done
APPS_AVAILABLE=()
function logging_get_app_names {
FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
for filename in $FILES
do
app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
if grep -q "logging_on_" ${filename}; then
if grep -q "logging_off_" ${filename}; then
APPS_AVAILABLE+=("${app_name}")
fi
fi
done
}
function turn_logging_on {
logging_get_app_names
for a in "${APPS_AVAILABLE[@]}"
do
echo $"Turning on logging for ${a}"
logging_on_${a}
done
}
function turn_logging_off {
logging_get_app_names
for a in "${APPS_AVAILABLE[@]}"
do
echo $"Turning off logging for ${a}"
logging_off_${a}
done
}
function turn_off_rsys_logging {
sed -i 's|mail,news.none.*|mail,news.none /dev/null|g' /etc/rsyslog.conf
sed -i 's|auth,authpriv.\*.*|auth,authpriv.\* /dev/null|g' /etc/rsyslog.conf
@ -48,14 +95,14 @@ function turn_off_rsys_logging {
sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none /dev/null|g' /etc/rsyslog.conf
sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
sed -i 's|cron.\*.*|cron.\* /dev/null|g' /etc/rsyslog.conf
shred -zu /var/log/wtmp*
shred -zu /var/log/debug*
shred -zu /var/log/cron.*
shred -zu /var/log/auth.*
shred -zu /var/log/mail.*
shred -zu /var/log/daemon.*
shred -zu /var/log/user.*
shred -zu /var/log/messages*
$REMOVE_FILES_COMMAND /var/log/wtmp*
$REMOVE_FILES_COMMAND /var/log/debug*
$REMOVE_FILES_COMMAND /var/log/cron.*
$REMOVE_FILES_COMMAND /var/log/auth.*
$REMOVE_FILES_COMMAND /var/log/mail.*
$REMOVE_FILES_COMMAND /var/log/daemon.*
$REMOVE_FILES_COMMAND /var/log/user.*
$REMOVE_FILES_COMMAND /var/log/messages*
}
function turn_on_rsys_logging {
@ -78,29 +125,26 @@ if [ ! "$1" ]; then
fi
if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
if [ -f /var/lib/matrix/homeserver.yaml ]; then
sed -i 's|log_file:.*|log_file: /etc/matrix/homeserver.log|g' /var/lib/matrix/homeserver.yaml
if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
fi
fi
turn_logging_on
if [ -f /etc/fail2ban/fail2ban.conf ]; then
sed -i 's|loglevel.*|loglevel = 3|g' /etc/fail2ban/fail2ban.conf
sed -i 's|logtarget.*|logtarget = /var/log/fail2ban.log|g' /etc/fail2ban/fail2ban.conf
fi
if [ -d /etc/tor ]; then
if [ ! -f /var/log/tor.log ]; then
touch /var/log/tor.log
chown debian-tor:debian-tor /var/log/tor.log
if [ ! -d /var/log/tor ]; then
mkdir /var/log/tor
chown -R debian-tor:adm /var/log/tor
fi
sed -i 's|#Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc
sed -i 's|Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc
if [ ! -f /var/log/tor/notices.log ]; then
touch /var/log/tor/notices.log
chown debian-tor:adm /var/log/tor/notices.log
fi
sed -i 's|#Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
sed -i 's|Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
fi
if [ -f /etc/mumble-server.ini ]; then
sed -i 's|logfile=.*|logfile=/var/log/mumble-server.log|g' /etc/mumble-server.ini
fi
if [ -f /etc/php5/fpm/php-fpm.conf ]; then
sed -i 's|error_log =.*|error_log = /var/log/php5-fpm.log|g' /etc/php5/fpm/php-fpm.conf
if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
sed -i 's|error_log =.*|error_log = /var/log/php-fpm.log|g' /etc/php/7.0/fpm/php-fpm.conf
fi
if [ -d /etc/nginx ]; then
if [ ! -d /var/log/nginx ]; then
@ -117,15 +161,6 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
if [ -f /etc/init.d/spamassassin ]; then
sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
fi
if [ -d /etc/prosody ]; then
if [ ! -d /var/log/prosody ]; then
mkdir /var/log/prosody
chown root:adm /var/log/prosody
fi
sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "error" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua
fi
if [ -d /etc/exim4 ]; then
if [ ! -d /var/log/exim4 ]; then
mkdir /var/log/exim4
@ -149,40 +184,19 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
fi
turn_on_rsys_logging
else
if [ -f /var/lib/matrix/homeserver.yaml ]; then
sed -i 's|log_file:.*|log_file: /dev/null|g' /var/lib/matrix/homeserver.yaml
if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
fi
if [ -f /etc/matrix/homeserver.log ]; then
shred -zu /etc/matrix/homeserver.log
fi
if [ -f /etc/matrix/homeserver.log.1 ]; then
shred -zu /etc/matrix/homeserver.log.1
fi
fi
turn_logging_off
if [ -d /etc/tor ]; then
sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
if [ -d /var/log/tor ]; then
shred -zu /var/log/tor/*
rm -rf /var/log/tor
fi
fi
if [ -f /etc/mumble-server.ini ]; then
sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
if [ -d /var/log/mumble-server ]; then
shred -zu /var/log/mumble-server/*
rm -rf /var/log/mumble-server
fi
fi
if [ -d /var/log/radicale ]; then
shred -zu /var/log/radicale/*
$REMOVE_FILES_COMMAND /var/log/radicale/*
rm -rf /var/log/radicale
fi
if [ -f /etc/php5/fpm/php-fpm.conf ]; then
sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php5/fpm/php-fpm.conf
shred -zu /var/log/php5-fpm.*
if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php/7.0/fpm/php-fpm.conf
$REMOVE_FILES_COMMAND /var/log/php-fpm.*
fi
if [ -d /etc/nginx ]; then
for filename in /etc/nginx/sites-available/* ; do
@ -192,40 +206,33 @@ else
done
sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
shred -zu /var/log/nginx/*
$REMOVE_FILES_COMMAND /var/log/nginx/*
fi
if [ -f /etc/init.d/spamassassin ]; then
sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
fi
if [ -d /etc/prosody ]; then
sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
shred -zu /var/log/prosody/*
rm -rf /var/log/prosody
fi
if [ -d /etc/exim4 ]; then
sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/exim4.conf.template
sed -i 's|log_selector =.*|log_selector = -all|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
shred -zu /var/log/exim4/*
$REMOVE_FILES_COMMAND /var/log/exim4/*
fi
if [ -f /etc/dovecot/dovecot.conf ]; then
sed -i 's|log_path =.*|log_path = /dev/null|g' /etc/dovecot/dovecot.conf
sed -i 's|info_log_path =.*|info_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
sed -i 's|debug_log_path =.*|debug_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
shred -zu /var/log/mail.*
shred -zu /var/log/dovecot*
$REMOVE_FILES_COMMAND /var/log/mail.*
$REMOVE_FILES_COMMAND /var/log/dovecot*
fi
if [ -d /etc/mysql ]; then
if [ -d /var/log/mysql ]; then
shred -zu /var/log/mysql/*
$REMOVE_FILES_COMMAND /var/log/mysql/*
fi
if [ -f /var/log/mysql.err ]; then
shred -zu /var/log/mysql.err
$REMOVE_FILES_COMMAND /var/log/mysql.err
fi
if [ -f /var/log/mysql.log ]; then
shred -zu /var/log/mysql.log
$REMOVE_FILES_COMMAND /var/log/mysql.log
fi
if [ -f /etc/mysql/my.cnf ]; then
sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
@ -234,11 +241,26 @@ else
if [ -f /etc/fail2ban/fail2ban.conf ]; then
sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf
sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf
shred -zu /var/log/fail2ban.*
$REMOVE_FILES_COMMAND /var/log/fail2ban.*
fi
turn_off_rsys_logging
fi
if [ -d /etc/exim4 ]; then
update-exim4.conf.template -r
update-exim4.conf
dpkg-reconfigure --frontend noninteractive exim4-config
fi
if [[ "$2" == "--reboot"* || "$2" == "--restart"* ]]; then
# if we are rebooting anyway then there is no need to
# restart the daemons
exit 0
fi
if [ -d /etc/exim4 ]; then
systemctl restart exim4
fi
systemctl restart syslog
if [ -d /etc/tor ]; then
if [[ "$2" != "--onion" ]]; then
@ -246,7 +268,7 @@ if [ -d /etc/tor ]; then
fi
fi
if [ -d /etc/nginx ]; then
systemctl restart php5-fpm
systemctl restart php7.0-fpm
systemctl restart nginx
fi
if [ -f /etc/init.d/spamassassin ]; then
@ -255,12 +277,6 @@ fi
if [ -d /etc/prosody ]; then
systemctl restart prosody
fi
if [ -d /etc/exim4 ]; then
update-exim4.conf.template -r
update-exim4.conf
dpkg-reconfigure --frontend noninteractive exim4-config
systemctl restart exim4
fi
if [ -d /etc/dovecot ]; then
systemctl restart dovecot
fi

39
src/freedombone-mesh
View File

@ -42,7 +42,7 @@ DHTNODES=/usr/share/toxic/DHTnodes
PEERS_FILE=/tmp/meshpeers.txt
TOX_PORT=33445
TOXCORE_REPO='git://github.com/irungentoo/toxcore.git'
TOXCORE_REPO='https://github.com/irungentoo/toxcore'
TOXCORE_COMMIT=
# obtain tox values from main install
if grep -q "TOX_PORT=" $CONFIG_FILE; then
@ -71,7 +71,7 @@ function install_toxcore {
sudo apt-get -yq install build-essential libtool autotools-dev
sudo apt-get -yq install automake checkinstall check git yasm
sudo apt-get -yq install libsodium13 libsodium-dev libcap2-bin
sudo apt-get -yq install libsodium18 libsodium-dev libcap2-bin
sudo apt-get -yq install libconfig9 libconfig-dev
if [ ! -d ~/develop ]; then
@ -121,28 +121,21 @@ function install_toxcore {
sudo cp /tmp/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
rm /tmp/tox-bootstrapd.conf
if [ -f /bin/systemctl ]; then
if [ ! -f ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
echo $"File not found ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
exit 7359
fi
sudo cp ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable tox-bootstrapd.service
sudo systemctl start tox-bootstrapd.service
if [ ! "$?" = "0" ]; then
sudo systemctl status tox-bootstrapd.service
exit 5846
fi
sudo systemctl restart tox-bootstrapd.service
else
sudo cp ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.sh /etc/init.d/tox-bootstrapd
sudo chmod 755 /etc/init.d/tox-bootstrapd
sudo update-rc.d tox-bootstrapd defaults
sudo service tox-bootstrapd start
if [ ! -f ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
echo $"File not found ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
exit 7359
fi
sudo cp ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable tox-bootstrapd.service
sudo systemctl start tox-bootstrapd.service
if [ ! "$?" = "0" ]; then
sudo systemctl status tox-bootstrapd.service
exit 5846
fi
sudo systemctl restart tox-bootstrapd.service
TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1)
if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then

5
src/freedombone-mesh-batman
View File

@ -55,6 +55,7 @@ fi
CELLID='any'
CHANNEL=2
HOTSPOT_CHANNEL=6
if [ -f $COMPLETION_FILE ]; then
if grep -q "Wifi channel:" $COMPLETION_FILE; then
CHANNEL=$(cat $COMPLETION_FILE | grep "Wifi channel:" | awk -F ':' '{print $2}')
@ -251,7 +252,7 @@ function start {
ifconfig $IFACE_SECONDARY mtu 1500
ifconfig $IFACE_SECONDARY hw ether $(assign_peer_address)
iwconfig $IFACE_SECONDARY enc open
iwconfig $IFACE_SECONDARY mode managed essid $HOTSPOT_NAME channel ${CHANNEL}
iwconfig $IFACE_SECONDARY mode managed essid $HOTSPOT_NAME channel ${HOTSPOT_CHANNEL}
iwconfig $IFACE_SECONDARY ap $CELLID
brctl addbr $BRIDGE_HOTSPOT
@ -268,7 +269,7 @@ function start {
echo "country_code=UK" >> /etc/hostapd/hostapd.conf
echo "ssid=$HOTSPOT_NAME" >> /etc/hostapd/hostapd.conf
echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
echo "channel=${CHANNEL}" >> /etc/hostapd/hostapd.conf
echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
echo 'wpa=2' >> /etc/hostapd/hostapd.conf
echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf

9
src/freedombone-mesh-install
View File

@ -47,7 +47,6 @@ WIFI_SSID='mesh'
rootdir=''
FN=
CHROOT_PREFIX=''
FRIENDS_MIRRORS_SERVER=
# To avoid confusions these are obtained from the main project file
TOXID_REPO=
@ -233,8 +232,8 @@ function mesh_firewall {
}
function enable_tox_repo {
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > /etc/apt/sources.list.d/tox.list"
wget http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > /etc/apt/sources.list.d/tox.list"
wget http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key
sudo sh -c "apt-key add - < Release.key"
sudo apt-get update
echo "Tox Repository Installed."
@ -273,10 +272,6 @@ do
shift
WIFI_INTERFACE="$1"
;;
-m|--mirror)
shift
FRIENDS_MIRRORS_SERVER="$1"
;;
--remove)
shift
REMOVE="$1"

288
src/freedombone-mirrors
View File

@ -1,288 +0,0 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Mirror git repos which the project depends on
#
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-mirrors
export TEXTDOMAINDIR="/usr/share/locale"
# Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
# used to mirror a single application
SYNC_SINGLE_APP=
# if this is blank then just use the default repos
FRIENDS_MIRRORS_SERVER=
UTILS_REPOS=
INSTALLED_APPS_REPOS=
MY_MIRRORS_PASSWORD=
FRIENDS_MIRRORS_PASSWORD=
NEW_MIRRORS='no'
FRIENDS_MIRRORS_SSH_PORT=2222
MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
if [ ! -f $MAIN_COMMAND ]; then
MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
fi
# local repos for utils
UTILS_REPOS=($(cat ${MAIN_COMMAND} /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* | grep "_REPO=\"" | grep -v "(cat " | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
for f in $UTILS_FILES
do
source $f
done
# obtain the mirrors password if it exists
read_config_param MY_MIRRORS_PASSWORD
read_config_param FRIENDS_MIRRORS_SERVER
read_config_param FRIENDS_MIRRORS_PASSWORD
read_config_param FRIENDS_MIRRORS_SSH_PORT
function show_help {
echo ''
echo $"${PROJECT_NAME}-mirrors --sync [domain/url] -p [password]"
echo ''
echo $'Creates or syncs with a set of git repositories'
echo ''
echo $' --help Show help'
echo $' -n|--new [yes|no] Start a new mirrors'
echo $" -p|--password [password] Friend's mirrors user password"
echo $" -m|--mypassword [password] Local mirrors user password"
echo $" --port [number] Friend's server ssh port number"
echo $" -s|--sync [domain] Friend's server domain to sync with"
echo ''
exit 0
}
function create_mirrors_user {
if [ -d /home/mirrors ]; then
return
fi
create_password=1
if [ ${#MY_MIRRORS_PASSWORD} -ge ${MINIMUM_PASSWORD_LENGTH} ]; then
create_password=
fi
if [ $create_password ]; then
MY_MIRRORS_PASSWORD=$(openssl rand -base64 64 | tr -dc A-Za-z0-9 | head -c 18)
fi
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
useradd -m -p "$MY_MIRRORS_PASSWORD" -s /bin/bash mirrors
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
# remove any existing user files
rm -rf /home/mirrors/*
# store the mirrors password
write_config_param "MY_MIRRORS_PASSWORD" "${MY_MIRRORS_PASSWORD}"
}
function enable_mirrors_via_onion {
if ! grep -q 'Host *.onion' /home/mirrors/.ssh/config; then
if [ ! -d /home/mirrors/.ssh ]; then
mkdir /home/mirrors/.ssh
fi
echo 'Host *.onion' >> /home/mirrors/.ssh/config
echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/mirrors/.ssh/config
chown mirrors:mirrors /home/mirrors/.ssh
chown mirrors:mirrors /home/mirrors/.ssh/config
fi
}
function update_installed_single_repo {
# only deal with a single app
filename=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${SYNC_SINGLE_APP}
if [ ! -f $filename ]; then
echo $"The app $SYNC_SINGLE_APP was not found"
exit 36822
fi
APP_REPOS=($(cat ${MAIN_COMMAND} $filename | grep "_REPO=\"" | grep -v "(cat " | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
for line in "${APP_REPOS[@]}"
do
INSTALLED_APPS_REPOS+=("${line}")
done
}
function update_installed_apps_repos {
INSTALLED_APPS_REPOS=()
function_check app_is_installed
if [ $SYNC_SINGLE_APP ]; then
update_installed_single_repo
return
fi
# all apps currently installed
FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
# for all the app scripts
for filename in $FILES
do
app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
if [[ "$(app_is_installed ${app_name})" == "1" ]]; then
APP_REPOS=($(cat ${MAIN_COMMAND} $filename | grep "_REPO=\"" | grep -v "(cat " | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
for line in "${APP_REPOS[@]}"
do
INSTALLED_APPS_REPOS+=("${line}")
done
fi
done
}
function update_repos_from_friend_base {
syncrepos=${1}
new_repos=()
for line in $syncrepos
do
repo_name=$(echo "$line" | awk -F '=' '{print $1}')
mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
new_line="${repo_name}=\"${friends_repo_url}\""
new_repos+=($new_line)
done
}
function update_repos_from_friend {
if [ ! $FRIENDS_MIRRORS_SERVER ]; then
return
fi
if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
return
fi
update_repos_from_friend_base "${UTILS_REPOS[@]}"
UTILS_REPOS=("${new_repos[@]}")
update_repos_from_friend_base "${INSTALLED_APPS_REPOS[@]}"
INSTALLED_APPS_REPOS=("${new_repos[@]}")
}
function sync_mirrors_base {
syncrepos=${1}
for line in $syncrepos
do
repo_name=$(echo "$line" | awk -F '=' '{print $1}')
repo_url=$(echo "$line" | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
if [[ ${mirrors_name} != 'debian' ]]; then
if [[ $NEW_MIRRORS == 'yes' ]]; then
if [ -d /home/mirrors/${mirrors_name} ]; then
rm -rf /home/mirrors/${mirrors_name}
fi
fi
if [ ! -d /home/mirrors/${mirrors_name} ]; then
if [[ ${repo_url} != 'ssh:'* ]]; then
git clone --mirror ${repo_url} /home/mirrors/${mirrors_name}
else
sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone --mirror ${repo_url} /home/mirrors/${mirrors_name}
fi
if [ ! -d /home/mirrors/${mirrors_name} ]; then
echo $"WARNING: failed to mirror repo ${repo_url}"
fi
else
cd /home/mirrors/${mirrors_name}
git remote set-url origin ${repo_url}
if [[ ${repo_url} != 'ssh:'* ]]; then
git fetch -p origin
else
sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git fetch -p origin
fi
fi
fi
done
chown -R mirrors:mirrors /home/mirrors
}
function sync_mirrors_repos {
if [ ! $SYNC_SINGLE_APP ]; then
sync_mirrors_base "${UTILS_REPOS[@]}"
fi
sync_mirrors_base "${INSTALLED_APPS_REPOS[@]}"
}
while [[ $# > 1 ]]
do
key="$1"
case $key in
--help)
show_help
;;
-s|--sync)
shift
# use repos on another server
FRIENDS_MIRRORS_SERVER="$1"
;;
-m|--mypass|--mypassword)
shift
MY_MIRRORS_PASSWORD="$1"
write_config_param "MY_MIRRORS_PASSWORD" "${MY_MIRRORS_PASSWORD}"
;;
-p|--pass|--password)
shift
FRIENDS_MIRRORS_PASSWORD="$1"
write_config_param "FRIENDS_MIRRORS_PASSWORD" "${FRIENDS_MIRRORS_PASSWORD}"
;;
-n|--new)
shift
NEW_MIRRORS="$1"
;;
--port)
shift
FRIENDS_MIRRORS_SSH_PORT=${1}
;;
-a|--app)
shift
SYNC_SINGLE_APP="${1}"
;;
*)
# unknown option
;;
esac
shift
done
create_mirrors_user
enable_mirrors_via_onion
update_installed_apps_repos
update_repos_from_friend
sync_mirrors_repos
exit 0

16
src/freedombone-pass
View File

@ -22,7 +22,7 @@
# License
# =======
#
# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -57,9 +57,7 @@ MASTER_PASSWORD=''
NO_PASSWORD_STORE_FILE=~/.nostore
function get_backup_key_id {
MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | \
grep 'pub ' | awk -F ' ' '{print $2}' | \
awk -F '/' '{print $2}')
MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
echo $"Error: gpg backup key was not found"
return 58213
@ -121,6 +119,11 @@ function run_tests {
exit 78352
fi
${PROJECT_NAME}-pass -u root -a tests -p "$pass"
if [ ! "$?" = "0" ]; then
echo $'Unable to encrypt password'
exit 72725
fi
echo $'Password encrypted'
returned_pass=$(${PROJECT_NAME}-pass -u root -a tests)
if [[ "$pass" != "$returned_pass" ]]; then
echo "pass :${pass}:"
@ -128,6 +131,7 @@ function run_tests {
echo "returned :${returned_pass}:"
exit 73825
fi
echo $'Password decrypted'
${PROJECT_NAME}-pass -u root --rmapp tests
echo "Tests passed"
}
@ -303,7 +307,7 @@ if [ ${#CURR_PASSWORD} -eq 0 ]; then
echo ""
exit 4
else
pass=$(gpg -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
remove_padding "${pass}"
fi
else
@ -318,7 +322,7 @@ else
mkdir -p ~/.passwords/$CURR_USERNAME
fi
# padding helps to ensure than nothing can be learned from the length of the cyphertext
pad_string "${CURR_PASSWORD}" | gpg -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP
pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP
if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
MASTER_PASSWORD=
exit 5

49
src/freedombone-prepare-scripts Executable file
View File

@ -0,0 +1,49 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Prepares control scripts
#
# License
# =======
#
# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
cat /usr/local/bin/${PROJECT_NAME}-vars /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* > /tmp/includescripts
cat /tmp/includescripts /usr/local/bin/freedombone-controlpanel > /usr/local/bin/control
cat /tmp/includescripts /usr/local/bin/freedombone-controlpanel-user > /usr/local/bin/controluser
cat /tmp/includescripts /usr/local/bin/freedombone-addremove > /usr/local/bin/addremove
sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/control
sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/controluser
sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/addremove
chmod +x /usr/local/bin/control
chmod +x /usr/local/bin/controluser
chmod +x /usr/local/bin/addremove
rm /tmp/includescripts
exit 0

17
src/freedombone-recoverkey
View File

@ -42,20 +42,13 @@ do
source $f
done
read_config_param USB_DRIVE
FRIENDS_SERVERS_LIST=
MY_USERNAME=
if [ $USB_DRIVE ]; then
GPG_USB_DRIVE=$USB_DRIVE
else
GPG_USB_DRIVE='/dev/sdb1'
fi
function show_help {
echo ''
echo $"${PROJECT_NAME}-recoverkey -u [username] -d [drive]"
echo $' -l [friends servers list filename]'
echo $"${PROJECT_NAME}-recoverkey -u [username]"
echo $' -l [friends servers list filename]'
echo ''
exit 0
}
@ -78,10 +71,6 @@ do
shift
FRIENDS_SERVERS_LIST="$1"
;;
-d|--drive)
shift
GPG_USB_DRIVE=/dev/${1}1
;;
*)
# unknown option
;;
@ -174,7 +163,7 @@ fi
echo $'Key fragments recombined'
# import the gpg key
su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
gpg --homedir=/home/$MY_USERNAME/.gnupg --allow-secret-key-import --import $KEYS_FILE
if [ ! "$?" = "0" ]; then
echo $'Unable to import gpg key'
shred -zu $KEYS_FILE

2
src/freedombone-renew-cert
View File

@ -135,7 +135,7 @@ function renew_startssl {
sed -i "s|$HOSTNAME.crt|$HOSTNAME.bundle.crt|g" /etc/nginx/sites-available/$HOSTNAME
echo $'Certificate installed'
service nginx restart
systemctl restart nginx
return
fi

139
src/freedombone-restore-local
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -44,6 +44,25 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
PROJECT_INSTALL_DIR=/usr/bin
fi
# MariaDB password
DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
function please_wait {
local str width height length
width=$(tput cols)
height=$(tput lines)
str="Standby to restore from USB"
length=${#str}
clear
tput cup $((height / 2)) $(((width / 2) - (length / 2)))
echo "$str"
tput cup $((height * 3 / 5)) $(((width / 2)))
echo -n ''
}
please_wait
source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
# include utils which allow function_check, go and drive mount
@ -53,6 +72,8 @@ do
source $f
done
clear
USB_DRIVE=/dev/sdb1
USB_MOUNT=/mnt/usb
@ -65,9 +86,6 @@ if [ -f $COMPLETION_FILE ]; then
ADMIN_USERNAME=$(get_completion_param "Admin user")
fi
# MariaDB password
DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
function check_backup_exists {
if [ ! -d $USB_MOUNT/backup ]; then
echo $"No backup directory found on the USB drive."
@ -90,6 +108,29 @@ function check_admin_user {
function copy_gpg_keys {
echo $"Copying GPG keys from admin user to root"
cp -r /home/$ADMIN_USERNAME/.gnupg /root
gpg_set_permissions root
}
function restore_blocklist {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'blocklist' ]]; then
return
fi
fi
if [ -d $USB_MOUNT/backup/blocklist ]; then
echo $"Restoring blocklist"
temp_restore_dir=/root/tempblocklist
restore_directory_from_usb $temp_restore_dir blocklist
if [ -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg ]; then
cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
fi
rm -rf $temp_restore_dir
firewall_refresh_blocklist
fi
}
function restore_configfiles {
@ -100,9 +141,9 @@ function restore_configfiles {
fi
# this restores *.cfg and COMPLETION_FILE
if [ -d $USB_MOUNT/backup/config ]; then
if [ -d $USB_MOUNT/backup/configfiles ]; then
echo $"Restoring configuration files"
temp_restore_dir=/root/tempconfig
temp_restore_dir=/root/tempconfigfiles
restore_directory_from_usb $temp_restore_dir configfiles
if [ -f $temp_restore_dir/root/.nostore ]; then
@ -115,34 +156,34 @@ function restore_configfiles {
fi
fi
if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
fi
#if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
# cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
#fi
if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
rm -rf $temp_restore_dir
exit 5294
fi
fi
#if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
# cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
# if [ ! "$?" = "0" ]; then
# set_user_permissions
# backup_unmount_drive
# rm -rf $temp_restore_dir
# exit 5294
# fi
#fi
if [ -f $CONFIGURATION_FILE ]; then
# install according to the config file
freedombone -c $CONFIGURATION_FILE
fi
#if [ -f $CONFIGURATION_FILE ]; then
# # install according to the config file
# freedombone -c $CONFIGURATION_FILE
#fi
if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
rm -rf $temp_restore_dir
exit 6382
fi
fi
#if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
# cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
# if [ ! "$?" = "0" ]; then
# set_user_permissions
# backup_unmount_drive
# rm -rf $temp_restore_dir
# exit 6382
# fi
#fi
if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
@ -187,15 +228,20 @@ function restore_mariadb {
if [ -d $USB_MOUNT/backup/mariadb ]; then
echo $"Restoring mysql settings"
keep_database_running
temp_restore_dir=/root/tempmariadb
restore_directory_from_usb $temp_restore_dir mariadb
echo $'Obtaining MariaDB password'
db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
store_original_mariadb_password
echo $'Obtaining original MariaDB password'
db_pass=$(cat /root/.mariadboriginal)
if [ ${#db_pass} -gt 0 ]; then
echo $"Restore the MariaDB user table"
mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
if [ ! "$?" = "0" ]; then
echo $"Try again using the password obtained from backup"
db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
fi
if [ ! "$?" = "0" ]; then
@ -205,10 +251,11 @@ function restore_mariadb {
exit 962
fi
echo $"Restarting database"
service mysql restart
echo $"Change the MariaDB password to the backup version"
DATABASE_PASSWORD="$db_pass"
${PROJECT_NAME}-pass -u root -a mariadb -p "$DATABASE_PASSWORD"
systemctl restart mariadb
echo $"Ensure MariaDB handles authentication"
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
mariadb_fix_authentication
DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
fi
rm -rf $temp_restore_dir
fi
@ -235,6 +282,7 @@ function restore_passwordstore {
fi
fi
if [ -d $USB_MOUNT/backup/passwordstore ]; then
store_original_mariadb_password
echo $"Restoring password store"
restore_directory_from_usb / passwordstore
fi
@ -270,9 +318,13 @@ function restore_mutt_settings {
restore_directory_from_usb $temp_restore_dir mutt/$USERNAME
if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc ]; then
cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
fi
if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc ]; then
cp -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
sed -i '/set sidebar_delim/d' /etc/Muttrc
sed -i '/set sidebar_sort/d' /etc/Muttrc
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
@ -287,11 +339,10 @@ function restore_mutt_settings {
}
function restore_gpg {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'gpg' ]]; then
return
fi
if [[ $RESTORE_APP != 'gpg' ]]; then
return
fi
if [ -d $USB_MOUNT/backup/gnupg ]; then
for d in $USB_MOUNT/backup/gnupg/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
@ -310,6 +361,7 @@ function restore_gpg {
exit 276
fi
rm -rf $temp_restore_dir
gpg_set_permissions $USERNAME
if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
cp -r /home/$USERNAME/.gnupg /root
if [ ! "$?" = "0" ]; then
@ -317,6 +369,7 @@ function restore_gpg {
backup_unmount_drive
exit 283
fi
gpg_set_permissions root
fi
fi
done
@ -585,6 +638,7 @@ function restore_certs {
exit 276
fi
rm -rf /root/tempssl
update-ca-certificates
# restore ownership
if [ -f /etc/ssl/private/xmpp.key ]; then
@ -710,6 +764,7 @@ backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
check_backup_exists
check_admin_user
copy_gpg_keys
restore_blocklist
restore_configfiles
same_admin_user
restore_passwordstore

106
src/freedombone-restore-remote
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -99,6 +99,30 @@ DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
function copy_gpg_keys {
echo $"Copying GPG keys from admin user to root"
cp -r /home/$ADMIN_USERNAME/.gnupg /root
gpg_set_permissions root
}
function restore_blocklist {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'blocklist' ]]; then
return
fi
fi
if [ -d $USB_MOUNT/backup/blocklist ]; then
echo $"Restoring blocklist"
temp_restore_dir=/root/tempblocklist
restore_directory_from_friend $temp_restore_dir blocklist
restore_directory_from_usb $temp_restore_dir blocklist
if [ -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg ]; then
cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
fi
rm -rf $temp_restore_dir
firewall_refresh_blocklist
fi
}
function restore_configfiles {
@ -107,9 +131,9 @@ function restore_configfiles {
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/config ]; then
if [ -d $SERVER_DIRECTORY/backup/configfiles ]; then
echo $"Restoring configuration files"
temp_restore_dir=/root/tempconfig
temp_restore_dir=/root/tempconfigfiles
restore_directory_from_friend $temp_restore_dir configfiles
if [ -f $temp_restore_dir/root/.nostore ]; then
@ -122,32 +146,32 @@ function restore_configfiles {
fi
fi
if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
fi
#if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
# cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
#fi
if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
if [ ! "$?" = "0" ]; then
unmount_drive
rm -rf $temp_restore_dir
exit 5372
fi
fi
#if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
# cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
# if [ ! "$?" = "0" ]; then
# unmount_drive
# rm -rf $temp_restore_dir
# exit 5372
# fi
#fi
if [ -f $CONFIGURATION_FILE ]; then
# install according to the config file
freedombone -c $CONFIGURATION_FILE
fi
#if [ -f $CONFIGURATION_FILE ]; then
# # install according to the config file
# freedombone -c $CONFIGURATION_FILE
#fi
if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
if [ ! "$?" = "0" ]; then
unmount_drive
rm -rf $temp_restore_dir
exit 7252
fi
fi
#if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
# cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
# if [ ! "$?" = "0" ]; then
# unmount_drive
# rm -rf $temp_restore_dir
# exit 7252
# fi
#fi
if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
@ -184,13 +208,16 @@ function restore_mariadb {
temp_restore_dir=/root/tempmariadb
restore_directory_from_friend $temp_restore_dir mariadb
store_original_mariadb_password
echo $'Obtaining MariaDB password'
db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
db_pass=$(cat /root/.mariadboriginal)
if [ ${#db_pass} -gt 0 ]; then
echo $"Restore the MariaDB user table"
mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
if [ ! "$?" = "0" ]; then
echo $"Try again using the password obtained from backup"
db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
fi
if [ ! "$?" = "0" ]; then
@ -198,10 +225,10 @@ function restore_mariadb {
exit 962
fi
echo $"Restarting database"
service mysql restart
echo $"Change the MariaDB password to the backup version"
DATABASE_PASSWORD="$db_pass"
${PROJECT_NAME}-pass -u root -a mariadb -p "$DATABASE_PASSWORD"
systemctl restart mariadb
echo $"Ensure MariaDB handles authentication"
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
mariadb_fix_authentication
fi
rm -rf ${temp_restore_dir}
fi
@ -226,6 +253,7 @@ function restore_passwordstore {
fi
fi
if [ -d $SERVER_DIRECTORY/backup/passwordstore ]; then
store_original_mariadb_password
echo $"Restoring password store"
restore_directory_from_friend / passwordstore
fi
@ -261,9 +289,13 @@ function restore_mutt_settings {
restore_directory_from_friend ${temp_restore_dir} mutt/$USERNAME
if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc ]; then
cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
fi
if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc ]; then
cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
sed -i '/set sidebar_delim/d' /etc/Muttrc
sed -i '/set sidebar_sort/d' /etc/Muttrc
fi
if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir}
@ -276,11 +308,10 @@ function restore_mutt_settings {
}
function restore_gpg {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'gpg' ]]; then
return
fi
if [[ $RESTORE_APP != 'gpg' ]]; then
return
fi
for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
@ -302,6 +333,7 @@ function restore_gpg {
if [ ! "$?" = "0" ]; then
exit 283
fi
gpg_set_permissions root
fi
fi
fi
@ -538,6 +570,7 @@ function restore_certs {
exit 276
fi
rm -rf /root/tempssl
update-ca-certificates
# restore ownership
if [ -f /etc/ssl/private/xmpp.key ]; then
@ -646,6 +679,7 @@ function restore_email {
${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
copy_gpg_keys
restore_blocklist
restore_configfiles
restore_passwordstore
restore_mariadb

2
src/freedombone-rmuser
View File

@ -106,7 +106,7 @@ else
fi
if [ -f /etc/nginx/.htpasswd ]; then
if grep "${REMOVE_USERNAME}:" /etc/nginx/.htpasswd; then
if grep -q "${REMOVE_USERNAME}:" /etc/nginx/.htpasswd; then
htpasswd -D /etc/nginx/.htpasswd $REMOVE_USERNAME
fi
fi

8
src/freedombone-sec
View File

@ -566,7 +566,7 @@ function create_letsencrypt {
if [ ! -d /var/www/${new_domain} ]; then
domain_found=
if [ -f /etc/nginx/sites-available/radicale ]; then
if grep "${new_domain}" /etc/nginx/sites-available/radicale; then
if grep -q "${new_domain}" /etc/nginx/sites-available/radicale; then
domain_found=1
fi
fi
@ -664,7 +664,7 @@ function enable_monkeysphere {
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $'monkeysphere unable to get GPG key ID for user $MY_USERNAME'
echo $"monkeysphere unable to get GPG key ID for user $MY_USERNAME@$HOSTNAME"
exit 52825
fi
@ -856,12 +856,12 @@ function remove_tor_bridge {
if [ ${#response} -gt 2 ]; then
if [[ "${response}" != *" "* ]]; then
if [[ "${response}" == *"."* ]]; then
if grep "Bridge ${response}" /etc/tor/torrc; then
if grep -q "Bridge ${response}" /etc/tor/torrc; then
tor_remove_bridge "${response}"
bridge_removed=1
fi
else
if grep " $response" /etc/tor/torrc; then
if grep -q " $response" /etc/tor/torrc; then
tor_remove_bridge "${response}"
bridge_removed=1
fi

51
src/freedombone-splitkey
View File

@ -39,10 +39,14 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-splitkey
export TEXTDOMAINDIR="/usr/share/locale"
# Dummy password to get around not being able to create a key without passphrase
BACKUP_DUMMY_PASSWORD='backup'
KEY_FRAGMENTS=3
MY_USERNAME=
MY_EMAIL_ADDRESS=
MY_NAME=
PASSWORD_FILE=
function show_help {
echo ''
@ -75,6 +79,10 @@ case $key in
shift
MY_NAME=$1
;;
--passwordfile)
shift
PASSWORD_FILE=$1
;;
*)
# unknown option
;;
@ -95,6 +103,13 @@ if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
exit 5393
fi
if [ $PASSWORD_FILE ]; then
if [ ! -f $PASSWORD_FILE ]; then
echo $'Password file not found'
exit 62952
fi
fi
FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
if [ -d $FRAGMENTS_DIR ]; then
exit 0
@ -104,31 +119,37 @@ fi
if [ ! $MY_EMAIL_ADDRESS ]; then
MY_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
fi
KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - \
$MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS" - $MY_USERNAME | sed -n '2p' | sed 's/^[ \t]*//')
if [ ${#KEYID} -lt 4 ]; then
echo $"gpg key for $MY_EMAIL_ADDRESS was not found"
return 3682
exit 3682
fi
MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" | \
grep 'pub ' | awk -F ' ' '{print $2}' | \
awk -F '/' '{print $2}')
MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
echo $"gpg backup key for '$MY_NAME' was not found"
return 58213
exit 58213
fi
# create the key file
mkdir -p $FRAGMENTS_DIR
chown $MY_USERNAME:$MY_USERNAME $FRAGMENTS_DIR
KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
gpg --output $FRAGMENTS_DIR/pubkey.txt --armor --export $KEYID
if [ ! "$?" = "0" ]; then
echo $"Unable to extract public key for $KEYID"
exit 7835
fi
gpg --output $FRAGMENTS_DIR/privkey.txt \
--armor --export-secret-key $KEYID
if [ ! $PASSWORD_FILE ]; then
gpg --output $FRAGMENTS_DIR/privkey.txt \
--armor --export-secret-key $KEYID
else
echo "$(printf `cat $PASSWORD_FILE`)" | \
gpg --batch --passphrase-fd 0 \
--output $FRAGMENTS_DIR/privkey.txt \
--armor --export-secret-key $KEYID
fi
if [ ! "$?" = "0" ]; then
echo $"Unable to extract private key for $KEYID"
exit 7823
@ -136,16 +157,24 @@ fi
gpg --output $FRAGMENTS_DIR/backup_pubkey.txt \
--armor --export $MY_BACKUP_KEY_ID
if [ ! "$?" = "0" ]; then
shred -zu $FRAGMENTS_DIR/privkey.txt
echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
exit 62928
fi
gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
--armor --export-secret-key $MY_BACKUP_KEY_ID
echo "$BACKUP_DUMMY_PASSWORD" | \
gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
--batch --passphrase-fd 0 \
--armor --export-secret-key $MY_BACKUP_KEY_ID
if [ ! "$?" = "0" ]; then
shred -zu $FRAGMENTS_DIR/privkey.txt
echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
exit 13783
fi
# Ensure there aren't any permissions problems when running cat
chmod +r $FRAGMENTS_DIR/privkey.txt
chmod +r $FRAGMENTS_DIR/backup_privkey.txt
cat $FRAGMENTS_DIR/pubkey.txt \
$FRAGMENTS_DIR/privkey.txt \
$FRAGMENTS_DIR/backup_pubkey.txt \

23
src/freedombone-syncthing
View File

@ -264,6 +264,14 @@ function user_devices_changed {
return
fi
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ ! -f /home/$USERNAME/.syncthing-server-id ]; then
CHANGED=1
return
fi
done
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
@ -294,10 +302,25 @@ function user_devices_changed {
done
}
function syncthing_set_permissions {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -d /home/$USERNAME/Sync ]; then
chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/Sync
fi
if [ -d /home/$USERNAME/SyncShared ]; then
chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/SyncShared
fi
done
}
user_devices_changed
if [ $CHANGED ]; then
create_syncthing_config
syncthing_set_permissions
systemctl restart syncthing
else
syncthing_set_permissions
fi
exit 0

169
src/freedombone-tests
View File

@ -762,6 +762,126 @@ function test_stig {
output "V-38616" $? ${SETLANG}
################
##A FIPS 140-2 approved cryptographic algorithm must be used for SSH communications.
bash $STIG_TESTS_DIR/check-ssh.sh ciphers >/dev/null 2>&1 &
stig_spinner $!
output "SV-86845r2_rule" $? ${SETLANG}
################
##The Standard Notice must be displayed immediately prior to, or as part of, remote access logon prompts.
bash $STIG_TESTS_DIR/check-ssh.sh banner >/dev/null 2>&1 &
stig_spinner $!
output "SV-86849r2_rule" $? ${SETLANG}
################
##All networked systems must use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
bash $STIG_TESTS_DIR/check-ssh.sh sshd_status >/dev/null 2>&1 &
stig_spinner $!
output "SV-86859r2_rule" $? ${SETLANG}
################
##All network connections associated with SSH traffic must terminate at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
bash $STIG_TESTS_DIR/check-ssh.sh ClientAliveInterval >/dev/null 2>&1 &
stig_spinner $!
output "SV-86861r2_rule" $? ${SETLANG}
################
##The SSH daemon must not allow authentication using RSA rhosts authentication.
bash $STIG_TESTS_DIR/check-ssh.sh RhostsRSAAuthentication >/dev/null 2>&1 &
stig_spinner $!
output "SV-86863r2_rule" $? ${SETLANG}
################
##All network connections associated with SSH traffic must terminate after a period of inactivity.
bash $STIG_TESTS_DIR/check-ssh.sh ClientAliveCountMax >/dev/null 2>&1 &
stig_spinner $!
output "SV-86865r2_rule" $? ${SETLANG}
################
##The SSH daemon must not allow authentication using rhosts authentication.
bash $STIG_TESTS_DIR/check-ssh.sh IgnoreRhosts >/dev/null 2>&1 &
stig_spinner $!
output "SV-86867r2_rule" $? ${SETLANG}
################
##The system must display the date and time of the last successful account logon upon an SSH logon.
bash $STIG_TESTS_DIR/check-ssh.sh PrintLastLog >/dev/null 2>&1 &
stig_spinner $!
output "SV-86869r2_rule" $? ${SETLANG}
################
##The system must not permit direct logons to the root account using remote access via SSH.
bash $STIG_TESTS_DIR/check-ssh.sh permitroot >/dev/null 2>&1 &
stig_spinner $!
output "SV-86871r2_rule" $? ${SETLANG}
################
##The SSH daemon must not allow authentication using known hosts authentication.
bash $STIG_TESTS_DIR/check-ssh.sh IgnoreUserKnownHosts >/dev/null 2>&1 &
stig_spinner $!
output "SV-86873r2_rule" $? ${SETLANG}
################
##The SSH daemon must be configured to only use the SSHv2 protocol.
bash $STIG_TESTS_DIR/check-ssh.sh Protocol >/dev/null 2>&1 &
stig_spinner $!
output "SV-86875r2_rule" $? ${SETLANG}
################
##The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
bash $STIG_TESTS_DIR/check-ssh.sh macs >/dev/null 2>&1 &
stig_spinner $!
output "SV-86877r2_rule" $? ${SETLANG}
################
##The SSH public host key files must have mode 0644 or less permissive.
bash $STIG_TESTS_DIR/check-ssh.sh pubkeypermissive >/dev/null 2>&1 &
stig_spinner $!
output "SV-86879r1_rule" $? ${SETLANG}
################
##The SSH private host key files must have mode 0600 or less permissive.
bash $STIG_TESTS_DIR/check-ssh.sh hostkeypermissive >/dev/null 2>&1 &
stig_spinner $!
output "SV-86881r1_rule" $? ${SETLANG}
################
##The SSH daemon must not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.
bash $STIG_TESTS_DIR/check-ssh.sh GSSAPIAuthentication >/dev/null 2>&1 &
stig_spinner $!
output "SV-86883r2_rule" $? ${SETLANG}
################
##The SSH daemon must not permit Kerberos authentication unless needed.
bash $STIG_TESTS_DIR/check-ssh.sh KerberosAuthentication >/dev/null 2>&1 &
stig_spinner $!
output "SV-86885r2_rule" $? ${SETLANG}
################
##The SSH daemon must perform strict mode checking of home directory configuration files.
bash $STIG_TESTS_DIR/check-ssh.sh StrictModes >/dev/null 2>&1 &
stig_spinner $!
output "SV-86887r2_rule" $? ${SETLANG}
################
##The SSH daemon must use privilege separation.
bash $STIG_TESTS_DIR/check-ssh.sh UsePrivilegeSeparation >/dev/null 2>&1 &
stig_spinner $!
output "SV-86889r2_rule" $? ${SETLANG}
################
##The SSH daemon must not allow compression or must only allow compression after successful authentication.
bash $STIG_TESTS_DIR/check-ssh.sh Compression >/dev/null 2>&1 &
stig_spinner $!
output "SV-86891r2_rule" $? ${SETLANG}
################
##Dont allow remote X connections.
bash $STIG_TESTS_DIR/check-ssh.sh X11Forwarding >/dev/null 2>&1 &
stig_spinner $!
output "SV-86927r2_rule" $? ${SETLANG}
################
##RHEL-06-000247
##The system clock must be synchronized continuously, or at least daily.
@ -844,26 +964,6 @@ function test_stig {
output "V-38641" $? ${SETLANG}
################
##RHEL-06-000269
##Remote file systems must be mounted with the nodev option.
if [ "$(mount | grep nfs | wc -l)" -gt 0 ];then
bash $STIG_TESTS_DIR/check-nfs.sh nodev >/dev/null 2>&1 &
stig_spinner $!
output "V-38652" $? ${SETLANG}
fi
################
##RHEL-06-000270
##Remote file systems must be mounted with the nosuid option.
if [ "$(mount | grep nfs | wc -l)" -gt 0 ];then
bash $STIG_TESTS_DIR/check-nfs.sh nosuid >/dev/null 2>&1 &
stig_spinner $!
output "V-38654" $? ${SETLANG}
fi
################
##RHEL-06-000271
##The noexec option must be added to removable media partitions.
if [ "$(grep -Hv ^0$ /sys/block/*/removable | sed s/removable:.*$/device\\/uevent/ | xargs grep -H ^DRIVER=sd | sed s/device.uevent.*$/size/ | xargs grep -Hv ^0$ | cut -d / -f 4 | wc -l)" -gt 0 ];then
@ -946,15 +1046,6 @@ function test_stig {
output "V-38675" $? ${SETLANG}
################
##RHEL-06-000309
##The NFS server must not have the insecure file locking option enabled.
bash $STIG_TESTS_DIR/check-nfs-insecure.sh > /dev/null 2>&1 &
stig_spinner $!
output "V-38677" $? ${SETLANG}
################
##RHEL-06-000319
##The system must limit users to 10 simultaneous system logins, or a site-defined number, in accordance with operational requirements.
@ -1010,16 +1101,6 @@ function test_stig {
output "V-38645" $? ${SETLANG}
################
##RHEL-06-000346
##The system default umask for daemons must be 027 or 022.
##For more detial :http://unix.stackexchange.com/questions/36220/how-to-set-umask-for-a-system-user
sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' /etc/init.d/rc | grep -i "umask.*027\|umask.*022" >/dev/null 2>&1 &
stig_spinner $!
output "V-38646" $? ${SETLANG}
################
##RHEL-06-000347
##There must be no .netrc files on the system.
@ -1056,15 +1137,6 @@ function test_stig {
output "V-38462" $? ${SETLANG}
################
##RHEL-06-000515
##The NFS server must not have the all_squash option enabled.
bash $STIG_TESTS_DIR/check-nfs-all-squash.sh > /dev/null 2>&1 &
stig_spinner $!
output "V-38460" $? ${SETLANG}
################
##RHEL-06-000523
##The systems local IPv6 firewall must implement a deny-all, allow-by-exception policy for inbound packets.
@ -1149,6 +1221,7 @@ fi
test_app_functions
test_unique_onion_ports
remove_management_engine_interface
freedombone-pass --test yes
fix_stig
test_stig

12
src/freedombone-upgrade
View File

@ -37,10 +37,6 @@ CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}"
FRIENDS_MIRRORS_SERVER=
FRIENDS_MIRRORS_SSH_PORT=2222
FRIENDS_MIRRORS_PASSWORD=
MY_MIRRORS_PASSWORD=
CURRENT_BRANCH=master
# clear temporary files
@ -64,16 +60,13 @@ if [ $DEVELOPMENT_BRANCH ]; then
fi
fi
if grep "cat /root/dbpass" /usr/bin/backupdatabases; then
if grep -q "cat /root/dbpass" /usr/bin/backupdatabases; then
# update to using the password manager
sed -i "s|cat /root/dbpass|freedombone-pass -u root -a mariadb|g" /usr/bin/backupdatabases
fi
update-ca-certificates
read_repo_servers
${PROJECT_NAME}-mirrors
if [ ! -d $PROJECT_DIR ]; then
git_clone $PROJECT_REPO $PROJECT_DIR
fi
@ -87,7 +80,7 @@ if [ -d $PROJECT_DIR ]; then
else
git_pull $PROJECT_REPO origin/$DEVELOPMENT_BRANCH
fi
git checkout jessie
git checkout stretch
make install
if [ -d /usr/share/${PROJECT_NAME} ]; then
chown -R root:root /usr/share/${PROJECT_NAME}
@ -101,6 +94,7 @@ if [ -d $PROJECT_DIR ]; then
fi
lockdown_permissions
defrag_filesystem
fi
fi

Some files were not shown because too many files have changed in this diff Show More