diff --git a/doc/EN/app_matrix.org b/doc/EN/app_matrix.org index 420dd487..1b244999 100644 --- a/doc/EN/app_matrix.org +++ b/doc/EN/app_matrix.org @@ -53,3 +53,6 @@ Destination: 10 0 8448 [yourmatrixsubdomain] #+end_src You may also want to make another entry with the same settings but replacing *tcp* with *udp*. + +* Mobile app +If you're using the Riot mobile app to access your Matrix homeserver then you can significantly improve battery performance by going to the settings and changing *Sync request timeout* to 30 seconds and *Delay between two sync requests* to 600 seconds. diff --git a/doc/EN/app_pleroma.org b/doc/EN/app_pleroma.org index e11809f4..8fa04b9a 100644 --- a/doc/EN/app_pleroma.org +++ b/doc/EN/app_pleroma.org @@ -35,3 +35,10 @@ Select *Add/Remove Apps* then *pleroma*. You will then be asked for a domain nam The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name. Once you have done that then you can disable further registrations from the *Administrator control panel* by going to *App Settings* then *pleroma* then *Disable new account registrations*. This may take a while because the app gets recompiled afterwards. + +* Mastodon user interface +If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to */yourpleromadomainname/web* and log in. + +#+BEGIN_CENTER +[[file:images/pleromamastodon.jpg]] +#+END_CENTER diff --git a/doc/EN/meshindex.org b/doc/EN/meshindex.org index 94c59466..b23b05be 100644 --- a/doc/EN/meshindex.org +++ b/doc/EN/meshindex.org @@ -23,7 +23,7 @@ The following apps are available: - +

Secure Scuttlebutt



Tox
diff --git a/doc/EN/mobile.org b/doc/EN/mobile.org index 8ecc6d0b..cee3ecca 100644 --- a/doc/EN/mobile.org +++ b/doc/EN/mobile.org @@ -82,6 +82,8 @@ Even with free software apps it's not difficult to get into a situation where yo If you have Syncthing installed then change the settings so that it only syncs when charging and when on wifi. Avoid any apps which might be continuously polling and preventing the device from going into sleep mode when it's not used. +If you're using the Riot mobile app to access a Matrix homeserver then you can significantly improve battery performance by going to the settings and changing *Sync request timeout* to 30 seconds and *Delay between two sync requests* to 600 seconds. + * Blocking bad domains You can block known bad domains by editing the */system/etc/hosts* file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better. diff --git a/image_build/mesh_apps/trifa.apk b/image_build/mesh_apps/trifa.apk new file mode 100644 index 00000000..602e80bc Binary files /dev/null and b/image_build/mesh_apps/trifa.apk differ diff --git a/img/icon_patchwork.png b/img/icon_patchwork.png index 7b468d64..3c27595e 100644 Binary files a/img/icon_patchwork.png and b/img/icon_patchwork.png differ diff --git a/img/pleromamastodon.jpg b/img/pleromamastodon.jpg new file mode 100644 index 00000000..1943a3d0 Binary files /dev/null and b/img/pleromamastodon.jpg differ diff --git a/img/trifa.png b/img/trifa.png new file mode 100644 index 00000000..fe9da0a3 Binary files /dev/null and b/img/trifa.png differ diff --git a/src/freedombone-addcert b/src/freedombone-addcert index 5f729922..725692f5 100755 --- a/src/freedombone-addcert +++ b/src/freedombone-addcert @@ -218,7 +218,7 @@ function add_cert_letsencrypt { fi if [ ! -f /usr/bin/certbot ]; then - apt-get -yq install certbot + apt-get -yq -t stretch-backports install certbot groupadd ssl-cert if [ ! -f /usr/bin/certbot ]; then echo $'LetsEncrypt certbot failed to install' diff --git a/src/freedombone-app-matrix b/src/freedombone-app-matrix index 98323187..b1eae4fc 100755 --- a/src/freedombone-app-matrix +++ b/src/freedombone-app-matrix @@ -51,7 +51,7 @@ MATRIX_PORT=8009 MATRIX_FEDERATION_ONION_PORT=8111 MATRIX_ONION_PORT=8109 MATRIX_REPO="https://github.com/matrix-org/synapse" -MATRIX_COMMIT='77ea8cbdd7202d75538623c79b3d33119221d02b' +MATRIX_COMMIT='552f123bea1014680ab798b7e34cd1b23424a189' REPORT_STATS="no" MATRIX_SECRET= MATRIX_EXPIRE_MONTHS=1 @@ -409,6 +409,7 @@ function upgrade_matrix { chown -R matrix:matrix $MATRIX_DATA_DIR pip install --upgrade --force "pynacl==0.3.0" + pip install --upgrade --force "phonenumbers>=8.2.0" if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam @@ -755,6 +756,7 @@ function install_matrix { pip install --upgrade pip pip install --upgrade python-ldap pip install --upgrade lxml + pip install --upgrade --force "phonenumbers>=8.2.0" function_check matrix_nginx matrix_nginx diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma index 3e245500..03bdfe52 100755 --- a/src/freedombone-app-pleroma +++ b/src/freedombone-app-pleroma @@ -39,7 +39,7 @@ PLEROMA_CODE= PLEROMA_PORT=4000 PLEROMA_ONION_PORT=8011 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git" -PLEROMA_COMMIT='7252f6b054dfdfac1f9bac77c442c5a1ebd898af' +PLEROMA_COMMIT='5fc6e9d467f69af155627cccaa27616fe7ffc61f' PLEROMA_ADMIN_PASSWORD= PLEROMA_DIR=/etc/pleroma PLEROMA_SECRET_KEY="" @@ -64,6 +64,7 @@ pleroma_variables=(ONION_ONLY function pleroma_recompile { # necessary after parameter changes + chown -R pleroma:pleroma $PLEROMA_DIR sudo -u pleroma mix clean sudo -u pleroma mix deps.compile sudo -u pleroma mix compile @@ -208,7 +209,7 @@ function pleroma_create_database { run_system_query_postgresql "GRANT ALL ON ALL tables IN SCHEMA public TO pleroma;" run_system_query_postgresql "GRANT ALL ON ALL sequences IN SCHEMA public TO pleroma;" run_system_query_postgresql "CREATE EXTENSION citext;" - run_system_query_postgresql "set statement_timeout to 20000;" + run_system_query_postgresql "set statement_timeout to 40000;" read_config_param "PLEROMA_SECRET_KEY" if [ ${#PLEROMA_SECRET_KEY} -lt 64 ]; then @@ -520,6 +521,8 @@ function upgrade_pleroma { function_check set_repo_commit set_repo_commit $PLEROMA_DIR "pleroma commit" "$PLEROMA_COMMIT" $PLEROMA_REPO chown -R pleroma:pleroma $PLEROMA_DIR + + sudo -u pleroma mix deps.get pleroma_recompile } @@ -639,7 +642,7 @@ function remove_pleroma { rm /etc/systemd/system/pleroma.service userdel pleroma - apt-get -yq remove esl-erlang elixir erlang-xmerl erlang-dev erlang-parsetools + #apt-get -yq remove esl-erlang elixir erlang-xmerl erlang-dev erlang-parsetools function_check remove_nodejs remove_nodejs pleroma-backend @@ -865,6 +868,19 @@ function install_pleroma { set_completion_param "pleroma domain" "$PLEROMA_DOMAIN_NAME" + # We need to set up the url option again because it somehow gets + # lost during mix compile + pleroma_secret=$PLEROMA_DIR/config/dev.secret.exs + if ! grep -q 'watchers: [],' $pleroma_secret; then + sed -i 's|watchers: []|watchers: [],|g' $pleroma_secret + fi + if ! grep -q 'url:' $pleroma_secret; then + if [[ $ONION_ONLY == 'no' ]]; then + sed -i "/watchers: []/a url: [host: \"$PLEROMA_DOMAIN_NAME\", scheme: \"https\", port: 443]" $pleroma_secret + else + sed -i "/watchers: []/a url: [host: \"$PLEROMA_ONION_HOSTNAME\", scheme: \"http\", port: 80]" $pleroma_secret + fi + fi # daemon echo '[Unit]' > /etc/systemd/system/pleroma.service diff --git a/src/freedombone-app-riot b/src/freedombone-app-riot index 0c7139d1..c3e014d1 100755 --- a/src/freedombone-app-riot +++ b/src/freedombone-app-riot @@ -33,9 +33,9 @@ VARIANTS='full full-vim chat' IN_DEFAULT_INSTALL=0 SHOW_ON_ABOUT=1 -RIOT_VERSION='0.12.2' +RIOT_VERSION='0.13.0' RIOT_FILENAME="riot-v${RIOT_VERSION}" -RIOT_HASH='d0de730cb3e688040ba5c23680a676dabc94386830582842a4728767ed6dcd7f' +RIOT_HASH='b65535c4c3bfe6407b491f55df238847884ab83a9d5cbdd1f8b4d6e31cbb5870' RIOT_DOWNLOAD_URL="https://github.com/vector-im/riot-web/releases/download/v${RIOT_VERSION}" RIOT_ONION_PORT=8115 RIOT_ONION_HOSTNAME= diff --git a/src/freedombone-app-smilodon b/src/freedombone-app-smilodon new file mode 100755 index 00000000..b0f9bc5e --- /dev/null +++ b/src/freedombone-app-smilodon @@ -0,0 +1,376 @@ +#!/bin/bash +# +# .---. . . +# | | | +# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. +# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' +# ' ' --' --' -' - -' ' ' -' -' -' ' - --' +# +# Freedom in the Cloud +# +# Smilodon ActivityPub app +# +# License +# ======= +# +# Copyright (C) 2017 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +VARIANTS='full full-vim social' + +IN_DEFAULT_INSTALL=0 +SHOW_ON_ABOUT=1 +SHOW_ICANN_ADDRESS_ON_ABOUT=0 + +SMILODON_REPO="https://github.com/bashrc/smilodon" +SMILODON_COMMIT='e17dad10f9d4c00516b9c93a587e4298b3639af3' +SMILODON_ADMIN_PASSWORD= +SMILODON_ONION_PORT=8054 +SMILODON_PATH=/etc/smilodon +SMILODON_SECRET_KEY= + +smilodon_variables=(SMILODON_REPO + SMILODON_ADMIN_PASSWORD + USB_MOUNT + SMILODON_SECRET_KEY + MY_EMAIL_ADDRESS + MY_USERNAME) + +function logging_on_smilodon { + echo -n '' +} + +function logging_off_smilodon { + echo -n '' +} + +function remove_user_smilodon { + remove_username="$1" +} + +function add_user_smilodon { + new_username="$1" + new_user_password="$2" + echo '0' +} + +function install_interactive_smilodon { + echo -n '' + APP_INSTALLED=1 +} + +function change_password_smilodon { + curr_username="$1" + new_user_password="$2" + + #${PROJECT_NAME}-pass -u "$curr_username" -a smilodon -p "$new_user_password" +} + +function smilodon_create_database { + if [ ! $SMILODON_ADMIN_PASSWORD ]; then + return + fi + + function_check create_database_mongodb + create_database_mongodb smilodon "$SMILODON_ADMIN_PASSWORD" smilodon +} + +function reconfigure_smilodon { + echo -n '' +} + +function upgrade_smilodon { + CURR_SMILODON_COMMIT=$(get_completion_param "smilodon commit") + if [[ "$CURR_SMILODON_COMMIT" == "$SMILODON_COMMIT" ]]; then + return + fi + + if [[ $(app_is_installed smilodon) == "1" ]]; then + systemctl stop smilodon + function_check set_repo_commit + set_repo_commit $SMILODON_PATH "smilodon commit" "$SMILODON_COMMIT" $SMILODON_REPO + chown -R smilodon:smilodon $SMILODON_PATH + systemctl start smilodon + fi + +} + +function backup_local_smilodon { + if [ -d $SMILODON_PATH ]; then + systemctl stop smilodon + + USE_MONGODB=1 + function_check backup_database_to_usb + backup_database_to_usb smilodon + + backup_directory_to_usb $SMILODON_PATH smilodon + + systemctl start smilodon + fi +} + +function restore_local_smilodon { + temp_restore_dir=/root/tempsmilodon + + systemctl stop smilodon + + function_check smilodon_create_database + smilodon_create_database + + USE_MONGODB=1 + restore_database smilodon + + if [ -d ${SMILODON_PATH} ]; then + if [ -d $temp_restore_dir${SMILODON_PATH} ]; then + if [ -d $temp_restore_dir${SMILODON_PATH} ]; then + rm -rf ${SMILODON_PATH} + mv $temp_restore_dir$SMILODON_PATH ${SMILODON_PATH}/ + else + cp -r $temp_restore_dir/* ${SMILODON_PATH}/ + fi + if [ ! "$?" = "0" ]; then + function_check backup_unmount_drive + backup_unmount_drive + systemctl start smilodon + exit 528823 + fi + chown -R smilodon:smilodon ${SMILODON_PATH} + fi + fi + + if [ -d $USB_MOUNT/backup/smilodon ]; then + chown -R smilodon:smilodon ${SMILODON_PATH} + if [ -d $temp_restore_dir ]; then + rm -rf $temp_restore_dir + fi + fi + + systemctl start smilodon +} + +function backup_remote_smilodon { + if [ -d $SMILODON_PATH ]; then + function_check suspend_site + suspend_site smilodon + + systemctl stop smilodon + + USE_MONGODB=1 + function_check backup_database_to_friend + backup_database_to_friend smilodon + + function_check backup_directory_to_friend + backup_directory_to_friend $SMILODON_PATH smilodon + + systemctl start smilodon + + function_check restart_site + restart_site + else + echo $"Smilodon domain specified but not found in $SMILODON_PATH" + fi +} + +function restore_remote_smilodon { + temp_restore_dir=/root/tempsmilodon + if grep -q "smilodon domain" $COMPLETION_FILE; then + echo $"Restoring smilodon" + systemctl stop smilodon + + function_check restore_database_from_friend + + function_check smilodon_create_database + smilodon_create_database + + USE_MONGODB=1 + restore_database_from_friend smilodon + + if [ -d $SMILODON_PATH ]; then + if [ -d $temp_restore_dir$SMILODON_PATH ]; then + rm -rf $SMILODON_PATH + mv $temp_restore_dir$SMILODON_PATH ${SMILODON_PATH}/ + else + cp -r $temp_restore_dir/* ${SMILODON_PATH}/ + fi + if [ ! "$?" = "0" ]; then + systemctl start smilodon + exit 6391643 + fi + fi + + if [ -d $SERVER_DIRECTORY/backup/smilodon ]; then + chown -R smilodon:smilodon ${SMILODON_PATH} + fi + if [ -d /root/tempsmilodon ]; then + rm -rf /root/tempsmilodon + fi + + systemctl start smilodon + + echo $"Restore of smilodon complete" + fi +} + +function remove_smilodon { + nginx_dissite smilodon + + systemctl stop smilodon + systemctl disable smilodon + rm /etc/systemd/system/smilodon.service + + function_check remove_onion_service + remove_onion_service smilodon ${SMILODON_ONION_PORT} + if [ -f /etc/nginx/sites-available/smilodon ]; then + rm /etc/nginx/sites-available/smilodon + fi + + groupdel -f smilodon + userdel -r smilodon + + if [ -d $SMILODON_PATH ]; then + rm -rf $SMILODON_PATH + fi + + function_check remove_mongodb_user + remove_mongodb_user smilodon + + function_check drop_database_mongodb + drop_database_mongodb smilodon + + function_check remove_mongodb + remove_mongodb smilodon + + remove_completion_param install_smilodon + sed -i '/smilodon/d' $COMPLETION_FILE +} + +function install_smilodon { + apt-get -yq install python3-pip + + if [ -d $SMILODON_PATH ]; then + rm -rf $SMILODON_PATH + fi + + if [ -d /repos/smilodon ]; then + mkdir $SMILODON_PATH + cp -r -p /repos/smilodon/. $SMILODON_PATH + cd $SMILODON_PATH + git pull + else + function_check git_clone + git_clone $SMILODON_REPO $SMILODON_PATH + fi + + if [ ! -d $SMILODON_PATH ]; then + echo $'Could not clone smilodon repo' + exit 6784783 + fi + cd $SMILODON_PATH + git checkout $SMILODON_COMMIT -b $SMILODON_COMMIT + set_completion_param "smilodon commit" "$SMILODON_COMMIT" + + groupadd smilodon + useradd -c "Smilodon system account" -d $SMILODON_PATH -m -r -g smilodon smilodon + + SMILODON_ONION_HOSTNAME=$(add_onion_service smilodon 80 ${SMILODON_ONION_PORT}) + + if [ ! $SMILODON_SECRET_KEY ]; then + SMILODON_SECRET_KEY="$(create_password 30)$(create_password 30)$(create_password 30)$(create_password 30)" + fi + + if [ -f $IMAGE_PASSWORD_FILE ]; then + SMILODON_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + if [ ! $SMILODON_ADMIN_PASSWORD ]; then + SMILODON_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + fi + + export smilodon_domain_name=$SMILODON_ONION_HOSTNAME + export secret_key="$SMILODON_SECRET_KEY" + export mongodb_username='smilodon' + export mongodb_password="$SMILODON_ADMIN_PASSWORD" + export smilodon_admin_address=$MY_EMAIL_ADDRESS + export MAIL_SERVER='localhost' + export MAIL_PORT=25 + + function_check install_mongodb + install_mongodb smilodon + + smilodon_create_database + + pip3 install -r requirements.txt + if [ ! "$?" = "0" ]; then + echo $'Unable to install smilodon dependencies' + exit 87352835 + fi + + echo 'server {' > /etc/nginx/sites-available/smilodon + echo " listen 127.0.0.1:${SMILODON_ONION_PORT} default_server;" >> /etc/nginx/sites-available/smilodon + echo " server_name $SMILODON_ONION_HOSTNAME;" >> /etc/nginx/sites-available/smilodon + echo '' >> /etc/nginx/sites-available/smilodon + echo ' access_log /dev/null;' >> /etc/nginx/sites-available/smilodon + echo ' error_log /dev/null;' >> /etc/nginx/sites-available/smilodon + echo '' >> /etc/nginx/sites-available/smilodon + echo ' location / {' >> /etc/nginx/sites-available/smilodon + echo ' proxy_pass http://localhost:5000;' >> /etc/nginx/sites-available/smilodon + echo ' }' >> /etc/nginx/sites-available/smilodon + echo '}' >> /etc/nginx/sites-available/smilodon + + nginx_ensite smilodon + systemctl enable mongodb + systemctl restart mongodb + + chown -R smilodon:smilodon ${SMILODON_PATH} + + echo '#!/bin/bash' > ${SMILODON_PATH}/run_smilodon.sh + echo "cd ${SMILODON_PATH}" >> ${SMILODON_PATH}/run_smilodon.sh + echo "export smilodon_domain_name=$SMILODON_ONION_HOSTNAME" >> ${SMILODON_PATH}/run_smilodon.sh + echo "export secret_key='$SMILODON_SECRET_KEY'" >> ${SMILODON_PATH}/run_smilodon.sh + echo "export mongodb_username='smilodon'" >> ${SMILODON_PATH}/run_smilodon.sh + echo "export mongodb_password='$SMILODON_ADMIN_PASSWORD'" >> ${SMILODON_PATH}/run_smilodon.sh + echo "export smilodon_admin_address=$MY_EMAIL_ADDRESS" >> ${SMILODON_PATH}/run_smilodon.sh + echo "export MAIL_SERVER='localhost'" >> ${SMILODON_PATH}/run_smilodon.sh + echo "export MAIL_PORT=25" >> ${SMILODON_PATH}/run_smilodon.sh + echo "python3 run.py" >> ${SMILODON_PATH}/run_smilodon.sh + chmod +x ${SMILODON_PATH}/run_smilodon.sh + chown smilodon:smilodon ${SMILODON_PATH}/run_smilodon.sh + + echo '[Unit]' > /etc/systemd/system/smilodon.service + echo 'Description=Smilodon ActivityPub messenger' >> /etc/systemd/system/smilodon.service + echo 'After=network.target mongodb.service' >> /etc/systemd/system/smilodon.service + echo 'After=tor.service' >> /etc/systemd/system/smilodon.service + echo '' >> /etc/systemd/system/smilodon.service + echo '[Service]' >> /etc/systemd/system/smilodon.service + echo 'User=smilodon' >> /etc/systemd/system/smilodon.service + echo 'Group=smilodon' >> /etc/systemd/system/smilodon.service + echo "WorkingDirectory=${SMILODON_PATH}/" >> /etc/systemd/system/smilodon.service + echo "ExecStart=${SMILODON_PATH}/run_smilodon.sh" >> /etc/systemd/system/smilodon.service + echo 'Restart=on-failure' >> /etc/systemd/system/smilodon.service + echo 'RestartSec=10' >> /etc/systemd/system/smilodon.service + echo '' >> /etc/systemd/system/smilodon.service + echo '[Install]' >> /etc/systemd/system/smilodon.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/smilodon.service + systemctl enable smilodon + systemctl daemon-reload + systemctl start smilodon + systemctl restart nginx + + ${PROJECT_NAME}-pass -u $MY_USERNAME -a smilodon -p "$SMILODON_ADMIN_PASSWORD" + + APP_INSTALLED=1 +} + +# NOTE: deliberately no exit 0 diff --git a/src/freedombone-backup-local b/src/freedombone-backup-local index 59e12d85..b324a444 100755 --- a/src/freedombone-backup-local +++ b/src/freedombone-backup-local @@ -31,6 +31,7 @@ PROJECT_NAME='freedombone' COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg +MONGODB_APPS_FILE=$HOME/.mongodbapps BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv ENABLE_BACKUP_VERIFICATION="no" @@ -296,6 +297,9 @@ function backup_configfiles { if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir fi + if [ -f $MONGODB_APPS_FILE ]; then + cp -f $MONGODB_APPS_FILE $temp_backup_dir + fi # nginx password hashes if [ -f /etc/nginx/.htpasswd ]; then cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd diff --git a/src/freedombone-backup-remote b/src/freedombone-backup-remote index 6b582549..bb76192c 100755 --- a/src/freedombone-backup-remote +++ b/src/freedombone-backup-remote @@ -31,6 +31,7 @@ PROJECT_NAME='freedombone' COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg +MONGODB_APPS_FILE=$HOME/.mongodbapps BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv ENABLE_VERIFICATION="no" @@ -142,6 +143,9 @@ function backup_configfiles { if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir fi + if [ -f $MONGODB_APPS_FILE ]; then + cp -f $MONGODB_APPS_FILE $temp_backup_dir + fi # nginx password hashes if [ -f /etc/nginx/.htpasswd ]; then cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise index 61e97fc2..96ac6574 100755 --- a/src/freedombone-image-customise +++ b/src/freedombone-image-customise @@ -685,6 +685,9 @@ initialise_mesh() { # install tor as a possible way of routing traffic between internet gateways chroot "$rootdir" apt-get -yq install tor + # dhcp daemon for hotspot on secondary wifi adapter + chroot "$rootdir" apt-get -yq install dnsmasq + configure_firewall install_avahi install_batman @@ -1256,7 +1259,7 @@ EOF chroot "$rootdir" /bin/chown -R ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/help # Tox user interface - enable_tox_repo + #enable_tox_repo mesh_tox_qtox # copy the default qtox ini file if [ ! -d ${rootdir}/home/${MY_USERNAME}/.config/tox ]; then diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman index cb570d3f..f385fe26 100755 --- a/src/freedombone-mesh-batman +++ b/src/freedombone-mesh-batman @@ -101,7 +101,7 @@ function get_ipv4_wlan { } function mesh_hotspot_ip_address { - echo $(ip -o -f inet addr show dev "$BRIDGE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}') + echo $(ip -o -f inet addr show dev "${BRIDGE}" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}') } function global_rate_limit { @@ -122,6 +122,10 @@ function stop { echo 'error: unable to find wifi interface, not enabling batman-adv mesh' return fi + + systemctl stop dnsmasq + systemctl disable dnsmasq + if [ "$EIFACE" ]; then brctl delif $BRIDGE bat0 ifconfig $BRIDGE down || true @@ -280,6 +284,9 @@ function mesh_create_app_downloads_page { if [ ! -f /var/www/html/ssb.apk ]; then cp /root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk /var/www/html/ssb.apk fi + if [ ! -f /var/www/html/trifa.apk ]; then + cp /root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk /var/www/html/trifa.apk + fi if [ ! -d /var/www/html/images ]; then mkdir /var/www/html/images fi @@ -289,6 +296,9 @@ function mesh_create_app_downloads_page { if [ ! -f /var/www/html/images/ssb.png ]; then cp /root/$PROJECT_NAME/img/icon_patchwork.png /var/www/html/images/ssb.png fi + if [ ! -f /var/www/html/images/trifa.png ]; then + cp /root/$PROJECT_NAME/img/trifa.png /var/www/html/images/trifa.png + fi if [ ! -f /var/www/html/freedombone.css ]; then cp /root/$PROJECT_NAME/website/freedombone.css /var/www/html/freedombone.css fi @@ -296,6 +306,8 @@ function mesh_create_app_downloads_page { } function start { + update_wifi_adaptors + if [ -z "$IFACE" ] ; then echo 'error: unable to find wifi interface, not enabling batman-adv mesh' exit 723657 @@ -305,6 +317,9 @@ function start { systemctl stop network-manager sleep 5 + systemctl stop dnsmasq + systemctl disable dnsmasq + # remove an avahi service which isn't used if [ -f /etc/avahi/services/udisks.service ]; then sudo rm /etc/avahi/services/udisks.service @@ -340,6 +355,7 @@ function start { brctl addbr $BRIDGE brctl addif $BRIDGE bat0 ifconfig bat0 0.0.0.0 + ethernet_connected='0' if [ "$EIFACE" ] ; then ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier) if [[ "$ethernet_connected" != "0" ]]; then @@ -358,25 +374,43 @@ function start { if [ $secondary_wifi_available ]; then sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd - echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf - echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf - echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf - echo "country_code=UK" >> /etc/hostapd/hostapd.conf - echo "ssid=${WIFI_SSID}-$(mesh_hotspot_ip_address)" >> /etc/hostapd/hostapd.conf - echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf - echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf - echo 'wpa=2' >> /etc/hostapd/hostapd.conf - echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf - echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf - echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf - echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf - echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf - echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf + mesh_hotspot_address=$(mesh_hotspot_ip_address) + if [[ "$mesh_hotspot_address" == *'.'* ]]; then + echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf + echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf + echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf + echo "country_code=UK" >> /etc/hostapd/hostapd.conf + echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}" >> /etc/hostapd/hostapd.conf + echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf + echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf + echo 'wpa=2' >> /etc/hostapd/hostapd.conf + echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf + echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf + echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf + echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf + echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf + echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf + + sed -i "s|#interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf + sed -i "s|interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf + sed -i "s|listen-address=.*|listen-address=127.0.0.1,$mesh_hotspot_address|g" /etc/dnsmasq.conf + sed -i 's|#listen-address|listen-address|g' /etc/dnsmasq.conf + systemctl enable dnsmasq + systemctl restart dnsmasq + + systemctl enable hostapd + systemctl restart hostapd + mesh_create_app_downloads_page + else + secondary_wifi_available= + echo $'WARNING: No IP address could be obtained for the hotspot' + fi + fi + + if [ ! $secondary_wifi_available ]; then + systemctl stop hostapd + systemctl disable hostapd - systemctl enable hostapd - systemctl restart hostapd - mesh_create_app_downloads_page - else # Recreate the cryptpad symlink if [ -f /etc/nginx/sites-available/cryptpad ]; then if [ -L /etc/nginx/sites-enabled/cryptpad ]; then @@ -420,21 +454,22 @@ function start { iptables -A INPUT -p tcp --dport 8008 -j ACCEPT iptables -A INPUT -p udp --dport 8010 -j ACCEPT iptables -A INPUT -p tcp --dport 8010 -j ACCEPT - # vpn over the internet - iptables -A INPUT -p tcp --dport 653 -j ACCEPT - iptables -A INPUT -p udp --dport 653 -j ACCEPT - iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT - iptables -A INPUT -i tun+ -j ACCEPT - iptables -A FORWARD -i tun+ -j ACCEPT - iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE - iptables -A OUTPUT -o tun+ -j ACCEPT - - echo 1 > /proc/sys/net/ipv4/ip_forward - sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf - sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf - sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf + if [[ "$ethernet_connected" != "0" ]]; then + # vpn over the internet + iptables -A INPUT -p tcp --dport 653 -j ACCEPT + iptables -A INPUT -p udp --dport 653 -j ACCEPT + iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT + iptables -A INPUT -i tun+ -j ACCEPT + iptables -A FORWARD -i tun+ -j ACCEPT + iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE + iptables -A OUTPUT -o tun+ -j ACCEPT + echo 1 > /proc/sys/net/ipv4/ip_forward + sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf + sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf + sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf + fi systemctl restart avahi-daemon diff --git a/src/freedombone-restore-local b/src/freedombone-restore-local index 75c40db8..bceae807 100755 --- a/src/freedombone-restore-local +++ b/src/freedombone-restore-local @@ -30,6 +30,7 @@ PROJECT_NAME='freedombone' COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt +MONGODB_APPS_FILE=$HOME/.mongodbapps CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv @@ -184,6 +185,16 @@ function restore_configfiles { # fi #fi + if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then + cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE + if [ ! "$?" = "0" ]; then + set_user_permissions + backup_unmount_drive + rm -rf $temp_restore_dir + exit 859034853 + fi + fi + #if [ -f $CONFIGURATION_FILE ]; then # # install according to the config file # freedombone -c $CONFIGURATION_FILE diff --git a/src/freedombone-restore-remote b/src/freedombone-restore-remote index 6cc18f3b..e6a448dc 100755 --- a/src/freedombone-restore-remote +++ b/src/freedombone-restore-remote @@ -31,6 +31,7 @@ PROJECT_NAME='freedombone' COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg +MONGODB_APPS_FILE=$HOME/.mongodbapps BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv export TEXTDOMAIN=${PROJECT_NAME}-restore-remote @@ -172,6 +173,15 @@ function restore_configfiles { # fi #fi + if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then + cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE + if [ ! "$?" = "0" ]; then + unmount_drive + rm -rf $temp_restore_dir + exit 7835335 + fi + fi + #if [ -f $CONFIGURATION_FILE ]; then # # install according to the config file # freedombone -c $CONFIGURATION_FILE diff --git a/src/freedombone-upgrade b/src/freedombone-upgrade index 83ec626b..128378f1 100755 --- a/src/freedombone-upgrade +++ b/src/freedombone-upgrade @@ -93,6 +93,7 @@ if [ -d $PROJECT_DIR ]; then exit 453536 fi + apt-get -yq -t stretch-backports install certbot email_install_tls defrag_filesystem fi diff --git a/src/freedombone-utils-backup b/src/freedombone-utils-backup index a66a6480..3dc51a0d 100755 --- a/src/freedombone-utils-backup +++ b/src/freedombone-utils-backup @@ -236,15 +236,29 @@ function backup_database_local_usb { mkdir -p ${local_database_dir} fi echo $"Obtaining ${1} database backup" - if [ ! $USE_POSTGRESQL ]; then - keep_database_running - mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql - else + database_file_extension='sql' + if [ $USE_MONGODB ]; then + database_file_extension='mdb' USE_POSTGRESQL= - sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.sql fi - if [ -f ${local_database_dir}/${1}.sql ]; then - if [ ! -s ${local_database_dir}/${1}.sql ]; then + if [ ! $USE_POSTGRESQL ]; then + if [ ! $USE_MONGODB ]; then + USE_MONGODB= + USE_POSTGRESQL= + keep_database_running + mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.${database_file_extension} + else + USE_MONGODB= + USE_POSTGRESQL= + mongodump --db ${1} --archive=${local_database_dir}/${1}.${database_file_extension} --gzip + fi + else + USE_MONGODB= + USE_POSTGRESQL= + sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.${database_file_extension} + fi + if [ -f ${local_database_dir}/${1}.${database_file_extension} ]; then + if [ ! -s ${local_database_dir}/${1}.${database_file_extension} ]; then echo $"${1} database could not be saved" shred -zu ${local_database_dir}/* rm -rf ${local_database_dir} @@ -552,16 +566,30 @@ function backup_database_remote { fi echo "Obtaining ${1} database backup" - if [ ! $USE_POSTGRESQL ]; then - keep_database_running - mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql - else + database_file_extension='sql' + if [ $USE_MONGODB ]; then + database_file_extension='mdb' USE_POSTGRESQL= - sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.sql + fi + if [ ! $USE_POSTGRESQL ]; then + if [ ! $USE_MONGODB ]; then + USE_MONGODB= + USE_POSTGRESQL= + keep_database_running + mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.${database_file_extension} + else + USE_MONGODB= + USE_POSTGRESQL= + mongodump --db ${1} --archive=${local_database_dir}/${1}.${database_file_extension} --gzip + fi + else + USE_MONGODB= + USE_POSTGRESQL= + sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.${database_file_extension} fi - if [ -f ${local_database_dir}/${1}.sql ]; then - if [ ! -s ${local_database_dir}/${1}.sql ]; then + if [ -f ${local_database_dir}/${1}.${database_file_extension} ]; then + if [ ! -s ${local_database_dir}/${1}.${database_file_extension} ]; then echo $"${1} database could not be saved" shred -zu ${local_database_dir}/* rm -rf ${local_database_dir} @@ -569,7 +597,7 @@ function backup_database_remote { echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS function_check restart_site restart_site - exit 5738 + exit 57386728 fi else echo $"${1} database could not be dumped" @@ -578,7 +606,7 @@ function backup_database_remote { echo $"Unable to dump ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS function_check restart_site restart_site - exit 3687 + exit 36874289 fi } @@ -642,33 +670,47 @@ function restore_database_from_friend { RESTORE_SUBDIR="root" if [ -d $SERVER_DIRECTORY/backup/${1} ]; then + database_file_extension='sql' + if [ $USE_MONGODB ]; then + database_file_extension='mdb' + USE_POSTGRESQL= + fi echo $"Restoring ${1} database" local_database_dir=/root/temp${1}data restore_directory_from_friend ${local_database_dir} ${1}data - database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.sql + database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension} if [ ! -f $database_file ]; then - database_file=${local_database_dir}/${restore_app_name}.sql + database_file=${local_database_dir}/${restore_app_name}.${database_file_extension} fi if [ ! -f $database_file ]; then echo $"Unable to restore ${1} database" rm -rf ${local_database_dir} - exit 503 + exit 5289252 fi if [ ! $USE_POSTGRESQL ]; then - keep_database_running - mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${1} -o < ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql) + if [ ! $USE_MONGODB ]; then + USE_MONGODB= + USE_POSTGRESQL= + keep_database_running + mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < ${database_file}) + else + USE_MONGODB= + USE_POSTGRESQL= + mongorestore --gzip --archive=${database_file} --db ${restore_app_name} + fi else + USE_MONGODB= USE_POSTGRESQL= - mysqlsuccess=$(sudo -u postgres pg_restore ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql) + mysqlsuccess=$(sudo -u postgres pg_restore ${database_file}) fi if [ ! "$?" = "0" ]; then echo "$mysqlsuccess" - exit 964 + exit 8735271 fi if [ -d ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data ]; then shred -zu ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/* else - shred -zu ${local_database_dir}/*.sql + shred -zu ${local_database_dir}/*.${database_file_extension} fi rm -rf ${local_database_dir} echo $"Restoring ${1} installation" @@ -695,7 +737,7 @@ function restore_database_from_friend { cp -r $restore_from_dir/* /var/www/${2}/htdocs/ fi if [ ! "$?" = "0" ]; then - exit 683 + exit 78352682 fi if [ -d /etc/letsencrypt/live/${2} ]; then ln -s /etc/letsencrypt/live/${2}/privkey.pem /etc/ssl/private/${2}.key @@ -725,9 +767,14 @@ function restore_database { fi function_check restore_directory_from_usb restore_directory_from_usb "${local_database_dir}" "${restore_app_name}data" - database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.sql + database_file_extension='sql' + if [ $USE_MONGODB ]; then + database_file_extension='mdb' + USE_POSTGRESQL= + fi + database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension} if [ ! -f $database_file ]; then - database_file=${local_database_dir}/${restore_app_name}.sql + database_file=${local_database_dir}/${restore_app_name}.${database_file_extension} fi if [ ! -f $database_file ]; then echo $"Unable to restore ${restore_app_name} database" @@ -736,12 +783,21 @@ function restore_database { set_user_permissions function_check backup_unmount_drive backup_unmount_drive - exit 503 + exit 7825235 fi if [ ! $USE_POSTGRESQL ]; then - keep_database_running - mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file) + if [ ! $USE_MONGODB ]; then + USE_MONGODB= + USE_POSTGRESQL= + keep_database_running + mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file) + else + USE_MONGODB= + USE_POSTGRESQL= + mongorestore --gzip --archive=$database_file --db ${restore_app_name} + fi else + USE_MONGODB= USE_POSTGRESQL= mysqlsuccess=$(sudo -u postgres pg_restore $database_file) fi @@ -751,12 +807,12 @@ function restore_database { set_user_permissions function_check set_user_permissions backup_unmount_drive - exit 964 + exit 482638995 fi if [ -d ${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data ]; then shred -zu ${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/* else - shred -zu ${local_database_dir}/*.sql + shred -zu ${local_database_dir}/*.${database_file_extension} fi rm -rf ${local_database_dir} @@ -789,7 +845,7 @@ function restore_database { if [ ! "$?" = "0" ]; then set_user_permissions backup_unmount_drive - exit 683 + exit 78252429 fi if [ -d /etc/letsencrypt/live/${restore_app_domain} ]; then ln -s /etc/letsencrypt/live/${restore_app_domain}/privkey.pem /etc/ssl/private/${restore_app_domain}.key diff --git a/src/freedombone-utils-mongodb b/src/freedombone-utils-mongodb new file mode 100755 index 00000000..10c394ba --- /dev/null +++ b/src/freedombone-utils-mongodb @@ -0,0 +1,176 @@ +#!/bin/bash +# +# .---. . . +# | | | +# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. +# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' +# ' ' --' --' -' - -' ' ' -' -' -' ' - --' +# +# Freedom in the Cloud +# +# mongodb database functions +# +# License +# ======= +# +# Copyright (C) 2017 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +# Set this when calling backup and restore commands +USE_MONGODB= +MONGODB_APPS_FILE=$HOME/.mongodbapps + +function store_original_mongodb_password { + if [ ! -f /root/.mongodboriginal ]; then + echo $'Storing original mongodb password' + ORIGINAL_MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb) + # We can store this in plaintext because it will soon be of historical interest only + echo -n "$ORIGINAL_MONGODB_PASSWORD" > /root/.mongodboriginal + fi +} + +function get_mongodb_password { + MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb) + if [[ "$MONGODB_PASSWORD" == *'failed'* ]]; then + echo $'Could not obtain mongodb password' + exit 7835272 + fi +} + +function install_mongodb { + app_name=$1 + + if [[ "$(uname -a)" == *"armv7"* ]]; then + echo $'mongodb package is not available for arm 7 architecture' + exit 7356272 + fi + + if [[ $(is_completed $FUNCNAME) == "1" ]]; then + return + fi + + function_check get_mongodb_password + get_mongodb_password + if [ ! $MONGODB_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + MONGODB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + MONGODB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})" + fi + fi + ${PROJECT_NAME}-pass -u root -a mongodb -p "$MONGODB_PASSWORD" + + apt-get -yq install mongodb mongo-tools + apt-get -yq remove --purge apache2-bin* + if [ -d /etc/apache2 ]; then + rm -rf /etc/apache2 + echo $'Removed Apache installation after mongodb install' + fi + + if [ ! -d /var/lib/mongodb ]; then + echo $"ERROR: mongodb does not appear to have installed. $CHECK_MESSAGE" + exit 78352 + fi + + if [ $app_name ]; then + if ! grep -q "$app_name" $MONGODB_APPS_FILE; then + echo "$app_name" >> $MONGODB_APPS_FILE + fi + fi + + mark_completed $FUNCNAME +} + +function remove_mongodb { + app_name=$1 + + if [ ! $app_name ]; then + return + fi + + removemongo= + if [ -f $MONGODB_APPS_FILE ]; then + sed -i "/$app_name/d" $MONGODB_APPS_FILE + if [ ! -s $MONGODB_APPS_FILE ]; then + removemongo=1 + fi + else + removemongo=1 + fi + + if [ $removemongo ]; then + systemctl stop mongodb + systemctl disable mongodb + apt-get -yq remove --purge mongodb mongo-tools + apt-get -yq autoremove + if [ -d /var/lib/mongodb ]; then + rm -rf /var/lib/mongodb + fi + if [ -f /etc/systemd/system/mongodb.service ]; then + rm /etc/systemd/system/mongodb.service + systemctl daemon-reload + fi + if [ -f /etc/init.d/mongodb ]; then + rm /etc/init.d/mongodb + fi + sed -i '/install_mongodb/d' $COMPLETION_FILE + fi +} + +function add_mongodb_user { + mongodb_username=$1 + mongodb_password=$2 + + mongo admin --eval "db.createUser({user: '$mongodb_username', pwd: '$mongodb_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })" +} + +function remove_mongodb_user { + mongodb_username=$1 + mongo admin --eval "db.removeUser($mongodb_username)" +} + +function drop_database_mongodb { + database_name="$1" + if [[ "$database_name" == 'admin' ]]; then + return + fi + mongo $database_name --eval "db.runCommand( { dropDatabase: 1 } )" + if [ $app_name ]; then + if grep -q "$app_name" $MONGODB_APPS_FILE; then + sed -i "/$app_name/d" $MONGODB_APPS_FILE + fi + fi +} + +function initialise_database_mongodb { + database_name=$1 + database_file=$2 + mongorestore $database_file + if [ ! "$?" = "0" ]; then + exit 8358365 + fi +} + +function create_database_mongodb { + app_name="$1" + app_admin_password="$2" + app_admin_username=$3 + mongo admin --eval "db.createUser({user: '$app_admin_username', pwd: '$app_admin_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })" + if [ $app_name ]; then + if ! grep -q "$app_name" $MONGODB_APPS_FILE; then + echo "$app_name" >> $MONGODB_APPS_FILE + fi + fi +} diff --git a/website/EN/app_matrix.html b/website/EN/app_matrix.html index b41c9256..04e20896 100644 --- a/website/EN/app_matrix.html +++ b/website/EN/app_matrix.html @@ -3,10 +3,10 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + - + -
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+
ssh myusername@mydomain -p 2222
+

@@ -286,9 +286,9 @@ Select Add/Remove Apps then matrix. You will then be asked for a d

-
-

Initial setup

-
+
+

Initial setup

+

Go to the Administrator control panel and select Passwords then matrix. This will give you the password to initially log in to the system and you can change it later from a client app if needed.

@@ -303,19 +303,19 @@ Other client apps are available but are currently mostly only at the alpha stage
-
-

DNS setup

-
+
+

DNS setup

+

It's recommended that you add an SRV record for Matrix to your DNS setup. How you do this will depend upon your dynamic DNS provider and their web interface. On FreeDNS on the subdomains settings in addition to the subdomain which you are using for the matrix server create an extra entry as follows:

-
Type: SRV
+
Type: SRV
 Subdomain: _matrix._tcp
 Domain: [youdomain]
 Destination: 10 0 8448 [yourmatrixsubdomain]
-

+

@@ -323,6 +323,15 @@ You may also want to make another entry with the same settings but replacing

+ +
+

Mobile app

+
+

+If you're using the Riot mobile app to access your Matrix homeserver then you can significantly improve battery performance by going to the settings and changing Sync request timeout to 30 seconds and Delay between two sync requests to 600 seconds. +

+
+
diff --git a/website/EN/app_pleroma.html b/website/EN/app_pleroma.html index 4e4011a7..aff4d09d 100644 --- a/website/EN/app_pleroma.html +++ b/website/EN/app_pleroma.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -264,9 +264,9 @@ Pleroma is an OStatus-compatible social networking server, compatible with GNU S
-
-

Installation

-
+
+

Installation

+

Log into your system with:

@@ -286,9 +286,9 @@ Select Add/Remove Apps then pleroma. You will then be asked for a
-
-

Initial setup

-
+
+

Initial setup

+

The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.

@@ -298,6 +298,23 @@ Once you have done that then you can disable further registrations from the A

+ +
+

Mastodon user interface

+
+

+If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to /yourpleromadomainname/web and log in. +

+ +
+ +
+

pleromamastodon.jpg +

+
+
+
+
diff --git a/website/EN/meshindex.html b/website/EN/meshindex.html index bf2d1d38..50d47df0 100644 --- a/website/EN/meshindex.html +++ b/website/EN/meshindex.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -256,7 +256,7 @@ The following apps are available: - +

Secure Scuttlebutt



Tox
diff --git a/website/EN/mobile.html b/website/EN/mobile.html index a558996b..4fd6367b 100644 --- a/website/EN/mobile.html +++ b/website/EN/mobile.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -277,9 +277,9 @@ Mobile phones are insecure devices, but they're regarded as being so essential t -
-

Open

-
+
+

Open

+

Use a Linux based phone operating system. Typically this will mean Android, but could also mean LineageOS or Replicant. LineageOS is the most preferable, because you can usually get an up to date image with a recent kernel which will give you better security against exploits. If you're buying a phone then look for a model which is supported by LineageOS. Replicant is the most free (as in freedom) but only runs on a small number of phone models. If you have a phone which runs a full GNU/Linux system then that's fantastic, and you can probably use it in much the same way as a desktop system and the rest of the advice on this page won't apply. If you don't have a phone capable of running a Linux based operating system then consider selling, giving away or bartering your existing one.

@@ -290,45 +290,45 @@ Why is it so important to run Linux on a phone? Aren't iThings supposed t
-
-

Remove

-
+
+

Remove

+

So maybe you're running Android and the phone came with some apps already installed. Almost certainly they'll be proprietary. Go to Settings/Apps and then uninstall or deactivate any apps which you really don't need. Mostly preinstalled apps are intended to send your data to companies who will then sell it to advertisers or governments under the business model of surveillance capital. It's not a good idea to get caught up in that, and to avoid becoming addicted to apps which are surveilling you without consent or installing spyware in the background without your knowledge.

-
-

Encrypt

-
+
+

Encrypt

+

Encrypt your phone. This can usually be done via Settings/Security and you may need to fully charge the phone first. Encryption means that if you lose your phone or it gets stolen then there is less chance that anyone who picks it up will get access to your data, photos and so on.

-
-

Apps

-
+
+

Apps

+

Installing F-droid and only adding any new apps via F-droid will ensure that you are always using free and open source software. Open source is not a panacea, since bugs can and do still occur, but it will help you to avoid the worst security and privacy pitfalls.

-
-

Lock

-
+
+

Lock

+

Add a lock screen, preferably with a password which is not easy for other people to guess or for quicker access with a PIN number. Install an app called Locker, activate it and set the maximum number of password guesses to ten (or whatever you feel comfortable with). If bad people get hold of your phone then they may try to brute force your lock screen password or PIN (i.e. automatically trying millions of common word and number combinations) and the locker app will prevent them from succeeding by resetting the phone back to its factory default condition and wiping the data.

-
-

Onion

-
+
+

Onion

+

Both governments and corporations want to compile matadata dossiers about you. Who you communicated with, when and how often. They want this so that they can data mine, simulate, predict and then ultimately influence (sometimes also called "nudge") your actions and preferences in the directions they prefer. By routing your connections through a number of proxy servers (Tor routers) you can make it perhaps not theoretically impossible but at least very hard for them to have a complete and accurate list of who your friends are, your religion, politics, likely health issues, sexual orientation and what news sites or books you read.

@@ -339,26 +339,26 @@ In F-droid under the repositories menu you can enable the guardian pro
-
-

Email

-
+
+

Email

+

The easiest way to access email is by installing the Mailpile app. This keeps your GPG keys off of possibly insecure mobile devices but still enables encrypted email communications in an easy way. You can use K9 mail if you prefer, but that will require installing OpenKeychain and having your GPG keys on the device, which is a lot more risky.

-
-

Services

-
+
+

Services

+

For information on configuring various apps to work with Freedombone see the usage section. Also see advice on chat apps in the FAQ.

-
-

Battery preservation

-
+
+

Battery preservation

+

Even with free software apps it's not difficult to get into a situation where your battery doesn't last for long. To maximize battery life access RSS feeds via the onion-based mobile reader within a Tor-compatible browser and not from a locally installed RSS app.

@@ -366,12 +366,16 @@ Even with free software apps it's not difficult to get into a situation where yo

If you have Syncthing installed then change the settings so that it only syncs when charging and when on wifi. Avoid any apps which might be continuously polling and preventing the device from going into sleep mode when it's not used.

+ +

+If you're using the Riot mobile app to access a Matrix homeserver then you can significantly improve battery performance by going to the settings and changing Sync request timeout to 30 seconds and Delay between two sync requests to 600 seconds. +

-
-

Blocking bad domains

-
+
+

Blocking bad domains

+

You can block known bad domains by editing the /system/etc/hosts file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better.