diff --git a/src/freedombone b/src/freedombone
index 820332d6..36f6cc54 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -402,52 +402,52 @@ VOIP_CONFIG_FILE="mumble-server.ini"
# other possible services to obtain the external IP address
EXTERNAL_IP_SERVICES=( \
- 'https://check.torproject.org/' \
- 'https://www.whatsmydns.net/whats-my-ip-address.html' \
- 'https://www.privateinternetaccess.com/pages/whats-my-ip/' \
- 'http://checkip.two-dns.de' \
- 'http://ip.dnsexit.com' \
- 'http://ifconfig.me/ip' \
- 'http://ipecho.net/plain' \
- 'http://checkip.dyndns.org/plain' \
- 'http://ipogre.com/linux.php' \
- 'http://whatismyipaddress.com/' \
- 'http://ip.my-proxy.com/' \
- 'http://websiteipaddress.com/WhatIsMyIp' \
- 'http://getmyipaddress.org/' \
- 'http://www.my-ip-address.net/' \
- 'http://myexternalip.com/raw' \
- 'http://www.canyouseeme.org/' \
- 'http://www.trackip.net/' \
- 'http://icanhazip.com/' \
- 'http://www.iplocation.net/' \
- 'http://www.howtofindmyipaddress.com/' \
- 'http://www.ipchicken.com/' \
- 'http://whatsmyip.net/' \
- 'http://www.ip-adress.com/' \
- 'http://checkmyip.com/' \
- 'http://www.tracemyip.org/' \
- 'http://checkmyip.net/' \
- 'http://www.lawrencegoetz.com/programs/ipinfo/' \
- 'http://www.findmyip.co/' \
- 'http://ip-lookup.net/' \
- 'http://www.dslreports.com/whois' \
- 'http://www.mon-ip.com/en/my-ip/' \
- 'http://www.myip.ru' \
- 'http://ipgoat.com/' \
- 'http://www.myipnumber.com/my-ip-address.asp' \
- 'http://www.whatsmyipaddress.net/' \
- 'http://formyip.com/' \
- 'http://www.displaymyip.com/' \
- 'http://www.bobborst.com/tools/whatsmyip/' \
- 'http://www.geoiptool.com/' \
- 'http://checkip.dyndns.com/' \
- 'http://myexternalip.com/' \
- 'http://www.ip-adress.eu/' \
- 'http://www.infosniper.net/' \
- 'http://wtfismyip.com/' \
- 'http://ipinfo.io/' \
- 'http://httpbin.org/ip')
+ 'https://check.torproject.org/' \
+ 'https://www.whatsmydns.net/whats-my-ip-address.html' \
+ 'https://www.privateinternetaccess.com/pages/whats-my-ip/' \
+ 'http://checkip.two-dns.de' \
+ 'http://ip.dnsexit.com' \
+ 'http://ifconfig.me/ip' \
+ 'http://ipecho.net/plain' \
+ 'http://checkip.dyndns.org/plain' \
+ 'http://ipogre.com/linux.php' \
+ 'http://whatismyipaddress.com/' \
+ 'http://ip.my-proxy.com/' \
+ 'http://websiteipaddress.com/WhatIsMyIp' \
+ 'http://getmyipaddress.org/' \
+ 'http://www.my-ip-address.net/' \
+ 'http://myexternalip.com/raw' \
+ 'http://www.canyouseeme.org/' \
+ 'http://www.trackip.net/' \
+ 'http://icanhazip.com/' \
+ 'http://www.iplocation.net/' \
+ 'http://www.howtofindmyipaddress.com/' \
+ 'http://www.ipchicken.com/' \
+ 'http://whatsmyip.net/' \
+ 'http://www.ip-adress.com/' \
+ 'http://checkmyip.com/' \
+ 'http://www.tracemyip.org/' \
+ 'http://checkmyip.net/' \
+ 'http://www.lawrencegoetz.com/programs/ipinfo/' \
+ 'http://www.findmyip.co/' \
+ 'http://ip-lookup.net/' \
+ 'http://www.dslreports.com/whois' \
+ 'http://www.mon-ip.com/en/my-ip/' \
+ 'http://www.myip.ru' \
+ 'http://ipgoat.com/' \
+ 'http://www.myipnumber.com/my-ip-address.asp' \
+ 'http://www.whatsmyipaddress.net/' \
+ 'http://formyip.com/' \
+ 'http://www.displaymyip.com/' \
+ 'http://www.bobborst.com/tools/whatsmyip/' \
+ 'http://www.geoiptool.com/' \
+ 'http://checkip.dyndns.com/' \
+ 'http://myexternalip.com/' \
+ 'http://www.ip-adress.eu/' \
+ 'http://www.infosniper.net/' \
+ 'http://wtfismyip.com/' \
+ 'http://ipinfo.io/' \
+ 'http://httpbin.org/ip')
WIFI_CHANNEL=2
WIFI_INTERFACE=wlan0
@@ -545,10243 +545,10250 @@ RSS_READER_GNUSOCIAL_COMMIT='8b92b8f5db7b0d12459c7bd86a50f48815efe642'
REFRESH_GPG_KEYS_HOURS=2
function show_help {
- echo ''
- echo $"${PROJECT_NAME} -c [configuration file]"
- echo ''
- echo $' -h --help Show help'
- echo $' menuconfig Easy interactive installation'
- echo $' menuconfig-full Full interactive installation'
- echo $' menuconfig-onion Interactive installation for onion-only sites'
- echo $' -c --config Installing from a configuration file'
- echo $' --bbb Installing on Beaglebone Black'
- echo $' -u --user User to install the system as'
- echo $' -d --domain Default domain name'
- echo $' -s --system System type'
- echo $' --ip Static LAN IP address of the system'
- echo $' --iprouter LAN IP address of the internet router'
- echo $' --ddns Dynamic DNS provider domain'
- echo $' --ddnsuser Dynamic DNS provider username'
- echo $' --ddnspass Dynamic DNS provider password'
- echo ''
- echo $' --microblogdomain Microblog domain name'
- echo $' --wikidomain Wiki domain name'
- echo $' --blogdomain Blog domain name'
- echo $' --hubzilladomain Hubzilla domain name'
- echo $' --gitdomain Git hosting domain name'
- echo $' -t --time Domain used as a TLS time source'
- echo $' --ssh ssh port number'
- echo $' --list Public mailing list name'
- echo $' --cores Number of CPU cores'
- echo $' --name Your name'
- echo $' --email Your email address'
- echo $' --usb Path for the USB drive (eg. /dev/sdb1)'
- echo $' --cjdns Enable CJDNS'
- echo $' --vpass VoIP server password'
- echo $' --vport VoIP server port'
- echo $' --ns1 First DNS nameserver'
- echo $' --ns2 Second DNS nameserver'
- echo $' --repo Debian repository'
- echo ''
- echo $'system types'
- echo '------------'
- echo $'This can either be blank if you wish to install the full system,'
- echo $"or for more specialised variants you can specify '$VARIANT_MAILBOX', '$VARIANT_CLOUD',"
- echo $"'$VARIANT_CHAT', '$VARIANT_SOCIAL', '$VARIANT_MEDIA', '$VARIANT_WRITER', '$VARIANT_DEVELOPER'"
- echo $"or '$VARIANT_MESH'."
- echo ''
- echo $"If you wish to install everything except email then use the '$VARIANT_NONMAILBOX' variaint."
- echo ''
- exit 0
+ echo ''
+ echo $"${PROJECT_NAME} -c [configuration file]"
+ echo ''
+ echo $' -h --help Show help'
+ echo $' menuconfig Easy interactive installation'
+ echo $' menuconfig-full Full interactive installation'
+ echo $' menuconfig-onion Interactive installation for onion-only sites'
+ echo $' -c --config Installing from a configuration file'
+ echo $' --bbb Installing on Beaglebone Black'
+ echo $' -u --user User to install the system as'
+ echo $' -d --domain Default domain name'
+ echo $' -s --system System type'
+ echo $' --ip Static LAN IP address of the system'
+ echo $' --iprouter LAN IP address of the internet router'
+ echo $' --ddns Dynamic DNS provider domain'
+ echo $' --ddnsuser Dynamic DNS provider username'
+ echo $' --ddnspass Dynamic DNS provider password'
+ echo ''
+ echo $' --microblogdomain Microblog domain name'
+ echo $' --wikidomain Wiki domain name'
+ echo $' --blogdomain Blog domain name'
+ echo $' --hubzilladomain Hubzilla domain name'
+ echo $' --gitdomain Git hosting domain name'
+ echo $' -t --time Domain used as a TLS time source'
+ echo $' --ssh ssh port number'
+ echo $' --list Public mailing list name'
+ echo $' --cores Number of CPU cores'
+ echo $' --name Your name'
+ echo $' --email Your email address'
+ echo $' --usb Path for the USB drive (eg. /dev/sdb1)'
+ echo $' --cjdns Enable CJDNS'
+ echo $' --vpass VoIP server password'
+ echo $' --vport VoIP server port'
+ echo $' --ns1 First DNS nameserver'
+ echo $' --ns2 Second DNS nameserver'
+ echo $' --repo Debian repository'
+ echo ''
+ echo $'system types'
+ echo '------------'
+ echo $'This can either be blank if you wish to install the full system,'
+ echo $"or for more specialised variants you can specify '$VARIANT_MAILBOX', '$VARIANT_CLOUD',"
+ echo $"'$VARIANT_CHAT', '$VARIANT_SOCIAL', '$VARIANT_MEDIA', '$VARIANT_WRITER', '$VARIANT_DEVELOPER'"
+ echo $"or '$VARIANT_MESH'."
+ echo ''
+ echo $"If you wish to install everything except email then use the '$VARIANT_NONMAILBOX' variaint."
+ echo ''
+ exit 0
}
function git_clone {
- repo_url="$1"
- destination_dir="$2"
- if [[ "$repo_url" == "ssh:"* ]]; then
- if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
- if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
- if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
- if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
- echo "sshpass -p \"$FRIENDS_MIRRORS_PASSWORD\" git clone $repo_url $destination_dir"
- sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir"
- return
- fi
- fi
- fi
- fi
- fi
- echo "git clone $repo_url $destination_dir"
- git clone "$repo_url" "$destination_dir"
+ repo_url="$1"
+ destination_dir="$2"
+ if [[ "$repo_url" == "ssh:"* ]]; then
+ if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
+ if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
+ if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
+ if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
+ echo "sshpass -p \"$FRIENDS_MIRRORS_PASSWORD\" git clone $repo_url $destination_dir"
+ sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir"
+ return
+ fi
+ fi
+ fi
+ fi
+ fi
+ echo "git clone $repo_url $destination_dir"
+ git clone "$repo_url" "$destination_dir"
}
function git_pull {
- if [ ! $1 ]; then
- echo $'git_pull no repo specified'
- fi
+ if [ ! $1 ]; then
+ echo $'git_pull no repo specified'
+ fi
- git stash
- git remote set-url origin $1
- git checkout master
- if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
- if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
- if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
- if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
- sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git pull
- if [ $2 ]; then
- git checkout $2 -b $2
- fi
- return
- fi
- fi
- fi
- fi
- git pull
+ git stash
+ git remote set-url origin $1
+ git checkout master
+ if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
+ if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
+ if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
+ if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
+ sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git pull
+ if [ $2 ]; then
+ git checkout $2 -b $2
+ fi
+ return
+ fi
+ fi
+ fi
+ fi
+ git pull
- if [ $2 ]; then
- git checkout $2 -b $2
- fi
+ if [ $2 ]; then
+ # delete any existing branch
+ git branch -D $2
+ # check out the new branch
+ git checkout $2 -b $2
+ if [ ! "$?" = "0" ]; then
+ echo $"Unable to checkout $1 $2"
+ exit 72357
+ fi
+ fi
}
function remove_database {
- app_name="$1"
- if [ ! -d $INSTALL_DIR ]; then
- mkdir $INSTALL_DIR
- fi
- echo "drop database ${app_name};
- quit" > $INSTALL_DIR/batch.sql
- chmod 600 $INSTALL_DIR/batch.sql
- mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
- shred -zu $INSTALL_DIR/batch.sql
+ app_name="$1"
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir $INSTALL_DIR
+ fi
+ echo "drop database ${app_name};
+ quit" > $INSTALL_DIR/batch.sql
+ chmod 600 $INSTALL_DIR/batch.sql
+ mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
+ shred -zu $INSTALL_DIR/batch.sql
}
function create_database {
- app_name="$1"
- app_admin_password="$2"
- app_admin_username=$3
- if [ ! -d $INSTALL_DIR ]; then
- mkdir $INSTALL_DIR
- fi
- if [ ! $app_admin_username ]; then
- app_admin_username=${app_name}admin
- fi
- echo "create database ${app_name};
- CREATE USER '$app_admin_username@localhost' IDENTIFIED BY '${app_admin_password}';
- GRANT ALL PRIVILEGES ON ${app_name}.* TO '$app_admin_username@localhost';
- quit" > $INSTALL_DIR/batch.sql
- chmod 600 $INSTALL_DIR/batch.sql
- mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
- shred -zu $INSTALL_DIR/batch.sql
+ app_name="$1"
+ app_admin_password="$2"
+ app_admin_username=$3
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir $INSTALL_DIR
+ fi
+ if [ ! $app_admin_username ]; then
+ app_admin_username=${app_name}admin
+ fi
+ echo "create database ${app_name};
+ CREATE USER '$app_admin_username@localhost' IDENTIFIED BY '${app_admin_password}';
+ GRANT ALL PRIVILEGES ON ${app_name}.* TO '$app_admin_username@localhost';
+ quit" > $INSTALL_DIR/batch.sql
+ chmod 600 $INSTALL_DIR/batch.sql
+ mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
+ shred -zu $INSTALL_DIR/batch.sql
}
function locale_setup {
- if grep -Fxq "locale_setup" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "locale_setup" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install locales locales-all debconf
+ apt-get -y install locales locales-all debconf
- if [ ! "$DEFAULT_LANGUAGE" ]; then
- DEFAULT_LANGUAGE='en_GB.UTF-8'
- fi
- if [ ${#DEFAULT_LANGUAGE} -lt 2 ]; then
- DEFAULT_LANGUAGE='en_GB.UTF-8'
- fi
+ if [ ! "$DEFAULT_LANGUAGE" ]; then
+ DEFAULT_LANGUAGE='en_GB.UTF-8'
+ fi
+ if [ ${#DEFAULT_LANGUAGE} -lt 2 ]; then
+ DEFAULT_LANGUAGE='en_GB.UTF-8'
+ fi
- update-locale LANG=${DEFAULT_LANGUAGE}
- update-locale LANGUAGE=${DEFAULT_LANGUAGE}
- update-locale LC_MESSAGES=${DEFAULT_LANGUAGE}
- update-locale LC_ALL=${DEFAULT_LANGUAGE}
- update-locale LC_CTYPE=${DEFAULT_LANGUAGE}
+ update-locale LANG=${DEFAULT_LANGUAGE}
+ update-locale LANGUAGE=${DEFAULT_LANGUAGE}
+ update-locale LC_MESSAGES=${DEFAULT_LANGUAGE}
+ update-locale LC_ALL=${DEFAULT_LANGUAGE}
+ update-locale LC_CTYPE=${DEFAULT_LANGUAGE}
- echo 'locale_setup' >> $COMPLETION_FILE
+ echo 'locale_setup' >> $COMPLETION_FILE
}
function interactive_configuration_remote_backups {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! -f /usr/local/bin/${PROJECT_NAME}-remote ]; then
- if [ ! -f /usr/bin/${PROJECT_NAME}-remote ]; then
- echo $"The command ${PROJECT_NAME}-remote was not found"
- exit 87354
- fi
- fi
- ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes
- if [ ! "$?" = "0" ]; then
- echo $'Command failed:'
- echo ''
- echo $" ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes"
- echo ''
- exit 65892
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! -f /usr/local/bin/${PROJECT_NAME}-remote ]; then
+ if [ ! -f /usr/bin/${PROJECT_NAME}-remote ]; then
+ echo $"The command ${PROJECT_NAME}-remote was not found"
+ exit 87354
+ fi
+ fi
+ ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes
+ if [ ! "$?" = "0" ]; then
+ echo $'Command failed:'
+ echo ''
+ echo $" ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes"
+ echo ''
+ exit 65892
+ fi
}
# test a domain name to see if it's valid
function validate_domain_name {
- # count the number of dots in the domain name
- dots=${TEST_DOMAIN_NAME//[^.]}
- no_of_dots=${#dots}
- if (( $no_of_dots > 3 )); then
- TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has too many subdomains. It should be of the type w.x.y.z, x.y.z or y.z"
- fi
- if (( $no_of_dots == 0 )); then
- TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has no top level domain. It should be of the type w.x.y.z, x.y.z or y.z"
- fi
+ # count the number of dots in the domain name
+ dots=${TEST_DOMAIN_NAME//[^.]}
+ no_of_dots=${#dots}
+ if (( $no_of_dots > 3 )); then
+ TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has too many subdomains. It should be of the type w.x.y.z, x.y.z or y.z"
+ fi
+ if (( $no_of_dots == 0 )); then
+ TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has no top level domain. It should be of the type w.x.y.z, x.y.z or y.z"
+ fi
}
function interactive_configuration {
- if [ ! -f /usr/local/bin/${PROJECT_NAME}-config ]; then
- if [ ! -f /usr/bin/${PROJECT_NAME}-config ]; then
- echo $"The command ${PROJECT_NAME}-config was not found"
- exit 63935
- fi
- fi
- if [ -f /tmp/meshuserdevice ]; then
- rm -f /tmp/meshuserdevice
- fi
+ if [ ! -f /usr/local/bin/${PROJECT_NAME}-config ]; then
+ if [ ! -f /usr/bin/${PROJECT_NAME}-config ]; then
+ echo $"The command ${PROJECT_NAME}-config was not found"
+ exit 63935
+ fi
+ fi
+ if [ -f /tmp/meshuserdevice ]; then
+ rm -f /tmp/meshuserdevice
+ fi
- if [[ $ONION_ONLY == "no" ]]; then
- if [[ $MINIMAL_INSTALL == "no" ]]; then
- ${PROJECT_NAME}-config \
- -f $CONFIGURATION_FILE \
- -w $PROJECT_WEBSITE \
- -m $MINIMUM_PASSWORD_LENGTH
- else
- ${PROJECT_NAME}-config \
- -f $CONFIGURATION_FILE \
- -w $PROJECT_WEBSITE \
- -m $MINIMUM_PASSWORD_LENGTH \
- --minimal "yes"
- fi
- else
- ${PROJECT_NAME}-config \
- -f $CONFIGURATION_FILE \
- -w $PROJECT_WEBSITE \
- -m $MINIMUM_PASSWORD_LENGTH \
- --onion "yes"
- fi
- if [ -f /tmp/meshuserdevice ]; then
- # mesh network user device installation
- rm -f /tmp/meshuserdevice
- exit 0
- fi
- if [ ! "$?" = "0" ]; then
- echo $'Command failed:'
- echo ''
- echo $" ${PROJECT_NAME}-config -u $MY_USERNAME -f $CONFIGURATION_FILE -w $PROJECT_WEBSITE -b $PROJECT_BITMESSAGE -m $MINIMUM_PASSWORD_LENGTH --minimal [yes|no]"
- echo ''
- exit 73594
- fi
+ if [[ $ONION_ONLY == "no" ]]; then
+ if [[ $MINIMAL_INSTALL == "no" ]]; then
+ ${PROJECT_NAME}-config \
+ -f $CONFIGURATION_FILE \
+ -w $PROJECT_WEBSITE \
+ -m $MINIMUM_PASSWORD_LENGTH
+ else
+ ${PROJECT_NAME}-config \
+ -f $CONFIGURATION_FILE \
+ -w $PROJECT_WEBSITE \
+ -m $MINIMUM_PASSWORD_LENGTH \
+ --minimal "yes"
+ fi
+ else
+ ${PROJECT_NAME}-config \
+ -f $CONFIGURATION_FILE \
+ -w $PROJECT_WEBSITE \
+ -m $MINIMUM_PASSWORD_LENGTH \
+ --onion "yes"
+ fi
+ if [ -f /tmp/meshuserdevice ]; then
+ # mesh network user device installation
+ rm -f /tmp/meshuserdevice
+ exit 0
+ fi
+ if [ ! "$?" = "0" ]; then
+ echo $'Command failed:'
+ echo ''
+ echo $" ${PROJECT_NAME}-config -u $MY_USERNAME -f $CONFIGURATION_FILE -w $PROJECT_WEBSITE -b $PROJECT_BITMESSAGE -m $MINIMUM_PASSWORD_LENGTH --minimal [yes|no]"
+ echo ''
+ exit 73594
+ fi
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
- dialog --title $"Encrypted backup to other servers" \
- --backtitle $"${PROJECT_NAME} Configuration" \
- --defaultno \
- --yesno $"\nDo you wish to configure some remote backup locations?" 7 60
- sel=$?
- case $sel in
- 0) interactive_configuration_remote_backups;;
- esac
- fi
+ dialog --title $"Encrypted backup to other servers" \
+ --backtitle $"${PROJECT_NAME} Configuration" \
+ --defaultno \
+ --yesno $"\nDo you wish to configure some remote backup locations?" 7 60
+ sel=$?
+ case $sel in
+ 0) interactive_configuration_remote_backups;;
+ esac
+ fi
}
command_options=$1
if [[ $command_options == "menuconfig-full" ]]; then
- MINIMAL_INSTALL="no"
- command_options="menuconfig"
+ MINIMAL_INSTALL="no"
+ command_options="menuconfig"
fi
if [[ $command_options == "menuconfig-onion" ]]; then
- MINIMAL_INSTALL="yes"
- ONION_ONLY="yes"
- command_options="menuconfig"
+ MINIMAL_INSTALL="yes"
+ ONION_ONLY="yes"
+ command_options="menuconfig"
fi
if [[ $command_options == "menuconfig" ]]; then
- interactive_configuration
+ interactive_configuration
else
- while [[ $# > 1 ]]
- do
- key="$1"
+ while [[ $# > 1 ]]
+ do
+ key="$1"
- case $key in
- -h|--help)
- show_help
- ;;
- # load a configuration file
- -c|--config)
- shift
- CONFIGURATION_FILE="$1"
- INSTALLING_FROM_CONFIGURATION_FILE="yes"
- break
- ;;
- # username within /home
- -u|--user)
- shift
- MY_USERNAME="$1"
- ;;
- # microblog domain name
- --microblogdomain)
- shift
- MICROBLOG_DOMAIN_NAME="$1"
- ;;
- # wiki domain name
- --wikidomain)
- shift
- WIKI_DOMAIN_NAME="$1"
- ;;
- # blog domain name
- --blogdomain)
- shift
- FULLBLOG_DOMAIN_NAME="$1"
- ;;
- # hubzilla domain name
- --hubzilladomain)
- shift
- HUBZILLA_DOMAIN_NAME="$1"
- ;;
- # git hosting domain name
- --gitdomain)
- shift
- GIT_DOMAIN_NAME="$1"
- ;;
- # default domain name
- -d|--domain)
- shift
- DEFAULT_DOMAIN_NAME="$1"
- ;;
- # The type of system
- -s|--system)
- shift
- SYSTEM_TYPE="$1"
- ;;
- # The dynamic DNS provider
- --ddns)
- shift
- DDNS_PROVIDER="$1"
- ;;
- # Username for the synamic DNS provider
- --ddnsuser)
- shift
- DDNS_USERNAME="$1"
- ;;
- # Password for the synamic DNS provider
- --ddnspass)
- shift
- DDNS_PASSWORD="$1"
- ;;
- # Whether this installation is on a Beaglebone Black
- --bbb)
- INSTALLING_ON_BBB="yes"
- ;;
- # Domain name to use as a TLS time source
- -t|--time)
- shift
- TLS_TIME_SOURCE1="$1"
- ;;
- # Static IP address for the system
- --ip)
- shift
- LOCAL_NETWORK_STATIC_IP_ADDRESS=$1
- ;;
- # IP address for the internet router
- --iprouter)
- shift
- ROUTER_IP_ADDRESS=$1
- ;;
- # ssh port
- --ssh)
- shift
- SSH_PORT=$1
- ;;
- # public mailing list name
- --list)
- shift
- PUBLIC_MAILING_LIST="$1"
- ;;
- # Number of CPU cores
- --cores)
- shift
- CPU_CORES=$1
- ;;
- # my name
- --name)
- shift
- MY_NAME="$1"
- ;;
- # my email address
- --email)
- shift
- MY_EMAIL_ADDRESS="$1"
- ;;
- # USB drive
- --usb)
- shift
- USB_DRIVE=$1
- ;;
- # Enable CJDNS
- --cjdns)
- shift
- ENABLE_CJDNS="yes"
- ;;
- # Enable B.A.T.M.A.N
- --batman)
- shift
- ENABLE_BATMAN="yes"
- ;;
- # Enable Babel
- --babel)
- shift
- ENABLE_BABEL="yes"
- ;;
- # VoIP server password
- --vpass)
- shift
- VOIP_SERVER_PASSWORD=$1
- ;;
- # VoIP server port
- --vport)
- shift
- VOIP_PORT=$1
- ;;
- # DNS Nameserver 1
- --ns1)
- shift
- NAMESERVER1=$1
- ;;
- # DNS Nameserver 2
- --ns2)
- shift
- NAMESERVER2=$1
- ;;
- # Debian repository
- --repo)
- shift
- DEBIAN_REPO=$1
- ;;
- # minimal install
- --minimal)
- shift
- MINIMAL_INSTALL=$1
- ;;
- *)
- # unknown option
- ;;
- esac
- shift
- done
+ case $key in
+ -h|--help)
+ show_help
+ ;;
+ # load a configuration file
+ -c|--config)
+ shift
+ CONFIGURATION_FILE="$1"
+ INSTALLING_FROM_CONFIGURATION_FILE="yes"
+ break
+ ;;
+ # username within /home
+ -u|--user)
+ shift
+ MY_USERNAME="$1"
+ ;;
+ # microblog domain name
+ --microblogdomain)
+ shift
+ MICROBLOG_DOMAIN_NAME="$1"
+ ;;
+ # wiki domain name
+ --wikidomain)
+ shift
+ WIKI_DOMAIN_NAME="$1"
+ ;;
+ # blog domain name
+ --blogdomain)
+ shift
+ FULLBLOG_DOMAIN_NAME="$1"
+ ;;
+ # hubzilla domain name
+ --hubzilladomain)
+ shift
+ HUBZILLA_DOMAIN_NAME="$1"
+ ;;
+ # git hosting domain name
+ --gitdomain)
+ shift
+ GIT_DOMAIN_NAME="$1"
+ ;;
+ # default domain name
+ -d|--domain)
+ shift
+ DEFAULT_DOMAIN_NAME="$1"
+ ;;
+ # The type of system
+ -s|--system)
+ shift
+ SYSTEM_TYPE="$1"
+ ;;
+ # The dynamic DNS provider
+ --ddns)
+ shift
+ DDNS_PROVIDER="$1"
+ ;;
+ # Username for the synamic DNS provider
+ --ddnsuser)
+ shift
+ DDNS_USERNAME="$1"
+ ;;
+ # Password for the synamic DNS provider
+ --ddnspass)
+ shift
+ DDNS_PASSWORD="$1"
+ ;;
+ # Whether this installation is on a Beaglebone Black
+ --bbb)
+ INSTALLING_ON_BBB="yes"
+ ;;
+ # Domain name to use as a TLS time source
+ -t|--time)
+ shift
+ TLS_TIME_SOURCE1="$1"
+ ;;
+ # Static IP address for the system
+ --ip)
+ shift
+ LOCAL_NETWORK_STATIC_IP_ADDRESS=$1
+ ;;
+ # IP address for the internet router
+ --iprouter)
+ shift
+ ROUTER_IP_ADDRESS=$1
+ ;;
+ # ssh port
+ --ssh)
+ shift
+ SSH_PORT=$1
+ ;;
+ # public mailing list name
+ --list)
+ shift
+ PUBLIC_MAILING_LIST="$1"
+ ;;
+ # Number of CPU cores
+ --cores)
+ shift
+ CPU_CORES=$1
+ ;;
+ # my name
+ --name)
+ shift
+ MY_NAME="$1"
+ ;;
+ # my email address
+ --email)
+ shift
+ MY_EMAIL_ADDRESS="$1"
+ ;;
+ # USB drive
+ --usb)
+ shift
+ USB_DRIVE=$1
+ ;;
+ # Enable CJDNS
+ --cjdns)
+ shift
+ ENABLE_CJDNS="yes"
+ ;;
+ # Enable B.A.T.M.A.N
+ --batman)
+ shift
+ ENABLE_BATMAN="yes"
+ ;;
+ # Enable Babel
+ --babel)
+ shift
+ ENABLE_BABEL="yes"
+ ;;
+ # VoIP server password
+ --vpass)
+ shift
+ VOIP_SERVER_PASSWORD=$1
+ ;;
+ # VoIP server port
+ --vport)
+ shift
+ VOIP_PORT=$1
+ ;;
+ # DNS Nameserver 1
+ --ns1)
+ shift
+ NAMESERVER1=$1
+ ;;
+ # DNS Nameserver 2
+ --ns2)
+ shift
+ NAMESERVER2=$1
+ ;;
+ # Debian repository
+ --repo)
+ shift
+ DEBIAN_REPO=$1
+ ;;
+ # minimal install
+ --minimal)
+ shift
+ MINIMAL_INSTALL=$1
+ ;;
+ *)
+ # unknown option
+ ;;
+ esac
+ shift
+ done
fi
function parse_args {
- if [[ $NO_OF_ARGS == 0 ]]; then
- echo 'no_of_args = 0'
- show_help
- exit 0
- fi
+ if [[ $NO_OF_ARGS == 0 ]]; then
+ echo 'no_of_args = 0'
+ show_help
+ exit 0
+ fi
- if [ ! -d /home/$MY_USERNAME ]; then
- echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
- exit 1
- fi
- if [ ! "$DEFAULT_DOMAIN_NAME" ]; then
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- echo 'No default domain specified'
- show_help
- exit 2
- fi
- fi
- if [ ! $MY_USERNAME ]; then
- echo 'No username specified'
- show_help
- exit 3
- fi
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- if [[ $ONION_ONLY == "no" ]]; then
- if [ ! $DDNS_USERNAME ]; then
- echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
- exit 7823
- fi
- if [ ! $DDNS_PASSWORD ]; then
- echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option'
- exit 6382
- fi
- fi
- fi
- if [ ! $SYSTEM_TYPE ]; then
- SYSTEM_TYPE=$VARIANT_FULL
- fi
- if [[ $SYSTEM_TYPE != $VARIANT_WRITER && $SYSTEM_TYPE != $VARIANT_CLOUD && $SYSTEM_TYPE != $VARIANT_CHAT && $SYSTEM_TYPE != $VARIANT_MAILBOX && $SYSTEM_TYPE != $VARIANT_NONMAILBOX && $SYSTEM_TYPE != $VARIANT_SOCIAL && $SYSTEM_TYPE != $VARIANT_MEDIA && $SYSTEM_TYPE != $VARIANT_DEVELOPER && $SYSTEM_TYPE != $VARIANT_MESH && $SYSTEM_TYPE != $VARIANT_FULL ]]; then
- echo $"'$SYSTEM_TYPE' is an unrecognised ${PROJECT_NAME} variant."
- exit 30
- fi
+ if [ ! -d /home/$MY_USERNAME ]; then
+ echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
+ exit 1
+ fi
+ if [ ! "$DEFAULT_DOMAIN_NAME" ]; then
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ echo 'No default domain specified'
+ show_help
+ exit 2
+ fi
+ fi
+ if [ ! $MY_USERNAME ]; then
+ echo 'No username specified'
+ show_help
+ exit 3
+ fi
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ if [[ $ONION_ONLY == "no" ]]; then
+ if [ ! $DDNS_USERNAME ]; then
+ echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
+ exit 7823
+ fi
+ if [ ! $DDNS_PASSWORD ]; then
+ echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option'
+ exit 6382
+ fi
+ fi
+ fi
+ if [ ! $SYSTEM_TYPE ]; then
+ SYSTEM_TYPE=$VARIANT_FULL
+ fi
+ if [[ $SYSTEM_TYPE != $VARIANT_WRITER && $SYSTEM_TYPE != $VARIANT_CLOUD && $SYSTEM_TYPE != $VARIANT_CHAT && $SYSTEM_TYPE != $VARIANT_MAILBOX && $SYSTEM_TYPE != $VARIANT_NONMAILBOX && $SYSTEM_TYPE != $VARIANT_SOCIAL && $SYSTEM_TYPE != $VARIANT_MEDIA && $SYSTEM_TYPE != $VARIANT_DEVELOPER && $SYSTEM_TYPE != $VARIANT_MESH && $SYSTEM_TYPE != $VARIANT_FULL ]]; then
+ echo $"'$SYSTEM_TYPE' is an unrecognised ${PROJECT_NAME} variant."
+ exit 30
+ fi
}
function read_repo_servers {
- if [ -f $CONFIGURATION_FILE ]; then
- if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
- FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
- FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
- MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
- FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- fi
+ if [ -f $CONFIGURATION_FILE ]; then
+ if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
+ FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
+ FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
+ MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
+ FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ fi
- if [ ! $FRIENDS_MIRRORS_SERVER ]; then
- return
- fi
- if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
- return
- fi
+ if [ ! $FRIENDS_MIRRORS_SERVER ]; then
+ return
+ fi
+ if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
+ return
+ fi
- MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
- if [ ! -f $MAIN_COMMAND ]; then
- MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
- fi
+ MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
+ if [ ! -f $MAIN_COMMAND ]; then
+ MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
+ fi
- REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
+ REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
- for line in "${REPOS[@]}"
- do
- repo_name=$(echo "$line" | awk -F '=' '{print $1}')
- mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
- friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
- ${repo_name}="${friends_repo_url}"
- done
+ for line in "${REPOS[@]}"
+ do
+ repo_name=$(echo "$line" | awk -F '=' '{print $1}')
+ mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
+ friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
+ ${repo_name}="${friends_repo_url}"
+ done
}
function read_configuration {
- # if not installing on a Beaglebone then use sdb as the USB drive by default
- if [ ! $INSTALLING_ON_BBB ]; then
- if [[ $USB_DRIVE == /dev/sda1 ]]; then
- USB_DRIVE=/dev/sdb1
- fi
- fi
+ # if not installing on a Beaglebone then use sdb as the USB drive by default
+ if [ ! $INSTALLING_ON_BBB ]; then
+ if [[ $USB_DRIVE == /dev/sda1 ]]; then
+ USB_DRIVE=/dev/sdb1
+ fi
+ fi
- if [[ $INSTALLING_FROM_CONFIGURATION_FILE == "yes" ]]; then
- if [ ! -f $CONFIGURATION_FILE ]; then
- echo $"The configuration file $CONFIGURATION_FILE was not found"
- exit 8935
- fi
- fi
+ if [[ $INSTALLING_FROM_CONFIGURATION_FILE == "yes" ]]; then
+ if [ ! -f $CONFIGURATION_FILE ]; then
+ echo $"The configuration file $CONFIGURATION_FILE was not found"
+ exit 8935
+ fi
+ fi
- if [ -f $CONFIGURATION_FILE ]; then
- read_repo_servers
+ if [ -f $CONFIGURATION_FILE ]; then
+ read_repo_servers
- # Ensure that a copy of the config exists for upgrade purposes
- if [[ $CONFIGURATION_FILE != "/root/${PROJECT_NAME}.cfg" ]]; then
- cp $CONFIGURATION_FILE /root/${PROJECT_NAME}.cfg
- fi
- if grep -q "REFRESH_GPG_KEYS_HOURS" $CONFIGURATION_FILE; then
- REFRESH_GPG_KEYS_HOURS=$(grep "REFRESH_GPG_KEYS_HOURS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WEBMAIL_REPO" $CONFIGURATION_FILE; then
- WEBMAIL_REPO=$(grep "WEBMAIL_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WEBMAIL_COMMIT" $CONFIGURATION_FILE; then
- WEBMAIL_COMMIT=$(grep "WEBMAIL_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WIFI_INTERFACE" $CONFIGURATION_FILE; then
- WIFI_INTERFACE=$(grep "WIFI_INTERFACE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WIFI_SSID" $CONFIGURATION_FILE; then
- WIFI_SSID=$(grep "WIFI_SSID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WIFI_TYPE" $CONFIGURATION_FILE; then
- WIFI_TYPE=$(grep "WIFI_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WIFI_PASSPHRASE" $CONFIGURATION_FILE; then
- WIFI_PASSPHRASE=$(grep "WIFI_PASSPHRASE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WIFI_HOTSPOT" $CONFIGURATION_FILE; then
- WIFI_HOTSPOT=$(grep "WIFI_HOTSPOT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WIFI_NETWORKS_FILE" $CONFIGURATION_FILE; then
- WIFI_NETWORKS_FILE=$(grep "WIFI_NETWORKS_FILE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SYNCTHING_ID" $CONFIGURATION_FILE; then
- SYNCTHING_ID=$(grep "SYNCTHING_ID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SYNCTHING_CONFIG_PATH" $CONFIGURATION_FILE; then
- SYNCTHING_CONFIG_PATH=$(grep "SYNCTHING_CONFIG_PATH" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SYNCTHING_CONFIG_FILE" $CONFIGURATION_FILE; then
- SYNCTHING_CONFIG_FILE=$(grep "SYNCTHING_CONFIG_FILE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SYNCTHING_RELAY_SERVER" $CONFIGURATION_FILE; then
- SYNCTHING_RELAY_SERVER=$(grep "SYNCTHING_RELAY_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SYNCTHING_RELEASES" $CONFIGURATION_FILE; then
- SYNCTHING_RELEASES=$(grep "SYNCTHING_RELEASES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SYNCTHING_PORT" $CONFIGURATION_FILE; then
- SYNCTHING_PORT=$(grep "SYNCTHING_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SYNCTHING_SHARED_DATA" $CONFIGURATION_FILE; then
- SYNCTHING_SHARED_DATA=$(grep "SYNCTHING_SHARED_DATA" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "VOIP_TURN_PORT" $CONFIGURATION_FILE; then
- VOIP_TURN_PORT=$(grep "VOIP_TURN_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "VOIP_TURN_TLS_PORT" $CONFIGURATION_FILE; then
- VOIP_TURN_TLS_PORT=$(grep "VOIP_TURN_TLS_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "VOIP_TURN_NONCE" $CONFIGURATION_FILE; then
- VOIP_TURN_NONCE=$(grep "VOIP_TURN_NONCE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "DEFAULT_SEARCH" $CONFIGURATION_FILE; then
- DEFAULT_SEARCH=$(grep "DEFAULT_SEARCH" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SEARCH_ENGINE_PASSWORD" $CONFIGURATION_FILE; then
- SEARCH_ENGINE_PASSWORD=$(grep "SEARCH_ENGINE_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "XMPP_PASSWORD" $CONFIGURATION_FILE; then
- XMPP_PASSWORD=$(grep "XMPP_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "RSS_READER_REPO" $CONFIGURATION_FILE; then
- RSS_READER_REPO=$(grep "RSS_READER_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "RSS_MOBILE_READER_REPO" $CONFIGURATION_FILE; then
- RSS_MOBILE_READER_REPO=$(grep "RSS_MOBILE_READER_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "RSS_READER_COMMIT" $CONFIGURATION_FILE; then
- RSS_READER_COMMIT=$(grep "RSS_READER_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "RSS_MOBILE_READER_COMMIT" $CONFIGURATION_FILE; then
- RSS_MOBILE_READER_COMMIT=$(grep "RSS_MOBILE_READER_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "RSS_READER_ADMIN_PASSWORD" $CONFIGURATION_FILE; then
- RSS_READER_ADMIN_PASSWORD=$(grep "RSS_READER_ADMIN_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "RSS_READER_DOMAIN_NAME" $CONFIGURATION_FILE; then
- RSS_READER_DOMAIN_NAME=$(grep "RSS_READER_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MICROBLOG_BACKGROUND_IMAGE_URL" $CONFIGURATION_FILE; then
- MICROBLOG_BACKGROUND_IMAGE_URL=$(grep "MICROBLOG_BACKGROUND_IMAGE_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MICROBLOG_WELCOME_MESSAGE" $CONFIGURATION_FILE; then
- MICROBLOG_WELCOME_MESSAGE=$(grep "MICROBLOG_WELCOME_MESSAGE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "PROJECT_WEBSITE" $CONFIGURATION_FILE; then
- PROJECT_WEBSITE=$(grep "PROJECT_WEBSITE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "PROJECT_REPO" $CONFIGURATION_FILE; then
- PROJECT_REPO=$(grep "PROJECT_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ONION_ONLY" $CONFIGURATION_FILE; then
- ONION_ONLY=$(grep "ONION_ONLY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "IRC_PASSWORD" $CONFIGURATION_FILE; then
- IRC_PASSWORD=$(grep "IRC_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "DEFAULT_LANGUAGE" $CONFIGURATION_FILE; then
- DEFAULT_LANGUAGE=$(grep "DEFAULT_LANGUAGE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MINIMAL_INSTALL" $CONFIGURATION_FILE; then
- MINIMAL_INSTALL=$(grep "MINIMAL_INSTALL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "LETSENCRYPT_SERVER" $CONFIGURATION_FILE; then
- LETSENCRYPT_SERVER=$(grep "LETSENCRYPT_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "FULLBLOG_REPO" $CONFIGURATION_FILE; then
- FULLBLOG_REPO=$(grep "FULLBLOG_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "FULLBLOG_COMMIT" $CONFIGURATION_FILE; then
- FULLBLOG_COMMIT=$(grep "FULLBLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "GOGS_COMMIT" $CONFIGURATION_FILE; then
- GOGS_COMMIT=$(grep "GOGS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "TOX_COMMIT" $CONFIGURATION_FILE; then
- TOX_COMMIT=$(grep "TOX_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "TOXIC_COMMIT" $CONFIGURATION_FILE; then
- TOXIC_COMMIT=$(grep "TOXIC_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "GPGIT_REPO" $CONFIGURATION_FILE; then
- GPGIT_REPO=$(grep "GPGIT_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "GPGIT_COMMIT" $CONFIGURATION_FILE; then
- GPGIT_COMMIT=$(grep "GPGIT_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "HUBZILLA_REPO" $CONFIGURATION_FILE; then
- HUBZILLA_REPO=$(grep "HUBZILLA_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "HUBZILLA_COMMIT" $CONFIGURATION_FILE; then
- HUBZILLA_COMMIT=$(grep "HUBZILLA_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "IPFS_COMMIT" $CONFIGURATION_FILE; then
- IPFS_COMMIT=$(grep "IPFS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ZERONET_BLOG_COMMIT" $CONFIGURATION_FILE; then
- ZERONET_BLOG_COMMIT=$(grep "ZERONET_BLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ZERONET_MAIL_COMMIT" $CONFIGURATION_FILE; then
- ZERONET_MAIL_COMMIT=$(grep "ZERONET_MAIL_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ZERONET_FORUM_COMMIT" $CONFIGURATION_FILE; then
- ZERONET_FORUM_COMMIT=$(grep "ZERONET_FORUM_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MICROBLOG_COMMIT" $CONFIGURATION_FILE; then
- MICROBLOG_COMMIT=$(grep "MICROBLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "NGINX_ENSITE_REPO" $CONFIGURATION_FILE; then
- NGINX_ENSITE_REPO=$(grep "NGINX_ENSITE_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "NGINX_ENSITE_COMMIT" $CONFIGURATION_FILE; then
- NGINX_ENSITE_COMMIT=$(grep "NGINX_ENSITE_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "CLEANUP_MAILDIR_COMMIT" $CONFIGURATION_FILE; then
- CLEANUP_MAILDIR_COMMIT=$(grep "CLEANUP_MAILDIR_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "CLEANUP_MAILDIR_REPO" $CONFIGURATION_FILE; then
- CLEANUP_MAILDIR_REPO=$(grep "CLEANUP_MAILDIR_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ZERONET_COMMIT" $CONFIGURATION_FILE; then
- ZERONET_COMMIT=$(grep "ZERONET_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "INADYN_REPO" $CONFIGURATION_FILE; then
- INADYN_REPO=$(grep "INADYN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "INADYN_COMMIT" $CONFIGURATION_FILE; then
- INADYN_COMMIT=$(grep "INADYN_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "GPG_KEYSERVER" $CONFIGURATION_FILE; then
- GPG_KEYSERVER=$(grep "GPG_KEYSERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "IPFS_PORT" $CONFIGURATION_FILE; then
- IPFS_PORT=$(grep "IPFS_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "TRACKER_PORT" $CONFIGURATION_FILE; then
- TRACKER_PORT=$(grep "TRACKER_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ZERONET_PORT" $CONFIGURATION_FILE; then
- ZERONET_PORT=$(grep "ZERONET_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "DH_KEYLENGTH" $CONFIGURATION_FILE; then
- DH_KEYLENGTH=$(grep "DH_KEYLENGTH" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "IRC_PORT" $CONFIGURATION_FILE; then
- IRC_PORT=$(grep "IRC_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WIFI_CHANNEL" $CONFIGURATION_FILE; then
- WIFI_CHANNEL=$(grep "WIFI_CHANNEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "BATMAN_CELLID" $CONFIGURATION_FILE; then
- BATMAN_CELLID=$(grep "BATMAN_CELLID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "TOX_PORT" $CONFIGURATION_FILE; then
- TOX_PORT=$(grep "TOX_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "TOX_NODES" $CONFIGURATION_FILE; then
- TOX_NODES=$(grep "TOX_NODES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "TOX_REPO" $CONFIGURATION_FILE; then
- TOX_REPO=$(grep "TOX_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ENABLE_SOCIAL_KEY_MANAGEMENT" $CONFIGURATION_FILE; then
- ENABLE_SOCIAL_KEY_MANAGEMENT=$(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "IPV6_NETWORK" $CONFIGURATION_FILE; then
- IPV6_NETWORK=$(grep "IPV6_NETWORK" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "HWRNG_TYPE" $CONFIGURATION_FILE; then
- HWRNG_TYPE=$(grep "HWRNG_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MEDIAGOBLIN_DOMAIN_NAME" $CONFIGURATION_FILE; then
- MEDIAGOBLIN_DOMAIN_NAME=$(grep "MEDIAGOBLIN_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MEDIAGOBLIN_CODE" $CONFIGURATION_FILE; then
- MEDIAGOBLIN_CODE=$(grep "MEDIAGOBLIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MEDIAGOBLIN_REPO" $CONFIGURATION_FILE; then
- MEDIAGOBLIN_REPO=$(grep "MEDIAGOBLIN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MEDIAGOBLIN_COMMIT" $CONFIGURATION_FILE; then
- MEDIAGOBLIN_COMMIT=$(grep "MEDIAGOBLIN_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "GIT_ADMIN_PASSWORD" $CONFIGURATION_FILE; then
- GIT_ADMIN_PASSWORD=$(grep "GIT_ADMIN_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "GIT_DOMAIN_NAME" $CONFIGURATION_FILE; then
- GIT_DOMAIN_NAME=$(grep "GIT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "GIT_CODE" $CONFIGURATION_FILE; then
- GIT_CODE=$(grep "GIT_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SYSTEM_TYPE" $CONFIGURATION_FILE; then
- SYSTEM_TYPE=$(grep "SYSTEM_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SSL_PROTOCOLS" $CONFIGURATION_FILE; then
- SSL_PROTOCOLS=$(grep "SSL_PROTOCOLS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SSL_CIPHERS" $CONFIGURATION_FILE; then
- SSL_CIPHERS=$(grep "SSL_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SSH_CIPHERS" $CONFIGURATION_FILE; then
- SSH_CIPHERS=$(grep "SSH_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SSH_MACS" $CONFIGURATION_FILE; then
- SSH_MACS=$(grep "SSH_MACS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SSH_KEX" $CONFIGURATION_FILE; then
- SSH_KEX=$(grep "SSH_KEX" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE; then
- SSH_HOST_KEY_ALGORITHMS=$(grep "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SSH_PASSWORDS" $CONFIGURATION_FILE; then
- SSH_PASSWORDS=$(grep "SSH_PASSWORDS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "XMPP_CIPHERS" $CONFIGURATION_FILE; then
- XMPP_CIPHERS=$(grep "XMPP_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "XMPP_ECC_CURVE" $CONFIGURATION_FILE; then
- XMPP_ECC_CURVE=$(grep "XMPP_ECC_CURVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then
- MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "DOMAIN_NAME" $CONFIGURATION_FILE; then
- # for backwards compatability
- DEFAULT_DOMAIN_NAME=$(grep "DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
- DEFAULT_DOMAIN_NAME=$(grep "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE; then
- DEFAULT_DOMAIN_CODE=$(grep "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "NAMESERVER1" $CONFIGURATION_FILE; then
- NAMESERVER1=$(grep "NAMESERVER1" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "NAMESERVER2" $CONFIGURATION_FILE; then
- NAMESERVER2=$(grep "NAMESERVER2" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "DEBIAN_REPO" $CONFIGURATION_FILE; then
- DEBIAN_REPO=$(grep "DEBIAN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- CHECK_MESSAGE=$"Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
- fi
- if grep -q "VOIP_PORT" $CONFIGURATION_FILE; then
- VOIP_PORT=$(grep "VOIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then
- VOIP_SERVER_PASSWORD=$(grep "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SIP_PORT" $CONFIGURATION_FILE; then
- SIP_PORT=$(grep "SIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SIP_TLS_PORT" $CONFIGURATION_FILE; then
- SIP_TLS_PORT=$(grep "SIP_TLS_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then
- SIP_SERVER_PASSWORD=$(grep "SIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE; then
- GET_IP_ADDRESS_URL=$(grep "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "DDNS_PROVIDER" $CONFIGURATION_FILE; then
- DDNS_PROVIDER=$(grep "DDNS_PROVIDER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "DDNS_USERNAME" $CONFIGURATION_FILE; then
- DDNS_USERNAME=$(grep "DDNS_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "DDNS_PASSWORD" $CONFIGURATION_FILE; then
- DDNS_PASSWORD=$(grep "DDNS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE; then
- LOCAL_NETWORK_STATIC_IP_ADDRESS=$(grep "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ENABLE_BABEL" $CONFIGURATION_FILE; then
- ENABLE_BABEL=$(grep "ENABLE_BABEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ENABLE_BATMAN" $CONFIGURATION_FILE; then
- ENABLE_BATMAN=$(grep "ENABLE_BATMAN" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ENABLE_CJDNS" $CONFIGURATION_FILE; then
- ENABLE_CJDNS=$(grep "ENABLE_CJDNS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "CJDNS_COMMIT" $CONFIGURATION_FILE; then
- CJDNS_COMMIT=$(grep "CJDNS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "CJDNS_IPV6" $CONFIGURATION_FILE; then
- CJDNS_IPV6=$(grep "CJDNS_IPV6" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE; then
- CJDNS_PUBLIC_KEY=$(grep "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE; then
- CJDNS_PRIVATE_KEY=$(grep "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE; then
- ROUTER_IP_ADDRESS=$(grep "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "CPU_CORES" $CONFIGURATION_FILE; then
- CPU_CORES=$(grep "CPU_CORES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE; then
- WEBSERVER_LOG_LEVEL=$(grep "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE; then
- ROUTE_THROUGH_TOR=$(grep "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WIKI_TITLE" $CONFIGURATION_FILE; then
- WIKI_TITLE=$(grep "WIKI_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_NAME" $CONFIGURATION_FILE; then
- MY_NAME=$(grep "MY_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE; then
- MY_EMAIL_ADDRESS=$(grep "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "INSTALLING_ON_BBB" $CONFIGURATION_FILE; then
- INSTALLING_ON_BBB=$(grep "INSTALLING_ON_BBB" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "SSH_PORT" $CONFIGURATION_FILE; then
- SSH_PORT=$(grep "SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE; then
- INSTALLED_WITHIN_DOCKER=$(grep "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE; then
- PUBLIC_MAILING_LIST=$(grep "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
- MICROBLOG_DOMAIN_NAME=$(grep "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MICROBLOG_CODE" $CONFIGURATION_FILE; then
- MICROBLOG_CODE=$(grep "MICROBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "HUBZILLA_DOMAIN_NAME" $CONFIGURATION_FILE; then
- HUBZILLA_DOMAIN_NAME=$(grep "HUBZILLA_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "HUBZILLA_CODE" $CONFIGURATION_FILE; then
- HUBZILLA_CODE=$(grep "HUBZILLA_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE; then
- WIKI_DOMAIN_NAME=$(grep "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "WIKI_CODE" $CONFIGURATION_FILE; then
- WIKI_CODE=$(grep "WIKI_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
- FULLBLOG_DOMAIN_NAME=$(grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "FULLBLOG_CODE" $CONFIGURATION_FILE; then
- FULLBLOG_CODE=$(grep "FULLBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_BLOG_TITLE" $CONFIGURATION_FILE; then
- MY_BLOG_TITLE=$(grep "MY_BLOG_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE; then
- MY_BLOG_SUBTITLE=$(grep "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE; then
- GPG_ENCRYPT_STORED_EMAIL=$(grep "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE; then
- MY_GPG_PUBLIC_KEY=$(grep "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE; then
- MY_GPG_PRIVATE_KEY=$(grep "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE; then
- MY_GPG_PUBLIC_KEY_ID=$(grep "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "USB_DRIVE" $CONFIGURATION_FILE; then
- USB_DRIVE=$(grep "USB_DRIVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MAX_PHP_MEMORY" $CONFIGURATION_FILE; then
- MAX_PHP_MEMORY=$(grep "MAX_PHP_MEMORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "TLS_TIME_SOURCE1" $CONFIGURATION_FILE; then
- TLS_TIME_SOURCE1=$(grep "TLS_TIME_SOURCE1" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "TLS_TIME_SOURCE2" $CONFIGURATION_FILE; then
- TLS_TIME_SOURCE2=$(grep "TLS_TIME_SOURCE2" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- fi
- echo "System type: $SYSTEM_TYPE"
+ # Ensure that a copy of the config exists for upgrade purposes
+ if [[ $CONFIGURATION_FILE != "/root/${PROJECT_NAME}.cfg" ]]; then
+ cp $CONFIGURATION_FILE /root/${PROJECT_NAME}.cfg
+ fi
+ if grep -q "REFRESH_GPG_KEYS_HOURS" $CONFIGURATION_FILE; then
+ REFRESH_GPG_KEYS_HOURS=$(grep "REFRESH_GPG_KEYS_HOURS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WEBMAIL_REPO" $CONFIGURATION_FILE; then
+ WEBMAIL_REPO=$(grep "WEBMAIL_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WEBMAIL_COMMIT" $CONFIGURATION_FILE; then
+ WEBMAIL_COMMIT=$(grep "WEBMAIL_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WIFI_INTERFACE" $CONFIGURATION_FILE; then
+ WIFI_INTERFACE=$(grep "WIFI_INTERFACE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WIFI_SSID" $CONFIGURATION_FILE; then
+ WIFI_SSID=$(grep "WIFI_SSID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WIFI_TYPE" $CONFIGURATION_FILE; then
+ WIFI_TYPE=$(grep "WIFI_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WIFI_PASSPHRASE" $CONFIGURATION_FILE; then
+ WIFI_PASSPHRASE=$(grep "WIFI_PASSPHRASE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WIFI_HOTSPOT" $CONFIGURATION_FILE; then
+ WIFI_HOTSPOT=$(grep "WIFI_HOTSPOT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WIFI_NETWORKS_FILE" $CONFIGURATION_FILE; then
+ WIFI_NETWORKS_FILE=$(grep "WIFI_NETWORKS_FILE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SYNCTHING_ID" $CONFIGURATION_FILE; then
+ SYNCTHING_ID=$(grep "SYNCTHING_ID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SYNCTHING_CONFIG_PATH" $CONFIGURATION_FILE; then
+ SYNCTHING_CONFIG_PATH=$(grep "SYNCTHING_CONFIG_PATH" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SYNCTHING_CONFIG_FILE" $CONFIGURATION_FILE; then
+ SYNCTHING_CONFIG_FILE=$(grep "SYNCTHING_CONFIG_FILE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SYNCTHING_RELAY_SERVER" $CONFIGURATION_FILE; then
+ SYNCTHING_RELAY_SERVER=$(grep "SYNCTHING_RELAY_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SYNCTHING_RELEASES" $CONFIGURATION_FILE; then
+ SYNCTHING_RELEASES=$(grep "SYNCTHING_RELEASES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SYNCTHING_PORT" $CONFIGURATION_FILE; then
+ SYNCTHING_PORT=$(grep "SYNCTHING_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SYNCTHING_SHARED_DATA" $CONFIGURATION_FILE; then
+ SYNCTHING_SHARED_DATA=$(grep "SYNCTHING_SHARED_DATA" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "VOIP_TURN_PORT" $CONFIGURATION_FILE; then
+ VOIP_TURN_PORT=$(grep "VOIP_TURN_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "VOIP_TURN_TLS_PORT" $CONFIGURATION_FILE; then
+ VOIP_TURN_TLS_PORT=$(grep "VOIP_TURN_TLS_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "VOIP_TURN_NONCE" $CONFIGURATION_FILE; then
+ VOIP_TURN_NONCE=$(grep "VOIP_TURN_NONCE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "DEFAULT_SEARCH" $CONFIGURATION_FILE; then
+ DEFAULT_SEARCH=$(grep "DEFAULT_SEARCH" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SEARCH_ENGINE_PASSWORD" $CONFIGURATION_FILE; then
+ SEARCH_ENGINE_PASSWORD=$(grep "SEARCH_ENGINE_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "XMPP_PASSWORD" $CONFIGURATION_FILE; then
+ XMPP_PASSWORD=$(grep "XMPP_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "RSS_READER_REPO" $CONFIGURATION_FILE; then
+ RSS_READER_REPO=$(grep "RSS_READER_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "RSS_MOBILE_READER_REPO" $CONFIGURATION_FILE; then
+ RSS_MOBILE_READER_REPO=$(grep "RSS_MOBILE_READER_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "RSS_READER_COMMIT" $CONFIGURATION_FILE; then
+ RSS_READER_COMMIT=$(grep "RSS_READER_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "RSS_MOBILE_READER_COMMIT" $CONFIGURATION_FILE; then
+ RSS_MOBILE_READER_COMMIT=$(grep "RSS_MOBILE_READER_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "RSS_READER_ADMIN_PASSWORD" $CONFIGURATION_FILE; then
+ RSS_READER_ADMIN_PASSWORD=$(grep "RSS_READER_ADMIN_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "RSS_READER_DOMAIN_NAME" $CONFIGURATION_FILE; then
+ RSS_READER_DOMAIN_NAME=$(grep "RSS_READER_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MICROBLOG_BACKGROUND_IMAGE_URL" $CONFIGURATION_FILE; then
+ MICROBLOG_BACKGROUND_IMAGE_URL=$(grep "MICROBLOG_BACKGROUND_IMAGE_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MICROBLOG_WELCOME_MESSAGE" $CONFIGURATION_FILE; then
+ MICROBLOG_WELCOME_MESSAGE=$(grep "MICROBLOG_WELCOME_MESSAGE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "PROJECT_WEBSITE" $CONFIGURATION_FILE; then
+ PROJECT_WEBSITE=$(grep "PROJECT_WEBSITE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "PROJECT_REPO" $CONFIGURATION_FILE; then
+ PROJECT_REPO=$(grep "PROJECT_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ONION_ONLY" $CONFIGURATION_FILE; then
+ ONION_ONLY=$(grep "ONION_ONLY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "IRC_PASSWORD" $CONFIGURATION_FILE; then
+ IRC_PASSWORD=$(grep "IRC_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "DEFAULT_LANGUAGE" $CONFIGURATION_FILE; then
+ DEFAULT_LANGUAGE=$(grep "DEFAULT_LANGUAGE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MINIMAL_INSTALL" $CONFIGURATION_FILE; then
+ MINIMAL_INSTALL=$(grep "MINIMAL_INSTALL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "LETSENCRYPT_SERVER" $CONFIGURATION_FILE; then
+ LETSENCRYPT_SERVER=$(grep "LETSENCRYPT_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "FULLBLOG_REPO" $CONFIGURATION_FILE; then
+ FULLBLOG_REPO=$(grep "FULLBLOG_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "FULLBLOG_COMMIT" $CONFIGURATION_FILE; then
+ FULLBLOG_COMMIT=$(grep "FULLBLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "GOGS_COMMIT" $CONFIGURATION_FILE; then
+ GOGS_COMMIT=$(grep "GOGS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "TOX_COMMIT" $CONFIGURATION_FILE; then
+ TOX_COMMIT=$(grep "TOX_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "TOXIC_COMMIT" $CONFIGURATION_FILE; then
+ TOXIC_COMMIT=$(grep "TOXIC_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "GPGIT_REPO" $CONFIGURATION_FILE; then
+ GPGIT_REPO=$(grep "GPGIT_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "GPGIT_COMMIT" $CONFIGURATION_FILE; then
+ GPGIT_COMMIT=$(grep "GPGIT_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "HUBZILLA_REPO" $CONFIGURATION_FILE; then
+ HUBZILLA_REPO=$(grep "HUBZILLA_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "HUBZILLA_COMMIT" $CONFIGURATION_FILE; then
+ HUBZILLA_COMMIT=$(grep "HUBZILLA_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "IPFS_COMMIT" $CONFIGURATION_FILE; then
+ IPFS_COMMIT=$(grep "IPFS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ZERONET_BLOG_COMMIT" $CONFIGURATION_FILE; then
+ ZERONET_BLOG_COMMIT=$(grep "ZERONET_BLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ZERONET_MAIL_COMMIT" $CONFIGURATION_FILE; then
+ ZERONET_MAIL_COMMIT=$(grep "ZERONET_MAIL_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ZERONET_FORUM_COMMIT" $CONFIGURATION_FILE; then
+ ZERONET_FORUM_COMMIT=$(grep "ZERONET_FORUM_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MICROBLOG_COMMIT" $CONFIGURATION_FILE; then
+ MICROBLOG_COMMIT=$(grep "MICROBLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "NGINX_ENSITE_REPO" $CONFIGURATION_FILE; then
+ NGINX_ENSITE_REPO=$(grep "NGINX_ENSITE_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "NGINX_ENSITE_COMMIT" $CONFIGURATION_FILE; then
+ NGINX_ENSITE_COMMIT=$(grep "NGINX_ENSITE_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "CLEANUP_MAILDIR_COMMIT" $CONFIGURATION_FILE; then
+ CLEANUP_MAILDIR_COMMIT=$(grep "CLEANUP_MAILDIR_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "CLEANUP_MAILDIR_REPO" $CONFIGURATION_FILE; then
+ CLEANUP_MAILDIR_REPO=$(grep "CLEANUP_MAILDIR_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ZERONET_COMMIT" $CONFIGURATION_FILE; then
+ ZERONET_COMMIT=$(grep "ZERONET_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "INADYN_REPO" $CONFIGURATION_FILE; then
+ INADYN_REPO=$(grep "INADYN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "INADYN_COMMIT" $CONFIGURATION_FILE; then
+ INADYN_COMMIT=$(grep "INADYN_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "GPG_KEYSERVER" $CONFIGURATION_FILE; then
+ GPG_KEYSERVER=$(grep "GPG_KEYSERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "IPFS_PORT" $CONFIGURATION_FILE; then
+ IPFS_PORT=$(grep "IPFS_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "TRACKER_PORT" $CONFIGURATION_FILE; then
+ TRACKER_PORT=$(grep "TRACKER_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ZERONET_PORT" $CONFIGURATION_FILE; then
+ ZERONET_PORT=$(grep "ZERONET_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "DH_KEYLENGTH" $CONFIGURATION_FILE; then
+ DH_KEYLENGTH=$(grep "DH_KEYLENGTH" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "IRC_PORT" $CONFIGURATION_FILE; then
+ IRC_PORT=$(grep "IRC_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WIFI_CHANNEL" $CONFIGURATION_FILE; then
+ WIFI_CHANNEL=$(grep "WIFI_CHANNEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "BATMAN_CELLID" $CONFIGURATION_FILE; then
+ BATMAN_CELLID=$(grep "BATMAN_CELLID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "TOX_PORT" $CONFIGURATION_FILE; then
+ TOX_PORT=$(grep "TOX_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "TOX_NODES" $CONFIGURATION_FILE; then
+ TOX_NODES=$(grep "TOX_NODES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "TOX_REPO" $CONFIGURATION_FILE; then
+ TOX_REPO=$(grep "TOX_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ENABLE_SOCIAL_KEY_MANAGEMENT" $CONFIGURATION_FILE; then
+ ENABLE_SOCIAL_KEY_MANAGEMENT=$(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "IPV6_NETWORK" $CONFIGURATION_FILE; then
+ IPV6_NETWORK=$(grep "IPV6_NETWORK" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "HWRNG_TYPE" $CONFIGURATION_FILE; then
+ HWRNG_TYPE=$(grep "HWRNG_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MEDIAGOBLIN_DOMAIN_NAME" $CONFIGURATION_FILE; then
+ MEDIAGOBLIN_DOMAIN_NAME=$(grep "MEDIAGOBLIN_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MEDIAGOBLIN_CODE" $CONFIGURATION_FILE; then
+ MEDIAGOBLIN_CODE=$(grep "MEDIAGOBLIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MEDIAGOBLIN_REPO" $CONFIGURATION_FILE; then
+ MEDIAGOBLIN_REPO=$(grep "MEDIAGOBLIN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MEDIAGOBLIN_COMMIT" $CONFIGURATION_FILE; then
+ MEDIAGOBLIN_COMMIT=$(grep "MEDIAGOBLIN_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "GIT_ADMIN_PASSWORD" $CONFIGURATION_FILE; then
+ GIT_ADMIN_PASSWORD=$(grep "GIT_ADMIN_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "GIT_DOMAIN_NAME" $CONFIGURATION_FILE; then
+ GIT_DOMAIN_NAME=$(grep "GIT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "GIT_CODE" $CONFIGURATION_FILE; then
+ GIT_CODE=$(grep "GIT_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SYSTEM_TYPE" $CONFIGURATION_FILE; then
+ SYSTEM_TYPE=$(grep "SYSTEM_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SSL_PROTOCOLS" $CONFIGURATION_FILE; then
+ SSL_PROTOCOLS=$(grep "SSL_PROTOCOLS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SSL_CIPHERS" $CONFIGURATION_FILE; then
+ SSL_CIPHERS=$(grep "SSL_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SSH_CIPHERS" $CONFIGURATION_FILE; then
+ SSH_CIPHERS=$(grep "SSH_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SSH_MACS" $CONFIGURATION_FILE; then
+ SSH_MACS=$(grep "SSH_MACS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SSH_KEX" $CONFIGURATION_FILE; then
+ SSH_KEX=$(grep "SSH_KEX" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE; then
+ SSH_HOST_KEY_ALGORITHMS=$(grep "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SSH_PASSWORDS" $CONFIGURATION_FILE; then
+ SSH_PASSWORDS=$(grep "SSH_PASSWORDS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "XMPP_CIPHERS" $CONFIGURATION_FILE; then
+ XMPP_CIPHERS=$(grep "XMPP_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "XMPP_ECC_CURVE" $CONFIGURATION_FILE; then
+ XMPP_ECC_CURVE=$(grep "XMPP_ECC_CURVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then
+ MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "DOMAIN_NAME" $CONFIGURATION_FILE; then
+ # for backwards compatability
+ DEFAULT_DOMAIN_NAME=$(grep "DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
+ DEFAULT_DOMAIN_NAME=$(grep "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE; then
+ DEFAULT_DOMAIN_CODE=$(grep "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "NAMESERVER1" $CONFIGURATION_FILE; then
+ NAMESERVER1=$(grep "NAMESERVER1" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "NAMESERVER2" $CONFIGURATION_FILE; then
+ NAMESERVER2=$(grep "NAMESERVER2" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "DEBIAN_REPO" $CONFIGURATION_FILE; then
+ DEBIAN_REPO=$(grep "DEBIAN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ CHECK_MESSAGE=$"Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
+ fi
+ if grep -q "VOIP_PORT" $CONFIGURATION_FILE; then
+ VOIP_PORT=$(grep "VOIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then
+ VOIP_SERVER_PASSWORD=$(grep "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SIP_PORT" $CONFIGURATION_FILE; then
+ SIP_PORT=$(grep "SIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SIP_TLS_PORT" $CONFIGURATION_FILE; then
+ SIP_TLS_PORT=$(grep "SIP_TLS_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then
+ SIP_SERVER_PASSWORD=$(grep "SIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE; then
+ GET_IP_ADDRESS_URL=$(grep "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "DDNS_PROVIDER" $CONFIGURATION_FILE; then
+ DDNS_PROVIDER=$(grep "DDNS_PROVIDER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "DDNS_USERNAME" $CONFIGURATION_FILE; then
+ DDNS_USERNAME=$(grep "DDNS_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "DDNS_PASSWORD" $CONFIGURATION_FILE; then
+ DDNS_PASSWORD=$(grep "DDNS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE; then
+ LOCAL_NETWORK_STATIC_IP_ADDRESS=$(grep "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ENABLE_BABEL" $CONFIGURATION_FILE; then
+ ENABLE_BABEL=$(grep "ENABLE_BABEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ENABLE_BATMAN" $CONFIGURATION_FILE; then
+ ENABLE_BATMAN=$(grep "ENABLE_BATMAN" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ENABLE_CJDNS" $CONFIGURATION_FILE; then
+ ENABLE_CJDNS=$(grep "ENABLE_CJDNS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "CJDNS_COMMIT" $CONFIGURATION_FILE; then
+ CJDNS_COMMIT=$(grep "CJDNS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "CJDNS_IPV6" $CONFIGURATION_FILE; then
+ CJDNS_IPV6=$(grep "CJDNS_IPV6" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE; then
+ CJDNS_PUBLIC_KEY=$(grep "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE; then
+ CJDNS_PRIVATE_KEY=$(grep "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE; then
+ ROUTER_IP_ADDRESS=$(grep "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "CPU_CORES" $CONFIGURATION_FILE; then
+ CPU_CORES=$(grep "CPU_CORES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE; then
+ WEBSERVER_LOG_LEVEL=$(grep "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE; then
+ ROUTE_THROUGH_TOR=$(grep "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WIKI_TITLE" $CONFIGURATION_FILE; then
+ WIKI_TITLE=$(grep "WIKI_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_NAME" $CONFIGURATION_FILE; then
+ MY_NAME=$(grep "MY_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE; then
+ MY_EMAIL_ADDRESS=$(grep "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "INSTALLING_ON_BBB" $CONFIGURATION_FILE; then
+ INSTALLING_ON_BBB=$(grep "INSTALLING_ON_BBB" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "SSH_PORT" $CONFIGURATION_FILE; then
+ SSH_PORT=$(grep "SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE; then
+ INSTALLED_WITHIN_DOCKER=$(grep "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE; then
+ PUBLIC_MAILING_LIST=$(grep "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
+ MICROBLOG_DOMAIN_NAME=$(grep "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MICROBLOG_CODE" $CONFIGURATION_FILE; then
+ MICROBLOG_CODE=$(grep "MICROBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "HUBZILLA_DOMAIN_NAME" $CONFIGURATION_FILE; then
+ HUBZILLA_DOMAIN_NAME=$(grep "HUBZILLA_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "HUBZILLA_CODE" $CONFIGURATION_FILE; then
+ HUBZILLA_CODE=$(grep "HUBZILLA_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE; then
+ WIKI_DOMAIN_NAME=$(grep "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "WIKI_CODE" $CONFIGURATION_FILE; then
+ WIKI_CODE=$(grep "WIKI_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
+ FULLBLOG_DOMAIN_NAME=$(grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "FULLBLOG_CODE" $CONFIGURATION_FILE; then
+ FULLBLOG_CODE=$(grep "FULLBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_BLOG_TITLE" $CONFIGURATION_FILE; then
+ MY_BLOG_TITLE=$(grep "MY_BLOG_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE; then
+ MY_BLOG_SUBTITLE=$(grep "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE; then
+ GPG_ENCRYPT_STORED_EMAIL=$(grep "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE; then
+ MY_GPG_PUBLIC_KEY=$(grep "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE; then
+ MY_GPG_PRIVATE_KEY=$(grep "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE; then
+ MY_GPG_PUBLIC_KEY_ID=$(grep "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "USB_DRIVE" $CONFIGURATION_FILE; then
+ USB_DRIVE=$(grep "USB_DRIVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MAX_PHP_MEMORY" $CONFIGURATION_FILE; then
+ MAX_PHP_MEMORY=$(grep "MAX_PHP_MEMORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "TLS_TIME_SOURCE1" $CONFIGURATION_FILE; then
+ TLS_TIME_SOURCE1=$(grep "TLS_TIME_SOURCE1" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "TLS_TIME_SOURCE2" $CONFIGURATION_FILE; then
+ TLS_TIME_SOURCE2=$(grep "TLS_TIME_SOURCE2" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ fi
+ echo "System type: $SYSTEM_TYPE"
}
function set_default_onion_domains {
- # If sites are only visible via Tor then for installation
- # purposes assign them some default domain names
- if [[ $ONION_ONLY == "no" ]]; then
- return
- fi
+ # If sites are only visible via Tor then for installation
+ # purposes assign them some default domain names
+ if [[ $ONION_ONLY == "no" ]]; then
+ return
+ fi
- if [ ${#MICROBLOG_DOMAIN_NAME} -gt 1 ]; then
- MICROBLOG_DOMAIN_NAME='microblog.local'
- fi
- if [ ${#FULLBLOG_DOMAIN_NAME} -gt 1 ]; then
- FULLBLOG_DOMAIN_NAME='blog.local'
- fi
- if [ ${#WIKI_DOMAIN_NAME} -gt 1 ]; then
- WIKI_DOMAIN_NAME='wiki.local'
- fi
- if [ ${#DEFAULT_DOMAIN_NAME} -gt 1 ]; then
- DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
- fi
- if [ ${#GIT_DOMAIN_NAME} -gt 1 ]; then
- GIT_DOMAIN_NAME='git.local'
- fi
- if [ ${#MEDIAGOBLIN_DOMAIN_NAME} -gt 1 ]; then
- MEDIAGOBLIN_DOMAIN_NAME='media.local'
- fi
+ if [ ${#MICROBLOG_DOMAIN_NAME} -gt 1 ]; then
+ MICROBLOG_DOMAIN_NAME='microblog.local'
+ fi
+ if [ ${#FULLBLOG_DOMAIN_NAME} -gt 1 ]; then
+ FULLBLOG_DOMAIN_NAME='blog.local'
+ fi
+ if [ ${#WIKI_DOMAIN_NAME} -gt 1 ]; then
+ WIKI_DOMAIN_NAME='wiki.local'
+ fi
+ if [ ${#DEFAULT_DOMAIN_NAME} -gt 1 ]; then
+ DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
+ fi
+ if [ ${#GIT_DOMAIN_NAME} -gt 1 ]; then
+ GIT_DOMAIN_NAME='git.local'
+ fi
+ if [ ${#MEDIAGOBLIN_DOMAIN_NAME} -gt 1 ]; then
+ MEDIAGOBLIN_DOMAIN_NAME='media.local'
+ fi
}
function nginx_disable_sniffing {
- domain_name=$1
- filename=/etc/nginx/sites-available/$domain_name
- echo ' add_header X-Frame-Options DENY;' >> $filename
- echo ' add_header X-Content-Type-Options nosniff;' >> $filename
- echo '' >> $filename
+ domain_name=$1
+ filename=/etc/nginx/sites-available/$domain_name
+ echo ' add_header X-Frame-Options DENY;' >> $filename
+ echo ' add_header X-Content-Type-Options nosniff;' >> $filename
+ echo '' >> $filename
}
function nginx_limits {
- domain_name=$1
- max_body='20m'
- if [ $2 ]; then
- max_body=$2
- fi
- filename=/etc/nginx/sites-available/$domain_name
- echo " client_max_body_size ${max_body};" >> $filename
- echo ' client_body_buffer_size 128k;' >> $filename
- echo '' >> $filename
- echo ' limit_conn conn_limit_per_ip 10;' >> $filename
- echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> $filename
- echo '' >> $filename
+ domain_name=$1
+ max_body='20m'
+ if [ $2 ]; then
+ max_body=$2
+ fi
+ filename=/etc/nginx/sites-available/$domain_name
+ echo " client_max_body_size ${max_body};" >> $filename
+ echo ' client_body_buffer_size 128k;' >> $filename
+ echo '' >> $filename
+ echo ' limit_conn conn_limit_per_ip 10;' >> $filename
+ echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> $filename
+ echo '' >> $filename
}
function nginx_http_redirect {
- # redirect port 80 to https
- domain_name=$1
- filename=/etc/nginx/sites-available/$domain_name
- echo 'server {' > $filename
- echo ' listen 80;' >> $filename
- echo ' listen [::]:80;' >> $filename
- echo " server_name ${domain_name};" >> $filename
- echo " root /var/www/${domain_name}/htdocs;" >> $filename
- echo ' access_log off;' >> $filename
- echo " error_log /var/log/nginx/${domain_name}_error.log $WEBSERVER_LOG_LEVEL;" >> $filename
- nginx_limits $domain_name
- echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $filename
- echo '}' >> $filename
- echo '' >> $filename
+ # redirect port 80 to https
+ domain_name=$1
+ filename=/etc/nginx/sites-available/$domain_name
+ echo 'server {' > $filename
+ echo ' listen 80;' >> $filename
+ echo ' listen [::]:80;' >> $filename
+ echo " server_name ${domain_name};" >> $filename
+ echo " root /var/www/${domain_name}/htdocs;" >> $filename
+ echo ' access_log off;' >> $filename
+ echo " error_log /var/log/nginx/${domain_name}_error.log $WEBSERVER_LOG_LEVEL;" >> $filename
+ nginx_limits $domain_name
+ echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $filename
+ echo '}' >> $filename
+ echo '' >> $filename
}
function nginx_ssl {
- # creates the SSL/TLS section for a website
- domain_name=$1
- filename=/etc/nginx/sites-available/$domain_name
- echo ' ssl on;' >> $filename
- echo " ssl_certificate /etc/ssl/certs/${domain_name}.crt;" >> $filename
- echo " ssl_certificate_key /etc/ssl/private/${domain_name}.key;" >> $filename
- echo " ssl_dhparam /etc/ssl/certs/${domain_name}.dhparam;" >> $filename
- echo '' >> $filename
- echo ' ssl_session_timeout 60m;' >> $filename
- echo ' ssl_prefer_server_ciphers on;' >> $filename
- echo " ssl_protocols $SSL_PROTOCOLS;" >> $filename
- echo " ssl_ciphers '$SSL_CIPHERS';" >> $filename
+ # creates the SSL/TLS section for a website
+ domain_name=$1
+ filename=/etc/nginx/sites-available/$domain_name
+ echo ' ssl on;' >> $filename
+ echo " ssl_certificate /etc/ssl/certs/${domain_name}.crt;" >> $filename
+ echo " ssl_certificate_key /etc/ssl/private/${domain_name}.key;" >> $filename
+ echo " ssl_dhparam /etc/ssl/certs/${domain_name}.dhparam;" >> $filename
+ echo '' >> $filename
+ echo ' ssl_session_timeout 60m;' >> $filename
+ echo ' ssl_prefer_server_ciphers on;' >> $filename
+ echo " ssl_protocols $SSL_PROTOCOLS;" >> $filename
+ echo " ssl_ciphers '$SSL_CIPHERS';" >> $filename
}
function rss_reader_modifications {
- # modify the rss reader to use a socks5 proxy rather than a http proxy
- if [ ! -d $RSS_READER_PATH ]; then
- return
- fi
+ # modify the rss reader to use a socks5 proxy rather than a http proxy
+ if [ ! -d $RSS_READER_PATH ]; then
+ return
+ fi
- # ensure that socks5 proxy is used
- if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/plugins/af_unburn/init.php; then
- sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php
- fi
- if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/include/functions.php; then
- sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php
- fi
- chown -R www-data:www-data $RSS_READER_PATH
- chmod a+x $RSS_READER_PATH
+ # ensure that socks5 proxy is used
+ if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/plugins/af_unburn/init.php; then
+ sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php
+ fi
+ if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/include/functions.php; then
+ sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php
+ fi
+ chown -R www-data:www-data $RSS_READER_PATH
+ chmod a+x $RSS_READER_PATH
}
function set_repo_commit {
- repo_dir=$1
- repo_commit_name=$2
- repo_commit=$3
- repo_url=$4
- if [ -d $repo_dir ]; then
- if grep -q "$repo_commit_name" $COMPLETION_FILE; then
- CURRENT_REPO_COMMIT=$(grep "$repo_commit_name" $COMPLETION_FILE | awk -F ':' '{print $2}')
- if [[ "$CURRENT_REPO_COMMIT" != "$repo_commit" ]]; then
- cd $repo_dir
- git_pull $repo_url $repo_commit
- sed -i "s/${repo_commit_name}.*/${repo_commit_name}:$repo_commit/g" $COMPLETION_FILE
+ repo_dir=$1
+ repo_commit_name=$2
+ repo_commit=$3
+ repo_url=$4
+ if [ -d $repo_dir ]; then
+ if grep -q "$repo_commit_name" $COMPLETION_FILE; then
+ CURRENT_REPO_COMMIT=$(grep "$repo_commit_name" $COMPLETION_FILE | awk -F ':' '{print $2}')
+ if [[ "$CURRENT_REPO_COMMIT" != "$repo_commit" ]]; then
+ cd $repo_dir
+ git_pull $repo_url $repo_commit
+ sed -i "s/${repo_commit_name}.*/${repo_commit_name}:$repo_commit/g" $COMPLETION_FILE
- # application specific stuff after updating the repo
- if [[ $repo_dir == *"www"* ]]; then
- chown -R www-data:www-data $repo_dir
- fi
- if [[ $repo_dir == *"cjdns" ]]; then
- ./do
- fi
- if [[ $repo_dir == *"gpgit" ]]; then
- cp gpgit.pl /usr/bin/gpgit.pl
- fi
- if [[ $repo_dir == *"cleanup-maildir" ]]; then
- cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
- fi
- if [[ $repo_dir == *"nginx_ensite" ]]; then
- make install
- fi
- if [[ $repo_dir == *"gogs" ]]; then
- git checkout master
- go get -u ./...
- if [ ! "$?" = "0" ]; then
- echo $'Failed to get gogs'
- exit 52792
- fi
- git checkout $repo_commit
- go build
- if [ ! "$?" = "0" ]; then
- echo $'Failed to build gogs'
- exit 36226
- fi
- systemctl restart gogs
- fi
- if [[ $repo_dir == *"toxcore" ]]; then
- sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
- autoreconf -i
- ./configure --enable-daemon
- make
- make install
- systemctl daemon-reload
- systemctl restart tox-bootstrapd.service
- fi
- if [[ $repo_dir == *"toxic" ]]; then
- make
- make install
- fi
- if [[ $repo_dir == $RSS_READER_PATH ]]; then
- rss_reader_modifications
- fi
- if [[ $repo_dir == *"inadyn" ]]; then
- ./configure
- USE_OPENSSL=1 make
- make install
- systemctl restart inadyn
- fi
- if [[ $repo_dir == *"ipfs" ]]; then
- chown -R git:git /home/git
- systemctl restart ipfs
- systemctl daemon-reload
- fi
- fi
- else
- echo "${repo_commit_name}:${repo_commit}" >> $COMPLETION_FILE
- fi
- fi
+ # application specific stuff after updating the repo
+ if [[ $repo_dir == *"www"* ]]; then
+ chown -R www-data:www-data $repo_dir
+ fi
+ if [[ $repo_dir == *"cjdns" ]]; then
+ ./do
+ fi
+ if [[ $repo_dir == *"gpgit" ]]; then
+ cp gpgit.pl /usr/bin/gpgit.pl
+ fi
+ if [[ $repo_dir == *"cleanup-maildir" ]]; then
+ cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
+ fi
+ if [[ $repo_dir == *"nginx_ensite" ]]; then
+ make install
+ fi
+ if [[ $repo_dir == *"gogs" ]]; then
+ git checkout master
+ go get -u ./...
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to get gogs'
+ exit 52792
+ fi
+ git checkout $repo_commit
+ go build
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to build gogs'
+ exit 36226
+ fi
+ systemctl restart gogs
+ fi
+ if [[ $repo_dir == *"toxcore" ]]; then
+ sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
+ autoreconf -i
+ ./configure --enable-daemon
+ make
+ make install
+ systemctl daemon-reload
+ systemctl restart tox-bootstrapd.service
+ fi
+ if [[ $repo_dir == *"toxic" ]]; then
+ make
+ make install
+ fi
+ if [[ $repo_dir == $RSS_READER_PATH ]]; then
+ rss_reader_modifications
+ fi
+ if [[ $repo_dir == *"inadyn" ]]; then
+ ./configure
+ USE_OPENSSL=1 make
+ make install
+ systemctl restart inadyn
+ fi
+ if [[ $repo_dir == *"ipfs" ]]; then
+ chown -R git:git /home/git
+ systemctl restart ipfs
+ systemctl daemon-reload
+ fi
+ fi
+ else
+ echo "${repo_commit_name}:${repo_commit}" >> $COMPLETION_FILE
+ fi
+ fi
}
function wait_for_onion_service {
- onion_service_name="$1"
+ onion_service_name="$1"
- sleep_ctr=0
- while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
- sleep 1
- sleep_ctr=$((sleep_ctr + 1))
- if [ $sleep_ctr -gt 10 ]; then
- break
- fi
- done
+ sleep_ctr=0
+ while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
+ sleep 1
+ sleep_ctr=$((sleep_ctr + 1))
+ if [ $sleep_ctr -gt 10 ]; then
+ break
+ fi
+ done
- if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
- # restart and try a second time
- systemctl restart tor
- sleep_ctr=0
- while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
- sleep 1
- sleep_ctr=$((sleep_ctr + 1))
- if [ $sleep_ctr -gt 10 ]; then
- break
- fi
- done
- fi
+ if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
+ # restart and try a second time
+ systemctl restart tor
+ sleep_ctr=0
+ while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
+ sleep 1
+ sleep_ctr=$((sleep_ctr + 1))
+ if [ $sleep_ctr -gt 10 ]; then
+ break
+ fi
+ done
+ fi
}
function add_onion_service {
- onion_service_name="$1"
- onion_service_port_from=$2
- onion_service_port_to=$3
+ onion_service_name="$1"
+ onion_service_port_from=$2
+ onion_service_port_to=$3
- if [ -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
- echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
- return
- fi
+ if [ -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
+ echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
+ return
+ fi
- if [ ! -d /var/lib/tor ]; then
- echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured."
- exit 877367
- fi
- if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
- echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc
- echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
- fi
+ if [ ! -d /var/lib/tor ]; then
+ echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured."
+ exit 877367
+ fi
+ if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
+ echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc
+ echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
+ fi
- systemctl restart tor
- wait_for_onion_service ${onion_service_name}
+ systemctl restart tor
+ wait_for_onion_service ${onion_service_name}
- if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
- echo $"${onion_service_name} onion site hostname not found"
- exit 76362
- fi
- echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
+ if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
+ echo $"${onion_service_name} onion site hostname not found"
+ exit 76362
+ fi
+ echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
}
function setup_wifi {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! $WIFI_SSID ]; then
- return
- fi
- if [ ${#WIFI_SSID} -lt 2 ]; then
- return
- fi
- if grep -Fxq "setup_wifi" $COMPLETION_FILE; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! $WIFI_SSID ]; then
+ return
+ fi
+ if [ ${#WIFI_SSID} -lt 2 ]; then
+ return
+ fi
+ if grep -Fxq "setup_wifi" $COMPLETION_FILE; then
+ return
+ fi
- HOTSPOT='no'
- if [[ $WIFI_HOTSPOT != 'no' ]]; then
- HOTSPOT='yes'
- fi
+ HOTSPOT='no'
+ if [[ $WIFI_HOTSPOT != 'no' ]]; then
+ HOTSPOT='yes'
+ fi
- if [ -f $WIFI_NETWORKS_FILE ]; then
- ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE --networks $WIFI_NETWORKS_FILE
- echo 'setup_wifi' >> $COMPLETION_FILE
- return
- fi
+ if [ -f $WIFI_NETWORKS_FILE ]; then
+ ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE --networks $WIFI_NETWORKS_FILE
+ echo 'setup_wifi' >> $COMPLETION_FILE
+ return
+ fi
- if [[ $WIFI_TYPE != 'none' ]]; then
- if [ ! $WIFI_PASSPHRASE ]; then
- echo $'No wifi passphrase was given'
- return
- fi
- if [ ${#WIFI_PASSPHRASE} -lt 2 ]; then
- echo $'Wifi passphrase was too short'
- return
- fi
- ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $HOTSPOT --networks $WIFI_NETWORKS_FILE
- else
- ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE --hotspot $HOTSPOT --networks $WIFI_NETWORKS_FILE
- fi
- echo 'setup_wifi' >> $COMPLETION_FILE
+ if [[ $WIFI_TYPE != 'none' ]]; then
+ if [ ! $WIFI_PASSPHRASE ]; then
+ echo $'No wifi passphrase was given'
+ return
+ fi
+ if [ ${#WIFI_PASSPHRASE} -lt 2 ]; then
+ echo $'Wifi passphrase was too short'
+ return
+ fi
+ ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $HOTSPOT --networks $WIFI_NETWORKS_FILE
+ else
+ ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE --hotspot $HOTSPOT --networks $WIFI_NETWORKS_FILE
+ fi
+ echo 'setup_wifi' >> $COMPLETION_FILE
}
function create_avahi_onion_domains {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! -d /etc/avahi/services ]; then
- return
- fi
- if [ $MICROBLOG_DOMAIN_NAME ]; then
- echo '' > /etc/avahi/services/microblog.service
- echo '' >> /etc/avahi/services/microblog.service
- echo '' >> /etc/avahi/services/microblog.service
- echo ' %h HTTP' >> /etc/avahi/services/microblog.service
- echo ' ' >> /etc/avahi/services/microblog.service
- echo ' _http._tcp' >> /etc/avahi/services/microblog.service
- echo " $MICROBLOG_ONION_PORT" >> /etc/avahi/services/microblog.service
- echo ' ' >> /etc/avahi/services/microblog.service
- echo '' >> /etc/avahi/services/microblog.service
- fi
- if [ $FULLBLOG_DOMAIN_NAME ]; then
- echo '' > /etc/avahi/services/blog.service
- echo '' >> /etc/avahi/services/blog.service
- echo '' >> /etc/avahi/services/blog.service
- echo ' %h HTTP' >> /etc/avahi/services/blog.service
- echo ' ' >> /etc/avahi/services/blog.service
- echo ' _http._tcp' >> /etc/avahi/services/blog.service
- echo " $BLOG_ONION_PORT" >> /etc/avahi/services/blog.service
- echo ' ' >> /etc/avahi/services/blog.service
- echo '' >> /etc/avahi/services/blog.service
- fi
- if [ $GIT_DOMAIN_NAME ]; then
- echo '' > /etc/avahi/services/git.service
- echo '' >> /etc/avahi/services/git.service
- echo '' >> /etc/avahi/services/git.service
- echo ' %h HTTP' >> /etc/avahi/services/git.service
- echo ' ' >> /etc/avahi/services/git.service
- echo ' _http._tcp' >> /etc/avahi/services/git.service
- echo " $GIT_ONION_PORT" >> /etc/avahi/services/git.service
- echo ' ' >> /etc/avahi/services/git.service
- echo '' >> /etc/avahi/services/git.service
- fi
- if [ $WIKI_DOMAIN_NAME ]; then
- echo '' > /etc/avahi/services/wiki.service
- echo '' >> /etc/avahi/services/wiki.service
- echo '' >> /etc/avahi/services/wiki.service
- echo ' %h HTTP' >> /etc/avahi/services/wiki.service
- echo ' ' >> /etc/avahi/services/wiki.service
- echo ' _http._tcp' >> /etc/avahi/services/wiki.service
- echo " $WIKI_ONION_PORT" >> /etc/avahi/services/wiki.service
- echo ' ' >> /etc/avahi/services/wiki.service
- echo '' >> /etc/avahi/services/wiki.service
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! -d /etc/avahi/services ]; then
+ return
+ fi
+ if [ $MICROBLOG_DOMAIN_NAME ]; then
+ echo '' > /etc/avahi/services/microblog.service
+ echo '' >> /etc/avahi/services/microblog.service
+ echo '' >> /etc/avahi/services/microblog.service
+ echo ' %h HTTP' >> /etc/avahi/services/microblog.service
+ echo ' ' >> /etc/avahi/services/microblog.service
+ echo ' _http._tcp' >> /etc/avahi/services/microblog.service
+ echo " $MICROBLOG_ONION_PORT" >> /etc/avahi/services/microblog.service
+ echo ' ' >> /etc/avahi/services/microblog.service
+ echo '' >> /etc/avahi/services/microblog.service
+ fi
+ if [ $FULLBLOG_DOMAIN_NAME ]; then
+ echo '' > /etc/avahi/services/blog.service
+ echo '' >> /etc/avahi/services/blog.service
+ echo '' >> /etc/avahi/services/blog.service
+ echo ' %h HTTP' >> /etc/avahi/services/blog.service
+ echo ' ' >> /etc/avahi/services/blog.service
+ echo ' _http._tcp' >> /etc/avahi/services/blog.service
+ echo " $BLOG_ONION_PORT" >> /etc/avahi/services/blog.service
+ echo ' ' >> /etc/avahi/services/blog.service
+ echo '' >> /etc/avahi/services/blog.service
+ fi
+ if [ $GIT_DOMAIN_NAME ]; then
+ echo '' > /etc/avahi/services/git.service
+ echo '' >> /etc/avahi/services/git.service
+ echo '' >> /etc/avahi/services/git.service
+ echo ' %h HTTP' >> /etc/avahi/services/git.service
+ echo ' ' >> /etc/avahi/services/git.service
+ echo ' _http._tcp' >> /etc/avahi/services/git.service
+ echo " $GIT_ONION_PORT" >> /etc/avahi/services/git.service
+ echo ' ' >> /etc/avahi/services/git.service
+ echo '' >> /etc/avahi/services/git.service
+ fi
+ if [ $WIKI_DOMAIN_NAME ]; then
+ echo '' > /etc/avahi/services/wiki.service
+ echo '' >> /etc/avahi/services/wiki.service
+ echo '' >> /etc/avahi/services/wiki.service
+ echo ' %h HTTP' >> /etc/avahi/services/wiki.service
+ echo ' ' >> /etc/avahi/services/wiki.service
+ echo ' _http._tcp' >> /etc/avahi/services/wiki.service
+ echo " $WIKI_ONION_PORT" >> /etc/avahi/services/wiki.service
+ echo ' ' >> /etc/avahi/services/wiki.service
+ echo '' >> /etc/avahi/services/wiki.service
+ fi
}
# check an individual domain name
function test_domain_name {
- if [ $1 ]; then
- TEST_DOMAIN_NAME=$1
- validate_domain_name
- if [[ $TEST_DOMAIN_NAME != $1 ]]; then
- echo $TEST_DOMAIN_NAME
- exit 8528
- fi
- fi
+ if [ $1 ]; then
+ TEST_DOMAIN_NAME=$1
+ validate_domain_name
+ if [[ $TEST_DOMAIN_NAME != $1 ]]; then
+ echo $TEST_DOMAIN_NAME
+ exit 8528
+ fi
+ fi
}
# check that domain names are sensible
function check_domains {
- if [ ${#WIKI_DOMAIN_NAME} -gt 1 ]; then
- test_domain_name "$WIKI_DOMAIN_NAME"
+ if [ ${#WIKI_DOMAIN_NAME} -gt 1 ]; then
+ test_domain_name "$WIKI_DOMAIN_NAME"
- if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
- echo $'Wiki domain name is the same as blog domain name. They must be different'
- exit 97326
- fi
- if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
- echo $'Wiki domain name is the same as microblog domain name. They must be different'
- exit 36827
- fi
- if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
- echo $'Wiki domain name is the same as hubzilla domain name. They must be different'
- exit 65848
- fi
- if [ ${#GIT_DOMAIN_NAME} -gt 1 ]; then
- if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
- echo $'Wiki domain name is the same as Gogs domain name. They must be different'
- exit 73529
- fi
- fi
- fi
+ if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
+ echo $'Wiki domain name is the same as blog domain name. They must be different'
+ exit 97326
+ fi
+ if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
+ echo $'Wiki domain name is the same as microblog domain name. They must be different'
+ exit 36827
+ fi
+ if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
+ echo $'Wiki domain name is the same as hubzilla domain name. They must be different'
+ exit 65848
+ fi
+ if [ ${#GIT_DOMAIN_NAME} -gt 1 ]; then
+ if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
+ echo $'Wiki domain name is the same as Gogs domain name. They must be different'
+ exit 73529
+ fi
+ fi
+ fi
- if [ ${#FULLBLOG_DOMAIN_NAME} -gt 1 ]; then
- test_domain_name "$FULLBLOG_DOMAIN_NAME"
+ if [ ${#FULLBLOG_DOMAIN_NAME} -gt 1 ]; then
+ test_domain_name "$FULLBLOG_DOMAIN_NAME"
- if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
- echo $'Blog domain name is the same as wiki domain name. They must be different'
- exit 62348
- fi
- if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
- echo $'Blog domain name is the same as microblog domain name. They must be different'
- exit 38236
- fi
- if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
- echo $'Blog domain name is the same as hubzilla domain name. They must be different'
- exit 35483
- fi
- if [ $GIT_DOMAIN_NAME ]; then
- if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
- echo $'Blog domain name is the same as Gogs domain name. They must be different'
- exit 84695
- fi
- fi
- fi
+ if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
+ echo $'Blog domain name is the same as wiki domain name. They must be different'
+ exit 62348
+ fi
+ if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
+ echo $'Blog domain name is the same as microblog domain name. They must be different'
+ exit 38236
+ fi
+ if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
+ echo $'Blog domain name is the same as hubzilla domain name. They must be different'
+ exit 35483
+ fi
+ if [ $GIT_DOMAIN_NAME ]; then
+ if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
+ echo $'Blog domain name is the same as Gogs domain name. They must be different'
+ exit 84695
+ fi
+ fi
+ fi
- if [ ${#MICROBLOG_DOMAIN_NAME} -gt 1 ]; then
- test_domain_name "$MICROBLOG_DOMAIN_NAME"
+ if [ ${#MICROBLOG_DOMAIN_NAME} -gt 1 ]; then
+ test_domain_name "$MICROBLOG_DOMAIN_NAME"
- if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
- echo $'Microblog domain name is the same as wiki domain name. They must be different'
- exit 73924
- fi
- if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
- echo $'Microblog domain name is the same as blog domain name. They must be different'
- exit 26832
- fi
- if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
- echo $'Microblog domain name is the same as hubzilla domain name. They must be different'
- exit 678382
- fi
- if [ $GIT_DOMAIN_NAME ]; then
- if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
- echo $'Microblog domain name is the same as Gogs domain name. They must be different'
- exit 684325
- fi
- fi
- fi
+ if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
+ echo $'Microblog domain name is the same as wiki domain name. They must be different'
+ exit 73924
+ fi
+ if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
+ echo $'Microblog domain name is the same as blog domain name. They must be different'
+ exit 26832
+ fi
+ if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
+ echo $'Microblog domain name is the same as hubzilla domain name. They must be different'
+ exit 678382
+ fi
+ if [ $GIT_DOMAIN_NAME ]; then
+ if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
+ echo $'Microblog domain name is the same as Gogs domain name. They must be different'
+ exit 684325
+ fi
+ fi
+ fi
- if [ $HUBZILLA_DOMAIN_NAME ]; then
- test_domain_name "$HUBZILLA_DOMAIN_NAME"
+ if [ $HUBZILLA_DOMAIN_NAME ]; then
+ test_domain_name "$HUBZILLA_DOMAIN_NAME"
- if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
- echo $'Hubzilla domain name is the same as wiki domain name. They must be different'
- exit 83682
- fi
- if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
- echo $'Hubzilla domain name is the same as blog domain name. They must be different'
- exit 74817
- fi
- if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
- echo $'Hubzilla domain name is the same as microblog domain name. They must be different'
- exit 83683
- fi
- if [ ${#GIT_DOMAIN_NAME} -gt 1 ]; then
- if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
- echo $'Hubzilla domain name is the same as Gogs domain name. They must be different'
- exit 135523
- fi
- fi
- fi
+ if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
+ echo $'Hubzilla domain name is the same as wiki domain name. They must be different'
+ exit 83682
+ fi
+ if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
+ echo $'Hubzilla domain name is the same as blog domain name. They must be different'
+ exit 74817
+ fi
+ if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
+ echo $'Hubzilla domain name is the same as microblog domain name. They must be different'
+ exit 83683
+ fi
+ if [ ${#GIT_DOMAIN_NAME} -gt 1 ]; then
+ if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
+ echo $'Hubzilla domain name is the same as Gogs domain name. They must be different'
+ exit 135523
+ fi
+ fi
+ fi
- if [ ${#GIT_DOMAIN_NAME} -gt 1 ]; then
- test_domain_name "$GIT_DOMAIN_NAME"
+ if [ ${#GIT_DOMAIN_NAME} -gt 1 ]; then
+ test_domain_name "$GIT_DOMAIN_NAME"
- if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
- echo $'Hubzilla domain name is the same as wiki domain name. They must be different'
- exit 83682
- fi
- if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
- echo $'Hubzilla domain name is the same as blog domain name. They must be different'
- exit 74817
- fi
- if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
- echo $'Hubzilla domain name is the same as microblog domain name. They must be different'
- exit 83683
- fi
- if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
- echo $'Microblog domain name is the same as hubzilla domain name. They must be different'
- exit 678382
- fi
- fi
+ if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
+ echo $'Hubzilla domain name is the same as wiki domain name. They must be different'
+ exit 83682
+ fi
+ if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
+ echo $'Hubzilla domain name is the same as blog domain name. They must be different'
+ exit 74817
+ fi
+ if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
+ echo $'Hubzilla domain name is the same as microblog domain name. They must be different'
+ exit 83683
+ fi
+ if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
+ echo $'Microblog domain name is the same as hubzilla domain name. They must be different'
+ exit 678382
+ fi
+ fi
}
# Checks whether certificates were generated for the given hostname
function check_certificates {
- if [ ! $1 ]; then
- return
- fi
- USE_LETSENCRYPT='no'
- if [ $2 ]; then
- USE_LETSENCRYPT=$2
- fi
- if [[ $USE_LETSENCRYPT == 'no' ]]; then
- if [ ! -f /etc/ssl/private/$1.key ]; then
- echo $"Private certificate for $CHECK_HOSTNAME was not created"
- exit 63959
- fi
- if [ ! -f /etc/ssl/certs/$1.crt ]; then
- echo $"Public certificate for $CHECK_HOSTNAME was not created"
- exit 7679
- fi
- else
- if [ ! -f /etc/letsencrypt/live/${1}/privkey.pem ]; then
- echo $"Private certificate for $CHECK_HOSTNAME was not created"
- exit 6282
- fi
- if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ]; then
- echo $"Public certificate for $CHECK_HOSTNAME was not created"
- exit 5328
- fi
- fi
- if [ ! -f /etc/ssl/certs/$1.dhparam ]; then
- echo $"Diffie–Hellman parameters for $CHECK_HOSTNAME were not created"
- exit 5989
- fi
+ if [ ! $1 ]; then
+ return
+ fi
+ USE_LETSENCRYPT='no'
+ if [ $2 ]; then
+ USE_LETSENCRYPT=$2
+ fi
+ if [[ $USE_LETSENCRYPT == 'no' ]]; then
+ if [ ! -f /etc/ssl/private/$1.key ]; then
+ echo $"Private certificate for $CHECK_HOSTNAME was not created"
+ exit 63959
+ fi
+ if [ ! -f /etc/ssl/certs/$1.crt ]; then
+ echo $"Public certificate for $CHECK_HOSTNAME was not created"
+ exit 7679
+ fi
+ else
+ if [ ! -f /etc/letsencrypt/live/${1}/privkey.pem ]; then
+ echo $"Private certificate for $CHECK_HOSTNAME was not created"
+ exit 6282
+ fi
+ if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ]; then
+ echo $"Public certificate for $CHECK_HOSTNAME was not created"
+ exit 5328
+ fi
+ fi
+ if [ ! -f /etc/ssl/certs/$1.dhparam ]; then
+ echo $"Diffie–Hellman parameters for $CHECK_HOSTNAME were not created"
+ exit 5989
+ fi
}
function create_site_certificate {
- SITE_DOMAIN_NAME="$1"
+ SITE_DOMAIN_NAME="$1"
- # if yes then only "valid" certs are allowed, not self-signed
- NO_SELF_SIGNED='no'
- if [ $2 ]; then
- NO_SELF_SIGNED="$2"
- fi
+ # if yes then only "valid" certs are allowed, not self-signed
+ NO_SELF_SIGNED='no'
+ if [ $2 ]; then
+ NO_SELF_SIGNED="$2"
+ fi
- if [[ $ONION_ONLY == "no" ]]; then
- if [ ! -f /etc/ssl/certs/$SITE_DOMAIN_NAME.dhparam ]; then
- if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
- ${PROJECT_NAME}-addcert -h $SITE_DOMAIN_NAME --dhkey $DH_KEYLENGTH
- check_certificates $SITE_DOMAIN_NAME
- else
- ${PROJECT_NAME}-addcert -e $SITE_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
- if [ ! "$?" = "0" ]; then
- if [[ $NO_SELF_SIGNED == 'no' ]]; then
- echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME, so try making a self-signed cert"
- ${PROJECT_NAME}-addcert -h $SITE_DOMAIN_NAME --dhkey $DH_KEYLENGTH
- check_certificates $SITE_DOMAIN_NAME
- else
- echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
- exit 682529
- fi
- else
- check_certificates $SITE_DOMAIN_NAME 'yes'
- fi
- fi
- fi
- fi
+ if [[ $ONION_ONLY == "no" ]]; then
+ if [ ! -f /etc/ssl/certs/$SITE_DOMAIN_NAME.dhparam ]; then
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
+ ${PROJECT_NAME}-addcert -h $SITE_DOMAIN_NAME --dhkey $DH_KEYLENGTH
+ check_certificates $SITE_DOMAIN_NAME
+ else
+ ${PROJECT_NAME}-addcert -e $SITE_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
+ if [ ! "$?" = "0" ]; then
+ if [[ $NO_SELF_SIGNED == 'no' ]]; then
+ echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME, so try making a self-signed cert"
+ ${PROJECT_NAME}-addcert -h $SITE_DOMAIN_NAME --dhkey $DH_KEYLENGTH
+ check_certificates $SITE_DOMAIN_NAME
+ else
+ echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
+ exit 682529
+ fi
+ else
+ check_certificates $SITE_DOMAIN_NAME 'yes'
+ fi
+ fi
+ fi
+ fi
}
function backup_database_local {
- # Makes local backups of databases which can then be automatically rolled
- # back if corruption is detected
- database_name=$1
+ # Makes local backups of databases which can then be automatically rolled
+ # back if corruption is detected
+ database_name=$1
- backup_databases_script=/usr/bin/backupdatabases
- echo '' >> $backup_databases_script
- echo "# Backup the ${database_name} database" >> $backup_databases_script
- echo "TEMPFILE=/root/${database_name}.sql" >> $backup_databases_script
- echo 'DAILYFILE=/var/backups/${database_name}_daily.sql' >> $backup_databases_script
- echo "mysqldump --password=\"\$MYSQL_PASSWORD\" ${database_name} > \$TEMPFILE" >> $backup_databases_script
- echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> $backup_databases_script
- echo 'if [ "$FILESIZE" -eq "0" ]; then' >> $backup_databases_script
- echo ' if [ -f $DAILYFILE ]; then' >> $backup_databases_script
- echo ' cp $DAILYFILE $TEMPFILE' >> $backup_databases_script
- echo '' >> $backup_databases_script
- echo ' # try to restore yesterdays database' >> $backup_databases_script
- echo " mysql -u root --password=\"\$MYSQL_PASSWORD\" ${database_name} -o < \$DAILYFILE" >> $backup_databases_script
- echo '' >> $backup_databases_script
- echo ' # Send a warning email' >> $backup_databases_script
- echo " echo \"Unable to create a backup of the ${database_name} database. Attempted to restore from yesterdays backup\" | mail -s \"${database_name} backup\" \$EMAIL" >> $backup_databases_script
- echo ' else' >> $backup_databases_script
- echo ' # Send a warning email' >> $backup_databases_script
- echo " echo \"Unable to create a backup of the ${database_name} database.\" | mail -s \"${database_name} backup\" \$EMAIL" >> $backup_databases_script
- echo ' fi' >> $backup_databases_script
- echo 'else' >> $backup_databases_script
- echo ' chmod 600 $TEMPFILE' >> $backup_databases_script
- echo ' mv $TEMPFILE $DAILYFILE' >> $backup_databases_script
- echo '' >> $backup_databases_script
- echo ' # Make the backup readable only by root' >> $backup_databases_script
- echo ' chmod 600 $DAILYFILE' >> $backup_databases_script
- echo 'fi' >> $backup_databases_script
+ backup_databases_script=/usr/bin/backupdatabases
+ echo '' >> $backup_databases_script
+ echo "# Backup the ${database_name} database" >> $backup_databases_script
+ echo "TEMPFILE=/root/${database_name}.sql" >> $backup_databases_script
+ echo 'DAILYFILE=/var/backups/${database_name}_daily.sql' >> $backup_databases_script
+ echo "mysqldump --password=\"\$MYSQL_PASSWORD\" ${database_name} > \$TEMPFILE" >> $backup_databases_script
+ echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> $backup_databases_script
+ echo 'if [ "$FILESIZE" -eq "0" ]; then' >> $backup_databases_script
+ echo ' if [ -f $DAILYFILE ]; then' >> $backup_databases_script
+ echo ' cp $DAILYFILE $TEMPFILE' >> $backup_databases_script
+ echo '' >> $backup_databases_script
+ echo ' # try to restore yesterdays database' >> $backup_databases_script
+ echo " mysql -u root --password=\"\$MYSQL_PASSWORD\" ${database_name} -o < \$DAILYFILE" >> $backup_databases_script
+ echo '' >> $backup_databases_script
+ echo ' # Send a warning email' >> $backup_databases_script
+ echo " echo \"Unable to create a backup of the ${database_name} database. Attempted to restore from yesterdays backup\" | mail -s \"${database_name} backup\" \$EMAIL" >> $backup_databases_script
+ echo ' else' >> $backup_databases_script
+ echo ' # Send a warning email' >> $backup_databases_script
+ echo " echo \"Unable to create a backup of the ${database_name} database.\" | mail -s \"${database_name} backup\" \$EMAIL" >> $backup_databases_script
+ echo ' fi' >> $backup_databases_script
+ echo 'else' >> $backup_databases_script
+ echo ' chmod 600 $TEMPFILE' >> $backup_databases_script
+ echo ' mv $TEMPFILE $DAILYFILE' >> $backup_databases_script
+ echo '' >> $backup_databases_script
+ echo ' # Make the backup readable only by root' >> $backup_databases_script
+ echo ' chmod 600 $DAILYFILE' >> $backup_databases_script
+ echo 'fi' >> $backup_databases_script
- weekly_backup_script=/etc/cron.weekly/backupdatabasesweekly
- if ! grep -q "${database_name}" ${weekly_backup_script}; then
- echo '' >> ${weekly_backup_script}
- echo "# ${database_name}" >> ${weekly_backup_script}
- echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then" >> ${weekly_backup_script}
- echo " cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_2weekly.sql" >> ${weekly_backup_script}
- echo 'fi' >> ${weekly_backup_script}
- echo "if [ -f /var/backups/${database_name}_daily.sql ]; then" >> ${weekly_backup_script}
- echo " cp -f /var/backups/${database_name}_daily.sql /var/backups/${database_name}_weekly.sql" >> ${weekly_backup_script}
- echo 'fi' >> ${weekly_backup_script}
- fi
+ weekly_backup_script=/etc/cron.weekly/backupdatabasesweekly
+ if ! grep -q "${database_name}" ${weekly_backup_script}; then
+ echo '' >> ${weekly_backup_script}
+ echo "# ${database_name}" >> ${weekly_backup_script}
+ echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then" >> ${weekly_backup_script}
+ echo " cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_2weekly.sql" >> ${weekly_backup_script}
+ echo 'fi' >> ${weekly_backup_script}
+ echo "if [ -f /var/backups/${database_name}_daily.sql ]; then" >> ${weekly_backup_script}
+ echo " cp -f /var/backups/${database_name}_daily.sql /var/backups/${database_name}_weekly.sql" >> ${weekly_backup_script}
+ echo 'fi' >> ${weekly_backup_script}
+ fi
- monthly_backup_script=/etc/cron.monthly/backupdatabasesmonthly
- if ! grep -q "${database_name}" ${monthly_backup_script}; then
- echo '' >> ${monthly_backup_script}
- echo "# ${database_name}" >> ${monthly_backup_script}
- echo "if [ -f /var/backups/${database_name}_monthly.sql ]; then" >> ${monthly_backup_script}
- echo " cp -f /var/backups/${database_name}_monthly.sql /var/backups/${database_name}_2monthly.sql" >> ${monthly_backup_script}
- echo 'fi' >> ${monthly_backup_script}
- echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then" >> ${monthly_backup_script}
- echo " cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_monthly.sql" >> ${monthly_backup_script}
- echo 'fi' >> ${monthly_backup_script}
- fi
+ monthly_backup_script=/etc/cron.monthly/backupdatabasesmonthly
+ if ! grep -q "${database_name}" ${monthly_backup_script}; then
+ echo '' >> ${monthly_backup_script}
+ echo "# ${database_name}" >> ${monthly_backup_script}
+ echo "if [ -f /var/backups/${database_name}_monthly.sql ]; then" >> ${monthly_backup_script}
+ echo " cp -f /var/backups/${database_name}_monthly.sql /var/backups/${database_name}_2monthly.sql" >> ${monthly_backup_script}
+ echo 'fi' >> ${monthly_backup_script}
+ echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then" >> ${monthly_backup_script}
+ echo " cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_monthly.sql" >> ${monthly_backup_script}
+ echo 'fi' >> ${monthly_backup_script}
+ fi
- if ! grep -q "${database_name}" /etc/cron.hourly/repair; then
- echo "${PROJECT_NAME}-repair-database ${database_name}" >> /etc/cron.hourly/repair
- # remove legacy stuff
- sed -i 's|/usr/bin/repairdatabase redmatrix||g' /etc/cron.hourly/repair
- fi
+ if ! grep -q "${database_name}" /etc/cron.hourly/repair; then
+ echo "${PROJECT_NAME}-repair-database ${database_name}" >> /etc/cron.hourly/repair
+ # remove legacy stuff
+ sed -i 's|/usr/bin/repairdatabase redmatrix||g' /etc/cron.hourly/repair
+ fi
}
function install_not_on_BBB {
- if grep -Fxq "install_not_on_BBB" $COMPLETION_FILE; then
- return
- fi
- if [[ INSTALLING_ON_BBB == "yes" ]]; then
- return
- fi
- if [ ! $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
- return
- fi
+ if grep -Fxq "install_not_on_BBB" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ INSTALLING_ON_BBB == "yes" ]]; then
+ return
+ fi
+ if [ ! $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
+ return
+ fi
- echo '# The loopback network interface' > /etc/network/interfaces
- echo 'auto lo' >> /etc/network/interfaces
- echo 'iface lo inet loopback' >> /etc/network/interfaces
- echo '' >> /etc/network/interfaces
- echo '# The primary network interface' >> /etc/network/interfaces
- echo 'auto eth0' >> /etc/network/interfaces
- echo 'iface eth0 inet static' >> /etc/network/interfaces
- echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces
- echo ' netmask 255.255.255.0' >> /etc/network/interfaces
- echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces
- echo " dns-nameservers $NAMESERVER1 $NAMESERVER2" >> /etc/network/interfaces
- echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces
- echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces
- echo '' >> /etc/network/interfaces
- echo '# The secondary network interface' >> /etc/network/interfaces
- echo '#auto eth1' >> /etc/network/interfaces
- echo '#iface eth1 inet dhcp' >> /etc/network/interfaces
- echo '' >> /etc/network/interfaces
- echo '# WiFi Example' >> /etc/network/interfaces
- echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces
- echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces
- echo '# wpa-ssid "essid"' >> /etc/network/interfaces
- echo '# wpa-psk "password"' >> /etc/network/interfaces
- echo '' >> /etc/network/interfaces
- echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces
- echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces
- echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces
- echo '#iface usb0 inet static' >> /etc/network/interfaces
- echo '# address 192.168.7.2' >> /etc/network/interfaces
- echo '# netmask 255.255.255.0' >> /etc/network/interfaces
- echo '# network 192.168.7.0' >> /etc/network/interfaces
- echo '# gateway 192.168.7.1' >> /etc/network/interfaces
+ echo '# The loopback network interface' > /etc/network/interfaces
+ echo 'auto lo' >> /etc/network/interfaces
+ echo 'iface lo inet loopback' >> /etc/network/interfaces
+ echo '' >> /etc/network/interfaces
+ echo '# The primary network interface' >> /etc/network/interfaces
+ echo 'auto eth0' >> /etc/network/interfaces
+ echo 'iface eth0 inet static' >> /etc/network/interfaces
+ echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces
+ echo ' netmask 255.255.255.0' >> /etc/network/interfaces
+ echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces
+ echo " dns-nameservers $NAMESERVER1 $NAMESERVER2" >> /etc/network/interfaces
+ echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces
+ echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces
+ echo '' >> /etc/network/interfaces
+ echo '# The secondary network interface' >> /etc/network/interfaces
+ echo '#auto eth1' >> /etc/network/interfaces
+ echo '#iface eth1 inet dhcp' >> /etc/network/interfaces
+ echo '' >> /etc/network/interfaces
+ echo '# WiFi Example' >> /etc/network/interfaces
+ echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces
+ echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces
+ echo '# wpa-ssid "essid"' >> /etc/network/interfaces
+ echo '# wpa-psk "password"' >> /etc/network/interfaces
+ echo '' >> /etc/network/interfaces
+ echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces
+ echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces
+ echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces
+ echo '#iface usb0 inet static' >> /etc/network/interfaces
+ echo '# address 192.168.7.2' >> /etc/network/interfaces
+ echo '# netmask 255.255.255.0' >> /etc/network/interfaces
+ echo '# network 192.168.7.0' >> /etc/network/interfaces
+ echo '# gateway 192.168.7.1' >> /etc/network/interfaces
- echo 'install_not_on_BBB' >> $COMPLETION_FILE
+ echo 'install_not_on_BBB' >> $COMPLETION_FILE
}
function mark_admin_user_account {
- if ! grep -q "Admin user:" $COMPLETION_FILE; then
- echo "Admin user:$MY_USERNAME" >> $COMPLETION_FILE
- fi
+ if ! grep -q "Admin user:" $COMPLETION_FILE; then
+ echo "Admin user:$MY_USERNAME" >> $COMPLETION_FILE
+ fi
}
function mark_blog_domain {
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if ! grep -q "Blog domain:" $COMPLETION_FILE; then
- echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if ! grep -q "Blog domain:" $COMPLETION_FILE; then
+ echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
+ fi
}
function randomize_cron {
- # The predictable default timing of Debian cron jobs might
- # be exploitable knowledge. Avoid too much predictability
- # by randomizing the times when cron jobs run
- if grep -Fxq "randomize_cron" $COMPLETION_FILE; then
- return
- fi
+ # The predictable default timing of Debian cron jobs might
+ # be exploitable knowledge. Avoid too much predictability
+ # by randomizing the times when cron jobs run
+ if grep -Fxq "randomize_cron" $COMPLETION_FILE; then
+ return
+ fi
- # randomize the day on which the weekly cron job runs
- randdow=$(($RANDOM%6+1))
- sed -i "s|\* \* 7|* * $randdow|g" /etc/crontab
+ # randomize the day on which the weekly cron job runs
+ randdow=$(($RANDOM%6+1))
+ sed -i "s|\* \* 7|* * $randdow|g" /etc/crontab
- # randomize the time when the weekly cron job runs
- randmin=$(($RANDOM%60))
- randhr=$(($RANDOM%3+1))
- sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
+ # randomize the time when the weekly cron job runs
+ randmin=$(($RANDOM%60))
+ randhr=$(($RANDOM%3+1))
+ sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
- # randomize the time when the daily cron job runs
- randmin=$(($RANDOM%60))
- randhr=$(($RANDOM%3+4))
- sed -i "s|25 6\t\* \* \*|$randmin $randhr\t* * *|g" /etc/crontab
+ # randomize the time when the daily cron job runs
+ randmin=$(($RANDOM%60))
+ randhr=$(($RANDOM%3+4))
+ sed -i "s|25 6\t\* \* \*|$randmin $randhr\t* * *|g" /etc/crontab
- # randomize the time when the hourly cron job runs
- randmin=$(($RANDOM%60))
- sed -i "s|17 \*\t|$randmin *\t|g" /etc/crontab
+ # randomize the time when the hourly cron job runs
+ randmin=$(($RANDOM%60))
+ sed -i "s|17 \*\t|$randmin *\t|g" /etc/crontab
- # randomize monthly cron job time and day
- randmin=$(($RANDOM%60))
- randhr=$(($RANDOM%22+1))
- randdom=$(($RANDOM%27+1))
- sed -i "s|52 6\t|$randmin $randhr\t|g" /etc/crontab
- sed -i "s|\t1 \* \*|\t$randdom * *|g" /etc/crontab
+ # randomize monthly cron job time and day
+ randmin=$(($RANDOM%60))
+ randhr=$(($RANDOM%22+1))
+ randdom=$(($RANDOM%27+1))
+ sed -i "s|52 6\t|$randmin $randhr\t|g" /etc/crontab
+ sed -i "s|\t1 \* \*|\t$randdom * *|g" /etc/crontab
- systemctl restart cron
+ systemctl restart cron
- echo 'randomize_cron' >> $COMPLETION_FILE
+ echo 'randomize_cron' >> $COMPLETION_FILE
}
function get_cjdns_public_key {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
- if [ ! $CJDNS_PUBLIC_KEY ]; then
- CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
+ if [ ! $CJDNS_PUBLIC_KEY ]; then
+ CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
+ fi
}
function get_cjdns_private_key {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
- if [ ! $CJDNS_PRIVATE_KEY ]; then
- CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
+ if [ ! $CJDNS_PRIVATE_KEY ]; then
+ CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
+ fi
}
function get_cjdns_ipv6_address {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
- if [ ! $CJDNS_IPV6 ]; then
- CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
+ if [ ! $CJDNS_IPV6 ]; then
+ CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
+ fi
}
function get_cjdns_port {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "cjdns port" /home/$MY_USERNAME/README; then
- if [ ! $CJDNS_PORT ]; then
- CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "cjdns port" /home/$MY_USERNAME/README; then
+ if [ ! $CJDNS_PORT ]; then
+ CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
+ fi
}
function get_cjdns_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "cjdns password" /home/$MY_USERNAME/README; then
- if [ ! $CJDNS_PASSWORD ]; then
- CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "cjdns password" /home/$MY_USERNAME/README; then
+ if [ ! $CJDNS_PASSWORD ]; then
+ CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
+ fi
}
# script to automatically renew any Let's Encrypt certificates
function letsencrypt_renewals {
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
- renewals_script=/etc/cron.monthly/letsencrypt
- renewals_retry_script=/etc/cron.daily/letsencrypt
- renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed'
- renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal'
+ renewals_script=/etc/cron.monthly/letsencrypt
+ renewals_retry_script=/etc/cron.daily/letsencrypt
+ renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed'
+ renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal'
- # the main script tries to renew once per month
- echo '#!/bin/bash' > $renewals_script
- echo '' >> $renewals_script
- echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_script
- echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script
- echo '' >> $renewals_script
- echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script
- echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_script
- echo ' rm ~/letsencrypt_failed' >> $renewals_script
- echo ' fi' >> $renewals_script
- echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script
- echo -n "awk -F ':' '{print " >> $renewals_script
- echo -n '$2' >> $renewals_script
- echo "}')" >> $renewals_script
- echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_script
- echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_script
- echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_script
- echo -n "awk -F '/' '{print " >> $renewals_script
- echo -n '$5' >> $renewals_script
- echo "}')" >> $renewals_script
- echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_script
- echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_script
- echo ' if [ ! "$?" = "0" ]; then' >> $renewals_script
- echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_script
- echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_script
- echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_script
- echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_script
- echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script
- echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_script
- echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_script
- echo ' touch ~/letsencrypt_failed' >> $renewals_script
- echo ' fi' >> $renewals_script
- echo ' fi' >> $renewals_script
- echo ' fi' >> $renewals_script
- echo ' done' >> $renewals_script
- echo 'fi' >> $renewals_script
- chmod +x $renewals_script
+ # the main script tries to renew once per month
+ echo '#!/bin/bash' > $renewals_script
+ echo '' >> $renewals_script
+ echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_script
+ echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script
+ echo '' >> $renewals_script
+ echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script
+ echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_script
+ echo ' rm ~/letsencrypt_failed' >> $renewals_script
+ echo ' fi' >> $renewals_script
+ echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script
+ echo -n "awk -F ':' '{print " >> $renewals_script
+ echo -n '$2' >> $renewals_script
+ echo "}')" >> $renewals_script
+ echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_script
+ echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_script
+ echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_script
+ echo -n "awk -F '/' '{print " >> $renewals_script
+ echo -n '$5' >> $renewals_script
+ echo "}')" >> $renewals_script
+ echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_script
+ echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_script
+ echo ' if [ ! "$?" = "0" ]; then' >> $renewals_script
+ echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_script
+ echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_script
+ echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_script
+ echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_script
+ echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script
+ echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_script
+ echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_script
+ echo ' touch ~/letsencrypt_failed' >> $renewals_script
+ echo ' fi' >> $renewals_script
+ echo ' fi' >> $renewals_script
+ echo ' fi' >> $renewals_script
+ echo ' done' >> $renewals_script
+ echo 'fi' >> $renewals_script
+ chmod +x $renewals_script
- # a secondary script keeps trying to renew after a failure
- echo '#!/bin/bash' > $renewals_retry_script
- echo '' >> $renewals_retry_script
- echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_retry_script
- echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_retry_script
- echo '' >> $renewals_retry_script
- echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_retry_script
- echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
- echo ' rm ~/letsencrypt_failed' >> $renewals_retry_script
- echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_retry_script
- echo -n "awk -F ':' '{print " >> $renewals_retry_script
- echo -n '$2' >> $renewals_retry_script
- echo "}')" >> $renewals_retry_script
- echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_retry_script
- echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_retry_script
- echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_retry_script
- echo -n "awk -F '/' '{print " >> $renewals_retry_script
- echo -n '$5' >> $renewals_retry_script
- echo "}')" >> $renewals_retry_script
- echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_retry_script
- echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_retry_script
- echo ' if [ ! "$?" = "0" ]; then' >> $renewals_retry_script
- echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_retry_script
- echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
- echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
- echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_retry_script
- echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_retry_script
- echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
- echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
- echo ' touch ~/letsencrypt_failed' >> $renewals_retry_script
- echo ' fi' >> $renewals_retry_script
- echo ' fi' >> $renewals_retry_script
- echo ' fi' >> $renewals_retry_script
- echo ' done' >> $renewals_retry_script
- echo ' fi' >> $renewals_retry_script
- echo 'fi' >> $renewals_retry_script
- chmod +x $renewals_retry_script
+ # a secondary script keeps trying to renew after a failure
+ echo '#!/bin/bash' > $renewals_retry_script
+ echo '' >> $renewals_retry_script
+ echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_retry_script
+ echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_retry_script
+ echo '' >> $renewals_retry_script
+ echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_retry_script
+ echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
+ echo ' rm ~/letsencrypt_failed' >> $renewals_retry_script
+ echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_retry_script
+ echo -n "awk -F ':' '{print " >> $renewals_retry_script
+ echo -n '$2' >> $renewals_retry_script
+ echo "}')" >> $renewals_retry_script
+ echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_retry_script
+ echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_retry_script
+ echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_retry_script
+ echo -n "awk -F '/' '{print " >> $renewals_retry_script
+ echo -n '$5' >> $renewals_retry_script
+ echo "}')" >> $renewals_retry_script
+ echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_retry_script
+ echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_retry_script
+ echo ' if [ ! "$?" = "0" ]; then' >> $renewals_retry_script
+ echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_retry_script
+ echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
+ echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
+ echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_retry_script
+ echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_retry_script
+ echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
+ echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
+ echo ' touch ~/letsencrypt_failed' >> $renewals_retry_script
+ echo ' fi' >> $renewals_retry_script
+ echo ' fi' >> $renewals_retry_script
+ echo ' fi' >> $renewals_retry_script
+ echo ' done' >> $renewals_retry_script
+ echo ' fi' >> $renewals_retry_script
+ echo 'fi' >> $renewals_retry_script
+ chmod +x $renewals_retry_script
}
function save_firewall_settings {
- iptables-save > /etc/firewall.conf
- ip6tables-save > /etc/firewall6.conf
- printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
- printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
- printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
- chmod +x /etc/network/if-up.d/iptables
+ iptables-save > /etc/firewall.conf
+ ip6tables-save > /etc/firewall6.conf
+ printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
+ printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
+ printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
+ chmod +x /etc/network/if-up.d/iptables
}
function enable_ipv6 {
- # endure that ipv6 is enabled and can route
- sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf
- #sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf
- #sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf
- sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf
- echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+ # endure that ipv6 is enabled and can route
+ sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf
+ #sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf
+ #sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf
+ sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf
+ echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
}
function mesh_cjdns {
- if [[ $ENABLE_CJDNS != "yes" ]]; then
- return
- fi
+ if [[ $ENABLE_CJDNS != "yes" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO
+ # update to the next commit
+ set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO
- if grep -Fxq "mesh_cjdns" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "mesh_cjdns" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install nodejs git build-essential nmap
+ apt-get -y install nodejs git build-essential nmap
- # if a README exists then obtain the cjdns parameters
- get_cjdns_ipv6_address
- get_cjdns_public_key
- get_cjdns_private_key
- get_cjdns_port
- get_cjdns_password
+ # if a README exists then obtain the cjdns parameters
+ get_cjdns_ipv6_address
+ get_cjdns_public_key
+ get_cjdns_private_key
+ get_cjdns_port
+ get_cjdns_password
- # special compile settings for running ./do on the Beaglebone Black
- if [[ $INSTALLING_ON_BBB == "yes" ]]; then
- CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
- export LDFLAGS="$CFLAGS"
- fi
+ # special compile settings for running ./do on the Beaglebone Black
+ if [[ $INSTALLING_ON_BBB == "yes" ]]; then
+ CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
+ export LDFLAGS="$CFLAGS"
+ fi
- if [ ! -d /etc/cjdns ]; then
- git_clone $CJDNS_REPO /etc/cjdns
- cd /etc/cjdns
+ if [ ! -d /etc/cjdns ]; then
+ git_clone $CJDNS_REPO /etc/cjdns
+ cd /etc/cjdns
- git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
- if ! grep -q "cjdns commit" $COMPLETION_FILE; then
- echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
- fi
+ git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
+ if ! grep -q "cjdns commit" $COMPLETION_FILE; then
+ echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
+ fi
- ./do
- if [ ! "$?" = "0" ]; then
- exit 7439
- fi
- # create a configuration
- if [ ! -f /etc/cjdns/cjdroute.conf ]; then
- ./cjdroute --genconf > /etc/cjdns/cjdroute.conf
- if [ ! "$?" = "0" ]; then
- exit 5922
- fi
- fi
- # create a user to run as
- useradd cjdns
- else
- cd /etc/cjdns
- git_pull $CJDNS_REPO
- ./do
- if [ ! "$?" = "0" ]; then
- exit 9926
- fi
- fi
+ ./do
+ if [ ! "$?" = "0" ]; then
+ exit 7439
+ fi
+ # create a configuration
+ if [ ! -f /etc/cjdns/cjdroute.conf ]; then
+ ./cjdroute --genconf > /etc/cjdns/cjdroute.conf
+ if [ ! "$?" = "0" ]; then
+ exit 5922
+ fi
+ fi
+ # create a user to run as
+ useradd cjdns
+ else
+ cd /etc/cjdns
+ git_pull $CJDNS_REPO
+ ./do
+ if [ ! "$?" = "0" ]; then
+ exit 9926
+ fi
+ fi
- # set permissions
- chown -R cjdns:cjdns /etc/cjdns
- chmod 600 /etc/cjdns/cjdroute.conf
+ # set permissions
+ chown -R cjdns:cjdns /etc/cjdns
+ chmod 600 /etc/cjdns/cjdroute.conf
- /sbin/ip tuntap add mode tun user cjdns dev cjdroute0
+ /sbin/ip tuntap add mode tun user cjdns dev cjdroute0
- # insert values into the configuration file
- if [ $CJDNS_PRIVATE_KEY ]; then
- sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
- else
- CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
- fi
- if [ $CJDNS_PUBLIC_KEY ]; then
- sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
- else
- CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
- fi
- if [ $CJDNS_IPV6 ]; then
- sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
- else
- CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
- fi
- if [ $CJDNS_PASSWORD ]; then
- sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
- else
- CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
- fi
- if [ $CJDNS_PORT ]; then
- sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
- else
- CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
- fi
+ # insert values into the configuration file
+ if [ $CJDNS_PRIVATE_KEY ]; then
+ sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
+ else
+ CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
+ fi
+ if [ $CJDNS_PUBLIC_KEY ]; then
+ sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
+ else
+ CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
+ fi
+ if [ $CJDNS_IPV6 ]; then
+ sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
+ else
+ CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
+ fi
+ if [ $CJDNS_PASSWORD ]; then
+ sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
+ else
+ CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
+ fi
+ if [ $CJDNS_PORT ]; then
+ sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
+ else
+ CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
+ fi
- enable_ipv6
+ enable_ipv6
- echo '#!/bin/sh -e' > /etc/init.d/cjdns
- echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
- echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
- echo '# Provides: cjdroute' >> /etc/init.d/cjdns
- echo '# Required-Start: $remote_fs $network' >> /etc/init.d/cjdns
- echo '# Required-Stop: $remote_fs $network' >> /etc/init.d/cjdns
- echo '# Default-Start: 2 3 4 5' >> /etc/init.d/cjdns
- echo '# Default-Stop: 0 1 6' >> /etc/init.d/cjdns
- echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
- echo '# Description: A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
- echo '# cjdns git repo: https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
- echo '### END INIT INFO' >> /etc/init.d/cjdns
- echo '' >> /etc/init.d/cjdns
- echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
- echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
- echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
- echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
- echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
- echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
- echo '' >> /etc/init.d/cjdns
- echo 'start() {' >> /etc/init.d/cjdns
- echo ' # Start it up with the user cjdns' >> /etc/init.d/cjdns
- echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
- echo ' then' >> /etc/init.d/cjdns
- echo ' echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
- echo ' else' >> /etc/init.d/cjdns
- echo ' echo " * Starting cjdroute"' >> /etc/init.d/cjdns
- echo ' su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
- echo ' /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
- echo ' /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
- echo ' /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
- echo ' /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
- echo ' fi' >> /etc/init.d/cjdns
- echo '}' >> /etc/init.d/cjdns
- echo '' >> /etc/init.d/cjdns
- echo 'stop() {' >> /etc/init.d/cjdns
- echo '' >> /etc/init.d/cjdns
- echo ' if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
- echo ' then' >> /etc/init.d/cjdns
- echo ' echo "cjdns isnt running."' >> /etc/init.d/cjdns
- echo ' else' >> /etc/init.d/cjdns
- echo ' echo "Killing cjdroute"' >> /etc/init.d/cjdns
- echo ' killall cjdroute' >> /etc/init.d/cjdns
- echo ' fi' >> /etc/init.d/cjdns
- echo '}' >> /etc/init.d/cjdns
- echo '' >> /etc/init.d/cjdns
- echo 'status() {' >> /etc/init.d/cjdns
- echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
- echo ' then' >> /etc/init.d/cjdns
- echo ' echo "Cjdns is running"' >> /etc/init.d/cjdns
- echo ' else' >> /etc/init.d/cjdns
- echo ' echo "Cjdns is not running"' >> /etc/init.d/cjdns
- echo ' fi' >> /etc/init.d/cjdns
- echo '}' >> /etc/init.d/cjdns
- echo '' >> /etc/init.d/cjdns
- echo ' update() {' >> /etc/init.d/cjdns
- echo ' cd $GIT_PATH' >> /etc/init.d/cjdns
- echo ' echo "Updating..."' >> /etc/init.d/cjdns
- echo ' git pull' >> /etc/init.d/cjdns
- echo ' ./do' >> /etc/init.d/cjdns
- echo '}' >> /etc/init.d/cjdns
- echo '' >> /etc/init.d/cjdns
- echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
- echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
- echo ' echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
- echo ' exit 1' >> /etc/init.d/cjdns
- echo 'fi' >> /etc/init.d/cjdns
- echo '' >> /etc/init.d/cjdns
- echo 'case $1 in' >> /etc/init.d/cjdns
- echo ' start)' >> /etc/init.d/cjdns
- echo ' start' >> /etc/init.d/cjdns
- echo ' exit 0' >> /etc/init.d/cjdns
- echo ' ;;' >> /etc/init.d/cjdns
- echo ' stop)' >> /etc/init.d/cjdns
- echo ' stop' >> /etc/init.d/cjdns
- echo ' exit 0' >> /etc/init.d/cjdns
- echo ' ;;' >> /etc/init.d/cjdns
- echo ' reload|restart|force-reload)' >> /etc/init.d/cjdns
- echo ' stop' >> /etc/init.d/cjdns
- echo ' sleep 1' >> /etc/init.d/cjdns
- echo ' start' >> /etc/init.d/cjdns
- echo ' exit 0' >> /etc/init.d/cjdns
- echo ' ;;' >> /etc/init.d/cjdns
- echo ' status)' >> /etc/init.d/cjdns
- echo ' status' >> /etc/init.d/cjdns
- echo ' exit 0' >> /etc/init.d/cjdns
- echo ' ;;' >> /etc/init.d/cjdns
- echo ' update|upgrade)' >> /etc/init.d/cjdns
- echo ' update' >> /etc/init.d/cjdns
- echo ' stop' >> /etc/init.d/cjdns
- echo ' sleep 2' >> /etc/init.d/cjdns
- echo ' start' >> /etc/init.d/cjdns
- echo ' exit 0' >> /etc/init.d/cjdns
- echo ' ;;' >> /etc/init.d/cjdns
- echo ' **)' >> /etc/init.d/cjdns
- echo ' echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
- echo ' exit 1' >> /etc/init.d/cjdns
- echo ' ;;' >> /etc/init.d/cjdns
- echo 'esac' >> /etc/init.d/cjdns
- chmod +x /etc/init.d/cjdns
- update-rc.d cjdns defaults
- service cjdns start
- if [ ! "$?" = "0" ]; then
- systemctl status cjdns.service
- exit 8260
- fi
+ echo '#!/bin/sh -e' > /etc/init.d/cjdns
+ echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
+ echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
+ echo '# Provides: cjdroute' >> /etc/init.d/cjdns
+ echo '# Required-Start: $remote_fs $network' >> /etc/init.d/cjdns
+ echo '# Required-Stop: $remote_fs $network' >> /etc/init.d/cjdns
+ echo '# Default-Start: 2 3 4 5' >> /etc/init.d/cjdns
+ echo '# Default-Stop: 0 1 6' >> /etc/init.d/cjdns
+ echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
+ echo '# Description: A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
+ echo '# cjdns git repo: https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
+ echo '### END INIT INFO' >> /etc/init.d/cjdns
+ echo '' >> /etc/init.d/cjdns
+ echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
+ echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
+ echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
+ echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
+ echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
+ echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
+ echo '' >> /etc/init.d/cjdns
+ echo 'start() {' >> /etc/init.d/cjdns
+ echo ' # Start it up with the user cjdns' >> /etc/init.d/cjdns
+ echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
+ echo ' then' >> /etc/init.d/cjdns
+ echo ' echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
+ echo ' else' >> /etc/init.d/cjdns
+ echo ' echo " * Starting cjdroute"' >> /etc/init.d/cjdns
+ echo ' su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
+ echo ' /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
+ echo ' /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
+ echo ' /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
+ echo ' /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
+ echo ' fi' >> /etc/init.d/cjdns
+ echo '}' >> /etc/init.d/cjdns
+ echo '' >> /etc/init.d/cjdns
+ echo 'stop() {' >> /etc/init.d/cjdns
+ echo '' >> /etc/init.d/cjdns
+ echo ' if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
+ echo ' then' >> /etc/init.d/cjdns
+ echo ' echo "cjdns isnt running."' >> /etc/init.d/cjdns
+ echo ' else' >> /etc/init.d/cjdns
+ echo ' echo "Killing cjdroute"' >> /etc/init.d/cjdns
+ echo ' killall cjdroute' >> /etc/init.d/cjdns
+ echo ' fi' >> /etc/init.d/cjdns
+ echo '}' >> /etc/init.d/cjdns
+ echo '' >> /etc/init.d/cjdns
+ echo 'status() {' >> /etc/init.d/cjdns
+ echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
+ echo ' then' >> /etc/init.d/cjdns
+ echo ' echo "Cjdns is running"' >> /etc/init.d/cjdns
+ echo ' else' >> /etc/init.d/cjdns
+ echo ' echo "Cjdns is not running"' >> /etc/init.d/cjdns
+ echo ' fi' >> /etc/init.d/cjdns
+ echo '}' >> /etc/init.d/cjdns
+ echo '' >> /etc/init.d/cjdns
+ echo ' update() {' >> /etc/init.d/cjdns
+ echo ' cd $GIT_PATH' >> /etc/init.d/cjdns
+ echo ' echo "Updating..."' >> /etc/init.d/cjdns
+ echo ' git pull' >> /etc/init.d/cjdns
+ echo ' ./do' >> /etc/init.d/cjdns
+ echo '}' >> /etc/init.d/cjdns
+ echo '' >> /etc/init.d/cjdns
+ echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
+ echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
+ echo ' echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
+ echo ' exit 1' >> /etc/init.d/cjdns
+ echo 'fi' >> /etc/init.d/cjdns
+ echo '' >> /etc/init.d/cjdns
+ echo 'case $1 in' >> /etc/init.d/cjdns
+ echo ' start)' >> /etc/init.d/cjdns
+ echo ' start' >> /etc/init.d/cjdns
+ echo ' exit 0' >> /etc/init.d/cjdns
+ echo ' ;;' >> /etc/init.d/cjdns
+ echo ' stop)' >> /etc/init.d/cjdns
+ echo ' stop' >> /etc/init.d/cjdns
+ echo ' exit 0' >> /etc/init.d/cjdns
+ echo ' ;;' >> /etc/init.d/cjdns
+ echo ' reload|restart|force-reload)' >> /etc/init.d/cjdns
+ echo ' stop' >> /etc/init.d/cjdns
+ echo ' sleep 1' >> /etc/init.d/cjdns
+ echo ' start' >> /etc/init.d/cjdns
+ echo ' exit 0' >> /etc/init.d/cjdns
+ echo ' ;;' >> /etc/init.d/cjdns
+ echo ' status)' >> /etc/init.d/cjdns
+ echo ' status' >> /etc/init.d/cjdns
+ echo ' exit 0' >> /etc/init.d/cjdns
+ echo ' ;;' >> /etc/init.d/cjdns
+ echo ' update|upgrade)' >> /etc/init.d/cjdns
+ echo ' update' >> /etc/init.d/cjdns
+ echo ' stop' >> /etc/init.d/cjdns
+ echo ' sleep 2' >> /etc/init.d/cjdns
+ echo ' start' >> /etc/init.d/cjdns
+ echo ' exit 0' >> /etc/init.d/cjdns
+ echo ' ;;' >> /etc/init.d/cjdns
+ echo ' **)' >> /etc/init.d/cjdns
+ echo ' echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
+ echo ' exit 1' >> /etc/init.d/cjdns
+ echo ' ;;' >> /etc/init.d/cjdns
+ echo 'esac' >> /etc/init.d/cjdns
+ chmod +x /etc/init.d/cjdns
+ update-rc.d cjdns defaults
+ service cjdns start
+ if [ ! "$?" = "0" ]; then
+ systemctl status cjdns.service
+ exit 8260
+ fi
- apt-get -y install radvd
- echo 'interface eth0' > /etc/radvd.conf
- echo '{' >> /etc/radvd.conf
- echo ' AdvSendAdvert on;' >> /etc/radvd.conf
- echo ' prefix fdfc::1/64' >> /etc/radvd.conf
- echo ' {' >> /etc/radvd.conf
- echo ' AdvRouterAddr on;' >> /etc/radvd.conf
- echo ' };' >> /etc/radvd.conf
- echo '};' >> /etc/radvd.conf
- systemctl restart radvd
- if [ ! "$?" = "0" ]; then
- systemctl status radvd.service
- exit 4395
- fi
+ apt-get -y install radvd
+ echo 'interface eth0' > /etc/radvd.conf
+ echo '{' >> /etc/radvd.conf
+ echo ' AdvSendAdvert on;' >> /etc/radvd.conf
+ echo ' prefix fdfc::1/64' >> /etc/radvd.conf
+ echo ' {' >> /etc/radvd.conf
+ echo ' AdvRouterAddr on;' >> /etc/radvd.conf
+ echo ' };' >> /etc/radvd.conf
+ echo '};' >> /etc/radvd.conf
+ systemctl restart radvd
+ if [ ! "$?" = "0" ]; then
+ systemctl status radvd.service
+ exit 4395
+ fi
- if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
- echo '' >> /etc/network/interfaces
- echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
- echo 'iface eth0 inet6 static' >> /etc/network/interfaces
- echo ' pre-up modprobe ipv6' >> /etc/network/interfaces
- echo ' address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
- echo ' netmask 64' >> /etc/network/interfaces
- service network-manager restart
- if [ ! "$?" = "0" ]; then
- systemctl status networking.service
- exit 6949
- fi
- fi
+ if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
+ echo '' >> /etc/network/interfaces
+ echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
+ echo 'iface eth0 inet6 static' >> /etc/network/interfaces
+ echo ' pre-up modprobe ipv6' >> /etc/network/interfaces
+ echo ' address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
+ echo ' netmask 64' >> /etc/network/interfaces
+ service network-manager restart
+ if [ ! "$?" = "0" ]; then
+ systemctl status networking.service
+ exit 6949
+ fi
+ fi
- ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
- ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
- save_firewall_settings
+ ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
+ ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
+ save_firewall_settings
- if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
- CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
+ if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
+ CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
- echo '=======================' >> /home/$MY_USERNAME/README
- echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
- echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
- echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
- echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
- echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
- echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
- echo $'to you using your default password' >> /home/$MY_USERNAME/README
- echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
- echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
- echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
- echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
- echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
- echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
- echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
- echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
- echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
- echo $'each password is for.' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
- echo ' http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
- echo ' http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
+ echo '=======================' >> /home/$MY_USERNAME/README
+ echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
+ echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
+ echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
+ echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
+ echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
+ echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
+ echo $'to you using your default password' >> /home/$MY_USERNAME/README
+ echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
+ echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
+ echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
+ echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
+ echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
+ echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
+ echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
+ echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
+ echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
+ echo $'each password is for.' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
+ echo ' http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
+ echo ' http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo 'mesh_cjdns' >> $COMPLETION_FILE
+ echo 'mesh_cjdns' >> $COMPLETION_FILE
}
function create_mirrors {
- if [ -d /home/trove ]; then
- userdel -r trove
- fi
- if grep -Fxq "create_mirrors" $COMPLETION_FILE; then
- return
- fi
- ${PROJECT_NAME}-mirrors
- echo 'create_mirrors' >> $COMPLETION_FILE
+ if [ -d /home/trove ]; then
+ userdel -r trove
+ fi
+ if grep -Fxq "create_mirrors" $COMPLETION_FILE; then
+ return
+ fi
+ ${PROJECT_NAME}-mirrors
+ echo 'create_mirrors' >> $COMPLETION_FILE
}
function select_go_version {
- if [ ! -d $GVM_HOME/bin ]; then
- echo $'GVM was not installed'
- exit 629532
- fi
- export GVM_ROOT=$GVM_HOME
- if ! grep -q "GVM_ROOT=" ~/.bashrc; then
- echo "export GVM_ROOT=$GVM_ROOT" >> ~/.bashrc
- else
- sed -i "s|export GVM_ROOT=.*|export GVM_ROOT=$GVM_ROOT|g" ~/.bashrc
- fi
- cd $GVM_ROOT/bin
- [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm"
- gvm use go${GO_VERSION} --default
- systemctl set-environment GOPATH=$GOPATH
+ if [ ! -d $GVM_HOME/bin ]; then
+ echo $'GVM was not installed'
+ exit 629532
+ fi
+ export GVM_ROOT=$GVM_HOME
+ if ! grep -q "GVM_ROOT=" ~/.bashrc; then
+ echo "export GVM_ROOT=$GVM_ROOT" >> ~/.bashrc
+ else
+ sed -i "s|export GVM_ROOT=.*|export GVM_ROOT=$GVM_ROOT|g" ~/.bashrc
+ fi
+ cd $GVM_ROOT/bin
+ [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm"
+ gvm use go${GO_VERSION} --default
+ systemctl set-environment GOPATH=$GOPATH
- if [ ${#GOPATH} -lt 2 ]; then
- echo $'GOPATH was not set'
- exit 629825
- fi
+ if [ ${#GOPATH} -lt 2 ]; then
+ echo $'GOPATH was not set'
+ exit 629825
+ fi
}
function mesh_cjdns_tools {
- if grep -Fxq "mesh_cjdns_tools" $COMPLETION_FILE; then
- return
- fi
- if [[ $ENABLE_CJDNS != "yes" ]]; then
- return
- fi
- if [ ! -d /etc/cjdns ]; then
- mesh_cjdns
- fi
+ if grep -Fxq "mesh_cjdns_tools" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ENABLE_CJDNS != "yes" ]]; then
+ return
+ fi
+ if [ ! -d /etc/cjdns ]; then
+ mesh_cjdns
+ fi
- select_go_version
+ select_go_version
- apt-get -y install golang mercurial
- if [ ! -f ~/.bashrc ]; then
- touch ~/.bashrc
- fi
+ apt-get -y install golang mercurial
+ if [ ! -f ~/.bashrc ]; then
+ touch ~/.bashrc
+ fi
- if [ ! -d /home/git ]; then
- # add a gogs user account
- adduser --disabled-login --gecos 'Gogs' git
+ if [ ! -d /home/git ]; then
+ # add a gogs user account
+ adduser --disabled-login --gecos 'Gogs' git
- # install Go
- if ! grep -q "export GOPATH=" ~/.bashrc; then
- echo "export GOPATH=$GOPATH" >> ~/.bashrc
- fi
- systemctl set-environment GOPATH=$GOPATH
- if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
- echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
- fi
- if [ ! -d $GOPATH ]; then
- mkdir -p $GOPATH
- fi
- fi
+ # install Go
+ if ! grep -q "export GOPATH=" ~/.bashrc; then
+ echo "export GOPATH=$GOPATH" >> ~/.bashrc
+ fi
+ systemctl set-environment GOPATH=$GOPATH
+ if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
+ echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
+ fi
+ if [ ! -d $GOPATH ]; then
+ mkdir -p $GOPATH
+ fi
+ fi
- if ! grep -q "export GOPATH=" ~/.bashrc; then
- echo "export GOPATH=$GOPATH" >> ~/.bashrc
- fi
- expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
- export PATH=$PATH:${GOPATH}/bin
- if ! grep -q "$expected_go_path" ~/.bashrc; then
- echo "$expected_go_path" >> ~/.bashrc
- fi
- export PATH=$PATH:$GOPATH/bin
- CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
- go get $CJDCMD_REPO2
- if [ ! -f $GOPATH/bin/cjdcmd ]; then
- echo $'cjdcmd was not compiled. Check your golang installation'
- exit 7439
- fi
- cp $GOPATH/bin/cjdcmd /usr/bin
+ if ! grep -q "export GOPATH=" ~/.bashrc; then
+ echo "export GOPATH=$GOPATH" >> ~/.bashrc
+ fi
+ expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
+ export PATH=$PATH:${GOPATH}/bin
+ if ! grep -q "$expected_go_path" ~/.bashrc; then
+ echo "$expected_go_path" >> ~/.bashrc
+ fi
+ export PATH=$PATH:$GOPATH/bin
+ CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
+ go get $CJDCMD_REPO2
+ if [ ! -f $GOPATH/bin/cjdcmd ]; then
+ echo $'cjdcmd was not compiled. Check your golang installation'
+ exit 7439
+ fi
+ cp $GOPATH/bin/cjdcmd /usr/bin
- # initialise from the cjdns config
- /usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
+ # initialise from the cjdns config
+ /usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
- echo 'mesh_cjdns_tools' >> $COMPLETION_FILE
+ echo 'mesh_cjdns_tools' >> $COMPLETION_FILE
}
function install_zeronet_blog {
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ return
+ fi
- set_repo_commit /opt/zeronet/ZeroBlog "ZeroNet Blog commit" "$ZERONET_BLOG_COMMIT" $ZERONET_BLOG_REPO
+ set_repo_commit /opt/zeronet/ZeroBlog "ZeroNet Blog commit" "$ZERONET_BLOG_COMMIT" $ZERONET_BLOG_REPO
- if grep -Fxq "install_zeronet_blog" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_zeronet_blog" $COMPLETION_FILE; then
+ return
+ fi
- if [ ! -f /home/$MY_USERNAME/README ]; then
- touch /home/$MY_USERNAME/README
- fi
+ if [ ! -f /home/$MY_USERNAME/README ]; then
+ touch /home/$MY_USERNAME/README
+ fi
- if grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then
- return
- fi
+ if grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then
+ return
+ fi
- if [ ! -d /etc/avahi ]; then
- echo $'Avahi is not installed'
- exit 736
- fi
+ if [ ! -d /etc/avahi ]; then
+ echo $'Avahi is not installed'
+ exit 736
+ fi
- ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog"
+ ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog"
- cd /opt/zeronet
- python zeronet.py --batch siteCreate 2> /opt/zeronet/blog.txt
- if [ ! -f /opt/zeronet/blog.txt ]; then
- echo $'Unable to create blog'
- exit 479
- fi
- blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}')
- blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}')
- ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/}
- ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/}
+ cd /opt/zeronet
+ python zeronet.py --batch siteCreate 2> /opt/zeronet/blog.txt
+ if [ ! -f /opt/zeronet/blog.txt ]; then
+ echo $'Unable to create blog'
+ exit 479
+ fi
+ blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}')
+ blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}')
+ ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/}
+ ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/}
- if [ ${#ZERONET_BLOG_ADDRESS} -lt 20 ]; then
- echo $"Address: $ZERONET_BLOG_ADDRESS"
- echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY"
- echo $'Unable to create zeronet blog address'
- exit 7358
- fi
+ if [ ${#ZERONET_BLOG_ADDRESS} -lt 20 ]; then
+ echo $"Address: $ZERONET_BLOG_ADDRESS"
+ echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY"
+ echo $'Unable to create zeronet blog address'
+ exit 7358
+ fi
- if [ ${#ZERONET_BLOG_PRIVATE_KEY} -lt 20 ]; then
- echo $"Address: $ZERONET_BLOG_ADDRESS"
- echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY"
- echo $'Unable to create zeronet blog private key'
- exit 1639
- fi
+ if [ ${#ZERONET_BLOG_PRIVATE_KEY} -lt 20 ]; then
+ echo $"Address: $ZERONET_BLOG_ADDRESS"
+ echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY"
+ echo $'Unable to create zeronet blog private key'
+ exit 1639
+ fi
- if [ ! -d "/opt/zeronet/data/$ZERONET_BLOG_ADDRESS" ]; then
- echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_BLOG_ADDRESS"
- exit 7638
- fi
+ if [ ! -d "/opt/zeronet/data/$ZERONET_BLOG_ADDRESS" ]; then
+ echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_BLOG_ADDRESS"
+ exit 7638
+ fi
- git_clone $ZERONET_BLOG_REPO ZeroBlog
- if [ ! -d /opt/zeronet/ZeroBlog ]; then
- echo $'ZeroBlog repo could not be cloned'
- exit 6739
- fi
- cd /opt/zeronet/ZeroBlog
- git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
- if ! grep -q "ZeroNet Blog commit" $COMPLETION_FILE; then
- echo "ZeroNet Blog commit:$ZERONET_BLOG_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/ZeroNet Blog commit.*/ZeroNet Blog commit:$ZERONET_BLOG_COMMIT/g" $COMPLETION_FILE
- fi
+ git_clone $ZERONET_BLOG_REPO ZeroBlog
+ if [ ! -d /opt/zeronet/ZeroBlog ]; then
+ echo $'ZeroBlog repo could not be cloned'
+ exit 6739
+ fi
+ cd /opt/zeronet/ZeroBlog
+ git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
+ if ! grep -q "ZeroNet Blog commit" $COMPLETION_FILE; then
+ echo "ZeroNet Blog commit:$ZERONET_BLOG_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/ZeroNet Blog commit.*/ZeroNet Blog commit:$ZERONET_BLOG_COMMIT/g" $COMPLETION_FILE
+ fi
- echo $"ZeroNet Blog address: $ZERONET_BLOG_ADDRESS"
- echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY"
- cp -r /opt/zeronet/ZeroBlog/* /opt/zeronet/data/$ZERONET_BLOG_ADDRESS
+ echo $"ZeroNet Blog address: $ZERONET_BLOG_ADDRESS"
+ echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY"
+ cp -r /opt/zeronet/ZeroBlog/* /opt/zeronet/data/$ZERONET_BLOG_ADDRESS
- if [ ! -d /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then
- mkdir /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data
- fi
- cp /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data
- sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
- sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
- sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
- sed -i "s|
.*|$ZERONET_DEFAULT_BLOG_TAGLINE
|g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
- sed -i "s/Blogging platform Demo/Blogging platform/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json
- python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY
+ if [ ! -d /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then
+ mkdir /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data
+ fi
+ cp /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data
+ sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
+ sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
+ sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
+ sed -i "s|.*|$ZERONET_DEFAULT_BLOG_TAGLINE
|g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
+ sed -i "s/Blogging platform Demo/Blogging platform/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json
+ python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY
- # Add an avahi service
- echo '' > /tmp/zeronet-blog.service
- echo '' >> /tmp/zeronet-blog.service
- echo '' >> /tmp/zeronet-blog.service
- echo ' %h ZeroNet Blog' >> /tmp/zeronet-blog.service
- echo ' ' >> /tmp/zeronet-blog.service
- echo ' _zeronet._udp' >> /tmp/zeronet-blog.service
- echo " $ZERONET_PORT" >> /tmp/zeronet-blog.service
- echo " $ZERONET_URL/$ZERONET_BLOG_ADDRESS" >> /tmp/zeronet-blog.service
- echo ' ' >> /tmp/zeronet-blog.service
- echo '' >> /tmp/zeronet-blog.service
- cp /tmp/zeronet-blog.service /etc/avahi/services/zeronet-blog.service
+ # Add an avahi service
+ echo '' > /tmp/zeronet-blog.service
+ echo '' >> /tmp/zeronet-blog.service
+ echo '' >> /tmp/zeronet-blog.service
+ echo ' %h ZeroNet Blog' >> /tmp/zeronet-blog.service
+ echo ' ' >> /tmp/zeronet-blog.service
+ echo ' _zeronet._udp' >> /tmp/zeronet-blog.service
+ echo " $ZERONET_PORT" >> /tmp/zeronet-blog.service
+ echo " $ZERONET_URL/$ZERONET_BLOG_ADDRESS" >> /tmp/zeronet-blog.service
+ echo ' ' >> /tmp/zeronet-blog.service
+ echo '' >> /tmp/zeronet-blog.service
+ cp /tmp/zeronet-blog.service /etc/avahi/services/zeronet-blog.service
- if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
- mkdir -p /home/$MY_USERNAME/.config/zeronet
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
- fi
- echo "$ZERONET_URL/$ZERONET_BLOG_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/myblog
+ if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
+ mkdir -p /home/$MY_USERNAME/.config/zeronet
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+ fi
+ echo "$ZERONET_URL/$ZERONET_BLOG_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/myblog
- if ! grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo "ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" >> /home/$MY_USERNAME/README
- echo "ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" >> /home/$MY_USERNAME/README
- fi
+ if ! grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo "ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" >> /home/$MY_USERNAME/README
+ echo "ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" >> /home/$MY_USERNAME/README
+ fi
- echo 'install_zeronet_blog' >> $COMPLETION_FILE
+ echo 'install_zeronet_blog' >> $COMPLETION_FILE
}
function install_zeronet_mail {
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ return
+ fi
- set_repo_commit /opt/zeronet/ZeroMail "ZeroNet Mail commit" "$ZERONET_MAIL_COMMIT" $ZERONET_MAIL_REPO
+ set_repo_commit /opt/zeronet/ZeroMail "ZeroNet Mail commit" "$ZERONET_MAIL_COMMIT" $ZERONET_MAIL_REPO
- if grep -Fxq "install_zeronet_mail" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_zeronet_mail" $COMPLETION_FILE; then
+ return
+ fi
- if [ ! -f /home/$MY_USERNAME/README ]; then
- touch /home/$MY_USERNAME/README
- fi
+ if [ ! -f /home/$MY_USERNAME/README ]; then
+ touch /home/$MY_USERNAME/README
+ fi
- if grep -q "ZeroNet Mail address" /home/$MY_USERNAME/README; then
- return
- fi
+ if grep -q "ZeroNet Mail address" /home/$MY_USERNAME/README; then
+ return
+ fi
- if [ ! -d /etc/avahi ]; then
- echo 'Avahi is not installed'
- exit 736
- fi
+ if [ ! -d /etc/avahi ]; then
+ echo 'Avahi is not installed'
+ exit 736
+ fi
- ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail"
+ ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail"
- cd /opt/zeronet
- python zeronet.py --batch siteCreate 2> /opt/zeronet/mail.txt
- if [ ! -f /opt/zeronet/mail.txt ]; then
- echo $'Unable to create mail'
- exit 479
- fi
- mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}')
- mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}')
- ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/}
- ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/}
+ cd /opt/zeronet
+ python zeronet.py --batch siteCreate 2> /opt/zeronet/mail.txt
+ if [ ! -f /opt/zeronet/mail.txt ]; then
+ echo $'Unable to create mail'
+ exit 479
+ fi
+ mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}')
+ mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}')
+ ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/}
+ ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/}
- if [ ${#ZERONET_MAIL_ADDRESS} -lt 20 ]; then
- echo $"Address: $ZERONET_MAIL_ADDRESS"
- echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY"
- echo $'Unable to create zeronet mail address'
- exit 7358
- fi
+ if [ ${#ZERONET_MAIL_ADDRESS} -lt 20 ]; then
+ echo $"Address: $ZERONET_MAIL_ADDRESS"
+ echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY"
+ echo $'Unable to create zeronet mail address'
+ exit 7358
+ fi
- if [ ${#ZERONET_MAIL_PRIVATE_KEY} -lt 20 ]; then
- echo $"Address: $ZERONET_MAIL_ADDRESS"
- echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY"
- echo $'Unable to create zeronet mail private key'
- exit 1639
- fi
+ if [ ${#ZERONET_MAIL_PRIVATE_KEY} -lt 20 ]; then
+ echo $"Address: $ZERONET_MAIL_ADDRESS"
+ echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY"
+ echo $'Unable to create zeronet mail private key'
+ exit 1639
+ fi
- if [ ! -d "/opt/zeronet/data/$ZERONET_MAIL_ADDRESS" ]; then
- echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_MAIL_ADDRESS"
- exit 7638
- fi
+ if [ ! -d "/opt/zeronet/data/$ZERONET_MAIL_ADDRESS" ]; then
+ echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_MAIL_ADDRESS"
+ exit 7638
+ fi
- git_clone $ZERONET_MAIL_REPO ZeroMail
- if [ ! -d /opt/zeronet/ZeroMail ]; then
- echo $'ZeroMail repo could not be cloned'
- exit 6739
- fi
- cd /opt/zeronet/ZeroMail
- git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
- if ! grep -q "ZeroNet Mail commit" $COMPLETION_FILE; then
- echo "ZeroNet Mail commit:$ZERONET_MAIL_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/ZeroNet Mail commit.*/ZeroNet Mail commit:$ZERONET_MAIL_COMMIT/g" $COMPLETION_FILE
- fi
+ git_clone $ZERONET_MAIL_REPO ZeroMail
+ if [ ! -d /opt/zeronet/ZeroMail ]; then
+ echo $'ZeroMail repo could not be cloned'
+ exit 6739
+ fi
+ cd /opt/zeronet/ZeroMail
+ git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
+ if ! grep -q "ZeroNet Mail commit" $COMPLETION_FILE; then
+ echo "ZeroNet Mail commit:$ZERONET_MAIL_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/ZeroNet Mail commit.*/ZeroNet Mail commit:$ZERONET_MAIL_COMMIT/g" $COMPLETION_FILE
+ fi
- echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS"
- echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY"
- cp -r /opt/zeronet/ZeroMail/* /opt/zeronet/data/$ZERONET_MAIL_ADDRESS
+ echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS"
+ echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY"
+ cp -r /opt/zeronet/ZeroMail/* /opt/zeronet/data/$ZERONET_MAIL_ADDRESS
- if [ ! -d /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then
- mkdir /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data
- fi
- cp /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data
- sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
- sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
- sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
- sed -i "s|.*|$ZERONET_DEFAULT_MAIL_TAGLINE
|g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
- sed -i "s/Mailging platform Demo/Mailging platform/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json
- python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY
+ if [ ! -d /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then
+ mkdir /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data
+ fi
+ cp /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data
+ sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
+ sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
+ sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
+ sed -i "s|.*|$ZERONET_DEFAULT_MAIL_TAGLINE
|g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
+ sed -i "s/Mailging platform Demo/Mailging platform/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json
+ python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY
- # Add an avahi service
- echo '' > /tmp/zeronet-mail.service
- echo '' >> /tmp/zeronet-mail.service
- echo '' >> /tmp/zeronet-mail.service
- echo ' %h ZeroNet Mail' >> /tmp/zeronet-mail.service
- echo ' ' >> /tmp/zeronet-mail.service
- echo ' _zeronet._udp' >> /tmp/zeronet-mail.service
- echo " $ZERONET_PORT" >> /tmp/zeronet-mail.service
- echo " $ZERONET_URL/$ZERONET_MAIL_ADDRESS" >> /tmp/zeronet-mail.service
- echo ' ' >> /tmp/zeronet-mail.service
- echo '' >> /tmp/zeronet-mail.service
- cp /tmp/zeronet-mail.service /etc/avahi/services/zeronet-mail.service
+ # Add an avahi service
+ echo '' > /tmp/zeronet-mail.service
+ echo '' >> /tmp/zeronet-mail.service
+ echo '' >> /tmp/zeronet-mail.service
+ echo ' %h ZeroNet Mail' >> /tmp/zeronet-mail.service
+ echo ' ' >> /tmp/zeronet-mail.service
+ echo ' _zeronet._udp' >> /tmp/zeronet-mail.service
+ echo " $ZERONET_PORT" >> /tmp/zeronet-mail.service
+ echo " $ZERONET_URL/$ZERONET_MAIL_ADDRESS" >> /tmp/zeronet-mail.service
+ echo ' ' >> /tmp/zeronet-mail.service
+ echo '' >> /tmp/zeronet-mail.service
+ cp /tmp/zeronet-mail.service /etc/avahi/services/zeronet-mail.service
- if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
- mkdir -p /home/$MY_USERNAME/.config/zeronet
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
- fi
- echo "$ZERONET_URL/$ZERONET_MAIL_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/mymail
+ if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
+ mkdir -p /home/$MY_USERNAME/.config/zeronet
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+ fi
+ echo "$ZERONET_URL/$ZERONET_MAIL_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/mymail
- if ! grep -q $"ZeroNet Mail address" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS" >> /home/$MY_USERNAME/README
- echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY" >> /home/$MY_USERNAME/README
- fi
+ if ! grep -q $"ZeroNet Mail address" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS" >> /home/$MY_USERNAME/README
+ echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY" >> /home/$MY_USERNAME/README
+ fi
- echo 'install_zeronet_mail' >> $COMPLETION_FILE
+ echo 'install_zeronet_mail' >> $COMPLETION_FILE
}
function install_zeronet_forum {
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit /opt/zeronet/ZeroTalk "ZeroNet Forum commit" "$ZERONET_FORUM_COMMIT" $ZERONET_FORUM_REPO
+ # update to the next commit
+ set_repo_commit /opt/zeronet/ZeroTalk "ZeroNet Forum commit" "$ZERONET_FORUM_COMMIT" $ZERONET_FORUM_REPO
- if grep -Fxq "install_zeronet_forum" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_zeronet_forum" $COMPLETION_FILE; then
+ return
+ fi
- if [ ! -f /home/$MY_USERNAME/README ]; then
- touch /home/$MY_USERNAME/README
- fi
+ if [ ! -f /home/$MY_USERNAME/README ]; then
+ touch /home/$MY_USERNAME/README
+ fi
- if grep -q "ZeroNet Forum address" /home/$MY_USERNAME/README; then
- return
- fi
+ if grep -q "ZeroNet Forum address" /home/$MY_USERNAME/README; then
+ return
+ fi
- if [ ! -d /etc/avahi ]; then
- echo $'Avahi is not installed'
- exit 736
- fi
+ if [ ! -d /etc/avahi ]; then
+ echo $'Avahi is not installed'
+ exit 736
+ fi
- ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum"
+ ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum"
- cd /opt/zeronet
- python zeronet.py --batch siteCreate 2> /opt/zeronet/forum.txt
- if [ ! -f /opt/zeronet/forum.txt ]; then
- echo $'Unable to create forum'
- exit 479
- fi
- forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}')
- forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}')
- ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/}
- ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/}
+ cd /opt/zeronet
+ python zeronet.py --batch siteCreate 2> /opt/zeronet/forum.txt
+ if [ ! -f /opt/zeronet/forum.txt ]; then
+ echo $'Unable to create forum'
+ exit 479
+ fi
+ forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}')
+ forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}')
+ ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/}
+ ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/}
- if [ ${#ZERONET_FORUM_ADDRESS} -lt 20 ]; then
- echo $"Address: $ZERONET_FORUM_ADDRESS"
- echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY"
- echo $'Unable to create zeronet forum address'
- exit 76352
- fi
+ if [ ${#ZERONET_FORUM_ADDRESS} -lt 20 ]; then
+ echo $"Address: $ZERONET_FORUM_ADDRESS"
+ echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY"
+ echo $'Unable to create zeronet forum address'
+ exit 76352
+ fi
- if [ ${#ZERONET_FORUM_PRIVATE_KEY} -lt 20 ]; then
- echo $"Address: $ZERONET_FORUM_ADDRESS"
- echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY"
- echo $'Unable to create zeronet forum private key'
- exit 87356
- fi
+ if [ ${#ZERONET_FORUM_PRIVATE_KEY} -lt 20 ]; then
+ echo $"Address: $ZERONET_FORUM_ADDRESS"
+ echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY"
+ echo $'Unable to create zeronet forum private key'
+ exit 87356
+ fi
- if [ ! -d "/opt/zeronet/data/$ZERONET_FORUM_ADDRESS" ]; then
- echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_FORUM_ADDRESS"
- exit 7638
- fi
+ if [ ! -d "/opt/zeronet/data/$ZERONET_FORUM_ADDRESS" ]; then
+ echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_FORUM_ADDRESS"
+ exit 7638
+ fi
- git_clone $ZERONET_FORUM_REPO ZeroTalk
- if [ ! -d /opt/zeronet/ZeroTalk ]; then
- echo $'ZeroTalk repo could not be cloned'
- exit 6739
- fi
- git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
- if ! grep -q "ZeroNet Forum commit" $COMPLETION_FILE; then
- echo "ZeroNet Forum commit:$ZERONET_FORUM_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/ZeroNet Forum commit.*/ZeroNet Forum commit:$ZERONET_FORUM_COMMIT/g" $COMPLETION_FILE
- fi
+ git_clone $ZERONET_FORUM_REPO ZeroTalk
+ if [ ! -d /opt/zeronet/ZeroTalk ]; then
+ echo $'ZeroTalk repo could not be cloned'
+ exit 6739
+ fi
+ git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
+ if ! grep -q "ZeroNet Forum commit" $COMPLETION_FILE; then
+ echo "ZeroNet Forum commit:$ZERONET_FORUM_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/ZeroNet Forum commit.*/ZeroNet Forum commit:$ZERONET_FORUM_COMMIT/g" $COMPLETION_FILE
+ fi
- echo $"Forum address: $ZERONET_FORUM_ADDRESS"
- echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY"
- cp -r /opt/zeronet/ZeroTalk/* /opt/zeronet/data/$ZERONET_FORUM_ADDRESS
- sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
- sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
- sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
- sed -i 's/Messaging Board Demo/Messaging Board/g' /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
- sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
- python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json
+ echo $"Forum address: $ZERONET_FORUM_ADDRESS"
+ echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY"
+ cp -r /opt/zeronet/ZeroTalk/* /opt/zeronet/data/$ZERONET_FORUM_ADDRESS
+ sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
+ sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
+ sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
+ sed -i 's/Messaging Board Demo/Messaging Board/g' /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
+ sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
+ python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json
- # Add an avahi service
- echo '' > /tmp/zeronet-forum.service
- echo '' >> /tmp/zeronet-forum.service
- echo '' >> /tmp/zeronet-forum.service
- echo ' %h ZeroNet Forum' >> /tmp/zeronet-forum.service
- echo ' ' >> /tmp/zeronet-forum.service
- echo ' _zeronet._udp' >> /tmp/zeronet-forum.service
- echo " $ZERONET_PORT" >> /tmp/zeronet-forum.service
- echo " $ZERONET_URL/$ZERONET_FORUM_ADDRESS" >> /tmp/zeronet-forum.service
- echo ' ' >> /tmp/zeronet-forum.service
- echo '' >> /tmp/zeronet-forum.service
- sudo cp /tmp/zeronet-forum.service /etc/avahi/services/zeronet-forum.service
+ # Add an avahi service
+ echo '' > /tmp/zeronet-forum.service
+ echo '' >> /tmp/zeronet-forum.service
+ echo '' >> /tmp/zeronet-forum.service
+ echo ' %h ZeroNet Forum' >> /tmp/zeronet-forum.service
+ echo ' ' >> /tmp/zeronet-forum.service
+ echo ' _zeronet._udp' >> /tmp/zeronet-forum.service
+ echo " $ZERONET_PORT" >> /tmp/zeronet-forum.service
+ echo " $ZERONET_URL/$ZERONET_FORUM_ADDRESS" >> /tmp/zeronet-forum.service
+ echo ' ' >> /tmp/zeronet-forum.service
+ echo '' >> /tmp/zeronet-forum.service
+ sudo cp /tmp/zeronet-forum.service /etc/avahi/services/zeronet-forum.service
- if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
- mkdir -p /home/$MY_USERNAME/.config/zeronet
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
- fi
- echo "$ZERONET_URL/$ZERONET_FORUM_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/myforum
+ if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
+ mkdir -p /home/$MY_USERNAME/.config/zeronet
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+ fi
+ echo "$ZERONET_URL/$ZERONET_FORUM_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/myforum
- if ! grep -q $"ZeroNet Forum address" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo $"ZeroNet Forum address: $ZERONET_FORUM_ADDRESS" >> /home/$MY_USERNAME/README
- echo $"ZeroNet Forum private key: $ZERONET_FORUM_PRIVATE_KEY" >> /home/$MY_USERNAME/README
- fi
+ if ! grep -q $"ZeroNet Forum address" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo $"ZeroNet Forum address: $ZERONET_FORUM_ADDRESS" >> /home/$MY_USERNAME/README
+ echo $"ZeroNet Forum private key: $ZERONET_FORUM_PRIVATE_KEY" >> /home/$MY_USERNAME/README
+ fi
- echo 'install_zeronet_forum' >> $COMPLETION_FILE
+ echo 'install_zeronet_forum' >> $COMPLETION_FILE
}
function install_zeronet {
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit /opt/zeronet "ZeroNet commit" "$ZERONET_COMMIT" $ZERONET_REPO
+ # update to the next commit
+ set_repo_commit /opt/zeronet "ZeroNet commit" "$ZERONET_COMMIT" $ZERONET_REPO
- if grep -Fxq "install_zeronet" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_zeronet" $COMPLETION_FILE; then
+ return
+ fi
- ${PROJECT_NAME}=mesh-install zeronet
- systemctl daemon-reload
- systemctl start tracker.service
- systemctl start zeronet.service
+ ${PROJECT_NAME}=mesh-install zeronet
+ systemctl daemon-reload
+ systemctl start tracker.service
+ systemctl start zeronet.service
- echo 'mesh_zeronet' >> $COMPLETION_FILE
+ echo 'mesh_zeronet' >> $COMPLETION_FILE
}
function install_vpn_tunnel {
- if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then
- echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list
- gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C
- if [ ! "$?" = "0" ]; then
- exit 76272
- fi
- gpg -a --export 16EF3F64CB201D9C | sudo apt-key add -
- apt-get update
- apt-get -y install fastd
- if [ ! "$?" = "0" ]; then
- exit 52026
- fi
- fi
+ if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then
+ echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list
+ gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C
+ if [ ! "$?" = "0" ]; then
+ exit 76272
+ fi
+ gpg -a --export 16EF3F64CB201D9C | sudo apt-key add -
+ apt-get update
+ apt-get -y install fastd
+ if [ ! "$?" = "0" ]; then
+ exit 52026
+ fi
+ fi
}
# ath9k_htc driver
function install_atheros_wifi {
- if grep -Fxq "install_atheros_wifi" $COMPLETION_FILE; then
- return
- fi
- if [ $INSTALLING_ON_BBB != "yes" ]; then
- return
- fi
- if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then
- return
- fi
- if [ -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
- return
- fi
- # have drivers already been installed ?
- if [ -f /lib/firmware/htc_9271.fw ]; then
- return
- fi
- apt-get -y install build-essential cmake git m4 texinfo
- if [ ! -d $INSTALL_DIR ]; then
- mkdir -p $INSTALL_DIR
- fi
- cd $INSTALL_DIR
- if [ ! -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
- git_clone $ATHEROS_WIFI_REPO $INSTALL_DIR/open-ath9k-htc-firmware
- if [ ! "$?" = "0" ]; then
- rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
- exit 74283
- fi
- fi
- cd $INSTALL_DIR/open-ath9k-htc-firmware
- git checkout 1.4.0
- make toolchain
- if [ ! "$?" = "0" ]; then
- rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
- exit 24820
- fi
- make firmware
- if [ ! "$?" = "0" ]; then
- rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
- exit 63412
- fi
- cp target_firmware/*.fw /lib/firmware/
- if [ ! "$?" = "0" ]; then
- exit 74681
- fi
- echo 'install_atheros_wifi' >> $COMPLETION_FILE
+ if grep -Fxq "install_atheros_wifi" $COMPLETION_FILE; then
+ return
+ fi
+ if [ $INSTALLING_ON_BBB != "yes" ]; then
+ return
+ fi
+ if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then
+ return
+ fi
+ if [ -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
+ return
+ fi
+ # have drivers already been installed ?
+ if [ -f /lib/firmware/htc_9271.fw ]; then
+ return
+ fi
+ apt-get -y install build-essential cmake git m4 texinfo
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir -p $INSTALL_DIR
+ fi
+ cd $INSTALL_DIR
+ if [ ! -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
+ git_clone $ATHEROS_WIFI_REPO $INSTALL_DIR/open-ath9k-htc-firmware
+ if [ ! "$?" = "0" ]; then
+ rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
+ exit 74283
+ fi
+ fi
+ cd $INSTALL_DIR/open-ath9k-htc-firmware
+ git checkout 1.4.0
+ make toolchain
+ if [ ! "$?" = "0" ]; then
+ rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
+ exit 24820
+ fi
+ make firmware
+ if [ ! "$?" = "0" ]; then
+ rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
+ exit 63412
+ fi
+ cp target_firmware/*.fw /lib/firmware/
+ if [ ! "$?" = "0" ]; then
+ exit 74681
+ fi
+ echo 'install_atheros_wifi' >> $COMPLETION_FILE
}
function configure_avahi {
- if grep -Fxq "configure_avahi" $COMPLETION_FILE; then
- return
- fi
- # only enable avahi if we're doing mesh networking
- if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then
- return
- fi
+ if grep -Fxq "configure_avahi" $COMPLETION_FILE; then
+ return
+ fi
+ # only enable avahi if we're doing mesh networking
+ if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then
+ return
+ fi
- ${PROJECT_NAME}-mesh-install avahi
- if [ ! "$?" = "0" ]; then
- echo $'Failed to install avahi'
- exit 68442
- fi
+ ${PROJECT_NAME}-mesh-install avahi
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to install avahi'
+ exit 68442
+ fi
- if [ $DEFAULT_DOMAIN_NAME ]; then
- sed -i "s|#host-name=.*|host-name=$DEFAULT_DOMAIN_NAME|g" /etc/avahi/avahi-daemon.conf
- sed -i "s|host-name=.*|host-name=$DEFAULT_DOMAIN_NAME|g" /etc/avahi/avahi-daemon.conf
- else
- decarray=( 1 2 3 4 5 6 7 8 9 0 )
- PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
- sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
- sed -i "s|host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
- fi
+ if [ $DEFAULT_DOMAIN_NAME ]; then
+ sed -i "s|#host-name=.*|host-name=$DEFAULT_DOMAIN_NAME|g" /etc/avahi/avahi-daemon.conf
+ sed -i "s|host-name=.*|host-name=$DEFAULT_DOMAIN_NAME|g" /etc/avahi/avahi-daemon.conf
+ else
+ decarray=( 1 2 3 4 5 6 7 8 9 0 )
+ PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
+ sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
+ sed -i "s|host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
+ fi
- echo 'configure_avahi' >> $COMPLETION_FILE
+ echo 'configure_avahi' >> $COMPLETION_FILE
}
function mesh_babel {
- if grep -Fxq "mesh_babel" $COMPLETION_FILE; then
- return
- fi
- if [[ $ENABLE_BABEL != "yes" ]]; then
- return
- fi
+ if grep -Fxq "mesh_babel" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ENABLE_BABEL != "yes" ]]; then
+ return
+ fi
- ${PROJECT_NAME}-mesh-install babel
- if [ ! "$?" = "0" ]; then
- echo $'Failed to install babel'
- exit 67242
- fi
+ ${PROJECT_NAME}-mesh-install babel
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to install babel'
+ exit 67242
+ fi
- echo 'mesh_babel' >> $COMPLETION_FILE
+ echo 'mesh_babel' >> $COMPLETION_FILE
}
function mesh_batman {
- if grep -Fxq "mesh_batman" $COMPLETION_FILE; then
- return
- fi
- if [[ $ENABLE_BATMAN != "yes" ]]; then
- return
- fi
+ if grep -Fxq "mesh_batman" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ENABLE_BATMAN != "yes" ]]; then
+ return
+ fi
- ${PROJECT_NAME}-mesh-install -f batman
- if [ ! "$?" = "0" ]; then
- echo $'Failed to install batman'
- exit 72524
- fi
+ ${PROJECT_NAME}-mesh-install -f batman
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to install batman'
+ exit 72524
+ fi
- if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
- echo '=============================' >> /home/$MY_USERNAME/README
- echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README
- echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
- echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
+ echo '=============================' >> /home/$MY_USERNAME/README
+ echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README
+ echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
+ echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo 'mesh_batman' >> $COMPLETION_FILE
+ echo 'mesh_batman' >> $COMPLETION_FILE
}
function remove_instructions_from_motd {
- sed -i '/## /d' /etc/motd
+ sed -i '/## /d' /etc/motd
}
function check_hwrng {
- if [[ $HWRNG_TYPE == "beaglebone" ]]; then
- # If hardware random number generation was enabled then make sure that the device exists.
- # if /dev/hwrng is not found then any subsequent cryptographic key generation would
- # suffer from low entropy and might be insecure
- if [ ! -e /dev/hwrng ]; then
- ls /dev/hw*
- echo $'The hardware random number generator is enabled but could not be detected on'
- echo $'/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.'
- exit 75
- fi
- fi
+ if [[ $HWRNG_TYPE == "beaglebone" ]]; then
+ # If hardware random number generation was enabled then make sure that the device exists.
+ # if /dev/hwrng is not found then any subsequent cryptographic key generation would
+ # suffer from low entropy and might be insecure
+ if [ ! -e /dev/hwrng ]; then
+ ls /dev/hw*
+ echo $'The hardware random number generator is enabled but could not be detected on'
+ echo $'/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.'
+ exit 75
+ fi
+ fi
- # If a OneRNG device was installed then verify its firmware
- #check_onerng_verification
+ # If a OneRNG device was installed then verify its firmware
+ #check_onerng_verification
}
function get_mariadb_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "MariaDB password" /home/$MY_USERNAME/README; then
- if [ -f $DATABASE_PASSWORD_FILE ]; then
- MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE)
- else
- MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
- echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
- chmod 600 $DATABASE_PASSWORD_FILE
- fi
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "MariaDB password" /home/$MY_USERNAME/README; then
+ if [ -f $DATABASE_PASSWORD_FILE ]; then
+ MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE)
+ else
+ MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
+ chmod 600 $DATABASE_PASSWORD_FILE
+ fi
+ fi
+ fi
}
function get_mariadb_gnusocial_admin_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "MariaDB gnusocial admin password" /home/$MY_USERNAME/README; then
- MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- if grep -q "Microblog administrator password" /home/$MY_USERNAME/README; then
- MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Microblog administrator password" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "MariaDB gnusocial admin password" /home/$MY_USERNAME/README; then
+ MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ if grep -q "Microblog administrator password" /home/$MY_USERNAME/README; then
+ MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Microblog administrator password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
}
function get_mariadb_webmail_admin_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "MariaDB webmail admin password" /home/$MY_USERNAME/README; then
- WEBMAIL_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB webmail admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "MariaDB webmail admin password" /home/$MY_USERNAME/README; then
+ WEBMAIL_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB webmail admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
}
function get_mariadb_rss_reader_admin_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "RSS reader admin password" /home/$MY_USERNAME/README; then
- RSS_READER_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "RSS reader admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "RSS reader admin password" /home/$MY_USERNAME/README; then
+ RSS_READER_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "RSS reader admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
}
function get_mariadb_git_admin_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "Gogs admin user password" /home/$MY_USERNAME/README; then
- GIT_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Gogs admin user password" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "Gogs admin user password" /home/$MY_USERNAME/README; then
+ GIT_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Gogs admin user password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
}
function get_mariadb_hubzilla_admin_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "MariaDB Hubzilla admin password" /home/$MY_USERNAME/README; then
- HUBZILLA_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB Hubzilla admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "MariaDB Hubzilla admin password" /home/$MY_USERNAME/README; then
+ HUBZILLA_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB Hubzilla admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
}
function create_freedns_updater {
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
- # currently inadyn doesn't work as expected with freeDNS, so this is a workaround
- if grep -Fxq "create_freedns_updater" $COMPLETION_FILE; then
- return
- fi
- if [[ $DDNS_PROVIDER != "default@freedns.afraid.org" ]]; then
- return
- fi
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ # currently inadyn doesn't work as expected with freeDNS, so this is a workaround
+ if grep -Fxq "create_freedns_updater" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $DDNS_PROVIDER != "default@freedns.afraid.org" ]]; then
+ return
+ fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- FREEDNS_WGET='wget -q --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
+ FREEDNS_WGET='wget -q --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
- echo '#!/bin/bash' > /usr/bin/dynamicdns
- echo 'cd /tmp' >> /usr/bin/dynamicdns
- if [ $DEFAULT_DOMAIN_CODE ]; then
- echo "# $DEFAULT_DOMAIN_NAME" >> /usr/bin/dynamicdns
- echo "$FREEDNS_WGET$DEFAULT_DOMAIN_CODE=" >> /usr/bin/dynamicdns
- fi
- if [ $WIKI_CODE ]; then
- if [[ $WIKI_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
- echo "# $WIKI_DOMAIN_NAME" >> /usr/bin/dynamicdns
- echo "$FREEDNS_WGET$WIKI_CODE=" >> /usr/bin/dynamicdns
- fi
- fi
- if [ $FULLBLOG_CODE ]; then
- if [[ $FULLBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
- echo "# $FULLBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
- echo "$FREEDNS_WGET$FULLBLOG_CODE=" >> /usr/bin/dynamicdns
- fi
- fi
- if [ $HUBZILLA_CODE ]; then
- if [[ $HUBZILLA_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
- echo "# $HUBZILLA_DOMAIN_NAME" >> /usr/bin/dynamicdns
- echo "$FREEDNS_WGET$HUBZILLA_CODE=" >> /usr/bin/dynamicdns
- fi
- fi
- if [ $MICROBLOG_CODE ]; then
- if [[ $MICROBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
- echo "# $MICROBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
- echo "$FREEDNS_WGET$MICROBLOG_CODE=" >> /usr/bin/dynamicdns
- fi
- fi
- if [ $GIT_CODE ]; then
- if [[ $GIT_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
- echo "# $GIT_DOMAIN_NAME" >> /usr/bin/dynamicdns
- echo "$FREEDNS_WGET$GIT_CODE=" >> /usr/bin/dynamicdns
- fi
- fi
- if [ $MEDIAGOBLIN_CODE ]; then
- if [[ $MEDIAGOBLIN_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
- echo "# $MEDIAGOBLIN_DOMAIN_NAME" >> /usr/bin/dynamicdns
- echo "$FREEDNS_WGET$MEDIAGOBLIN_CODE=" >> /usr/bin/dynamicdns
- fi
- fi
- echo 'exit 0' >> /usr/bin/dynamicdns
- chmod 600 /usr/bin/dynamicdns
- chmod +x /usr/bin/dynamicdns
+ echo '#!/bin/bash' > /usr/bin/dynamicdns
+ echo 'cd /tmp' >> /usr/bin/dynamicdns
+ if [ $DEFAULT_DOMAIN_CODE ]; then
+ echo "# $DEFAULT_DOMAIN_NAME" >> /usr/bin/dynamicdns
+ echo "$FREEDNS_WGET$DEFAULT_DOMAIN_CODE=" >> /usr/bin/dynamicdns
+ fi
+ if [ $WIKI_CODE ]; then
+ if [[ $WIKI_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
+ echo "# $WIKI_DOMAIN_NAME" >> /usr/bin/dynamicdns
+ echo "$FREEDNS_WGET$WIKI_CODE=" >> /usr/bin/dynamicdns
+ fi
+ fi
+ if [ $FULLBLOG_CODE ]; then
+ if [[ $FULLBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
+ echo "# $FULLBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
+ echo "$FREEDNS_WGET$FULLBLOG_CODE=" >> /usr/bin/dynamicdns
+ fi
+ fi
+ if [ $HUBZILLA_CODE ]; then
+ if [[ $HUBZILLA_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
+ echo "# $HUBZILLA_DOMAIN_NAME" >> /usr/bin/dynamicdns
+ echo "$FREEDNS_WGET$HUBZILLA_CODE=" >> /usr/bin/dynamicdns
+ fi
+ fi
+ if [ $MICROBLOG_CODE ]; then
+ if [[ $MICROBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
+ echo "# $MICROBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
+ echo "$FREEDNS_WGET$MICROBLOG_CODE=" >> /usr/bin/dynamicdns
+ fi
+ fi
+ if [ $GIT_CODE ]; then
+ if [[ $GIT_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
+ echo "# $GIT_DOMAIN_NAME" >> /usr/bin/dynamicdns
+ echo "$FREEDNS_WGET$GIT_CODE=" >> /usr/bin/dynamicdns
+ fi
+ fi
+ if [ $MEDIAGOBLIN_CODE ]; then
+ if [[ $MEDIAGOBLIN_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
+ echo "# $MEDIAGOBLIN_DOMAIN_NAME" >> /usr/bin/dynamicdns
+ echo "$FREEDNS_WGET$MEDIAGOBLIN_CODE=" >> /usr/bin/dynamicdns
+ fi
+ fi
+ echo 'exit 0' >> /usr/bin/dynamicdns
+ chmod 600 /usr/bin/dynamicdns
+ chmod +x /usr/bin/dynamicdns
- if ! grep -q "/usr/bin/dynamicdns" /etc/crontab; then
- echo '*/3 * * * * root /usr/bin/dynamicdns' >> /etc/crontab
- systemctl restart cron
- fi
+ if ! grep -q "/usr/bin/dynamicdns" /etc/crontab; then
+ echo '*/3 * * * * root /usr/bin/dynamicdns' >> /etc/crontab
+ systemctl restart cron
+ fi
- echo 'create_freedns_updater' >> $COMPLETION_FILE
+ echo 'create_freedns_updater' >> $COMPLETION_FILE
}
function backup_to_friends_servers {
- # update crontab
- echo '#!/bin/bash' > /etc/cron.daily/backuptofriends
- echo "if [ -f /usr/local/bin/${PROJECT_NAME}-backup-remote ]; then" >> /etc/cron.daily/backuptofriends
- echo " /usr/local/bin/${PROJECT_NAME}-backup-remote" >> /etc/cron.daily/backuptofriends
- echo 'else' >> /etc/cron.daily/backuptofriends
- echo " /usr/bin/${PROJECT_NAME}-backup-remote" >> /etc/cron.daily/backuptofriends
- echo 'fi' >> /etc/cron.daily/backuptofriends
- chmod +x /etc/cron.daily/backuptofriends
+ # update crontab
+ echo '#!/bin/bash' > /etc/cron.daily/backuptofriends
+ echo "if [ -f /usr/local/bin/${PROJECT_NAME}-backup-remote ]; then" >> /etc/cron.daily/backuptofriends
+ echo " /usr/local/bin/${PROJECT_NAME}-backup-remote" >> /etc/cron.daily/backuptofriends
+ echo 'else' >> /etc/cron.daily/backuptofriends
+ echo " /usr/bin/${PROJECT_NAME}-backup-remote" >> /etc/cron.daily/backuptofriends
+ echo 'fi' >> /etc/cron.daily/backuptofriends
+ chmod +x /etc/cron.daily/backuptofriends
}
function remove_default_user {
- # make sure you don't use the default user account
- if [[ $MY_USERNAME == "debian" ]]; then
- echo 'Do not use the default debian user account. Create a different user with: adduser [username]'
- exit 68
- fi
- # remove the default debian user to prevent it from becoming an attack vector
- if [ -d /home/debian ]; then
- userdel -r debian
- echo 'Default debian user account removed'
- fi
+ # make sure you don't use the default user account
+ if [[ $MY_USERNAME == "debian" ]]; then
+ echo 'Do not use the default debian user account. Create a different user with: adduser [username]'
+ exit 68
+ fi
+ # remove the default debian user to prevent it from becoming an attack vector
+ if [ -d /home/debian ]; then
+ userdel -r debian
+ echo 'Default debian user account removed'
+ fi
}
function enforce_good_passwords {
- # because humans are generally bad at choosing passwords
- if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install libpam-cracklib
+ # because humans are generally bad at choosing passwords
+ if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install libpam-cracklib
- sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
- echo 'enforce_good_passwords' >> $COMPLETION_FILE
+ sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
+ echo 'enforce_good_passwords' >> $COMPLETION_FILE
}
function change_login_message {
- if grep -Fxq "change_login_message" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "change_login_message" $COMPLETION_FILE; then
+ return
+ fi
- # remove automatic motd creator if it exists
- if [ -f /etc/init.d/motd ]; then
- rm -f /etc/init.d/motd
- fi
+ # remove automatic motd creator if it exists
+ if [ -f /etc/init.d/motd ]; then
+ rm -f /etc/init.d/motd
+ fi
- echo '' > /etc/motd
- echo ".---. . . " >> /etc/motd
- echo "| | | " >> /etc/motd
- echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd
- echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd
- echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd
+ echo '' > /etc/motd
+ echo ".---. . . " >> /etc/motd
+ echo "| | | " >> /etc/motd
+ echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd
+ echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd
+ echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd
- if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
- echo $' M A I L B O X E D I T I O N' >> /etc/motd
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
+ echo $' M A I L B O X E D I T I O N' >> /etc/motd
+ fi
- if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
- echo $' S O C I A L E D I T I O N' >> /etc/motd
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
+ echo $' S O C I A L E D I T I O N' >> /etc/motd
+ fi
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
- echo $' C H A T E D I T I O N' >> /etc/motd
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
+ echo $' C H A T E D I T I O N' >> /etc/motd
+ fi
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
- echo $' C L O U D E D I T I O N' >> /etc/motd
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
+ echo $' C L O U D E D I T I O N' >> /etc/motd
+ fi
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then
- echo $' W R I T E R E D I T I O N ' >> /etc/motd
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then
+ echo $' W R I T E R E D I T I O N ' >> /etc/motd
+ fi
- if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
- echo $' M E D I A E D I T I O N' >> /etc/motd
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
+ echo $' M E D I A E D I T I O N' >> /etc/motd
+ fi
- if [[ $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
- echo $' D E V E L O P E R E D I T I O N' >> /etc/motd
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
+ echo $' D E V E L O P E R E D I T I O N' >> /etc/motd
+ fi
- echo '' >> /etc/motd
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- echo $' Freedom in the Cloud' >> /etc/motd
- else
- echo $' Freedom in the Mesh' >> /etc/motd
- fi
- echo '' >> /etc/motd
- echo 'change_login_message' >> $COMPLETION_FILE
+ echo '' >> /etc/motd
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ echo $' Freedom in the Cloud' >> /etc/motd
+ else
+ echo $' Freedom in the Mesh' >> /etc/motd
+ fi
+ echo '' >> /etc/motd
+ echo 'change_login_message' >> $COMPLETION_FILE
}
function search_for_attached_usb_drive {
- # If a USB drive is attached then search for email,
- # gpg, ssh keys and emacs configuration
- if grep -Fxq "search_for_attached_usb_drive" $COMPLETION_FILE; then
- return
- fi
- if [ -b $USB_DRIVE ]; then
- if [ ! -d $USB_MOUNT ]; then
- echo $'Mounting USB drive'
- mkdir $USB_MOUNT
- mount $USB_DRIVE $USB_MOUNT
- fi
- if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
- if [ -d $USB_MOUNT/Maildir ]; then
- echo $'Maildir found on USB drive'
- IMPORT_MAILDIR=$USB_MOUNT/Maildir
- fi
- if [ -d $USB_MOUNT/.gnupg ]; then
- echo $'Importing GPG keyring'
- cp -r $USB_MOUNT/.gnupg /home/$MY_USERNAME
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
- GPG_KEYS_IMPORTED="yes"
- if [ ! -f /home/$MY_USERNAME/.gnupg/secring.gpg ]; then
- echo $'GPG files did not copy'
- exit 73529
- fi
- fi
+ # If a USB drive is attached then search for email,
+ # gpg, ssh keys and emacs configuration
+ if grep -Fxq "search_for_attached_usb_drive" $COMPLETION_FILE; then
+ return
+ fi
+ if [ -b $USB_DRIVE ]; then
+ if [ ! -d $USB_MOUNT ]; then
+ echo $'Mounting USB drive'
+ mkdir $USB_MOUNT
+ mount $USB_DRIVE $USB_MOUNT
+ fi
+ if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
+ if [ -d $USB_MOUNT/Maildir ]; then
+ echo $'Maildir found on USB drive'
+ IMPORT_MAILDIR=$USB_MOUNT/Maildir
+ fi
+ if [ -d $USB_MOUNT/.gnupg ]; then
+ echo $'Importing GPG keyring'
+ cp -r $USB_MOUNT/.gnupg /home/$MY_USERNAME
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
+ GPG_KEYS_IMPORTED="yes"
+ if [ ! -f /home/$MY_USERNAME/.gnupg/secring.gpg ]; then
+ echo $'GPG files did not copy'
+ exit 73529
+ fi
+ fi
- if [ -f $USB_MOUNT/.procmailrc ]; then
- echo $'Importing procmail settings'
- cp $USB_MOUNT/.procmailrc /home/$MY_USERNAME
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
- fi
+ if [ -f $USB_MOUNT/.procmailrc ]; then
+ echo $'Importing procmail settings'
+ cp $USB_MOUNT/.procmailrc /home/$MY_USERNAME
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
+ fi
- if [ -f $USB_MOUNT/private_key.gpg ]; then
- echo $'GPG private key found on USB drive'
- MY_GPG_PRIVATE_KEY=$USB_MOUNT/private_key.gpg
- fi
- if [ -f $USB_MOUNT/public_key.gpg ]; then
- echo $'GPG public key found on USB drive'
- MY_GPG_PUBLIC_KEY=$USB_MOUNT/public_key.gpg
- fi
- fi
- if [ -d $USB_MOUNT/prosody ]; then
- if [ ! -d $XMPP_DIRECTORY ]; then
- mkdir $XMPP_DIRECTORY
- fi
- cp -r $USB_MOUNT/prosody/* $XMPP_DIRECTORY
- chown -R prosody:prosody $XMPP_DIRECTORY
- fi
- if [ -d $USB_MOUNT/.ssh ]; then
- echo $'Importing ssh keys'
- cp -r $USB_MOUNT/.ssh /home/$MY_USERNAME
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
- # for security delete the ssh keys from the usb drive
- if [ ! -f /home/$MY_USERNAME/.ssh/id_rsa ]; then
- echo $'ssh files did not copy'
- exit 8
- fi
- fi
- if [ -f $USB_MOUNT/.emacs ]; then
- echo $'Importing .emacs file'
- cp -f $USB_MOUNT/.emacs /home/$MY_USERNAME/.emacs
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
- fi
- if [ -d $USB_MOUNT/.emacs.d ]; then
- echo $'Importing .emacs.d directory'
- cp -r $USB_MOUNT/.emacs.d /home/$MY_USERNAME
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs.d
- fi
- if [ -d $USB_MOUNT/ssl ]; then
- echo $'Importing SSL certificates'
- cp -r $USB_MOUNT/ssl/* /etc/ssl
- chmod 640 /etc/ssl/certs/*
- chmod 400 /etc/ssl/private/*
- # change ownership of some certificates
- if [ -d /etc/prosody ]; then
- chown prosody:prosody /etc/ssl/private/xmpp.*
- chown prosody:prosody /etc/ssl/certs/xmpp.*
- fi
- if [ -d /etc/dovecot ]; then
- chown root:dovecot /etc/ssl/certs/dovecot.*
- chown root:dovecot /etc/ssl/private/dovecot.*
- fi
- if [ -f /etc/ssl/private/exim.key ]; then
- cp /etc/ssl/private/exim.key /etc/exim4
- cp /etc/ssl/certs/exim.crt /etc/exim4
- cp /etc/ssl/certs/exim.dhparam /etc/exim4
- chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
- chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
- fi
- fi
- if [ -d $USB_MOUNT/personal ]; then
- echo $'Importing personal directory'
- cp -r $USB_MOUNT/personal /home/$MY_USERNAME
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/personal
- fi
- else
- if [ -d $USB_MOUNT ]; then
- umount $USB_MOUNT
- rm -rf $USB_MOUNT
- fi
- echo $'No USB drive attached'
- fi
- echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE
+ if [ -f $USB_MOUNT/private_key.gpg ]; then
+ echo $'GPG private key found on USB drive'
+ MY_GPG_PRIVATE_KEY=$USB_MOUNT/private_key.gpg
+ fi
+ if [ -f $USB_MOUNT/public_key.gpg ]; then
+ echo $'GPG public key found on USB drive'
+ MY_GPG_PUBLIC_KEY=$USB_MOUNT/public_key.gpg
+ fi
+ fi
+ if [ -d $USB_MOUNT/prosody ]; then
+ if [ ! -d $XMPP_DIRECTORY ]; then
+ mkdir $XMPP_DIRECTORY
+ fi
+ cp -r $USB_MOUNT/prosody/* $XMPP_DIRECTORY
+ chown -R prosody:prosody $XMPP_DIRECTORY
+ fi
+ if [ -d $USB_MOUNT/.ssh ]; then
+ echo $'Importing ssh keys'
+ cp -r $USB_MOUNT/.ssh /home/$MY_USERNAME
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
+ # for security delete the ssh keys from the usb drive
+ if [ ! -f /home/$MY_USERNAME/.ssh/id_rsa ]; then
+ echo $'ssh files did not copy'
+ exit 8
+ fi
+ fi
+ if [ -f $USB_MOUNT/.emacs ]; then
+ echo $'Importing .emacs file'
+ cp -f $USB_MOUNT/.emacs /home/$MY_USERNAME/.emacs
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
+ fi
+ if [ -d $USB_MOUNT/.emacs.d ]; then
+ echo $'Importing .emacs.d directory'
+ cp -r $USB_MOUNT/.emacs.d /home/$MY_USERNAME
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs.d
+ fi
+ if [ -d $USB_MOUNT/ssl ]; then
+ echo $'Importing SSL certificates'
+ cp -r $USB_MOUNT/ssl/* /etc/ssl
+ chmod 640 /etc/ssl/certs/*
+ chmod 400 /etc/ssl/private/*
+ # change ownership of some certificates
+ if [ -d /etc/prosody ]; then
+ chown prosody:prosody /etc/ssl/private/xmpp.*
+ chown prosody:prosody /etc/ssl/certs/xmpp.*
+ fi
+ if [ -d /etc/dovecot ]; then
+ chown root:dovecot /etc/ssl/certs/dovecot.*
+ chown root:dovecot /etc/ssl/private/dovecot.*
+ fi
+ if [ -f /etc/ssl/private/exim.key ]; then
+ cp /etc/ssl/private/exim.key /etc/exim4
+ cp /etc/ssl/certs/exim.crt /etc/exim4
+ cp /etc/ssl/certs/exim.dhparam /etc/exim4
+ chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
+ chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
+ fi
+ fi
+ if [ -d $USB_MOUNT/personal ]; then
+ echo $'Importing personal directory'
+ cp -r $USB_MOUNT/personal /home/$MY_USERNAME
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/personal
+ fi
+ else
+ if [ -d $USB_MOUNT ]; then
+ umount $USB_MOUNT
+ rm -rf $USB_MOUNT
+ fi
+ echo $'No USB drive attached'
+ fi
+ echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE
}
function create_repo_sources {
- if grep -Fxq "create_repo_sources" $COMPLETION_FILE; then
- return
- fi
- rm -rf /var/lib/apt/lists/*
- apt-get clean
+ if grep -Fxq "create_repo_sources" $COMPLETION_FILE; then
+ return
+ fi
+ rm -rf /var/lib/apt/lists/*
+ apt-get clean
- echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main" > /etc/apt/sources.list
- echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main" >> /etc/apt/sources.list
- echo '' >> /etc/apt/sources.list
- echo "deb http://security.debian.org/ ${DEBIAN_VERSION}/updates main" >> /etc/apt/sources.list
- echo "deb-src http://security.debian.org/ ${DEBIAN_VERSION}/updates main" >> /etc/apt/sources.list
- echo '' >> /etc/apt/sources.list
- echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main" >> /etc/apt/sources.list
- echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main" >> /etc/apt/sources.list
- echo '' >> /etc/apt/sources.list
- echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> /etc/apt/sources.list
- echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> /etc/apt/sources.list
+ echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main" > /etc/apt/sources.list
+ echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main" >> /etc/apt/sources.list
+ echo '' >> /etc/apt/sources.list
+ echo "deb http://security.debian.org/ ${DEBIAN_VERSION}/updates main" >> /etc/apt/sources.list
+ echo "deb-src http://security.debian.org/ ${DEBIAN_VERSION}/updates main" >> /etc/apt/sources.list
+ echo '' >> /etc/apt/sources.list
+ echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main" >> /etc/apt/sources.list
+ echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main" >> /etc/apt/sources.list
+ echo '' >> /etc/apt/sources.list
+ echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> /etc/apt/sources.list
+ echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> /etc/apt/sources.list
- apt-get update
- apt-get -y install apt-transport-https
+ apt-get update
+ apt-get -y install apt-transport-https
- echo 'create_repo_sources' >> $COMPLETION_FILE
+ echo 'create_repo_sources' >> $COMPLETION_FILE
}
function initial_setup {
- if grep -Fxq "initial_setup" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "initial_setup" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y remove --purge apache*
- apt-get -y dist-upgrade
- apt-get -y install ca-certificates emacs24 cpulimit
- apt-get -y install cryptsetup libgfshare-bin obnam sshpass wget
- apt-get -y install avahi-daemon avahi-utils avahi-discover
- apt-get -y install connect-proxy
+ apt-get -y remove --purge apache*
+ apt-get -y dist-upgrade
+ apt-get -y install ca-certificates emacs24 cpulimit
+ apt-get -y install cryptsetup libgfshare-bin obnam sshpass wget
+ apt-get -y install avahi-daemon avahi-utils avahi-discover
+ apt-get -y install connect-proxy
- if [ ! -d $INSTALL_DIR ]; then
- mkdir -p $INSTALL_DIR
- fi
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir -p $INSTALL_DIR
+ fi
- echo 'initial_setup' >> $COMPLETION_FILE
+ echo 'initial_setup' >> $COMPLETION_FILE
}
function allow_ssh_to_onion_address {
- if [ ! -d /home/$MY_USERNAME/.ssh ]; then
- mkdir /home/$MY_USERNAME/.ssh
- fi
- if [ ! -d /etc/tor ]; then
- echo $'Tor not found when updating ssh'
- exit 528257
- fi
- if ! grep -q "onion" /home/$MY_USERNAME/.ssh/config; then
- echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
- echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
- fi
+ if [ ! -d /home/$MY_USERNAME/.ssh ]; then
+ mkdir /home/$MY_USERNAME/.ssh
+ fi
+ if [ ! -d /etc/tor ]; then
+ echo $'Tor not found when updating ssh'
+ exit 528257
+ fi
+ if ! grep -q "onion" /home/$MY_USERNAME/.ssh/config; then
+ echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
+ echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
+ fi
}
function install_tor {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "install_tor" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install tor
- if [ ! -f /etc/tor/torrc ]; then
- echo 'Tor failed to install'
- exit 38259
- fi
- echo 'install_tor' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "install_tor" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install tor
+ if [ ! -f /etc/tor/torrc ]; then
+ echo 'Tor failed to install'
+ exit 38259
+ fi
+ echo 'install_tor' >> $COMPLETION_FILE
}
function resolve_dns_via_tor {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "resolve_dns_via_tor" $COMPLETION_FILE; then
- return
- fi
- if [ ! -f /etc/tor/torrc ]; then
- echo $'tor was not installed'
- exit 52952
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "resolve_dns_via_tor" $COMPLETION_FILE; then
+ return
+ fi
+ if [ ! -f /etc/tor/torrc ]; then
+ echo $'tor was not installed'
+ exit 52952
+ fi
- # resolve DNS via tor
- if ! grep 'DNSPort 53' /etc/tor/torrc; then
- echo 'DNSPort 53' >> /etc/tor/torrc
- echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
- echo 'AutomapHostsSuffixes .exit,.onion' >> /etc/tor/torrc
- systemctl restart tor
- fi
+ # resolve DNS via tor
+ if ! grep 'DNSPort 53' /etc/tor/torrc; then
+ echo 'DNSPort 53' >> /etc/tor/torrc
+ echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
+ echo 'AutomapHostsSuffixes .exit,.onion' >> /etc/tor/torrc
+ systemctl restart tor
+ fi
- # don't change resolv.conf
- sed -i 's|, domain-name-servers||g' /etc/dhcp/dhclient.conf
+ # don't change resolv.conf
+ sed -i 's|, domain-name-servers||g' /etc/dhcp/dhclient.conf
- # point resolv.conf to tor
- echo 'nameserver 127.0.0.1:53' > /etc/resolv.conf
+ # point resolv.conf to tor
+ echo 'nameserver 127.0.0.1:53' > /etc/resolv.conf
- # prevent resolv.conf from changing
- chattr +i /etc/resolv.conf
+ # prevent resolv.conf from changing
+ chattr +i /etc/resolv.conf
- echo 'resolve_dns_via_tor' >> $COMPLETION_FILE
+ echo 'resolve_dns_via_tor' >> $COMPLETION_FILE
}
function enable_ssh_via_onion {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "enable_ssh_via_onion" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install tor connect-proxy
- if ! grep -q 'Host *.onion' /home/$MY_USERNAME/.ssh/config; then
- if [ ! -d /home/$MY_USERNAME/.ssh ]; then
- mkdir /home/$MY_USERNAME/.ssh
- fi
- echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
- echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh/config
- fi
- if ! grep -q 'Host *.onion' /root/.ssh/config; then
- if [ ! -d /root/.ssh ]; then
- mkdir /root/.ssh
- fi
- echo 'Host *.onion' >> /root/.ssh/config
- echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /root/.ssh/config
- fi
- echo 'enable_ssh_via_onion' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "enable_ssh_via_onion" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install tor connect-proxy
+ if ! grep -q 'Host *.onion' /home/$MY_USERNAME/.ssh/config; then
+ if [ ! -d /home/$MY_USERNAME/.ssh ]; then
+ mkdir /home/$MY_USERNAME/.ssh
+ fi
+ echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
+ echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh/config
+ fi
+ if ! grep -q 'Host *.onion' /root/.ssh/config; then
+ if [ ! -d /root/.ssh ]; then
+ mkdir /root/.ssh
+ fi
+ echo 'Host *.onion' >> /root/.ssh/config
+ echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /root/.ssh/config
+ fi
+ echo 'enable_ssh_via_onion' >> $COMPLETION_FILE
}
function install_editor {
- if grep -Fxq "install_editor" $COMPLETION_FILE; then
- return
- fi
- update-alternatives --set editor /usr/bin/emacs24
+ if grep -Fxq "install_editor" $COMPLETION_FILE; then
+ return
+ fi
+ update-alternatives --set editor /usr/bin/emacs24
- # A minimal emacs configuration
- #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
- #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
- #echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
- echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
- echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
- echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs
- echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
- echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
- echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
- echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
- echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
- echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
- echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
- echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
- echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
- echo '' >> /home/$MY_USERNAME/.emacs
- echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
- echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
- cp /home/$MY_USERNAME/.emacs /root/.emacs
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
+ # A minimal emacs configuration
+ #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
+ #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
+ #echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
+ echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
+ echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
+ echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs
+ echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
+ echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
+ echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
+ echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
+ echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
+ echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
+ echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
+ echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
+ echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
+ echo '' >> /home/$MY_USERNAME/.emacs
+ echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
+ echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
+ cp /home/$MY_USERNAME/.emacs /root/.emacs
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
- echo 'install_editor' >> $COMPLETION_FILE
+ echo 'install_editor' >> $COMPLETION_FILE
}
function enable_zram {
- if grep -Fxq "enable_zram" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "enable_zram" $COMPLETION_FILE; then
+ return
+ fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
- ${PROJECT_NAME}-zram off
- return
- fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
+ ${PROJECT_NAME}-zram off
+ return
+ fi
- ${PROJECT_NAME}-zram on
+ ${PROJECT_NAME}-zram on
- echo 'enable_zram' >> $COMPLETION_FILE
+ echo 'enable_zram' >> $COMPLETION_FILE
}
function check_onerng_verification {
- if grep -Fxq "check_onerng_verification" $COMPLETION_FILE; then
- return
- fi
- if [[ $HWRNG_TYPE != "onerng" ]]; then
- return
- fi
- echo $'Checking OneRNG firmware verification'
- last_onerng_validation=$(cat /var/log/syslog.1 | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
- if [[ $last_onerng_validation != *"passed OK"* ]]; then
- last_onerng_validation=$(cat /var/log/syslog | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
- if [[ $last_onerng_validation != *"passed OK"* ]]; then
- echo $last_onerng_validation
- echo $'OneRNG firmware verification failed'
- exit 735026
- fi
- fi
- echo $'OneRNG firmware verification passed'
- # if haveged was previously installed then remove it
- apt-get -y remove haveged
- echo 'check_onerng_verification' >> $COMPLETION_FILE
+ if grep -Fxq "check_onerng_verification" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $HWRNG_TYPE != "onerng" ]]; then
+ return
+ fi
+ echo $'Checking OneRNG firmware verification'
+ last_onerng_validation=$(cat /var/log/syslog.1 | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
+ if [[ $last_onerng_validation != *"passed OK"* ]]; then
+ last_onerng_validation=$(cat /var/log/syslog | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
+ if [[ $last_onerng_validation != *"passed OK"* ]]; then
+ echo $last_onerng_validation
+ echo $'OneRNG firmware verification failed'
+ exit 735026
+ fi
+ fi
+ echo $'OneRNG firmware verification passed'
+ # if haveged was previously installed then remove it
+ apt-get -y remove haveged
+ echo 'check_onerng_verification' >> $COMPLETION_FILE
}
function install_onerng {
- apt-get -y install rng-tools at python-gnupg
+ apt-get -y install rng-tools at python-gnupg
- # Move to the installation directory
- if [ ! -d $INSTALL_DIR ]; then
- mkdir $INSTALL_DIR
- fi
- cd $INSTALL_DIR
+ # Move to the installation directory
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir $INSTALL_DIR
+ fi
+ cd $INSTALL_DIR
- # Download the package
- if [ ! -f $ONERNG_PACKAGE ]; then
- wget $ONERNG_PACKAGE_DOWNLOAD
- mv "$ONERNG_PACKAGE?raw=true" $ONERNG_PACKAGE
- fi
- if [ ! -f $ONERNG_PACKAGE ]; then
- echo $"OneRNG package could not be downloaded"
- exit 59249
- fi
+ # Download the package
+ if [ ! -f $ONERNG_PACKAGE ]; then
+ wget $ONERNG_PACKAGE_DOWNLOAD
+ mv "$ONERNG_PACKAGE?raw=true" $ONERNG_PACKAGE
+ fi
+ if [ ! -f $ONERNG_PACKAGE ]; then
+ echo $"OneRNG package could not be downloaded"
+ exit 59249
+ fi
- # Check the hash
- hash=$(sha256sum $ONERNG_PACKAGE | awk -F ' ' '{print $1}')
- if [[ $hash != $ONERNG_PACKAGE_HASH ]]; then
- echo $"OneRNG package: $ONERNG_PACKAGE"
- echo $"Hash does not match. This could indicate that the package has been tampered with."
- echo $"OneRNG expected package hash: $ONERNG_PACKAGE_HASH"
- echo $"OneRNG actual hash: $hash"
- exit 25934
- fi
+ # Check the hash
+ hash=$(sha256sum $ONERNG_PACKAGE | awk -F ' ' '{print $1}')
+ if [[ $hash != $ONERNG_PACKAGE_HASH ]]; then
+ echo $"OneRNG package: $ONERNG_PACKAGE"
+ echo $"Hash does not match. This could indicate that the package has been tampered with."
+ echo $"OneRNG expected package hash: $ONERNG_PACKAGE_HASH"
+ echo $"OneRNG actual hash: $hash"
+ exit 25934
+ fi
- # install the package
- dpkg -i $ONERNG_PACKAGE
+ # install the package
+ dpkg -i $ONERNG_PACKAGE
- # Check that the install worked
- if [ ! -f /etc/onerng.conf ]; then
- echo $'OneRNG configuration file not found. The package may not have installed successfully.'
- exit 42904
- fi
+ # Check that the install worked
+ if [ ! -f /etc/onerng.conf ]; then
+ echo $'OneRNG configuration file not found. The package may not have installed successfully.'
+ exit 42904
+ fi
- dialog --title $"OneRNG Device" \
- --msgbox $"Please plug in the OneRNG device" 6 40
+ dialog --title $"OneRNG Device" \
+ --msgbox $"Please plug in the OneRNG device" 6 40
- # check rng-tools configuration
- if ! grep -q "/dev/$ONERNG_DEVICE" /etc/default/rng-tools; then
- echo "HRNGDEVICE=/dev/$ONERNG_DEVICE" >> /etc/default/rng-tools
- fi
+ # check rng-tools configuration
+ if ! grep -q "/dev/$ONERNG_DEVICE" /etc/default/rng-tools; then
+ echo "HRNGDEVICE=/dev/$ONERNG_DEVICE" >> /etc/default/rng-tools
+ fi
- systemctl restart rng-tools
+ systemctl restart rng-tools
}
function random_number_generator {
- if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # it is assumed that docker uses the random number
- # generator of the host system
- return
- fi
+ if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # it is assumed that docker uses the random number
+ # generator of the host system
+ return
+ fi
- # if the hrng type has not been set but /dev/hwrng is detected
- if [[ $HWRNG_TYPE != "beaglebone" ]]; then
- if [ -e /dev/hwrng ]; then
- HWRNG_TYPE="beaglebone"
- fi
- fi
+ # if the hrng type has not been set but /dev/hwrng is detected
+ if [[ $HWRNG_TYPE != "beaglebone" ]]; then
+ if [ -e /dev/hwrng ]; then
+ HWRNG_TYPE="beaglebone"
+ fi
+ fi
- case $HWRNG_TYPE in
- beaglebone)
- apt-get -y install rng-tools
- sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
- ;;
- onerng)
- install_onerng
- ;;
- *)
- apt-get -y install haveged
- ;;
- esac
+ case $HWRNG_TYPE in
+ beaglebone)
+ apt-get -y install rng-tools
+ sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
+ ;;
+ onerng)
+ install_onerng
+ ;;
+ *)
+ apt-get -y install haveged
+ ;;
+ esac
- echo 'random_number_generator' >> $COMPLETION_FILE
+ echo 'random_number_generator' >> $COMPLETION_FILE
}
function configure_ssh {
- if grep -Fxq "configure_ssh" $COMPLETION_FILE; then
- return
- fi
- sed -i "s/Port .*/Port $SSH_PORT/g" /etc/ssh/sshd_config
- sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
- sed -i 's/X11Forwarding.*/X11Forwarding no/g' /etc/ssh/sshd_config
- sed -i 's/ServerKeyBits.*/ServerKeyBits 4096/g' /etc/ssh/sshd_config
- sed -i 's/TCPKeepAlive.*/TCPKeepAlive no/g' /etc/ssh/sshd_config
- sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config
- sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config
- if ! grep -q 'DebianBanner' /etc/ssh/sshd_config; then
- echo 'DebianBanner no' >> /etc/ssh/sshd_config
- else
- sed -i 's|DebianBanner.*|DebianBanner no|g' /etc/ssh/sshd_config
- fi
- if grep -q 'ClientAliveInterval' /etc/ssh/sshd_config; then
- sed -i 's/ClientAliveInterval.*/ClientAliveInterval 60/g' /etc/ssh/sshd_config
- else
- echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config
- fi
- if grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config; then
- sed -i 's/ClientAliveCountMax.*/ClientAliveCountMax 3/g' /etc/ssh/sshd_config
- else
- echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config
- fi
- if grep -q 'Ciphers' /etc/ssh/sshd_config; then
- sed -i "s|Ciphers.*|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config
- else
- echo "Ciphers $SSH_CIPHERS" >> /etc/ssh/sshd_config
- fi
- if grep -q 'MACs' /etc/ssh/sshd_config; then
- sed -i "s|MACs.*|MACs $SSH_MACS|g" /etc/ssh/sshd_config
- else
- echo "MACs $SSH_MACS" >> /etc/ssh/sshd_config
- fi
- if grep -q 'KexAlgorithms' /etc/ssh/sshd_config; then
- sed -i "s|KexAlgorithms.*|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config
- else
- echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config
- fi
+ if grep -Fxq "configure_ssh" $COMPLETION_FILE; then
+ return
+ fi
+ sed -i "s/Port .*/Port $SSH_PORT/g" /etc/ssh/sshd_config
+ sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
+ sed -i 's/X11Forwarding.*/X11Forwarding no/g' /etc/ssh/sshd_config
+ sed -i 's/ServerKeyBits.*/ServerKeyBits 4096/g' /etc/ssh/sshd_config
+ sed -i 's/TCPKeepAlive.*/TCPKeepAlive no/g' /etc/ssh/sshd_config
+ sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config
+ sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config
+ if ! grep -q 'DebianBanner' /etc/ssh/sshd_config; then
+ echo 'DebianBanner no' >> /etc/ssh/sshd_config
+ else
+ sed -i 's|DebianBanner.*|DebianBanner no|g' /etc/ssh/sshd_config
+ fi
+ if grep -q 'ClientAliveInterval' /etc/ssh/sshd_config; then
+ sed -i 's/ClientAliveInterval.*/ClientAliveInterval 60/g' /etc/ssh/sshd_config
+ else
+ echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config
+ fi
+ if grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config; then
+ sed -i 's/ClientAliveCountMax.*/ClientAliveCountMax 3/g' /etc/ssh/sshd_config
+ else
+ echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config
+ fi
+ if grep -q 'Ciphers' /etc/ssh/sshd_config; then
+ sed -i "s|Ciphers.*|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config
+ else
+ echo "Ciphers $SSH_CIPHERS" >> /etc/ssh/sshd_config
+ fi
+ if grep -q 'MACs' /etc/ssh/sshd_config; then
+ sed -i "s|MACs.*|MACs $SSH_MACS|g" /etc/ssh/sshd_config
+ else
+ echo "MACs $SSH_MACS" >> /etc/ssh/sshd_config
+ fi
+ if grep -q 'KexAlgorithms' /etc/ssh/sshd_config; then
+ sed -i "s|KexAlgorithms.*|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config
+ else
+ echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config
+ fi
- apt-get -y install fail2ban
- echo 'configure_ssh' >> $COMPLETION_FILE
+ apt-get -y install fail2ban
+ echo 'configure_ssh' >> $COMPLETION_FILE
}
function configure_ssh_onion {
- if grep -Fxq "configure_ssh_onion" $COMPLETION_FILE; then
- return
- fi
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ if grep -Fxq "configure_ssh_onion" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- SSH_ONION_HOSTNAME=$(add_onion_service ssh ${SSH_PORT} ${SSH_PORT})
+ SSH_ONION_HOSTNAME=$(add_onion_service ssh ${SSH_PORT} ${SSH_PORT})
- if ! grep -q "ssh onion domain" $COMPLETION_FILE; then
- echo "ssh onion domain:${SSH_ONION_HOSTNAME}" >> $COMPLETION_FILE
- else
- sed -i "s|ssh onion domain.*|ssh onion domain:${SSH_ONION_HOSTNAME}|g" $COMPLETION_FILE
- fi
+ if ! grep -q "ssh onion domain" $COMPLETION_FILE; then
+ echo "ssh onion domain:${SSH_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ else
+ sed -i "s|ssh onion domain.*|ssh onion domain:${SSH_ONION_HOSTNAME}|g" $COMPLETION_FILE
+ fi
- echo 'configure_ssh_onion' >> $COMPLETION_FILE
+ echo 'configure_ssh_onion' >> $COMPLETION_FILE
}
# see https://stribika.github.io/2015/01/04/secure-secure-shell.html
function ssh_remove_small_moduli {
- awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
- mv ~/moduli /etc/ssh/moduli
+ awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
+ mv ~/moduli /etc/ssh/moduli
}
function configure_ssh_client {
- if grep -Fxq "configure_ssh_client" $COMPLETION_FILE; then
- return
- fi
- #sed -i 's/# PasswordAuthentication.*/ PasswordAuthentication no/g' /etc/ssh/ssh_config
- #sed -i 's/# ChallengeResponseAuthentication.*/ ChallengeResponseAuthentication no/g' /etc/ssh/ssh_config
- sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
- sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
- sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config
- if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
- echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> /etc/ssh/ssh_config
- fi
- sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
- if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
- echo " Ciphers $SSH_CIPHERS" >> /etc/ssh/ssh_config
- fi
- sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
- if ! grep -q "MACs " /etc/ssh/ssh_config; then
- echo " MACs $SSH_MACS" >> /etc/ssh/ssh_config
- fi
+ if grep -Fxq "configure_ssh_client" $COMPLETION_FILE; then
+ return
+ fi
+ #sed -i 's/# PasswordAuthentication.*/ PasswordAuthentication no/g' /etc/ssh/ssh_config
+ #sed -i 's/# ChallengeResponseAuthentication.*/ ChallengeResponseAuthentication no/g' /etc/ssh/ssh_config
+ sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
+ sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
+ sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config
+ if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
+ echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> /etc/ssh/ssh_config
+ fi
+ sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
+ if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
+ echo " Ciphers $SSH_CIPHERS" >> /etc/ssh/ssh_config
+ fi
+ sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
+ if ! grep -q "MACs " /etc/ssh/ssh_config; then
+ echo " MACs $SSH_MACS" >> /etc/ssh/ssh_config
+ fi
- # Create ssh keys
- if [ ! -f ~/.ssh/id_ed25519 ]; then
- ssh-keygen -t ed25519 -o -a 100
- fi
- if [ ! -f ~/.ssh/id_rsa ]; then
- ssh-keygen -t rsa -b 4096 -o -a 100
- fi
+ # Create ssh keys
+ if [ ! -f ~/.ssh/id_ed25519 ]; then
+ ssh-keygen -t ed25519 -o -a 100
+ fi
+ if [ ! -f ~/.ssh/id_rsa ]; then
+ ssh-keygen -t rsa -b 4096 -o -a 100
+ fi
- ssh_remove_small_moduli
- echo 'configure_ssh_client' >> $COMPLETION_FILE
+ ssh_remove_small_moduli
+ echo 'configure_ssh_client' >> $COMPLETION_FILE
}
function regenerate_ssh_keys {
- if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE; then
- return
- fi
- rm -f /etc/ssh/ssh_host_*
- dpkg-reconfigure openssh-server
- ssh_remove_small_moduli
- systemctl restart ssh
- echo 'regenerate_ssh_keys' >> $COMPLETION_FILE
+ if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE; then
+ return
+ fi
+ rm -f /etc/ssh/ssh_host_*
+ dpkg-reconfigure openssh-server
+ ssh_remove_small_moduli
+ systemctl restart ssh
+ echo 'regenerate_ssh_keys' >> $COMPLETION_FILE
}
function configure_dns {
- if grep -Fxq "configure_dns" $COMPLETION_FILE; then
- return
- fi
- echo 'domain localdomain' > /etc/resolv.conf
- echo 'search localdomain' >> /etc/resolv.conf
- echo "nameserver $NAMESERVER1" >> /etc/resolv.conf
- echo "nameserver $NAMESERVER2" >> /etc/resolv.conf
+ if grep -Fxq "configure_dns" $COMPLETION_FILE; then
+ return
+ fi
+ echo 'domain localdomain' > /etc/resolv.conf
+ echo 'search localdomain' >> /etc/resolv.conf
+ echo "nameserver $NAMESERVER1" >> /etc/resolv.conf
+ echo "nameserver $NAMESERVER2" >> /etc/resolv.conf
- # prevent resolv.conf from changing
- chattr +i /etc/resolv.conf
+ # prevent resolv.conf from changing
+ chattr +i /etc/resolv.conf
- echo 'configure_dns' >> $COMPLETION_FILE
+ echo 'configure_dns' >> $COMPLETION_FILE
}
function set_hostname {
- DEFAULT_DOMAIN_NAME="$1"
+ DEFAULT_DOMAIN_NAME="$1"
- echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
- hostname $DEFAULT_DOMAIN_NAME
+ echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
+ hostname $DEFAULT_DOMAIN_NAME
- if grep -q "127.0.1.1" /etc/hosts; then
- sed -i "s/127.0.1.1.*/127.0.1.1 $DEFAULT_DOMAIN_NAME/g" /etc/hosts
- else
- echo "127.0.1.1 $DEFAULT_DOMAIN_NAME" >> /etc/hosts
- fi
+ if grep -q "127.0.1.1" /etc/hosts; then
+ sed -i "s/127.0.1.1.*/127.0.1.1 $DEFAULT_DOMAIN_NAME/g" /etc/hosts
+ else
+ echo "127.0.1.1 $DEFAULT_DOMAIN_NAME" >> /etc/hosts
+ fi
}
function set_your_domain_name {
- if grep -Fxq "set_your_domain_name" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "set_your_domain_name" $COMPLETION_FILE; then
+ return
+ fi
- set_hostname $DEFAULT_DOMAIN_NAME
+ set_hostname $DEFAULT_DOMAIN_NAME
- echo 'set_your_domain_name' >> $COMPLETION_FILE
+ echo 'set_your_domain_name' >> $COMPLETION_FILE
}
function time_synchronisation {
- # mesh peers typically don't sync over the internet
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ # mesh peers typically don't sync over the internet
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- if [ -f /usr/local/bin/${PROJECT_NAME}-update-date ]; then
- cp /usr/local/bin/${PROJECT_NAME}-update-date /usr/bin/updatedate
- else
- cp /usr/bin/${PROJECT_NAME}-update-date /usr/bin/updatedate
- fi
- chmod +x /usr/bin/updatedate
+ if [ -f /usr/local/bin/${PROJECT_NAME}-update-date ]; then
+ cp /usr/local/bin/${PROJECT_NAME}-update-date /usr/bin/updatedate
+ else
+ cp /usr/bin/${PROJECT_NAME}-update-date /usr/bin/updatedate
+ fi
+ chmod +x /usr/bin/updatedate
- if grep -Fxq "time_synchronisation" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "time_synchronisation" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install tlsdate
- apt-get -y remove ntpdate
+ apt-get -y install tlsdate
+ apt-get -y remove ntpdate
- echo '*/15 * * * * root /usr/bin/updatedate' >> /etc/crontab
- systemctl restart cron
+ echo '*/15 * * * * root /usr/bin/updatedate' >> /etc/crontab
+ systemctl restart cron
- echo 'time_synchronisation' >> $COMPLETION_FILE
+ echo 'time_synchronisation' >> $COMPLETION_FILE
}
function configure_firewall {
- if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- iptables -P INPUT ACCEPT
- ip6tables -P INPUT ACCEPT
- iptables -F
- ip6tables -F
- iptables -t nat -F
- ip6tables -t nat -F
- iptables -X
- ip6tables -X
- iptables -P INPUT DROP
- ip6tables -P INPUT DROP
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ iptables -P INPUT ACCEPT
+ ip6tables -P INPUT ACCEPT
+ iptables -F
+ ip6tables -F
+ iptables -t nat -F
+ ip6tables -t nat -F
+ iptables -X
+ ip6tables -X
+ iptables -P INPUT DROP
+ ip6tables -P INPUT DROP
+ iptables -A INPUT -i lo -j ACCEPT
+ iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- # Make sure incoming tcp connections are SYN packets
- iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
+ # Make sure incoming tcp connections are SYN packets
+ iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
- # Drop packets with incoming fragments
- iptables -A INPUT -f -j DROP
+ # Drop packets with incoming fragments
+ iptables -A INPUT -f -j DROP
- # Drop bogons
- iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
- iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
- iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
+ # Drop bogons
+ iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
+ iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
+ iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
- # Incoming malformed NULL packets:
- iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
+ # Incoming malformed NULL packets:
+ iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
- echo 'configure_firewall' >> $COMPLETION_FILE
+ echo 'configure_firewall' >> $COMPLETION_FILE
}
function configure_firewall_ping {
- if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then
- return
- fi
- # Only allow ping for mesh installs
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- return
- fi
- iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
- iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_ping' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then
+ return
+ fi
+ # Only allow ping for mesh installs
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ return
+ fi
+ iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+ iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_ping' >> $COMPLETION_FILE
}
function configure_firewall_for_voip {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
- return
- fi
- if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
- iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
+ return
+ fi
+ if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
+ iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
}
function configure_firewall_for_syncthing {
- if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
- return
- fi
- iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
- iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
+ return
+ fi
+ iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
+ iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
}
function configure_firewall_for_voip_turn {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
- return
- fi
- if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
- iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
- iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
+ return
+ fi
+ if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
+ iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
+ iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
}
function configure_firewall_for_sip4 {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
- return
- fi
- if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
- iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
- iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
- iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
+ return
+ fi
+ if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
+ iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
+ iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
+ iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
}
function configure_firewall_for_ipfs {
- if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
- return
- fi
- if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
+ return
+ fi
+ if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
}
function configure_firewall_for_avahi {
- if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
- return
- fi
- iptables -A INPUT -p tcp --dport 548 -j ACCEPT
- iptables -A INPUT -p udp --dport 548 -j ACCEPT
- iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
- iptables -A INPUT -p udp --dport 5353 -j ACCEPT
- iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
- iptables -A INPUT -p udp --dport 5354 -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
+ return
+ fi
+ iptables -A INPUT -p tcp --dport 548 -j ACCEPT
+ iptables -A INPUT -p udp --dport 548 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
+ iptables -A INPUT -p udp --dport 5353 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
+ iptables -A INPUT -p udp --dport 5354 -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
}
function configure_firewall_for_cjdns {
- if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
- return
- fi
- if [[ $ENABLE_CJDNS != "yes" ]]; then
- return
- fi
- ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
- ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ENABLE_CJDNS != "yes" ]]; then
+ return
+ fi
+ ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
+ ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
}
function configure_firewall_for_batman {
- if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
- return
- fi
- if [[ $ENABLE_BATMAN != "yes" ]]; then
- return
- fi
+ if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ENABLE_BATMAN != "yes" ]]; then
+ return
+ fi
- save_firewall_settings
- echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
+ save_firewall_settings
+ echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
}
function configure_firewall_for_babel {
- if grep -Fxq "configure_firewall_for_babel" $COMPLETION_FILE; then
- return
- fi
- if [[ $ENABLE_BABEL != "yes" ]]; then
- return
- fi
- iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $BABEL_PORT -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_babel' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_babel" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ENABLE_BABEL != "yes" ]]; then
+ return
+ fi
+ iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $BABEL_PORT -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_babel' >> $COMPLETION_FILE
}
function configure_firewall_for_zeronet {
- if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then
- return
- fi
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- return
- fi
- iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT
- iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT
- iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT
- iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT
- iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ return
+ fi
+ iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT
+ iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT
+ iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT
+ iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT
+ iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE
}
function configure_firewall_for_dlna {
- if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
- return
- fi
- iptables -A INPUT -p udp --dport 1900 -j ACCEPT
- iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
+ return
+ fi
+ iptables -A INPUT -p udp --dport 1900 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
}
function configure_firewall_for_dns {
- if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
}
function configure_firewall_for_xmpp {
- if [ ! -d /etc/prosody ]; then
- return
- fi
- if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
- iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
- iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
+ if [ ! -d /etc/prosody ]; then
+ return
+ fi
+ if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
}
function configure_firewall_for_irc {
- if [ ! -d /etc/ngircd ]; then
- return
- fi
- if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT
- iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
+ if [ ! -d /etc/ngircd ]; then
+ return
+ fi
+ if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT
+ iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
}
function configure_firewall_for_ftp {
- if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -I INPUT -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -I INPUT -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
}
function configure_firewall_for_web_access {
- if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
- iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
}
function configure_firewall_for_web_server {
- if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- iptables -A INPUT -p tcp --dport 443 -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p tcp --dport 80 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 443 -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
}
function configure_firewall_for_tox {
- if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
}
function configure_firewall_for_ssh {
- if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- iptables -A INPUT -p tcp --dport 22 -j ACCEPT
- iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
}
function configure_firewall_for_git {
- if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_git' >> $COMPLETION_FILE
+ if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_git' >> $COMPLETION_FILE
}
function configure_firewall_for_email {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
- return
- fi
- if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- iptables -A INPUT -p tcp --dport 25 -j ACCEPT
- iptables -A INPUT -p tcp --dport 587 -j ACCEPT
- iptables -A INPUT -p tcp --dport 465 -j ACCEPT
- iptables -A INPUT -p tcp --dport 993 -j ACCEPT
- save_firewall_settings
- echo 'configure_firewall_for_email' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
+ return
+ fi
+ if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ iptables -A INPUT -p tcp --dport 25 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 587 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 465 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 993 -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_email' >> $COMPLETION_FILE
}
function configure_internet_protocol {
- if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
- return
- fi
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
- sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
- sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
- sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
- sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
- sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
- sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
- sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
- sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
- sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
- if ! grep -q "ignore pings" /etc/sysctl.conf; then
- echo '# ignore pings' >> /etc/sysctl.conf
- echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
- echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
- fi
- if ! grep -q "disable ipv6" /etc/sysctl.conf; then
- echo '# disable ipv6' >> /etc/sysctl.conf
- echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
- fi
- if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then
- echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
- echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
- fi
- if ! grep -q "keepalive" /etc/sysctl.conf; then
- echo '# keepalive' >> /etc/sysctl.conf
- echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
- echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
- echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
- fi
- echo 'configure_internet_protocol' >> $COMPLETION_FILE
+ if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
+ sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
+ sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
+ sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
+ sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
+ sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
+ sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
+ sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
+ sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
+ sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
+ if ! grep -q "ignore pings" /etc/sysctl.conf; then
+ echo '# ignore pings' >> /etc/sysctl.conf
+ echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
+ echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
+ fi
+ if ! grep -q "disable ipv6" /etc/sysctl.conf; then
+ echo '# disable ipv6' >> /etc/sysctl.conf
+ echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
+ fi
+ if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then
+ echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
+ echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
+ fi
+ if ! grep -q "keepalive" /etc/sysctl.conf; then
+ echo '# keepalive' >> /etc/sysctl.conf
+ echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
+ echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
+ echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
+ fi
+ echo 'configure_internet_protocol' >> $COMPLETION_FILE
}
function install_command_line_browser {
- if grep -Fxq "install_command_line_browser" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install elinks
+ if grep -Fxq "install_command_line_browser" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install elinks
- # set the home page
- if ! grep -q "WWW_HOME" /home/$MY_USERNAME/.bashrc; then
- if ! grep -q 'control' /home/$MY_USERNAME/.bashrc; then
- echo "export WWW_HOME=$DEFAULT_SEARCH" >> /home/$MY_USERNAME/.bashrc
- else
- sed -i "/control/i export WWW_HOME=$DEFAULT_SEARCH" /home/$MY_USERNAME/.bashrc
- fi
- fi
+ # set the home page
+ if ! grep -q "WWW_HOME" /home/$MY_USERNAME/.bashrc; then
+ if ! grep -q 'control' /home/$MY_USERNAME/.bashrc; then
+ echo "export WWW_HOME=$DEFAULT_SEARCH" >> /home/$MY_USERNAME/.bashrc
+ else
+ sed -i "/control/i export WWW_HOME=$DEFAULT_SEARCH" /home/$MY_USERNAME/.bashrc
+ fi
+ fi
- echo 'install_command_line_browser' >> $COMPLETION_FILE
+ echo 'install_command_line_browser' >> $COMPLETION_FILE
}
function configure_email {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "configure_email" $COMPLETION_FILE; then
- return
- fi
- apt-get -y remove postfix
- apt-get -y install exim4 sasl2-bin swaks libnet-ssleay-perl procmail xinetd
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "configure_email" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y remove postfix
+ apt-get -y install exim4 sasl2-bin swaks libnet-ssleay-perl procmail xinetd
- if [ ! -d /etc/exim4 ]; then
- echo $"ERROR: Exim does not appear to have installed. $CHECK_MESSAGE"
- exit 48
- fi
+ if [ ! -d /etc/exim4 ]; then
+ echo $"ERROR: Exim does not appear to have installed. $CHECK_MESSAGE"
+ exit 48
+ fi
- onion_service_name='email'
- if [ ! -d /var/lib/tor ]; then
- echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured."
- exit 877367
- fi
- if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
- echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc
- echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
- echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
- echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
- echo 'HiddenServicePort 993 127.0.0.1:993' >> /etc/tor/torrc
- echo $"Added onion site for ${onion_service_name}"
- fi
+ onion_service_name='email'
+ if [ ! -d /var/lib/tor ]; then
+ echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured."
+ exit 877367
+ fi
+ if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
+ echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc
+ echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
+ echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
+ echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
+ echo 'HiddenServicePort 993 127.0.0.1:993' >> /etc/tor/torrc
+ echo $"Added onion site for ${onion_service_name}"
+ fi
- systemctl restart tor
- wait_for_onion_service ${onion_service_name}
+ systemctl restart tor
+ wait_for_onion_service ${onion_service_name}
- if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
- echo $"${onion_service_name} onion site hostname not found"
- exit 76362
- fi
- EMAIL_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
+ if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
+ echo $"${onion_service_name} onion site hostname not found"
+ exit 76362
+ fi
+ EMAIL_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
- if [[ $ONION_ONLY != "no" ]]; then
- set_hostname ${EMAIL_ONION_HOSTNAME}
- MY_EMAIL_ADDRESS=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}
- fi
- if ! grep -q "Email onion domain" $COMPLETION_FILE; then
- echo "Email onion domain:${EMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
- else
- sed -i "s|Email onion domain.*|Email onion domain:${EMAIL_ONION_HOSTNAME}|g" $COMPLETION_FILE
- fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ set_hostname ${EMAIL_ONION_HOSTNAME}
+ MY_EMAIL_ADDRESS=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}
+ fi
+ if ! grep -q "Email onion domain" $COMPLETION_FILE; then
+ echo "Email onion domain:${EMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ else
+ sed -i "s|Email onion domain.*|Email onion domain:${EMAIL_ONION_HOSTNAME}|g" $COMPLETION_FILE
+ fi
- # see https://github.com/petterreinholdtsen/exim4-smtorp
- echo '# tor stuff first' > /etc/exim4/conf.d/router/100_exim4-smtorp
- echo '#' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo '# if were submitting mail *from* a .tor/.onion address,' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo '# make sure any header lines that may give us away is' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo '# stripped out, and add a new, cryptic Message-ID.' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo '# In address_data we store the name we should HELO as.' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo 'tor_to_any:' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' debug_print = "R: manualroute from .onion to $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' condition = ${if match {$sender_address_domain}{\N.*\.(onion|tor)$\N}}' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' address_data = $sender_address_domain' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' route_list = * localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' headers_remove = Received:Message-ID:X-Mailer:User-Agent' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' headers_add = Message-ID: <${lc:${sha1:$message_id}}@$sender_address_domain>' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo '' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo '# this catches the case where were submitting mail' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo '# from a regular email address where we dont need to' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo '# rewrite any headers' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo 'any_to_tor:' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' debug_print = "R: manualroute for $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' route_list = *.onion localhost ; *.tor localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo ' address_data = $smtp_active_hostname' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ # see https://github.com/petterreinholdtsen/exim4-smtorp
+ echo '# tor stuff first' > /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo '#' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo '# if were submitting mail *from* a .tor/.onion address,' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo '# make sure any header lines that may give us away is' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo '# stripped out, and add a new, cryptic Message-ID.' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo '# In address_data we store the name we should HELO as.' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo 'tor_to_any:' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' debug_print = "R: manualroute from .onion to $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' condition = ${if match {$sender_address_domain}{\N.*\.(onion|tor)$\N}}' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' address_data = $sender_address_domain' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' route_list = * localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' headers_remove = Received:Message-ID:X-Mailer:User-Agent' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' headers_add = Message-ID: <${lc:${sha1:$message_id}}@$sender_address_domain>' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo '' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo '# this catches the case where were submitting mail' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo '# from a regular email address where we dont need to' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo '# rewrite any headers' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo 'any_to_tor:' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' debug_print = "R: manualroute for $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' route_list = *.onion localhost ; *.tor localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp
+ echo ' address_data = $smtp_active_hostname' >> /etc/exim4/conf.d/router/100_exim4-smtorp
- echo 'remote_smtp_onion:' > /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo ' debug_print = "T: remote_smtp_onion for $local_part@$original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo ' driver = smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo ' # set helo_data to where we want to connect to,' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo ' # for the proxy program tor-smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo ' helo_data = "$address_data $original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo ' # wherever we configured our script at' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo ' port = 12668' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo ' # cannot use TLS otherwise it will EHLO again!!' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- echo ' hosts_avoid_tls = *' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo 'remote_smtp_onion:' > /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo ' debug_print = "T: remote_smtp_onion for $local_part@$original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo ' driver = smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo ' # set helo_data to where we want to connect to,' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo ' # for the proxy program tor-smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo ' helo_data = "$address_data $original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo ' # wherever we configured our script at' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo ' port = 12668' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo ' # cannot use TLS otherwise it will EHLO again!!' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
+ echo ' hosts_avoid_tls = *' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
- if [ ! -d $INSTALL_DIR ]; then
- mkdir -p $INSTALL_DIR
- fi
- cd $INSTALL_DIR
- git_clone $EXIM_ONION_REPO $INSTALL_DIR/exim4-smtorp
- cd $INSTALL_DIR/exim4-smtorp/tor-smtp
- make
- if [ ! -f $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp ]; then
- echo $'Unable to make tor smtp transport'
- exit 52629
- fi
- if [ ! -d /usr/lib/exim4-smtorp ]; then
- mkdir /usr/lib/exim4-smtorp
- fi
- cp $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp /usr/lib/exim4-smtorp/tor-smtp
- if [ ! -f /usr/lib/exim4-smtorp/tor-smtp ]; then
- echo $'Unable to copy tor-smtp'
- exit 83503
- fi
- cp $INSTALL_DIR/exim4-smtorp/xinetd /etc/xinetd.d/tor-smtp
- if [ ! -f /etc/xinetd.d/tor-smtp ]; then
- echo $'Unable to copy to xinetd.d'
- exit 835954
- fi
- systemctl restart xinetd
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir -p $INSTALL_DIR
+ fi
+ cd $INSTALL_DIR
+ git_clone $EXIM_ONION_REPO $INSTALL_DIR/exim4-smtorp
+ cd $INSTALL_DIR/exim4-smtorp/tor-smtp
+ make
+ if [ ! -f $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp ]; then
+ echo $'Unable to make tor smtp transport'
+ exit 52629
+ fi
+ if [ ! -d /usr/lib/exim4-smtorp ]; then
+ mkdir /usr/lib/exim4-smtorp
+ fi
+ cp $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp /usr/lib/exim4-smtorp/tor-smtp
+ if [ ! -f /usr/lib/exim4-smtorp/tor-smtp ]; then
+ echo $'Unable to copy tor-smtp'
+ exit 83503
+ fi
+ cp $INSTALL_DIR/exim4-smtorp/xinetd /etc/xinetd.d/tor-smtp
+ if [ ! -f /etc/xinetd.d/tor-smtp ]; then
+ echo $'Unable to copy to xinetd.d'
+ exit 835954
+ fi
+ systemctl restart xinetd
- # configure for Maildir format
- sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs
- sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs
+ # configure for Maildir format
+ sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs
+ sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs
- if ! grep -q "export MAIL" /etc/profile; then
- echo 'export MAIL=~/Maildir' >> /etc/profile
- fi
+ if ! grep -q "export MAIL" /etc/profile; then
+ echo 'export MAIL=~/Maildir' >> /etc/profile
+ fi
- sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login
- sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd
- sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su
+ sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login
+ sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd
+ sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su
- echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf
- if [[ $ONION_ONLY == "no" ]]; then
- # both ICANN and onion domains
- echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf
- else
- echo "dc_other_hostnames='${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf
- fi
- echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf
- echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf
- echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf
- echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf
- RELAY_NETS='192.168.1.0/24'
- if [ $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
- RELAY_NETS=$(echo $LOCAL_NETWORK_STATIC_IP_ADDRESS | awk -F '.' '{print $1 "." $2 "." $3 ".0/24"}')
- fi
- echo "dc_relay_nets='$RELAY_NETS'" >> /etc/exim4/update-exim4.conf.conf
- echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf
- echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf
- echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf
- echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf
- echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf
- echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf
- update-exim4.conf
- sed -i "s/START=no/START=yes/g" /etc/default/saslauthd
- systemctl start saslauthd
+ echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf
+ if [[ $ONION_ONLY == "no" ]]; then
+ # both ICANN and onion domains
+ echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf
+ else
+ echo "dc_other_hostnames='${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf
+ fi
+ echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf
+ echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf
+ echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf
+ echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf
+ RELAY_NETS='192.168.1.0/24'
+ if [ $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
+ RELAY_NETS=$(echo $LOCAL_NETWORK_STATIC_IP_ADDRESS | awk -F '.' '{print $1 "." $2 "." $3 ".0/24"}')
+ fi
+ echo "dc_relay_nets='$RELAY_NETS'" >> /etc/exim4/update-exim4.conf.conf
+ echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf
+ echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf
+ echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf
+ echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf
+ echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf
+ echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf
+ update-exim4.conf
+ sed -i "s/START=no/START=yes/g" /etc/default/saslauthd
+ systemctl start saslauthd
- # make a tls certificate for email
- if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
- ${PROJECT_NAME}-addcert -h exim --dhkey $DH_KEYLENGTH
- check_certificates exim
- fi
- cp /etc/ssl/private/exim.key /etc/exim4
- cp /etc/ssl/certs/exim.crt /etc/exim4
- cp /etc/ssl/certs/exim.dhparam /etc/exim4
- chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
- chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
+ # make a tls certificate for email
+ if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
+ ${PROJECT_NAME}-addcert -h exim --dhkey $DH_KEYLENGTH
+ check_certificates exim
+ fi
+ cp /etc/ssl/private/exim.key /etc/exim4
+ cp /etc/ssl/certs/exim.crt /etc/exim4
+ cp /etc/ssl/certs/exim.dhparam /etc/exim4
+ chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
+ chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
- sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template
- sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DEFAULT_DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template
- sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4
- if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then
- sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template
- fi
+ sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template
+ sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DEFAULT_DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template
+ sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4
+ if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then
+ sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template
+ fi
- adduser $MY_USERNAME sasl
- addgroup Debian-exim sasl
- systemctl restart exim4
- if [ ! -d /etc/skel/Maildir ]; then
- mkdir -m 700 /etc/skel/.mutt
- mkdir -m 700 /etc/skel/Maildir
- mkdir -m 700 /etc/skel/Maildir/new
- mkdir -m 700 /etc/skel/Maildir/cur
- mkdir -m 700 /etc/skel/Maildir/Sent
- mkdir -m 700 /etc/skel/Maildir/Sent/tmp
- mkdir -m 700 /etc/skel/Maildir/Sent/cur
- mkdir -m 700 /etc/skel/Maildir/Sent/new
- mkdir -m 700 /etc/skel/Maildir/.learn-spam
- mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur
- mkdir -m 700 /etc/skel/Maildir/.learn-spam/new
- mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp
- mkdir -m 700 /etc/skel/Maildir/.learn-ham
- mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur
- mkdir -m 700 /etc/skel/Maildir/.learn-ham/new
- mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp
- ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam
- ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham
- fi
+ adduser $MY_USERNAME sasl
+ addgroup Debian-exim sasl
+ systemctl restart exim4
+ if [ ! -d /etc/skel/Maildir ]; then
+ mkdir -m 700 /etc/skel/.mutt
+ mkdir -m 700 /etc/skel/Maildir
+ mkdir -m 700 /etc/skel/Maildir/new
+ mkdir -m 700 /etc/skel/Maildir/cur
+ mkdir -m 700 /etc/skel/Maildir/Sent
+ mkdir -m 700 /etc/skel/Maildir/Sent/tmp
+ mkdir -m 700 /etc/skel/Maildir/Sent/cur
+ mkdir -m 700 /etc/skel/Maildir/Sent/new
+ mkdir -m 700 /etc/skel/Maildir/.learn-spam
+ mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur
+ mkdir -m 700 /etc/skel/Maildir/.learn-spam/new
+ mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp
+ mkdir -m 700 /etc/skel/Maildir/.learn-ham
+ mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur
+ mkdir -m 700 /etc/skel/Maildir/.learn-ham/new
+ mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp
+ ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam
+ ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham
+ fi
- if [ ! -d /home/$MY_USERNAME/Maildir ]; then
- mkdir -m 700 /home/$MY_USERNAME/.mutt
- mkdir -m 700 /home/$MY_USERNAME/Maildir
- mkdir -m 700 /home/$MY_USERNAME/Maildir/cur
- mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp
- mkdir -m 700 /home/$MY_USERNAME/Maildir/new
- mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent
- mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur
- mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp
- mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new
- mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam
- mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur
- mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new
- mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp
- mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham
- mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur
- mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new
- mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp
- ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam
- ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
- fi
- echo 'configure_email' >> $COMPLETION_FILE
+ if [ ! -d /home/$MY_USERNAME/Maildir ]; then
+ mkdir -m 700 /home/$MY_USERNAME/.mutt
+ mkdir -m 700 /home/$MY_USERNAME/Maildir
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/cur
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/new
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new
+ mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp
+ ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam
+ ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
+ fi
+ echo 'configure_email' >> $COMPLETION_FILE
}
function create_procmail {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "create_procmail" $COMPLETION_FILE; then
- return
- fi
- if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then
- echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc
- echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc
- echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc
- echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc
- echo '' >> /home/$MY_USERNAME/.procmailrc
- echo $"# Tripwire reports which have no violations don't need to be logged" >> /home/$MY_USERNAME/.procmailrc
- echo ':0 BD:' >> /home/$MY_USERNAME/.procmailrc
- TRIPWIRE_VIOLATIONS_STR=$'Total violations found: 0'
- echo " * .*$TRIPWIRE_VIOLATIONS_STR" >> /home/$MY_USERNAME/.procmailrc
- echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
- echo '' >> /home/$MY_USERNAME/.procmailrc
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "create_procmail" $COMPLETION_FILE; then
+ return
+ fi
+ if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then
+ echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc
+ echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc
+ echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc
+ echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc
+ echo '' >> /home/$MY_USERNAME/.procmailrc
+ echo $"# Tripwire reports which have no violations don't need to be logged" >> /home/$MY_USERNAME/.procmailrc
+ echo ':0 BD:' >> /home/$MY_USERNAME/.procmailrc
+ TRIPWIRE_VIOLATIONS_STR=$'Total violations found: 0'
+ echo " * .*$TRIPWIRE_VIOLATIONS_STR" >> /home/$MY_USERNAME/.procmailrc
+ echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
+ echo '' >> /home/$MY_USERNAME/.procmailrc
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
+ fi
- mkdir -p /home/$MY_USERNAME/Maildir/admin/new
- mkdir -p /home/$MY_USERNAME/Maildir/admin/cur
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir/admin
+ mkdir -p /home/$MY_USERNAME/Maildir/admin/new
+ mkdir -p /home/$MY_USERNAME/Maildir/admin/cur
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir/admin
- if [ ! -f /etc/skel/.procmailrc ]; then
- cp /home/$MY_USERNAME/.procmailrc /etc/skel/.procmailrc
- chown root:root /etc/skel/.procmailrc
- fi
+ if [ ! -f /etc/skel/.procmailrc ]; then
+ cp /home/$MY_USERNAME/.procmailrc /etc/skel/.procmailrc
+ chown root:root /etc/skel/.procmailrc
+ fi
- echo 'create_procmail' >> $COMPLETION_FILE
+ echo 'create_procmail' >> $COMPLETION_FILE
}
function handle_admin_emails {
- # keep emails for root in a separate folder
- if [ -d /home/$MY_USERNAME/Maildir/admin ]; then
- return
- fi
+ # keep emails for root in a separate folder
+ if [ -d /home/$MY_USERNAME/Maildir/admin ]; then
+ return
+ fi
- freedombone-addemail -u $MY_USERNAME -e "root@$DEFAULT_DOMAIN_NAME" -g admin --public no
+ freedombone-addemail -u $MY_USERNAME -e "root@$DEFAULT_DOMAIN_NAME" -g admin --public no
}
function spam_filtering {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "spam_filtering" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install exim4-daemon-heavy
- apt-get -y install spamassassin
- if [ ! -f /etc/default/spamassassin ]; then
- echo 'Spamassassin was not installed'
- exit 72570
- fi
- sa-update -v
- sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin
- sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template
- # This configuration is based on https://wiki.debian.org/DebianSpamAssassin
- sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
- sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
- sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
- # procmail configuration
- echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc
- echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc
- echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc
- echo '| spamc' >> /home/$MY_USERNAME/.procmailrc
- echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc
- echo ':0' >> /home/$MY_USERNAME/.procmailrc
- echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
- echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
- echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc
- echo ':0' >> /home/$MY_USERNAME/.procmailrc
- echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
- echo 'maybe-spam/' >> /home/$MY_USERNAME/.procmailrc
- echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc
- echo ':0' >> /home/$MY_USERNAME/.procmailrc
- echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc
- echo 'spam/' >> /home/$MY_USERNAME/.procmailrc
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
- echo '# get spamassassin to check emails' >> /etc/skel/.procmailrc
- echo ':0fw: .spamassassin.lock' >> /etc/skel/.procmailrc
- echo ' * < 256000' >> /etc/skel/.procmailrc
- echo '| spamc' >> /etc/skel/.procmailrc
- echo '# strong spam are discarded' >> /etc/skel/.procmailrc
- echo ':0' >> /etc/skel/.procmailrc
- echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /etc/skel/.procmailrc
- echo '/dev/null' >> /etc/skel/.procmailrc
- echo '# weak spam are kept just in case - clear this out every now and then' >> /etc/skel/.procmailrc
- echo ':0' >> /etc/skel/.procmailrc
- echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /etc/skel/.procmailrc
- echo 'maybe-spam/' >> /etc/skel/.procmailrc
- echo '# otherwise, marginal spam goes here for revision' >> /etc/skel/.procmailrc
- echo ':0' >> /etc/skel/.procmailrc
- echo ' * ^X-Spam-Level: \*\*' >> /etc/skel/.procmailrc
- echo 'spam/' >> /etc/skel/.procmailrc
- # filtering scripts
- echo '#!/bin/bash' > /usr/bin/filterspam
- echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam
- echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam
- echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then' >> /usr/bin/filterspam
- echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
- echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
- echo ' exit' >> /usr/bin/filterspam
- echo ' fi' >> /usr/bin/filterspam
- echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam
- echo ' do' >> /usr/bin/filterspam
- echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam
- echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam
- echo ' done' >> /usr/bin/filterspam
- echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam
- echo ' do' >> /usr/bin/filterspam
- echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam
- echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam
- echo ' done' >> /usr/bin/filterspam
- echo ' fi' >> /usr/bin/filterspam
- echo 'done' >> /usr/bin/filterspam
- echo 'exit 0' >> /usr/bin/filterspam
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "spam_filtering" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install exim4-daemon-heavy
+ apt-get -y install spamassassin
+ if [ ! -f /etc/default/spamassassin ]; then
+ echo 'Spamassassin was not installed'
+ exit 72570
+ fi
+ sa-update -v
+ sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin
+ sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template
+ # This configuration is based on https://wiki.debian.org/DebianSpamAssassin
+ sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
+ sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
+ sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+ # procmail configuration
+ echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc
+ echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc
+ echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc
+ echo '| spamc' >> /home/$MY_USERNAME/.procmailrc
+ echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc
+ echo ':0' >> /home/$MY_USERNAME/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
+ echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
+ echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc
+ echo ':0' >> /home/$MY_USERNAME/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
+ echo 'maybe-spam/' >> /home/$MY_USERNAME/.procmailrc
+ echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc
+ echo ':0' >> /home/$MY_USERNAME/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc
+ echo 'spam/' >> /home/$MY_USERNAME/.procmailrc
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
+ echo '# get spamassassin to check emails' >> /etc/skel/.procmailrc
+ echo ':0fw: .spamassassin.lock' >> /etc/skel/.procmailrc
+ echo ' * < 256000' >> /etc/skel/.procmailrc
+ echo '| spamc' >> /etc/skel/.procmailrc
+ echo '# strong spam are discarded' >> /etc/skel/.procmailrc
+ echo ':0' >> /etc/skel/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /etc/skel/.procmailrc
+ echo '/dev/null' >> /etc/skel/.procmailrc
+ echo '# weak spam are kept just in case - clear this out every now and then' >> /etc/skel/.procmailrc
+ echo ':0' >> /etc/skel/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /etc/skel/.procmailrc
+ echo 'maybe-spam/' >> /etc/skel/.procmailrc
+ echo '# otherwise, marginal spam goes here for revision' >> /etc/skel/.procmailrc
+ echo ':0' >> /etc/skel/.procmailrc
+ echo ' * ^X-Spam-Level: \*\*' >> /etc/skel/.procmailrc
+ echo 'spam/' >> /etc/skel/.procmailrc
+ # filtering scripts
+ echo '#!/bin/bash' > /usr/bin/filterspam
+ echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam
+ echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam
+ echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then' >> /usr/bin/filterspam
+ echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
+ echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
+ echo ' exit' >> /usr/bin/filterspam
+ echo ' fi' >> /usr/bin/filterspam
+ echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam
+ echo ' do' >> /usr/bin/filterspam
+ echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam
+ echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam
+ echo ' done' >> /usr/bin/filterspam
+ echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam
+ echo ' do' >> /usr/bin/filterspam
+ echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam
+ echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam
+ echo ' done' >> /usr/bin/filterspam
+ echo ' fi' >> /usr/bin/filterspam
+ echo 'done' >> /usr/bin/filterspam
+ echo 'exit 0' >> /usr/bin/filterspam
- echo '#!/bin/bash' > /usr/bin/filterham
- echo 'for d in /home/*/ ; do' >> /usr/bin/filterham
- echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham
- echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then' >> /usr/bin/filterham
- echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
- echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
- echo ' exit' >> /usr/bin/filterham
- echo ' fi' >> /usr/bin/filterham
- echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham
- echo ' do' >> /usr/bin/filterham
- echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham
- echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham
- echo ' done' >> /usr/bin/filterham
- echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterham
- echo ' do' >> /usr/bin/filterham
- echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham
- echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham
- echo ' done' >> /usr/bin/filterham
- echo ' fi' >> /usr/bin/filterham
- echo 'done' >> /usr/bin/filterham
- echo 'exit 0' >> /usr/bin/filterham
+ echo '#!/bin/bash' > /usr/bin/filterham
+ echo 'for d in /home/*/ ; do' >> /usr/bin/filterham
+ echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham
+ echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then' >> /usr/bin/filterham
+ echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
+ echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
+ echo ' exit' >> /usr/bin/filterham
+ echo ' fi' >> /usr/bin/filterham
+ echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham
+ echo ' do' >> /usr/bin/filterham
+ echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham
+ echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham
+ echo ' done' >> /usr/bin/filterham
+ echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterham
+ echo ' do' >> /usr/bin/filterham
+ echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham
+ echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham
+ echo ' done' >> /usr/bin/filterham
+ echo ' fi' >> /usr/bin/filterham
+ echo 'done' >> /usr/bin/filterham
+ echo 'exit 0' >> /usr/bin/filterham
- if ! grep -q "filterspam" /etc/crontab; then
- echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam" >> /etc/crontab
- fi
- if ! grep -q "filterham" /etc/crontab; then
- echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham" >> /etc/crontab
- fi
- chmod 655 /usr/bin/filterspam /usr/bin/filterham
- sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf
- sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf
+ if ! grep -q "filterspam" /etc/crontab; then
+ echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam" >> /etc/crontab
+ fi
+ if ! grep -q "filterham" /etc/crontab; then
+ echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham" >> /etc/crontab
+ fi
+ chmod 655 /usr/bin/filterspam /usr/bin/filterham
+ sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf
+ sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf
- # user preferences
- if [ ! -d /home/$MY_USERNAME/.spamassassin ]; then
- mkdir /home/$MY_USERNAME/.spamassassin
- echo $'# How many points before a mail is considered spam.' > /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# required_score 5' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# Whitelist and blacklist addresses are now file-glob-style patterns, so' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# whitelist_from someone@somewhere.com' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# Add your own customised scores for some tests below. The default scores are' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# read from the installed spamassassin rules files, but you can override them' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# here. To see the list of tests and their default scores, go to' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# http://spamassassin.apache.org/tests.html .' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '#' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score SYMBOLIC_TEST_NAME n.nn' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# definitely want to uncomment the following lines. They will switch off some' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# rules that detect 8-bit characters, which commonly trigger on mails using CJK' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# character sets, or that assume a western-style charset is in use. ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score HTML_COMMENT_8BITS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score UPPERCASE_25_50 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score UPPERCASE_50_75 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score UPPERCASE_75_100 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score OBSCURED_EMAIL 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# Speakers of any language that uses non-English, accented characters may wish' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# to uncomment the following lines. They turn off rules that fire on' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# misformatted messages generated by common mail apps in contravention of the' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo $'# email RFCs.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- echo '# score SUBJ_ILLEGAL_CHARS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
- fi
- # this must be accessible by root
- chown -R $MY_USERNAME:root /home/$MY_USERNAME/.spamassassin
+ # user preferences
+ if [ ! -d /home/$MY_USERNAME/.spamassassin ]; then
+ mkdir /home/$MY_USERNAME/.spamassassin
+ echo $'# How many points before a mail is considered spam.' > /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# required_score 5' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# Whitelist and blacklist addresses are now file-glob-style patterns, so' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# whitelist_from someone@somewhere.com' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# Add your own customised scores for some tests below. The default scores are' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# read from the installed spamassassin rules files, but you can override them' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# here. To see the list of tests and their default scores, go to' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# http://spamassassin.apache.org/tests.html .' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '#' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score SYMBOLIC_TEST_NAME n.nn' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# definitely want to uncomment the following lines. They will switch off some' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# rules that detect 8-bit characters, which commonly trigger on mails using CJK' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# character sets, or that assume a western-style charset is in use. ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score HTML_COMMENT_8BITS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score UPPERCASE_25_50 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score UPPERCASE_50_75 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score UPPERCASE_75_100 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score OBSCURED_EMAIL 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# Speakers of any language that uses non-English, accented characters may wish' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# to uncomment the following lines. They turn off rules that fire on' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# misformatted messages generated by common mail apps in contravention of the' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo $'# email RFCs.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ echo '# score SUBJ_ILLEGAL_CHARS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+ fi
+ # this must be accessible by root
+ chown -R $MY_USERNAME:root /home/$MY_USERNAME/.spamassassin
- systemctl restart spamassassin
- systemctl restart exim4
- systemctl restart cron
+ systemctl restart spamassassin
+ systemctl restart exim4
+ systemctl restart cron
- echo 'spam_filtering' >> $COMPLETION_FILE
+ echo 'spam_filtering' >> $COMPLETION_FILE
}
function configure_imap {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "configure_imap" $COMPLETION_FILE; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "configure_imap" $COMPLETION_FILE; then
+ return
+ fi
- dpkg -P dovecot-imapd
- dpkg -P dovecot-core
- apt-get -y install dovecot-imapd
+ dpkg -P dovecot-imapd
+ dpkg -P dovecot-core
+ apt-get -y install dovecot-imapd
- if [ ! -d /etc/dovecot ]; then
- echo $"ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE"
- exit 48
- fi
+ if [ ! -d /etc/dovecot ]; then
+ echo $"ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE"
+ exit 48
+ fi
- if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then
- ${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
- check_certificates dovecot
- fi
- chown root:dovecot /etc/ssl/certs/dovecot.*
- chown root:dovecot /etc/ssl/private/dovecot.*
+ if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then
+ ${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
+ check_certificates dovecot
+ fi
+ chown root:dovecot /etc/ssl/certs/dovecot.*
+ chown root:dovecot /etc/ssl/private/dovecot.*
- if [ ! -f /etc/dovecot/conf.d/10-ssl.conf ]; then
- echo $'Unable to find /etc/dovecot/conf.d/10-ssl.conf'
- exit 83629
- fi
- sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
- sed -i 's|ssl = no|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
- sed -i 's|ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
- sed -i 's|#ssl_cert =.*|ssl_cert = > /etc/dovecot/conf.d/10-ssl.conf
+ if [ ! -f /etc/dovecot/conf.d/10-ssl.conf ]; then
+ echo $'Unable to find /etc/dovecot/conf.d/10-ssl.conf'
+ exit 83629
+ fi
+ sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
+ sed -i 's|ssl = no|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
+ sed -i 's|ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
+ sed -i 's|#ssl_cert =.*|ssl_cert = > /etc/dovecot/conf.d/10-ssl.conf
- if [ ! -f /etc/dovecot/conf.d/10-master.conf ]; then
- echo $'Unable to find /etc/dovecot/conf.d/10-master.conf'
- exit 49259
- fi
- sed -i 's/#process_limit =.*/process_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
- sed -i 's/#default_client_limit.*/default_client_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
- sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
+ if [ ! -f /etc/dovecot/conf.d/10-master.conf ]; then
+ echo $'Unable to find /etc/dovecot/conf.d/10-master.conf'
+ exit 49259
+ fi
+ sed -i 's/#process_limit =.*/process_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
+ sed -i 's/#default_client_limit.*/default_client_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
+ sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
- if [ ! -f /etc/dovecot/conf.d/10-logging.conf ]; then
- echo $'Unable to find /etc/dovecot/conf.d/10-logging.conf'
- exit 48936
- fi
- sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
+ if [ ! -f /etc/dovecot/conf.d/10-logging.conf ]; then
+ echo $'Unable to find /etc/dovecot/conf.d/10-logging.conf'
+ exit 48936
+ fi
+ sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
- if [ ! -f /etc/dovecot/dovecot.conf ]; then
- echo $'Unable to find /etc/dovecot/dovecot.conf'
- exit 43890
- fi
- sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf
+ if [ ! -f /etc/dovecot/dovecot.conf ]; then
+ echo $'Unable to find /etc/dovecot/dovecot.conf'
+ exit 43890
+ fi
+ sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf
- if [ ! -f /etc/dovecot/conf.d/10-auth.conf ]; then
- echo $'Unable to find /etc/dovecot/conf.d/10-auth.conf'
- exit 843256
- fi
- sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
- sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
+ if [ ! -f /etc/dovecot/conf.d/10-auth.conf ]; then
+ echo $'Unable to find /etc/dovecot/conf.d/10-auth.conf'
+ exit 843256
+ fi
+ sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
+ sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
- if [ ! -f /etc/dovecot/conf.d/10-mail.conf ]; then
- echo $'Unable to find /etc/dovecot/conf.d/10-mail.conf'
- exit 42036
- fi
- sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
+ if [ ! -f /etc/dovecot/conf.d/10-mail.conf ]; then
+ echo $'Unable to find /etc/dovecot/conf.d/10-mail.conf'
+ exit 42036
+ fi
+ sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
- # This long notify interval makes the system more suited for use with
- # battery powered mobile devices
- sed -i 's|#imap_idle_notify_interval =.*|imap_idle_notify_interval = 29|g' /etc/dovecot/conf.d/20-imap.conf
+ # This long notify interval makes the system more suited for use with
+ # battery powered mobile devices
+ sed -i 's|#imap_idle_notify_interval =.*|imap_idle_notify_interval = 29|g' /etc/dovecot/conf.d/20-imap.conf
- if [ -f /var/lib/dovecot/ssl-parameters.dat ]; then
- rm /var/lib/dovecot/ssl-parameters.dat
- fi
+ if [ -f /var/lib/dovecot/ssl-parameters.dat ]; then
+ rm /var/lib/dovecot/ssl-parameters.dat
+ fi
- systemctl restart dovecot
- echo 'configure_imap' >> $COMPLETION_FILE
+ systemctl restart dovecot
+ echo 'configure_imap' >> $COMPLETION_FILE
}
function configure_imap_client_certs {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "configure_imap_client_certs" $COMPLETION_FILE; then
- return
- fi
- # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
- sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
- sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf
- sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
- sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
- sed -i "s|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt|g" /etc/dovecot/conf.d/10-ssl.conf
- sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
- sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf
- if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
- echo '' >> /etc/dovecot/conf.d/10-auth.conf
- echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf
- echo ' driver = passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
- echo ' args = /etc/dovecot/passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
- echo ' deny = no' >> /etc/dovecot/conf.d/10-auth.conf
- echo ' master = no' >> /etc/dovecot/conf.d/10-auth.conf
- echo ' pass = no' >> /etc/dovecot/conf.d/10-auth.conf
- echo '}' >> /etc/dovecot/conf.d/10-auth.conf
- fi
- if [[ $ONION_ONLY == "no" ]]; then
- # make a CA cert
- if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
- if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
- ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
- else
- ${PROJECT_NAME}-addcert -e $DEFAULT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --ca "" --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
- fi
- fi
- fi
- # CA configuration
- echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
- echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf
- echo '' >> /etc/ssl/dovecot-ca.cnf
- echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf
- echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf
- echo '' >> /etc/ssl/dovecot-ca.cnf
- echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf
- echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf
- echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf
- echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf
- echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf
- echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf
- echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
- echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
- echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
- echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf
- echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
- echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
- echo '' >> /etc/ssl/dovecot-ca.cnf
- echo '[ dovecot-ca_policy ]' >> /etc/ssl/dovecot-ca.cnf
- echo 'commonName = supplied' >> /etc/ssl/dovecot-ca.cnf
- echo 'stateOrProvinceName = supplied' >> /etc/ssl/dovecot-ca.cnf
- echo 'countryName = supplied' >> /etc/ssl/dovecot-ca.cnf
- echo 'emailAddress = optional' >> /etc/ssl/dovecot-ca.cnf
- echo 'organizationName = supplied' >> /etc/ssl/dovecot-ca.cnf
- echo 'organizationalUnitName = optional' >> /etc/ssl/dovecot-ca.cnf
- echo '' >> /etc/ssl/dovecot-ca.cnf
- echo '[ dovecot-ca_extensions ]' >> /etc/ssl/dovecot-ca.cnf
- echo 'basicConstraints = CA:false' >> /etc/ssl/dovecot-ca.cnf
- echo 'subjectKeyIdentifier = hash' >> /etc/ssl/dovecot-ca.cnf
- echo 'authorityKeyIdentifier = keyid:always' >> /etc/ssl/dovecot-ca.cnf
- echo 'keyUsage = digitalSignature,keyEncipherment' >> /etc/ssl/dovecot-ca.cnf
- echo 'extendedKeyUsage = clientAuth' >> /etc/ssl/dovecot-ca.cnf
- if [ -f /etc/ssl/ssldb ]; then
- rm /etc/ssl/ssldb
- fi
- if [ -f /etc/ssl/sslserial ]; then
- rm /etc/ssl/sslserial
- fi
- touch /etc/ssl/ssldb
- echo 0001 > /etc/ssl/sslserial
- #${PROJECT_NAME}-clientcert -u $MY_USERNAME
- systemctl restart dovecot
- echo 'configure_imap_client_certs' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "configure_imap_client_certs" $COMPLETION_FILE; then
+ return
+ fi
+ # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
+ sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
+ sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf
+ sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
+ sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
+ sed -i "s|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt|g" /etc/dovecot/conf.d/10-ssl.conf
+ sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
+ sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf
+ if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
+ echo '' >> /etc/dovecot/conf.d/10-auth.conf
+ echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf
+ echo ' driver = passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
+ echo ' args = /etc/dovecot/passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
+ echo ' deny = no' >> /etc/dovecot/conf.d/10-auth.conf
+ echo ' master = no' >> /etc/dovecot/conf.d/10-auth.conf
+ echo ' pass = no' >> /etc/dovecot/conf.d/10-auth.conf
+ echo '}' >> /etc/dovecot/conf.d/10-auth.conf
+ fi
+ if [[ $ONION_ONLY == "no" ]]; then
+ # make a CA cert
+ if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
+ ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
+ else
+ ${PROJECT_NAME}-addcert -e $DEFAULT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --ca "" --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
+ fi
+ fi
+ fi
+ # CA configuration
+ echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
+ echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf
+ echo '' >> /etc/ssl/dovecot-ca.cnf
+ echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf
+ echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf
+ echo '' >> /etc/ssl/dovecot-ca.cnf
+ echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf
+ echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf
+ echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf
+ echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf
+ echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf
+ echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf
+ echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
+ echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
+ echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
+ echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf
+ echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
+ echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
+ echo '' >> /etc/ssl/dovecot-ca.cnf
+ echo '[ dovecot-ca_policy ]' >> /etc/ssl/dovecot-ca.cnf
+ echo 'commonName = supplied' >> /etc/ssl/dovecot-ca.cnf
+ echo 'stateOrProvinceName = supplied' >> /etc/ssl/dovecot-ca.cnf
+ echo 'countryName = supplied' >> /etc/ssl/dovecot-ca.cnf
+ echo 'emailAddress = optional' >> /etc/ssl/dovecot-ca.cnf
+ echo 'organizationName = supplied' >> /etc/ssl/dovecot-ca.cnf
+ echo 'organizationalUnitName = optional' >> /etc/ssl/dovecot-ca.cnf
+ echo '' >> /etc/ssl/dovecot-ca.cnf
+ echo '[ dovecot-ca_extensions ]' >> /etc/ssl/dovecot-ca.cnf
+ echo 'basicConstraints = CA:false' >> /etc/ssl/dovecot-ca.cnf
+ echo 'subjectKeyIdentifier = hash' >> /etc/ssl/dovecot-ca.cnf
+ echo 'authorityKeyIdentifier = keyid:always' >> /etc/ssl/dovecot-ca.cnf
+ echo 'keyUsage = digitalSignature,keyEncipherment' >> /etc/ssl/dovecot-ca.cnf
+ echo 'extendedKeyUsage = clientAuth' >> /etc/ssl/dovecot-ca.cnf
+ if [ -f /etc/ssl/ssldb ]; then
+ rm /etc/ssl/ssldb
+ fi
+ if [ -f /etc/ssl/sslserial ]; then
+ rm /etc/ssl/sslserial
+ fi
+ touch /etc/ssl/ssldb
+ echo 0001 > /etc/ssl/sslserial
+ #${PROJECT_NAME}-clientcert -u $MY_USERNAME
+ systemctl restart dovecot
+ echo 'configure_imap_client_certs' >> $COMPLETION_FILE
}
function create_gpg_subkey {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "create_gpg_subkey" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install gnupg
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "create_gpg_subkey" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install gnupg
- GPG_KEY_USAGE=$1
- if [[ $GPG_KEY_USAGE != "sign" && $GPG_KEY_USAGE != "auth" && $GPG_KEY_USAGE != "encrypt" ]]; then
- echo $"Unknown subkey usage: $GPG_KEY_USAGE"
- echo $'Available types: sign|auth|encrypt'
- exit 14783
- fi
+ GPG_KEY_USAGE=$1
+ if [[ $GPG_KEY_USAGE != "sign" && $GPG_KEY_USAGE != "auth" && $GPG_KEY_USAGE != "encrypt" ]]; then
+ echo $"Unknown subkey usage: $GPG_KEY_USAGE"
+ echo $'Available types: sign|auth|encrypt'
+ exit 14783
+ fi
- KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g')
+ KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g')
- # Generate a GPG subkey
- # Here a 2048bit length is used to be compatible with yubikey
- echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
- echo "Key-Grip: $KEYGRIP" > /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Subkey-Length: 2048' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf
- echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
- echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
- echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
- su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
- shred -zu /home/$MY_USERNAME/gpg-genkey.conf
- MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+ # Generate a GPG subkey
+ # Here a 2048bit length is used to be compatible with yubikey
+ echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
+ echo "Key-Grip: $KEYGRIP" > /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Subkey-Length: 2048' >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf
+ echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
+ su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+ shred -zu /home/$MY_USERNAME/gpg-genkey.conf
+ MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
- echo 'create_gpg_subkey' >> $COMPLETION_FILE
+ echo 'create_gpg_subkey' >> $COMPLETION_FILE
}
function gpg_key_exists {
- key_owner_username=$1
- key_search_text=$2
- if [[ $key_owner_username != "root" ]]; then
- KEY_EXISTS=$(su -c "gpg --list-keys \"${key_search_text}\"" - $key_owner_username)
- else
- KEY_EXISTS=$(gpg --list-keys "${key_search_text}")
- fi
- if [ ! "$KEY_EXISTS" ]; then
- echo "no"
- return
- fi
- if [ "$KEY_EXISTS" == *"error"* ]; then
- echo "no"
- return
- fi
- echo "yes"
+ key_owner_username=$1
+ key_search_text=$2
+ if [[ $key_owner_username != "root" ]]; then
+ KEY_EXISTS=$(su -c "gpg --list-keys \"${key_search_text}\"" - $key_owner_username)
+ else
+ KEY_EXISTS=$(gpg --list-keys "${key_search_text}")
+ fi
+ if [ ! "$KEY_EXISTS" ]; then
+ echo "no"
+ return
+ fi
+ if [ "$KEY_EXISTS" == *"error"* ]; then
+ echo "no"
+ return
+ fi
+ echo "yes"
}
function gpg_pubkey_from_email {
- key_owner_username=$1
- key_email_address=$2
- key_id=
- if [[ $key_owner_username != "root" ]]; then
- key_id=$(su -c "gpg --list-keys $key_email_address | grep 'pub '" - $key_owner_username | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
- else
- key_id=$(gpg --list-keys $key_email_address | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
- fi
- echo $key_id
+ key_owner_username=$1
+ key_email_address=$2
+ key_id=
+ if [[ $key_owner_username != "root" ]]; then
+ key_id=$(su -c "gpg --list-keys $key_email_address | grep 'pub '" - $key_owner_username | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+ else
+ key_id=$(gpg --list-keys $key_email_address | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+ fi
+ echo $key_id
}
function configure_gpg {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "configure_gpg" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install gnupg
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "configure_gpg" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install gnupg
- gpg_dir=/home/$MY_USERNAME/.gnupg
+ gpg_dir=/home/$MY_USERNAME/.gnupg
- # if gpg keys directory was previously imported from usb
- if [[ $GPG_KEYS_IMPORTED == "yes" && -d $gpg_dir ]]; then
- echo $'GPG keys were imported'
- sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
- MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
- if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
- echo $'GPG public key ID could not be obtained'
- fi
- chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
- chmod 700 $gpg_dir
- chmod 600 $gpg_dir/*
- echo 'configure_gpg' >> $COMPLETION_FILE
- return
- fi
+ # if gpg keys directory was previously imported from usb
+ if [[ $GPG_KEYS_IMPORTED == "yes" && -d $gpg_dir ]]; then
+ echo $'GPG keys were imported'
+ sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
+ MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
+ if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
+ echo $'GPG public key ID could not be obtained'
+ fi
+ chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
+ chmod 700 $gpg_dir
+ chmod 600 $gpg_dir/*
+ echo 'configure_gpg' >> $COMPLETION_FILE
+ return
+ fi
- if [ ! -d $gpg_dir ]; then
- mkdir $gpg_dir
- echo "keyserver $GPG_KEYSERVER" >> $gpg_dir/gpg.conf
- echo 'keyserver-options auto-key-retrieve' >> $gpg_dir/gpg.conf
- fi
+ if [ ! -d $gpg_dir ]; then
+ mkdir $gpg_dir
+ echo "keyserver $GPG_KEYSERVER" >> $gpg_dir/gpg.conf
+ echo 'keyserver-options auto-key-retrieve' >> $gpg_dir/gpg.conf
+ fi
- sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
+ sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
- if ! grep -q "# default preferences" $gpg_dir/gpg.conf; then
- echo '' >> $gpg_dir/gpg.conf
- echo '# default preferences' >> $gpg_dir/gpg.conf
- echo 'personal-digest-preferences SHA256' >> $gpg_dir/gpg.conf
- echo 'cert-digest-algo SHA256' >> $gpg_dir/gpg.conf
- echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> $gpg_dir/gpg.conf
- fi
+ if ! grep -q "# default preferences" $gpg_dir/gpg.conf; then
+ echo '' >> $gpg_dir/gpg.conf
+ echo '# default preferences' >> $gpg_dir/gpg.conf
+ echo 'personal-digest-preferences SHA256' >> $gpg_dir/gpg.conf
+ echo 'cert-digest-algo SHA256' >> $gpg_dir/gpg.conf
+ echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> $gpg_dir/gpg.conf
+ fi
- chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
- chmod 700 $gpg_dir
- chmod 600 $gpg_dir/*
+ chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
+ chmod 700 $gpg_dir
+ chmod 600 $gpg_dir/*
- if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then
- echo $'Importing GPG keys from file'
- echo $"Public key: $MY_GPG_PUBLIC_KEY"
- echo $"Private key: $MY_GPG_PRIVATE_KEY"
+ if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then
+ echo $'Importing GPG keys from file'
+ echo $"Public key: $MY_GPG_PUBLIC_KEY"
+ echo $"Private key: $MY_GPG_PRIVATE_KEY"
- # use your existing GPG keys which were exported
- if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
- echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found"
- exit 2483
- fi
- if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
- echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found"
- exit 5383
- fi
- su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
- su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
- KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
- if [[ $KEY_EXISTS == "no" ]]; then
- echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported"
- exit 13821
- fi
+ # use your existing GPG keys which were exported
+ if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
+ echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found"
+ exit 2483
+ fi
+ if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
+ echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found"
+ exit 5383
+ fi
+ su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
+ su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
+ KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
+ if [[ $KEY_EXISTS == "no" ]]; then
+ echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported"
+ exit 13821
+ fi
- # for security ensure that the private key file doesn't linger around
- shred -zu $MY_GPG_PRIVATE_KEY
- MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
- if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
- echo $'GPG public key ID could not be obtained'
- fi
- else
- # Generate a GPG key
- echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
- echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
- echo $'Generating a new GPG key'
- su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
- KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
- if [[ $KEY_EXISTS == "no" ]]; then
- echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
- exit 6362
- fi
- shred -zu /home/$MY_USERNAME/gpg-genkey.conf
- MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
- if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
- echo $'GPG public key ID could not be obtained'
- fi
- MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
- su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
+ # for security ensure that the private key file doesn't linger around
+ shred -zu $MY_GPG_PRIVATE_KEY
+ MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
+ if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
+ echo $'GPG public key ID could not be obtained'
+ fi
+ else
+ # Generate a GPG key
+ echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
+ echo $'Generating a new GPG key'
+ su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+ KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
+ if [[ $KEY_EXISTS == "no" ]]; then
+ echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
+ exit 6362
+ fi
+ shred -zu /home/$MY_USERNAME/gpg-genkey.conf
+ MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
+ if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
+ echo $'GPG public key ID could not be obtained'
+ fi
+ MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
+ su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
- if grep -q "configure_email" $COMPLETION_FILE; then
- if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Change your GPG password' >> /home/$MY_USERNAME/README
- echo '========================' >> /home/$MY_USERNAME/README
- echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
- echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
- echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
- echo $'You can change the it with:' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
- echo ' passwd' >> /home/$MY_USERNAME/README
- echo ' save' >> /home/$MY_USERNAME/README
- echo ' quit' >> /home/$MY_USERNAME/README
- fi
- if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Publish your GPG public key' >> /home/$MY_USERNAME/README
- echo '===========================' >> /home/$MY_USERNAME/README
- echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
- echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
- fi
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
- fi
+ if grep -q "configure_email" $COMPLETION_FILE; then
+ if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Change your GPG password' >> /home/$MY_USERNAME/README
+ echo '========================' >> /home/$MY_USERNAME/README
+ echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
+ echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
+ echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
+ echo $'You can change the it with:' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
+ echo ' passwd' >> /home/$MY_USERNAME/README
+ echo ' save' >> /home/$MY_USERNAME/README
+ echo ' quit' >> /home/$MY_USERNAME/README
+ fi
+ if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Publish your GPG public key' >> /home/$MY_USERNAME/README
+ echo '===========================' >> /home/$MY_USERNAME/README
+ echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
+ echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
+ fi
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
+ fi
- echo 'configure_gpg' >> $COMPLETION_FILE
+ echo 'configure_gpg' >> $COMPLETION_FILE
}
function refresh_gpg_keys {
- if ! grep -q "${PROJECT_NAME}-sec --refresh yes" /etc/crontab; then
- GPG_REFRESH_TIME=$(( RANDOM % 60 ))
- if [ -f /usr/local/bin/freedombone-sec ]; then
- echo "$GPG_REFRESH_TIME */$REFRESH_GPG_KEYS_HOURS * * * root /usr/local/bin/${PROJECT_NAME}-sec --refresh yes > /dev/null" >> /etc/crontab
- else
- echo "$GPG_REFRESH_TIME */$REFRESH_GPG_KEYS_HOURS * * * root /usr/bin/${PROJECT_NAME}-sec --refresh yes > /dev/null" >> /etc/crontab
- fi
- systemctl restart cron
- fi
+ if ! grep -q "${PROJECT_NAME}-sec --refresh yes" /etc/crontab; then
+ GPG_REFRESH_TIME=$(( RANDOM % 60 ))
+ if [ -f /usr/local/bin/freedombone-sec ]; then
+ echo "$GPG_REFRESH_TIME */$REFRESH_GPG_KEYS_HOURS * * * root /usr/local/bin/${PROJECT_NAME}-sec --refresh yes > /dev/null" >> /etc/crontab
+ else
+ echo "$GPG_REFRESH_TIME */$REFRESH_GPG_KEYS_HOURS * * * root /usr/bin/${PROJECT_NAME}-sec --refresh yes > /dev/null" >> /etc/crontab
+ fi
+ systemctl restart cron
+ fi
}
function configure_backup_key {
- if grep -Fxq "configure_backup_key" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install gnupg
+ if grep -Fxq "configure_backup_key" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install gnupg
- BACKUP_KEY_EXISTS=$(gpg_key_exists "root" "$MY_NAME (backup key)")
- if [[ $BACKUP_KEY_EXISTS == "yes" ]]; then
- return
- fi
+ BACKUP_KEY_EXISTS=$(gpg_key_exists "root" "$MY_NAME (backup key)")
+ if [[ $BACKUP_KEY_EXISTS == "yes" ]]; then
+ return
+ fi
- # Generate a GPG key for backups
- BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
- if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
- echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
- echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
- echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
- echo $'Backup key does not exist. Creating it.'
- su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
- shred -zu /home/$MY_USERNAME/gpg-genkey.conf
- echo $'Checking that the Backup key was created'
- BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
- if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
- echo $'Backup key could not be created'
- exit 43382
- fi
- fi
- MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
- echo "Backup key: $MY_BACKUP_KEY_ID"
- MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
- su -c "gpg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
- su -c "gpg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
- if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
- echo 'Public backup key could not be exported'
- exit 36829
- fi
- if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then
- echo 'Private backup key could not be exported'
- exit 29235
- fi
+ # Generate a GPG key for backups
+ BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
+ if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
+ echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf
+ echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
+ echo $'Backup key does not exist. Creating it.'
+ su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+ shred -zu /home/$MY_USERNAME/gpg-genkey.conf
+ echo $'Checking that the Backup key was created'
+ BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
+ if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
+ echo $'Backup key could not be created'
+ exit 43382
+ fi
+ fi
+ MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+ echo "Backup key: $MY_BACKUP_KEY_ID"
+ MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
+ su -c "gpg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
+ su -c "gpg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
+ if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
+ echo 'Public backup key could not be exported'
+ exit 36829
+ fi
+ if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then
+ echo 'Private backup key could not be exported'
+ exit 29235
+ fi
- # import backup key to root user
- gpg --import --import ${MY_BACKUP_KEY}_public.asc
- gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
+ # import backup key to root user
+ gpg --import --import ${MY_BACKUP_KEY}_public.asc
+ gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
- shred -zu ${MY_BACKUP_KEY}_public.asc
- shred -zu ${MY_BACKUP_KEY}_private.asc
+ shred -zu ${MY_BACKUP_KEY}_public.asc
+ shred -zu ${MY_BACKUP_KEY}_private.asc
- echo 'configure_backup_key' >> $COMPLETION_FILE
+ echo 'configure_backup_key' >> $COMPLETION_FILE
}
function install_monkeysphere {
- if grep -Fxq "install_monkeysphere" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install monkeysphere msva-perl
- #su -c "monkeysphere gen-subkey $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
- mkdir /home/$MY_USERNAME/.monkeysphere
- chmod 755 /home/$MY_USERNAME/.monkeysphere
- echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
- chmod 644 /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere
- monkeysphere-authentication update-users
+ if grep -Fxq "install_monkeysphere" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install monkeysphere msva-perl
+ #su -c "monkeysphere gen-subkey $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
+ mkdir /home/$MY_USERNAME/.monkeysphere
+ chmod 755 /home/$MY_USERNAME/.monkeysphere
+ echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
+ chmod 644 /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere
+ monkeysphere-authentication update-users
- if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
- echo $'monkeysphere import: ssh host key not found'
- exit 76295
- fi
- monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME
- SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
- monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME
+ if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
+ echo $'monkeysphere import: ssh host key not found'
+ exit 76295
+ fi
+ monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME
+ SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
+ monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME
- if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
- MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
- if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
- echo $'monkeysphere unable to get GPG key ID for user $MY_USERNAME'
- exit 52825
- fi
- fi
- # The admin user is the identity certifier
- fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
- monkeysphere-authentication add-identity-certifier $fpr
+ if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
+ MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
+ if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
+ echo $'monkeysphere unable to get GPG key ID for user $MY_USERNAME'
+ exit 52825
+ fi
+ fi
+ # The admin user is the identity certifier
+ fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+ monkeysphere-authentication add-identity-certifier $fpr
- echo 'install_monkeysphere' >> $COMPLETION_FILE
+ echo 'install_monkeysphere' >> $COMPLETION_FILE
}
function encrypt_incoming_email {
- # encrypts incoming mail using your GPG public key
- # so even if an attacker gains access to the data at rest they still need
- # to know your GPG key password to be able to read anything
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ # encrypts incoming mail using your GPG public key
+ # so even if an attacker gains access to the data at rest they still need
+ # to know your GPG key password to be able to read anything
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit $INSTALL_DIR/gpgit "gpgit commit" "$GPGIT_COMMIT" $GPGIT_REPO
+ # update to the next commit
+ set_repo_commit $INSTALL_DIR/gpgit "gpgit commit" "$GPGIT_COMMIT" $GPGIT_REPO
- if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then
+ return
+ fi
- if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
- return
- fi
+ if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
+ return
+ fi
- if [ ! -f /usr/bin/gpgit.pl ]; then
- apt-get -y install git libmail-gnupg-perl
- cd $INSTALL_DIR
- git_clone $GPGIT_REPO $INSTALL_DIR/gpgit
- cd $INSTALL_DIR/gpgit
- git checkout $GPGIT_COMMIT -b $GPGIT_COMMIT
- if ! grep -q "gpgit commit" $COMPLETION_FILE; then
- echo "gpgit commit:$GPGIT_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/gpgit commit.*/gpgit commit:$GPGIT_COMMIT/g" $COMPLETION_FILE
- fi
- cp gpgit.pl /usr/bin
- fi
+ if [ ! -f /usr/bin/gpgit.pl ]; then
+ apt-get -y install git libmail-gnupg-perl
+ cd $INSTALL_DIR
+ git_clone $GPGIT_REPO $INSTALL_DIR/gpgit
+ cd $INSTALL_DIR/gpgit
+ git checkout $GPGIT_COMMIT -b $GPGIT_COMMIT
+ if ! grep -q "gpgit commit" $COMPLETION_FILE; then
+ echo "gpgit commit:$GPGIT_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/gpgit commit.*/gpgit commit:$GPGIT_COMMIT/g" $COMPLETION_FILE
+ fi
+ cp gpgit.pl /usr/bin
+ fi
- # add a procmail rule
- if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
- echo '' >> /home/$MY_USERNAME/.procmailrc
- echo ':0 f' >> /home/$MY_USERNAME/.procmailrc
- echo "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
- echo '' >> /etc/skel/.procmailrc
- echo ':0 f' >> /etc/skel/.procmailrc
- echo -n '| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $USER@' >> /etc/skel/.procmailrc
- echo "$DEFAULT_DOMAIN_NAME" >> /etc/skel/.procmailrc
- fi
- echo 'encrypt_incoming_email' >> $COMPLETION_FILE
+ # add a procmail rule
+ if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
+ echo '' >> /home/$MY_USERNAME/.procmailrc
+ echo ':0 f' >> /home/$MY_USERNAME/.procmailrc
+ echo "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
+ echo '' >> /etc/skel/.procmailrc
+ echo ':0 f' >> /etc/skel/.procmailrc
+ echo -n '| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $USER@' >> /etc/skel/.procmailrc
+ echo "$DEFAULT_DOMAIN_NAME" >> /etc/skel/.procmailrc
+ fi
+ echo 'encrypt_incoming_email' >> $COMPLETION_FILE
}
function encrypt_outgoing_email {
- # encrypts outgoing mail using your GPG public key
- # so even if an attacker gains access to the data at rest they still need
- # to know your GPG key password to be able to read sent mail
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then
- return
- fi
- if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
- return
- fi
+ # encrypts outgoing mail using your GPG public key
+ # so even if an attacker gains access to the data at rest they still need
+ # to know your GPG key password to be able to read sent mail
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
+ return
+ fi
- if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
- return
- fi
+ if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+ return
+ fi
- if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
- return
- fi
+ if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
+ return
+ fi
- # obtain your public key ID
- if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
- MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
- if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
- return
- fi
- if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
- return
- fi
- fi
+ # obtain your public key ID
+ if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
+ MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
+ if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
+ return
+ fi
+ if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
+ return
+ fi
+ fi
- if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
- echo '' >> /home/$MY_USERNAME/.muttrc
- echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
- echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
- else
- sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
- fi
+ if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
+ echo '' >> /home/$MY_USERNAME/.muttrc
+ echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
+ echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+ else
+ sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+ fi
- if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
- echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
- else
- sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
- fi
+ if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
+ echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+ else
+ sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+ fi
- echo 'encrypt_outgoing_email' >> $COMPLETION_FILE
+ echo 'encrypt_outgoing_email' >> $COMPLETION_FILE
}
function encrypt_all_email {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
+ return
+ fi
- if [ -f /usr/local/bin/${PROJECT_NAME}-encrypt-mail ]; then
- cp /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
- else
- cp /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
- fi
- chmod +x /usr/bin/encmaildir
+ if [ -f /usr/local/bin/${PROJECT_NAME}-encrypt-mail ]; then
+ cp /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
+ else
+ cp /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
+ fi
+ chmod +x /usr/bin/encmaildir
- if grep -Fxq "encrypt_all_email" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "encrypt_all_email" $COMPLETION_FILE; then
+ return
+ fi
- if [ ! /home/$MY_USERNAME/README ]; then
- touch /home/$MY_USERNAME/README
- fi
- if ! grep -q $"If you have imported legacy email which is not encrypted" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Encrypting legacy email' >> /home/$MY_USERNAME/README
- echo '=======================' >> /home/$MY_USERNAME/README
- echo $'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME/README
- echo $'then it can be encrypted with the command:' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo ' encmaildir' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME/README
- echo $'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME/README
- echo $'and may be better done on a faster machine.' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if [ ! /home/$MY_USERNAME/README ]; then
+ touch /home/$MY_USERNAME/README
+ fi
+ if ! grep -q $"If you have imported legacy email which is not encrypted" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Encrypting legacy email' >> /home/$MY_USERNAME/README
+ echo '=======================' >> /home/$MY_USERNAME/README
+ echo $'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME/README
+ echo $'then it can be encrypted with the command:' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo ' encmaildir' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME/README
+ echo $'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME/README
+ echo $'and may be better done on a faster machine.' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo 'encrypt_all_email' >> $COMPLETION_FILE
+ echo 'encrypt_all_email' >> $COMPLETION_FILE
}
function email_client {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "email_client" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install mutt-patched lynx abook
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "email_client" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install mutt-patched lynx abook
- if [ ! -f /etc/Muttrc ]; then
- echo $"ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE"
- exit 49
- fi
+ if [ ! -f /etc/Muttrc ]; then
+ echo $"ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE"
+ exit 49
+ fi
- if [ ! -d /home/$MY_USERNAME/.mutt ]; then
- mkdir /home/$MY_USERNAME/.mutt
- fi
- echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap
- cp /home/$MY_USERNAME/.mutt/mailcap /etc/skel/.mutt
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
- chown -R root:root /etc/skel/.mutt
+ if [ ! -d /home/$MY_USERNAME/.mutt ]; then
+ mkdir /home/$MY_USERNAME/.mutt
+ fi
+ echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap
+ cp /home/$MY_USERNAME/.mutt/mailcap /etc/skel/.mutt
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
+ chown -R root:root /etc/skel/.mutt
- echo 'set mbox_type=Maildir' >> /etc/Muttrc
- echo 'set folder="~/Maildir"' >> /etc/Muttrc
- echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc
- echo 'set mbox="~/Maildir"' >> /etc/Muttrc
- echo 'set record="+Sent"' >> /etc/Muttrc
- echo 'set postponed="+Drafts"' >> /etc/Muttrc
- echo 'set trash="+Trash"' >> /etc/Muttrc
- echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc
- echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc
- echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /etc/Muttrc
- echo 'set header_cache="+.cache"' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo 'macro index S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc
- echo 'macro pager S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc
- echo 'macro index H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc
- echo 'macro pager H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# set up the sidebar' >> /etc/Muttrc
- echo 'set sidebar_width=22' >> /etc/Muttrc
- echo 'set sidebar_visible=yes' >> /etc/Muttrc
- echo "set sidebar_delim='|'" >> /etc/Muttrc
- echo 'set sidebar_sort=yes' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo 'set rfc2047_parameters' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# Show inbox and sent items' >> /etc/Muttrc
- echo 'mailboxes = =Sent =maybe-spam =spam' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc
- echo 'color sidebar_new yellow default' >> /etc/Muttrc
- echo 'color normal white default' >> /etc/Muttrc
- echo 'color hdrdefault brightcyan default' >> /etc/Muttrc
- echo 'color signature green default' >> /etc/Muttrc
- echo 'color attachment brightyellow default' >> /etc/Muttrc
- echo 'color quoted green default' >> /etc/Muttrc
- echo 'color quoted1 white default' >> /etc/Muttrc
- echo 'color tilde blue default' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc
- echo '# ctrl-o to open selected folder' >> /etc/Muttrc
- echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc
- echo 'bind index \Cn sidebar-next' >> /etc/Muttrc
- echo 'bind index \Co sidebar-open' >> /etc/Muttrc
- echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc
- echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc
- echo 'bind pager \Co sidebar-open' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc
- echo "macro index,pager \Cb 'toggle sidebar_visible' 'toggle sidebar'" >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# esc-m Mark new messages as read' >> /etc/Muttrc
- echo 'macro index m "T~N;WNT~O;WO\CT~T" "mark all messages read"' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# Collapsing threads' >> /etc/Muttrc
- echo 'macro index [ "" "collapse/uncollapse thread"' >> /etc/Muttrc
- echo 'macro index ] "" "collapse/uncollapse all threads"' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# threads containing new messages' >> /etc/Muttrc
- echo 'uncolor index "~(~N)"' >> /etc/Muttrc
- echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# new messages themselves' >> /etc/Muttrc
- echo 'uncolor index "~N"' >> /etc/Muttrc
- echo 'color index brightyellow default "~N"' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# GPG/PGP integration' >> /etc/Muttrc
- echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc
- echo 'set pgp_timeout=1800' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc
- echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc
- echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc
- echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc
- echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc
- echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc
- echo 'set fcc_clear=no # Keep encrypted copy of sent encrypted mail' >> /etc/Muttrc
- echo 'unset smime_is_default' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc
- echo 'source ~/.mutt-alias' >> /etc/Muttrc
- echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc
- echo 'macro index,pager A "abook --add-email-quiet" "add the sender address to abook"' >> /etc/Muttrc
- echo '' >> /etc/Muttrc
- echo '# Optional relay of SMTP via ISP' >> /etc/Muttrc
- echo '#set smtp_url="smtps://username:password@isp_mail_domain:465/"' >> /etc/Muttrc
+ echo 'set mbox_type=Maildir' >> /etc/Muttrc
+ echo 'set folder="~/Maildir"' >> /etc/Muttrc
+ echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc
+ echo 'set mbox="~/Maildir"' >> /etc/Muttrc
+ echo 'set record="+Sent"' >> /etc/Muttrc
+ echo 'set postponed="+Drafts"' >> /etc/Muttrc
+ echo 'set trash="+Trash"' >> /etc/Muttrc
+ echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc
+ echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc
+ echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /etc/Muttrc
+ echo 'set header_cache="+.cache"' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo 'macro index S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc
+ echo 'macro pager S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc
+ echo 'macro index H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc
+ echo 'macro pager H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# set up the sidebar' >> /etc/Muttrc
+ echo 'set sidebar_width=22' >> /etc/Muttrc
+ echo 'set sidebar_visible=yes' >> /etc/Muttrc
+ echo "set sidebar_delim='|'" >> /etc/Muttrc
+ echo 'set sidebar_sort=yes' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo 'set rfc2047_parameters' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# Show inbox and sent items' >> /etc/Muttrc
+ echo 'mailboxes = =Sent =maybe-spam =spam' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc
+ echo 'color sidebar_new yellow default' >> /etc/Muttrc
+ echo 'color normal white default' >> /etc/Muttrc
+ echo 'color hdrdefault brightcyan default' >> /etc/Muttrc
+ echo 'color signature green default' >> /etc/Muttrc
+ echo 'color attachment brightyellow default' >> /etc/Muttrc
+ echo 'color quoted green default' >> /etc/Muttrc
+ echo 'color quoted1 white default' >> /etc/Muttrc
+ echo 'color tilde blue default' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc
+ echo '# ctrl-o to open selected folder' >> /etc/Muttrc
+ echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc
+ echo 'bind index \Cn sidebar-next' >> /etc/Muttrc
+ echo 'bind index \Co sidebar-open' >> /etc/Muttrc
+ echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc
+ echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc
+ echo 'bind pager \Co sidebar-open' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc
+ echo "macro index,pager \Cb 'toggle sidebar_visible' 'toggle sidebar'" >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# esc-m Mark new messages as read' >> /etc/Muttrc
+ echo 'macro index m "T~N;WNT~O;WO\CT~T" "mark all messages read"' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# Collapsing threads' >> /etc/Muttrc
+ echo 'macro index [ "" "collapse/uncollapse thread"' >> /etc/Muttrc
+ echo 'macro index ] "" "collapse/uncollapse all threads"' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# threads containing new messages' >> /etc/Muttrc
+ echo 'uncolor index "~(~N)"' >> /etc/Muttrc
+ echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# new messages themselves' >> /etc/Muttrc
+ echo 'uncolor index "~N"' >> /etc/Muttrc
+ echo 'color index brightyellow default "~N"' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# GPG/PGP integration' >> /etc/Muttrc
+ echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc
+ echo 'set pgp_timeout=1800' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc
+ echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc
+ echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc
+ echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc
+ echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc
+ echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc
+ echo 'set fcc_clear=no # Keep encrypted copy of sent encrypted mail' >> /etc/Muttrc
+ echo 'unset smime_is_default' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc
+ echo 'source ~/.mutt-alias' >> /etc/Muttrc
+ echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc
+ echo 'macro index,pager A "abook --add-email-quiet" "add the sender address to abook"' >> /etc/Muttrc
+ echo '' >> /etc/Muttrc
+ echo '# Optional relay of SMTP via ISP' >> /etc/Muttrc
+ echo '#set smtp_url="smtps://username:password@isp_mail_domain:465/"' >> /etc/Muttrc
- # create an Emacs configuration specifically for use with Mutt, which
- # has word wrap and spell checking on by default
- echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$MY_USERNAME/.emacs-mutt
- echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs-mutt
- echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs-mutt
- echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs-mutt
- echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs-mutt
- echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs-mutt
- echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs-mutt
- echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs-mutt
- echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs-mutt
- echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs-mutt
- echo "(dolist (hook '(text-mode-hook))" >> /home/$MY_USERNAME/.emacs-mutt
- echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$MY_USERNAME/.emacs-mutt
- echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs-mutt
- echo '(setq auto-fill-mode 0)' >> /home/$MY_USERNAME/.emacs-mutt
- echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt
- echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt
+ # create an Emacs configuration specifically for use with Mutt, which
+ # has word wrap and spell checking on by default
+ echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$MY_USERNAME/.emacs-mutt
+ echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs-mutt
+ echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs-mutt
+ echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs-mutt
+ echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs-mutt
+ echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs-mutt
+ echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs-mutt
+ echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs-mutt
+ echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs-mutt
+ echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs-mutt
+ echo "(dolist (hook '(text-mode-hook))" >> /home/$MY_USERNAME/.emacs-mutt
+ echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$MY_USERNAME/.emacs-mutt
+ echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs-mutt
+ echo '(setq auto-fill-mode 0)' >> /home/$MY_USERNAME/.emacs-mutt
+ echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt
+ echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt
- # add the emacs mutt configuration to the user profile skeleton
- if [ ! -f /etc/skel/.emacs-mutt ]; then
- cp /home/$MY_USERNAME/.emacs-mutt /etc/skel/.emacs-mutt
- chown root:root /etc/skel/.emacs-mutt
- fi
+ # add the emacs mutt configuration to the user profile skeleton
+ if [ ! -f /etc/skel/.emacs-mutt ]; then
+ cp /home/$MY_USERNAME/.emacs-mutt /etc/skel/.emacs-mutt
+ chown root:root /etc/skel/.emacs-mutt
+ fi
- cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc
- cp -f /etc/Muttrc /etc/skel/.muttrc
- touch /home/$MY_USERNAME/.mutt-alias
- cp /home/$MY_USERNAME/.mutt-alias /etc/skel/.mutt-alias
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs-mutt
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias
+ cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc
+ cp -f /etc/Muttrc /etc/skel/.muttrc
+ touch /home/$MY_USERNAME/.mutt-alias
+ cp /home/$MY_USERNAME/.mutt-alias /etc/skel/.mutt-alias
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs-mutt
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias
- # default user on generic images
- if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then
- cp -f /etc/Muttrc /home/${GENERIC_IMAGE_USERNAME}/.muttrc
- chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.muttrc
- touch /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
- chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
- cp /etc/skel/.emacs-mutt /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt
- chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt
- fi
+ # default user on generic images
+ if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then
+ cp -f /etc/Muttrc /home/${GENERIC_IMAGE_USERNAME}/.muttrc
+ chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.muttrc
+ touch /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
+ chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
+ cp /etc/skel/.emacs-mutt /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt
+ chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt
+ fi
- echo 'email_client' >> $COMPLETION_FILE
+ echo 'email_client' >> $COMPLETION_FILE
}
function email_archiving {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- # ensure that the mail archive script is up to date
- if [ -f /usr/local/bin/${PROJECT_NAME}-archive-mail ]; then
- cp /usr/local/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
- else
- if [ -f /usr/bin/${PROJECT_NAME}-archive-mail ]; then
- cp /usr/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
- else
- echo "/usr/bin/${PROJECT_NAME}-archive-mail was not found. ${PROJECT_NAME} might not have fully installed."
- exit 62379
- fi
- fi
- chmod +x /etc/cron.daily/archivemail
+ # ensure that the mail archive script is up to date
+ if [ -f /usr/local/bin/${PROJECT_NAME}-archive-mail ]; then
+ cp /usr/local/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
+ else
+ if [ -f /usr/bin/${PROJECT_NAME}-archive-mail ]; then
+ cp /usr/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
+ else
+ echo "/usr/bin/${PROJECT_NAME}-archive-mail was not found. ${PROJECT_NAME} might not have fully installed."
+ exit 62379
+ fi
+ fi
+ chmod +x /etc/cron.daily/archivemail
- # update to the next commit
- set_repo_commit $INSTALL_DIR/cleanup-maildir "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT" $CLEANUP_MAILDIR_REPO
+ # update to the next commit
+ set_repo_commit $INSTALL_DIR/cleanup-maildir "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT" $CLEANUP_MAILDIR_REPO
- if grep -Fxq "email_archiving" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "email_archiving" $COMPLETION_FILE; then
+ return
+ fi
- if [ ! -d $INSTALL_DIR ]; then
- mkdir $INSTALL_DIR
- fi
- cd $INSTALL_DIR
- git_clone $CLEANUP_MAILDIR_REPO $INSTALL_DIR/cleanup-maildir
- cd $INSTALL_DIR/cleanup-maildir
- git checkout $CLEANUP_MAILDIR_COMMIT -b $CLEANUP_MAILDIR_COMMIT
- if ! grep -q "cleanup-maildir commit" $COMPLETION_FILE; then
- echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/cleanup-maildir commit.*/cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT/g" $COMPLETION_FILE
- fi
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir $INSTALL_DIR
+ fi
+ cd $INSTALL_DIR
+ git_clone $CLEANUP_MAILDIR_REPO $INSTALL_DIR/cleanup-maildir
+ cd $INSTALL_DIR/cleanup-maildir
+ git checkout $CLEANUP_MAILDIR_COMMIT -b $CLEANUP_MAILDIR_COMMIT
+ if ! grep -q "cleanup-maildir commit" $COMPLETION_FILE; then
+ echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/cleanup-maildir commit.*/cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT/g" $COMPLETION_FILE
+ fi
- cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
+ cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
- echo 'email_archiving' >> $COMPLETION_FILE
+ echo 'email_archiving' >> $COMPLETION_FILE
}
# Ensure that the from field is correct when sending email from Mutt
function email_from_address {
- if grep -Fxq "email_from_address" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "email_from_address" $COMPLETION_FILE; then
+ return
+ fi
- if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
- return
- fi
- if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
- sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" /home/$MY_USERNAME/.muttrc
- else
- echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc
- fi
+ if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
+ return
+ fi
+ if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
+ sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" /home/$MY_USERNAME/.muttrc
+ else
+ echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc
+ fi
- echo 'email_from_address' >> $COMPLETION_FILE
+ echo 'email_from_address' >> $COMPLETION_FILE
}
function create_public_mailing_list {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then
- return
- fi
- if [ ! $PUBLIC_MAILING_LIST ]; then
- return
- fi
- # does the mailing list have a separate domain name?
- if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then
- PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then
+ return
+ fi
+ if [ ! $PUBLIC_MAILING_LIST ]; then
+ return
+ fi
+ # does the mailing list have a separate domain name?
+ if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then
+ PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
+ fi
- PUBLIC_MAILING_LIST_USER="mlmmj"
+ PUBLIC_MAILING_LIST_USER="mlmmj"
- apt-get -y install mlmmj
- adduser --system $PUBLIC_MAILING_LIST_USER
- addgroup $PUBLIC_MAILING_LIST_USER
- adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER
+ apt-get -y install mlmmj
+ adduser --system $PUBLIC_MAILING_LIST_USER
+ addgroup $PUBLIC_MAILING_LIST_USER
+ adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER
- echo ''
- echo $"Creating the $PUBLIC_MAILING_LIST mailing list"
- echo ''
+ echo ''
+ echo $"Creating the $PUBLIC_MAILING_LIST mailing list"
+ echo ''
- # create the list
- mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER
+ # create the list
+ mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER
- echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros
- echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
- echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
+ echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros
+ echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
+ echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
- # router
- echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ # router
+ echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+ echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
- # transport
- echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
- echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
- echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
- echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
- echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
- echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
- echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
- echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
- echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
+ # transport
+ echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
+ echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
+ echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
+ echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
+ echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
+ echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
+ echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
+ echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
+ echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
- if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
- sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
- fi
- if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
- sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
- fi
+ if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
+ sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
+ fi
+ if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
+ sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
+ fi
- if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
- sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
- fi
- if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
- sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
- fi
+ if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
+ sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
+ fi
+ if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
+ sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
+ fi
- if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then
- sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary
- fi
- newaliases
- update-exim4.conf.template -r
- update-exim4.conf
- systemctl restart exim4
+ if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then
+ sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary
+ fi
+ newaliases
+ update-exim4.conf.template -r
+ update-exim4.conf
+ systemctl restart exim4
- if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README
- echo '=================================' >> /home/$MY_USERNAME/README
- echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README
- echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README
+ echo '=================================' >> /home/$MY_USERNAME/README
+ echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README
+ echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- ${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST"
+ ${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST"
- echo 'create_public_mailing_list' >> $COMPLETION_FILE
+ echo 'create_public_mailing_list' >> $COMPLETION_FILE
}
function create_private_mailing_list {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- # This installation doesn't work, results in ruby errors
- # There is currently no schleuder package for Debian jessie
- if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then
- return
- fi
- if [ ! $PRIVATE_MAILING_LIST ]; then
- return
- fi
- if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then
- echo $'The name of the private mailing list should not be the same as your username'
- exit 10
- fi
- if [ ! $MY_GPG_PUBLIC_KEY ]; then
- echo $'To create a private mailing list you need to specify a file'
- echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at'
- echo $'the top of the script'
- exit 11
- fi
- apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev
- gem install schleuder
- schleuder-fix-gem-dependencies
- schleuder-init-setup --gem
- # NOTE: this is version number sensitive and so might need changing
- ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder
- sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf
- sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf
- schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
- ${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ # This installation doesn't work, results in ruby errors
+ # There is currently no schleuder package for Debian jessie
+ if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then
+ return
+ fi
+ if [ ! $PRIVATE_MAILING_LIST ]; then
+ return
+ fi
+ if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then
+ echo $'The name of the private mailing list should not be the same as your username'
+ exit 10
+ fi
+ if [ ! $MY_GPG_PUBLIC_KEY ]; then
+ echo $'To create a private mailing list you need to specify a file'
+ echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at'
+ echo $'the top of the script'
+ exit 11
+ fi
+ apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev
+ gem install schleuder
+ schleuder-fix-gem-dependencies
+ schleuder-init-setup --gem
+ # NOTE: this is version number sensitive and so might need changing
+ ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder
+ sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf
+ sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf
+ schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
+ ${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST
- echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder
- echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
- echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
- echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
- echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
- echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
- echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
- echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
- echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
- echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
+ echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder
+ echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
+ echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
+ echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
+ echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
+ echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
+ echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
+ echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
+ echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
+ echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
- echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder
- echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
- echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
- echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
- echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
- chown -R schleuder:schleuder /var/lib/schleuder
- update-exim4.conf.template -r
- update-exim4.conf
- systemctl restart exim4
- useradd -d /var/schleuderlists -s /bin/false schleuder
- adduser Debian-exim schleuder
- usermod -a -G mail schleuder
- #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME
- echo 'create_private_mailing_list' >> $COMPLETION_FILE
+ echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder
+ echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
+ echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
+ echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
+ echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
+ chown -R schleuder:schleuder /var/lib/schleuder
+ update-exim4.conf.template -r
+ update-exim4.conf
+ systemctl restart exim4
+ useradd -d /var/schleuderlists -s /bin/false schleuder
+ adduser Debian-exim schleuder
+ usermod -a -G mail schleuder
+ #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME
+ echo 'create_private_mailing_list' >> $COMPLETION_FILE
}
function split_gpg_key_into_fragments {
- # split the gpg key into fragments if social key management is enabled
- if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
- echo 'Splitting GPG key. You may need to enter your passphrase.'
- ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
- if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
- echo 'Yhe GPG key could not be split'
- exit 86548
- fi
- fi
+ # split the gpg key into fragments if social key management is enabled
+ if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
+ echo 'Splitting GPG key. You may need to enter your passphrase.'
+ ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
+ if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
+ echo 'Yhe GPG key could not be split'
+ exit 86548
+ fi
+ fi
}
function import_email {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- EMAIL_COMPLETE_MSG=$"
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ EMAIL_COMPLETE_MSG=$"
*** ${PROJECT_NAME} mailbox installation is complete ***
- Now on your internet router forward ports
- 25, 587, 465, 993 and 2222 to the ${PROJECT_NAME}
+ Now on your internet router forward ports
+ 25, 587, 465, 993 and 2222 to the ${PROJECT_NAME}
"
- if grep -Fxq "import_email" $COMPLETION_FILE; then
- if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
- backup_to_friends_servers
- intrusion_detection
- split_gpg_key_into_fragments
- clear
- echo ''
- echo "$EMAIL_COMPLETE_MSG"
- if [ -d $USB_MOUNT ]; then
- umount $USB_MOUNT
- rm -rf $USB_MOUNT
- echo $' You can now remove the USB drive'
- fi
- exit 0
- fi
- return
- fi
- if [ $IMPORT_MAILDIR ]; then
- if [ -d $IMPORT_MAILDIR ]; then
- echo $'Transfering email files'
- cp -r $IMPORT_MAILDIR /home/$MY_USERNAME
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
- else
- echo $"Email import directory $IMPORT_MAILDIR not found"
- exit 9
- fi
- fi
- echo 'import_email' >> $COMPLETION_FILE
- if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
- backup_to_friends_servers
- intrusion_detection
- split_gpg_key_into_fragments
- # unmount any attached usb drive
- clear
- echo ''
- echo "$EMAIL_COMPLETE_MSG"
- echo ''
- if [ -d $USB_MOUNT ]; then
- umount $USB_MOUNT
- rm -rf $USB_MOUNT
- echo $' You can now remove the USB drive'
- fi
- exit 0
- fi
+ if grep -Fxq "import_email" $COMPLETION_FILE; then
+ if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
+ backup_to_friends_servers
+ intrusion_detection
+ split_gpg_key_into_fragments
+ clear
+ echo ''
+ echo "$EMAIL_COMPLETE_MSG"
+ if [ -d $USB_MOUNT ]; then
+ umount $USB_MOUNT
+ rm -rf $USB_MOUNT
+ echo $' You can now remove the USB drive'
+ fi
+ exit 0
+ fi
+ return
+ fi
+ if [ $IMPORT_MAILDIR ]; then
+ if [ -d $IMPORT_MAILDIR ]; then
+ echo $'Transfering email files'
+ cp -r $IMPORT_MAILDIR /home/$MY_USERNAME
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
+ else
+ echo $"Email import directory $IMPORT_MAILDIR not found"
+ exit 9
+ fi
+ fi
+ echo 'import_email' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
+ backup_to_friends_servers
+ intrusion_detection
+ split_gpg_key_into_fragments
+ # unmount any attached usb drive
+ clear
+ echo ''
+ echo "$EMAIL_COMPLETE_MSG"
+ echo ''
+ if [ -d $USB_MOUNT ]; then
+ umount $USB_MOUNT
+ rm -rf $USB_MOUNT
+ echo $' You can now remove the USB drive'
+ fi
+ exit 0
+ fi
}
function install_web_server {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit $INSTALL_DIR/nginx_ensite "Nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO
+ # update to the next commit
+ set_repo_commit $INSTALL_DIR/nginx_ensite "Nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO
- if grep -Fxq "install_web_server" $COMPLETION_FILE; then
- return
- fi
- # remove apache
- apt-get -y remove --purge apache2
- if [ -d /etc/apache2 ]; then
- rm -rf /etc/apache2
- fi
- # install nginx
- apt-get -y install nginx php5-fpm git
+ if grep -Fxq "install_web_server" $COMPLETION_FILE; then
+ return
+ fi
+ # remove apache
+ apt-get -y remove --purge apache2
+ if [ -d /etc/apache2 ]; then
+ rm -rf /etc/apache2
+ fi
+ # install nginx
+ apt-get -y install nginx php5-fpm git
- # limit the number of php processes
- sed -i 's/; process.max =.*/process.max = 32/g' /etc/php5/fpm/php-fpm.conf
- sed -i 's/;process_control_timeout =.*/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf
+ # limit the number of php processes
+ sed -i 's/; process.max =.*/process.max = 32/g' /etc/php5/fpm/php-fpm.conf
+ sed -i 's/;process_control_timeout =.*/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf
- if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then
- echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf
- echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf
- echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf
- echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf
- echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf
- fi
+ if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then
+ echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf
+ echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf
+ echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf
+ echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf
+ echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf
+ fi
- if [ ! -d /etc/nginx ]; then
- echo $"ERROR: nginx does not appear to have installed. $CHECK_MESSAGE"
- exit 51
- fi
+ if [ ! -d /etc/nginx ]; then
+ echo $"ERROR: nginx does not appear to have installed. $CHECK_MESSAGE"
+ exit 51
+ fi
- # Nginx settings
- echo 'user www-data;' > /etc/nginx/nginx.conf
- #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf
- echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo 'events {' >> /etc/nginx/nginx.conf
- echo ' worker_connections 50;' >> /etc/nginx/nginx.conf
- echo ' # multi_accept on;' >> /etc/nginx/nginx.conf
- echo '}' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo 'http {' >> /etc/nginx/nginx.conf
- echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf
- echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf
- echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf
- echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf
- echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf
- echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf
- echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf
- echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' ##' >> /etc/nginx/nginx.conf
- echo ' # Basic Settings' >> /etc/nginx/nginx.conf
- echo ' ##' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' sendfile on;' >> /etc/nginx/nginx.conf
- echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf
- echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf
- echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf
- echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf
- echo ' server_tokens off;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf
- echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf
- echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' ##' >> /etc/nginx/nginx.conf
- echo ' # Logging Settings' >> /etc/nginx/nginx.conf
- echo ' ##' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf
- echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' ###' >> /etc/nginx/nginx.conf
- echo ' # Gzip Settings' >> /etc/nginx/nginx.conf
- echo ' ##' >> /etc/nginx/nginx.conf
- echo ' gzip on;' >> /etc/nginx/nginx.conf
- echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf
- echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf
- echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf
- echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf
- echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf
- echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' ##' >> /etc/nginx/nginx.conf
- echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf
- echo ' ##' >> /etc/nginx/nginx.conf
- echo '' >> /etc/nginx/nginx.conf
- echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf
- echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf
- echo '}' >> /etc/nginx/nginx.conf
+ # Nginx settings
+ echo 'user www-data;' > /etc/nginx/nginx.conf
+ #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf
+ echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo 'events {' >> /etc/nginx/nginx.conf
+ echo ' worker_connections 50;' >> /etc/nginx/nginx.conf
+ echo ' # multi_accept on;' >> /etc/nginx/nginx.conf
+ echo '}' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo 'http {' >> /etc/nginx/nginx.conf
+ echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf
+ echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf
+ echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf
+ echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf
+ echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf
+ echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf
+ echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf
+ echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' ##' >> /etc/nginx/nginx.conf
+ echo ' # Basic Settings' >> /etc/nginx/nginx.conf
+ echo ' ##' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' sendfile on;' >> /etc/nginx/nginx.conf
+ echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf
+ echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf
+ echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf
+ echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf
+ echo ' server_tokens off;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf
+ echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf
+ echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' ##' >> /etc/nginx/nginx.conf
+ echo ' # Logging Settings' >> /etc/nginx/nginx.conf
+ echo ' ##' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf
+ echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' ###' >> /etc/nginx/nginx.conf
+ echo ' # Gzip Settings' >> /etc/nginx/nginx.conf
+ echo ' ##' >> /etc/nginx/nginx.conf
+ echo ' gzip on;' >> /etc/nginx/nginx.conf
+ echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf
+ echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf
+ echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf
+ echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf
+ echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf
+ echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' ##' >> /etc/nginx/nginx.conf
+ echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf
+ echo ' ##' >> /etc/nginx/nginx.conf
+ echo '' >> /etc/nginx/nginx.conf
+ echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf
+ echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf
+ echo '}' >> /etc/nginx/nginx.conf
- # install a script to easily enable and disable nginx virtual hosts
- if [ ! -d $INSTALL_DIR ]; then
- mkdir $INSTALL_DIR
- fi
- cd $INSTALL_DIR
- git_clone $NGINX_ENSITE_REPO $INSTALL_DIR/nginx_ensite
- cd $INSTALL_DIR/nginx_ensite
- git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT
- if ! grep -q "Nginx-ensite commit" $COMPLETION_FILE; then
- echo "Nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/Nginx-ensite commit.*/Nginx-ensite commit:$NGINX_ENSITE_COMMIT/g" $COMPLETION_FILE
- fi
+ # install a script to easily enable and disable nginx virtual hosts
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir $INSTALL_DIR
+ fi
+ cd $INSTALL_DIR
+ git_clone $NGINX_ENSITE_REPO $INSTALL_DIR/nginx_ensite
+ cd $INSTALL_DIR/nginx_ensite
+ git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT
+ if ! grep -q "Nginx-ensite commit" $COMPLETION_FILE; then
+ echo "Nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/Nginx-ensite commit.*/Nginx-ensite commit:$NGINX_ENSITE_COMMIT/g" $COMPLETION_FILE
+ fi
- make install
- nginx_dissite default
- echo 'install_web_server' >> $COMPLETION_FILE
+ make install
+ nginx_dissite default
+ echo 'install_web_server' >> $COMPLETION_FILE
}
function install_web_server_access_control {
- if [ ! -f /etc/pam.d/nginx ]; then
- echo '#%PAM-1.0' > /etc/pam.d/nginx
- echo '@include common-auth' >> /etc/pam.d/nginx
- echo '@include common-account' >> /etc/pam.d/nginx
- echo '@include common-session' >> /etc/pam.d/nginx
- fi
+ if [ ! -f /etc/pam.d/nginx ]; then
+ echo '#%PAM-1.0' > /etc/pam.d/nginx
+ echo '@include common-auth' >> /etc/pam.d/nginx
+ echo '@include common-account' >> /etc/pam.d/nginx
+ echo '@include common-session' >> /etc/pam.d/nginx
+ fi
}
function configure_php {
- sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini
- sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
- sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini
- sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini
- sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini
+ sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini
+ sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
+ sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini
+ sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini
+ sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini
}
function install_mariadb {
- if grep -Fxq "install_mariadb" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install python-software-properties debconf-utils
- apt-get -y install software-properties-common
- apt-get -y update
+ if grep -Fxq "install_mariadb" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install python-software-properties debconf-utils
+ apt-get -y install software-properties-common
+ apt-get -y update
- get_mariadb_password
- if [ ! $MARIADB_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- MARIADB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- MARIADB_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
- fi
- echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
- chmod 600 $DATABASE_PASSWORD_FILE
+ get_mariadb_password
+ if [ ! $MARIADB_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ MARIADB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ MARIADB_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
+ fi
+ echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
+ chmod 600 $DATABASE_PASSWORD_FILE
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo 'MariaDB / MySql' >> /home/$MY_USERNAME/README
- echo '===============' >> /home/$MY_USERNAME/README
- echo $"Your MariaDB password is: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo 'MariaDB / MySql' >> /home/$MY_USERNAME/README
+ echo '===============' >> /home/$MY_USERNAME/README
+ echo $"Your MariaDB password is: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD"
- debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD"
- apt-get -y install mariadb-server
- apt-get -y remove --purge apache*
- if [ -d /etc/apache2 ]; then
- rm -rf /etc/apache2
- echo $'Removed Apache installation after MariaDB install'
- fi
+ debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD"
+ debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD"
+ apt-get -y install mariadb-server
+ apt-get -y remove --purge apache*
+ if [ -d /etc/apache2 ]; then
+ rm -rf /etc/apache2
+ echo $'Removed Apache installation after MariaDB install'
+ fi
- if [ ! -d /etc/mysql ]; then
- echo $"ERROR: mariadb-server does not appear to have installed. $CHECK_MESSAGE"
- exit 54
- fi
+ if [ ! -d /etc/mysql ]; then
+ echo $"ERROR: mariadb-server does not appear to have installed. $CHECK_MESSAGE"
+ exit 54
+ fi
- mysqladmin -u root password "$MARIADB_PASSWORD"
- echo 'install_mariadb' >> $COMPLETION_FILE
+ mysqladmin -u root password "$MARIADB_PASSWORD"
+ echo 'install_mariadb' >> $COMPLETION_FILE
}
function backup_databases_script_header {
- if [ ! -f /usr/bin/backupdatabases ]; then
- # daily
- echo '#!/bin/sh' > /usr/bin/backupdatabases
- echo '' >> /usr/bin/backupdatabases
- echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases
- echo '' >> /usr/bin/backupdatabases
- echo -n 'MYSQL_PASSWORD=$(cat ' >> /usr/bin/backupdatabases
- echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/backupdatabases
- echo 'umask 0077' >> /usr/bin/backupdatabases
- echo '' >> /usr/bin/backupdatabases
- echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases
- echo "if [ -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backupdatabases
- echo ' exit 1' >> /usr/bin/backupdatabases
- echo 'fi' >> /usr/bin/backupdatabases
- chmod 600 /usr/bin/backupdatabases
- chmod +x /usr/bin/backupdatabases
+ if [ ! -f /usr/bin/backupdatabases ]; then
+ # daily
+ echo '#!/bin/sh' > /usr/bin/backupdatabases
+ echo '' >> /usr/bin/backupdatabases
+ echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases
+ echo '' >> /usr/bin/backupdatabases
+ echo -n 'MYSQL_PASSWORD=$(cat ' >> /usr/bin/backupdatabases
+ echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/backupdatabases
+ echo 'umask 0077' >> /usr/bin/backupdatabases
+ echo '' >> /usr/bin/backupdatabases
+ echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases
+ echo "if [ -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backupdatabases
+ echo ' exit 1' >> /usr/bin/backupdatabases
+ echo 'fi' >> /usr/bin/backupdatabases
+ chmod 600 /usr/bin/backupdatabases
+ chmod +x /usr/bin/backupdatabases
- echo '#!/bin/sh' > /etc/cron.daily/backupdatabasesdaily
- echo '/usr/bin/backupdatabases' >> /etc/cron.daily/backupdatabasesdaily
- chmod 600 /etc/cron.daily/backupdatabasesdaily
- chmod +x /etc/cron.daily/backupdatabasesdaily
+ echo '#!/bin/sh' > /etc/cron.daily/backupdatabasesdaily
+ echo '/usr/bin/backupdatabases' >> /etc/cron.daily/backupdatabasesdaily
+ chmod 600 /etc/cron.daily/backupdatabasesdaily
+ chmod +x /etc/cron.daily/backupdatabasesdaily
- # weekly
- echo '#!/bin/sh' > /etc/cron.weekly/backupdatabasesweekly
- echo '' >> /etc/cron.weekly/backupdatabasesweekly
- echo 'umask 0077' >> /etc/cron.weekly/backupdatabasesweekly
+ # weekly
+ echo '#!/bin/sh' > /etc/cron.weekly/backupdatabasesweekly
+ echo '' >> /etc/cron.weekly/backupdatabasesweekly
+ echo 'umask 0077' >> /etc/cron.weekly/backupdatabasesweekly
- chmod 600 /etc/cron.weekly/backupdatabasesweekly
- chmod +x /etc/cron.weekly/backupdatabasesweekly
+ chmod 600 /etc/cron.weekly/backupdatabasesweekly
+ chmod +x /etc/cron.weekly/backupdatabasesweekly
- # monthly
- echo '#!/bin/sh' > /etc/cron.monthly/backupdatabasesmonthly
- echo '' >> /etc/cron.monthly/backupdatabasesmonthly
- echo 'umask 0077' >> /etc/cron.monthly/backupdatabasesmonthly
+ # monthly
+ echo '#!/bin/sh' > /etc/cron.monthly/backupdatabasesmonthly
+ echo '' >> /etc/cron.monthly/backupdatabasesmonthly
+ echo 'umask 0077' >> /etc/cron.monthly/backupdatabasesmonthly
- chmod 600 /etc/cron.monthly/backupdatabasesmonthly
- chmod +x /etc/cron.monthly/backupdatabasesmonthly
- fi
+ chmod 600 /etc/cron.monthly/backupdatabasesmonthly
+ chmod +x /etc/cron.monthly/backupdatabasesmonthly
+ fi
}
function repair_databases_script {
- if [ -f /etc/cron.hourly/repair ]; then
- sed -i "s|/usr/bin/repairdatabase|${PROJECT_NAME}-repair-database|g" /etc/cron.hourly/repair
- fi
+ if [ -f /etc/cron.hourly/repair ]; then
+ sed -i "s|/usr/bin/repairdatabase|${PROJECT_NAME}-repair-database|g" /etc/cron.hourly/repair
+ fi
- if grep -Fxq "repair_databases_script" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "repair_databases_script" $COMPLETION_FILE; then
+ return
+ fi
- if [ ! -f $DATABASE_PASSWORD_FILE ]; then
- return
- fi
+ if [ ! -f $DATABASE_PASSWORD_FILE ]; then
+ return
+ fi
- echo '#!/bin/bash' > /etc/cron.hourly/repair
- echo '' >> /etc/cron.hourly/repair
- chmod 600 /etc/cron.hourly/repair
- chmod +x /etc/cron.hourly/repair
+ echo '#!/bin/bash' > /etc/cron.hourly/repair
+ echo '' >> /etc/cron.hourly/repair
+ chmod 600 /etc/cron.hourly/repair
+ chmod +x /etc/cron.hourly/repair
- echo 'repair_databases_script' >> $COMPLETION_FILE
+ echo 'repair_databases_script' >> $COMPLETION_FILE
}
function add_ddns_domain {
- if [ ! $1 ]; then
- echo $'ddns domain not specified'
- exit 5638
- fi
- CURRENT_DDNS_DOMAIN="$1"
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- if [ ! -f /etc/inadyn.conf ]; then
- echo $'Unable to find inadyn configuration file /etc/inadyn.conf'
- exit 5745
- fi
- if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then
- echo '' >> /etc/inadyn.conf
- echo "system $DDNS_PROVIDER" >> /etc/inadyn.conf
- echo ' ssl' >> /etc/inadyn.conf
- echo " checkip-url $GET_IP_ADDRESS_URL /" >> /etc/inadyn.conf
- if [ $DDNS_USERNAME ]; then
- echo " username $DDNS_USERNAME" >> /etc/inadyn.conf
- fi
- if [ $DDNS_PASSWORD ]; then
- echo " password $DDNS_PASSWORD" >> /etc/inadyn.conf
- fi
- fi
+ if [ ! $1 ]; then
+ echo $'ddns domain not specified'
+ exit 5638
+ fi
+ CURRENT_DDNS_DOMAIN="$1"
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ if [ ! -f /etc/inadyn.conf ]; then
+ echo $'Unable to find inadyn configuration file /etc/inadyn.conf'
+ exit 5745
+ fi
+ if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then
+ echo '' >> /etc/inadyn.conf
+ echo "system $DDNS_PROVIDER" >> /etc/inadyn.conf
+ echo ' ssl' >> /etc/inadyn.conf
+ echo " checkip-url $GET_IP_ADDRESS_URL /" >> /etc/inadyn.conf
+ if [ $DDNS_USERNAME ]; then
+ echo " username $DDNS_USERNAME" >> /etc/inadyn.conf
+ fi
+ if [ $DDNS_PASSWORD ]; then
+ echo " password $DDNS_PASSWORD" >> /etc/inadyn.conf
+ fi
+ fi
- if ! grep -q "$CURRENT_DDNS_DOMAIN" /etc/inadyn.conf; then
- echo " alias $CURRENT_DDNS_DOMAIN" >> /etc/inadyn.conf
- fi
- chmod 600 /etc/inadyn.conf
- systemctl restart inadyn
- systemctl daemon-reload
+ if ! grep -q "$CURRENT_DDNS_DOMAIN" /etc/inadyn.conf; then
+ echo " alias $CURRENT_DDNS_DOMAIN" >> /etc/inadyn.conf
+ fi
+ chmod 600 /etc/inadyn.conf
+ systemctl restart inadyn
+ systemctl daemon-reload
}
function install_syncthing {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "install_syncthing" $COMPLETION_FILE; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "install_syncthing" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install curl
+ apt-get -y install curl
- curl -s https://syncthing.net/release-key.txt | apt-key add -
- echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list
- apt-get update
- apt-get -y install syncthing
+ curl -s https://syncthing.net/release-key.txt | apt-key add -
+ echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list
+ apt-get update
+ apt-get -y install syncthing
- # This probably does need to run as root so that it can access the Sync directories
- # in each user's home directory
- echo '[Unit]' > /etc/systemd/system/syncthing.service
- echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
- echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
- echo 'After=network.target' >> /etc/systemd/system/syncthing.service
- echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
- echo '' >> /etc/systemd/system/syncthing.service
- echo '[Service]' >> /etc/systemd/system/syncthing.service
- echo 'User=root' >> /etc/systemd/system/syncthing.service
- echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
- echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
- echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
- echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
- echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
- echo '' >> /etc/systemd/system/syncthing.service
- echo '[Install]' >> /etc/systemd/system/syncthing.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
- systemctl enable syncthing
- systemctl daemon-reload
- systemctl start syncthing
+ # This probably does need to run as root so that it can access the Sync directories
+ # in each user's home directory
+ echo '[Unit]' > /etc/systemd/system/syncthing.service
+ echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
+ echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
+ echo 'After=network.target' >> /etc/systemd/system/syncthing.service
+ echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
+ echo '' >> /etc/systemd/system/syncthing.service
+ echo '[Service]' >> /etc/systemd/system/syncthing.service
+ echo 'User=root' >> /etc/systemd/system/syncthing.service
+ echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
+ echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
+ echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
+ echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
+ echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
+ echo '' >> /etc/systemd/system/syncthing.service
+ echo '[Install]' >> /etc/systemd/system/syncthing.service
+ echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
+ systemctl enable syncthing
+ systemctl daemon-reload
+ systemctl start syncthing
- if ! grep -q "syncthing" /etc/crontab; then
- echo "*/1 * * * * root /usr/local/bin/freedombone-syncthing > /dev/null" >> /etc/crontab
- systemctl restart cron
- fi
+ if ! grep -q "syncthing" /etc/crontab; then
+ echo "*/1 * * * * root /usr/local/bin/freedombone-syncthing > /dev/null" >> /etc/crontab
+ systemctl restart cron
+ fi
- echo 'install_syncthing' >> $COMPLETION_FILE
+ echo 'install_syncthing' >> $COMPLETION_FILE
}
function upgrade_golang {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- # NOTE: this is annoyingly hacky and going in the opposite
- # direction of a pure blend, but it's necessary if you want
- # to run the latest version of gogs
+ # NOTE: this is annoyingly hacky and going in the opposite
+ # direction of a pure blend, but it's necessary if you want
+ # to run the latest version of gogs
- # update to the next commit
- set_repo_commit $INSTALL_DIR/gvm "gvm commit" "$GVM_COMMIT" $GVM_REPO
+ # update to the next commit
+ set_repo_commit $INSTALL_DIR/gvm "gvm commit" "$GVM_COMMIT" $GVM_REPO
- if grep -Fxq "upgrade_golang" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "upgrade_golang" $COMPLETION_FILE; then
+ return
+ fi
- export GVM_ROOT=$GVM_HOME
+ export GVM_ROOT=$GVM_HOME
- apt-get -y install curl git mercurial make binutils bison gcc build-essential
- if [ ! -d $INSTALL_DIR ]; then
- mkdir $INSTALL_DIR
- fi
- cd $INSTALL_DIR
- git_clone $GVM_REPO gvm
- cd $INSTALL_DIR/gvm
- git checkout $GVM_COMMIT -b $GVM_COMMIT
- if [ ! -f binscripts/gvm-installer ]; then
- echo $'gvm installer not found'
- fi
- chmod +x binscripts/gvm-installer
+ apt-get -y install curl git mercurial make binutils bison gcc build-essential
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir $INSTALL_DIR
+ fi
+ cd $INSTALL_DIR
+ git_clone $GVM_REPO gvm
+ cd $INSTALL_DIR/gvm
+ git checkout $GVM_COMMIT -b $GVM_COMMIT
+ if [ ! -f binscripts/gvm-installer ]; then
+ echo $'gvm installer not found'
+ fi
+ chmod +x binscripts/gvm-installer
- if [ -d /root/.gvm ]; then
- rm -rf /root/.gvm
- fi
- if [ -d $GVM_ROOT ]; then
- rm -rf $GVM_ROOT
- fi
- sed -i "s|export GVM_ROOT=.*|export GVM_ROOT=$GVM_ROOT|g" ~/.bashrc
+ if [ -d /root/.gvm ]; then
+ rm -rf /root/.gvm
+ fi
+ if [ -d $GVM_ROOT ]; then
+ rm -rf $GVM_ROOT
+ fi
+ sed -i "s|export GVM_ROOT=.*|export GVM_ROOT=$GVM_ROOT|g" ~/.bashrc
- if [ ! -d /home/git ]; then
- # add a gogs user account within which the gvm home directory will exist
- adduser --disabled-login --gecos 'Gogs' git
- fi
- if [ -d /home/git/Maildir ]; then
- rm -rf /home/git/Maildir
- fi
+ if [ ! -d /home/git ]; then
+ # add a gogs user account within which the gvm home directory will exist
+ adduser --disabled-login --gecos 'Gogs' git
+ fi
+ if [ -d /home/git/Maildir ]; then
+ rm -rf /home/git/Maildir
+ fi
- # TODO: this script is all over the place
- # and contains hardcoded github. See if you can do better
- ./binscripts/gvm-installer master /home/git
+ # TODO: this script is all over the place
+ # and contains hardcoded github. See if you can do better
+ ./binscripts/gvm-installer master /home/git
- if [ ! -d $GVM_ROOT ]; then
- echo $'Unable to install gvm'
- exit 83537
- fi
+ if [ ! -d $GVM_ROOT ]; then
+ echo $'Unable to install gvm'
+ exit 83537
+ fi
- [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm"
- if [ ! -f $GVM_ROOT/bin/gvm ]; then
- echo $'gvm was not installed'
- fi
- if ! grep -q "export GVM_ROOT=" ~/.bashrc; then
- echo "export GVM_ROOT=$GVM_ROOT" >> ~/.bashrc
- fi
+ [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm"
+ if [ ! -f $GVM_ROOT/bin/gvm ]; then
+ echo $'gvm was not installed'
+ fi
+ if ! grep -q "export GVM_ROOT=" ~/.bashrc; then
+ echo "export GVM_ROOT=$GVM_ROOT" >> ~/.bashrc
+ fi
- cd $GVM_ROOT/bin
- gvm install go1.4
- gvm use go1.4
- export GOROOT_BOOTSTRAP=$GOROOT
- gvm install go${GO_VERSION}
- if [ ! "$?" = "0" ]; then
- echo $'Unable to upgrade golang'
- exit 529252
- fi
- gvm use go${GO_VERSION} --default
+ cd $GVM_ROOT/bin
+ gvm install go1.4
+ gvm use go1.4
+ export GOROOT_BOOTSTRAP=$GOROOT
+ gvm install go${GO_VERSION}
+ if [ ! "$?" = "0" ]; then
+ echo $'Unable to upgrade golang'
+ exit 529252
+ fi
+ gvm use go${GO_VERSION} --default
- chown -R git:git $GVM_HOME
+ chown -R git:git $GVM_HOME
- if ! grep -q "gvm commit" $COMPLETION_FILE; then
- echo "gvm commit:$GVM_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/gvm commit.*/gvm commit:$GVM_COMMIT/g" $COMPLETION_FILE
- fi
+ if ! grep -q "gvm commit" $COMPLETION_FILE; then
+ echo "gvm commit:$GVM_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/gvm commit.*/gvm commit:$GVM_COMMIT/g" $COMPLETION_FILE
+ fi
- echo 'upgrade_golang' >> $COMPLETION_FILE
+ echo 'upgrade_golang' >> $COMPLETION_FILE
}
function install_gogs {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! $GIT_DOMAIN_NAME ]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! $GIT_DOMAIN_NAME ]; then
+ return
+ fi
- select_go_version
+ select_go_version
- # update to the next commit
- set_repo_commit $GOPATH/src/github.com/gogits/gogs "Gogs commit" "$GOGS_COMMIT" $GIT_DOMAIN_REPO
+ # update to the next commit
+ set_repo_commit $GOPATH/src/github.com/gogits/gogs "Gogs commit" "$GOGS_COMMIT" $GIT_DOMAIN_REPO
- if grep -Fxq "install_gogs" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_gogs" $COMPLETION_FILE; then
+ return
+ fi
- # http://gogs.io/docs/installation/install_from_source.md
+ # http://gogs.io/docs/installation/install_from_source.md
- if [ -d $GOPATH/src/github.com/gogits ]; then
- rm -rf $GOPATH/src/github.com/gogits
- fi
+ if [ -d $GOPATH/src/github.com/gogits ]; then
+ rm -rf $GOPATH/src/github.com/gogits
+ fi
- if [ -d /home/git/gogs-repositories ]; then
- rm -rf /home/git/gogs-repositories
- fi
+ if [ -d /home/git/gogs-repositories ]; then
+ rm -rf /home/git/gogs-repositories
+ fi
- if [ ! -d /home/git ]; then
- # add a gogs user account
- adduser --disabled-login --gecos 'Gogs' git
- fi
- if [ -d /home/git/Maildir ]; then
- rm -rf /home/git/Maildir
- fi
+ if [ ! -d /home/git ]; then
+ # add a gogs user account
+ adduser --disabled-login --gecos 'Gogs' git
+ fi
+ if [ -d /home/git/Maildir ]; then
+ rm -rf /home/git/Maildir
+ fi
- if [ -d $GOPATH/src/github.com/gogits ]; then
- rm -rf $GOPATH/src/github.com/gogits
- fi
+ if [ -d $GOPATH/src/github.com/gogits ]; then
+ rm -rf $GOPATH/src/github.com/gogits
+ fi
- # install Go
- apt-get -y install golang libpam0g-dev
- if ! grep -q "export GOPATH=" ~/.bashrc; then
- echo "export GOPATH=$GOPATH" >> ~/.bashrc
- else
- sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
- fi
- systemctl set-environment GOPATH=$GOPATH
- if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
- echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
- else
- sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
- fi
- if [ ! -d $GOPATH ]; then
- mkdir -p $GOPATH
- fi
- GO_PACKAGE_MANAGER_REPO2=$(echo "$GO_PACKAGE_MANAGER_REPO" | sed 's|https://||g')
- go get -u $GO_PACKAGE_MANAGER_REPO2
- if [ ! "$?" = "0" ]; then
- echo $'install_gogs: go get failed'
- exit 479832
- fi
+ # install Go
+ apt-get -y install golang libpam0g-dev
+ if ! grep -q "export GOPATH=" ~/.bashrc; then
+ echo "export GOPATH=$GOPATH" >> ~/.bashrc
+ else
+ sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
+ fi
+ systemctl set-environment GOPATH=$GOPATH
+ if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
+ echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
+ else
+ sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
+ fi
+ if [ ! -d $GOPATH ]; then
+ mkdir -p $GOPATH
+ fi
+ GO_PACKAGE_MANAGER_REPO2=$(echo "$GO_PACKAGE_MANAGER_REPO" | sed 's|https://||g')
+ go get -u $GO_PACKAGE_MANAGER_REPO2
+ if [ ! "$?" = "0" ]; then
+ echo $'install_gogs: go get failed'
+ exit 479832
+ fi
- # clone the repo
- if [ ! -d $GOPATH/src/github.com/gogits ]; then
- mkdir -p $GOPATH/src/github.com/gogits
- fi
- git_clone $GIT_DOMAIN_REPO $GOPATH/src/github.com/gogits/gogs
- if [ ! -d $GOPATH/src/github.com/gogits/gogs ]; then
- echo $"Unable to clone repo $GOPATH/src/github.com/gogits/gogs"
- exit 85482
- fi
- cd $GOPATH/src/github.com/gogits/gogs
+ # clone the repo
+ if [ ! -d $GOPATH/src/github.com/gogits ]; then
+ mkdir -p $GOPATH/src/github.com/gogits
+ fi
+ git_clone $GIT_DOMAIN_REPO $GOPATH/src/github.com/gogits/gogs
+ if [ ! -d $GOPATH/src/github.com/gogits/gogs ]; then
+ echo $"Unable to clone repo $GOPATH/src/github.com/gogits/gogs"
+ exit 85482
+ fi
+ cd $GOPATH/src/github.com/gogits/gogs
- # install
- go get -u ./...
+ # install
+ go get -u ./...
- git checkout $GOGS_COMMIT -b $GOGS_COMMIT
- if ! grep -q "Gogs commit" $COMPLETION_FILE; then
- echo "Gogs commit:$GOGS_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/Gogs commit.*/Gogs commit:$GOGS_COMMIT/g" $COMPLETION_FILE
- fi
+ git checkout $GOGS_COMMIT -b $GOGS_COMMIT
+ if ! grep -q "Gogs commit" $COMPLETION_FILE; then
+ echo "Gogs commit:$GOGS_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/Gogs commit.*/Gogs commit:$GOGS_COMMIT/g" $COMPLETION_FILE
+ fi
- go build
- if [ ! "$?" = "0" ]; then
- echo $'install_gogs: go build failed'
- exit 546750
- fi
+ go build
+ if [ ! "$?" = "0" ]; then
+ echo $'install_gogs: go build failed'
+ exit 546750
+ fi
- install_mariadb
- get_mariadb_password
+ install_mariadb
+ get_mariadb_password
- get_mariadb_git_admin_password
- if [ ! $GIT_ADMIN_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- GIT_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
- fi
- fi
+ get_mariadb_git_admin_password
+ if [ ! $GIT_ADMIN_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ GIT_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
+ fi
+ fi
- if ! grep -q $"Gogs admin user password" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo 'Gogs' >> /home/$MY_USERNAME/README
- echo '====' >> /home/$MY_USERNAME/README
- echo $'Install Steps For First-time Run:' >> /home/$MY_USERNAME/README
- echo $'Leave email service settings empty' >> /home/$MY_USERNAME/README
- echo $'Check "Enable Register Confirmation"' >> /home/$MY_USERNAME/README
- echo $'Check "Enable Mail Notification"' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'If you want to disable new account registrations then append the following:' >> /home/$MY_USERNAME/README
- echo ' [service]' >> /home/$MY_USERNAME/README
- echo ' DISABLE_REGISTRATION = true' >> /home/$MY_USERNAME/README
- echo $'Then restart with:' >> /home/$MY_USERNAME/README
- echo ' systemctl restart gogs' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $"Note that there's a usability/security trade-off made here." >> /home/$MY_USERNAME/README
- echo $"In order to allow git clone via http we don't redirect everything" >> /home/$MY_USERNAME/README
- echo $'over https. Instead only critical things such as user login,' >> /home/$MY_USERNAME/README
- echo $'settings and admin are encrypted.' >> /home/$MY_USERNAME/README
- echo $'There are also potential security issues with cloning/pulling/pushing' >> /home/$MY_USERNAME/README
- echo $'code over http, since a determined adversary could inject malware' >> /home/$MY_USERNAME/README
- echo $'into the stream as it passes, so beware.' >> /home/$MY_USERNAME/README
- echo $'If you have a bought domain and a non-self signed cert then you' >> /home/$MY_USERNAME/README
- echo $"should change /etc/nginx/sites-available/$GIT_DOMAIN_NAME to redirect everything over https." >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if ! grep -q $"Gogs admin user password" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo 'Gogs' >> /home/$MY_USERNAME/README
+ echo '====' >> /home/$MY_USERNAME/README
+ echo $'Install Steps For First-time Run:' >> /home/$MY_USERNAME/README
+ echo $'Leave email service settings empty' >> /home/$MY_USERNAME/README
+ echo $'Check "Enable Register Confirmation"' >> /home/$MY_USERNAME/README
+ echo $'Check "Enable Mail Notification"' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'If you want to disable new account registrations then append the following:' >> /home/$MY_USERNAME/README
+ echo ' [service]' >> /home/$MY_USERNAME/README
+ echo ' DISABLE_REGISTRATION = true' >> /home/$MY_USERNAME/README
+ echo $'Then restart with:' >> /home/$MY_USERNAME/README
+ echo ' systemctl restart gogs' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $"Note that there's a usability/security trade-off made here." >> /home/$MY_USERNAME/README
+ echo $"In order to allow git clone via http we don't redirect everything" >> /home/$MY_USERNAME/README
+ echo $'over https. Instead only critical things such as user login,' >> /home/$MY_USERNAME/README
+ echo $'settings and admin are encrypted.' >> /home/$MY_USERNAME/README
+ echo $'There are also potential security issues with cloning/pulling/pushing' >> /home/$MY_USERNAME/README
+ echo $'code over http, since a determined adversary could inject malware' >> /home/$MY_USERNAME/README
+ echo $'into the stream as it passes, so beware.' >> /home/$MY_USERNAME/README
+ echo $'If you have a bought domain and a non-self signed cert then you' >> /home/$MY_USERNAME/README
+ echo $"should change /etc/nginx/sites-available/$GIT_DOMAIN_NAME to redirect everything over https." >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- create_database gogs "$GOGS_ADMIN_PASSWORD"
- if [ ! -f $GOPATH/src/github.com/gogits/gogs/scripts/mysql.sql ]; then
- echo $'MySql template for Gogs was not found'
- exit 72528
- fi
- mysql -u root --password="$MARIADB_PASSWORD" -D gogs < $GOPATH/src/github.com/gogits/gogs/scripts/mysql.sql
+ create_database gogs "$GOGS_ADMIN_PASSWORD"
+ if [ ! -f $GOPATH/src/github.com/gogits/gogs/scripts/mysql.sql ]; then
+ echo $'MySql template for Gogs was not found'
+ exit 72528
+ fi
+ mysql -u root --password="$MARIADB_PASSWORD" -D gogs < $GOPATH/src/github.com/gogits/gogs/scripts/mysql.sql
- chmod 600 $GOPATH/src/github.com/gogits/gogs/custom/conf/app.ini
+ chmod 600 $GOPATH/src/github.com/gogits/gogs/custom/conf/app.ini
- chown -R git:git /home/git
- cp $GOPATH/src/github.com/gogits/gogs/scripts/systemd/gogs.service /etc/systemd/system
- sed -i 's|#After=mysqld.service|After=mysqld.service|g' /etc/systemd/system/gogs.service
- sed -i "s|WorkingDirectory=.*|WorkingDirectory=$GOPATH/src/github.com/gogits/gogs|g" /etc/systemd/system/gogs.service
- sed -i "s|ExecStart=.*|ExecStart=$GOPATH/src/github.com/gogits/gogs/gogs web|g" /etc/systemd/system/gogs.service
- sed -i "s|Environment.*|Environment=\"USER=git\" \"HOME=/home/git\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"|g" /etc/systemd/system/gogs.service
- systemctl enable gogs
- systemctl daemon-reload
- systemctl restart gogs
+ chown -R git:git /home/git
+ cp $GOPATH/src/github.com/gogits/gogs/scripts/systemd/gogs.service /etc/systemd/system
+ sed -i 's|#After=mysqld.service|After=mysqld.service|g' /etc/systemd/system/gogs.service
+ sed -i "s|WorkingDirectory=.*|WorkingDirectory=$GOPATH/src/github.com/gogits/gogs|g" /etc/systemd/system/gogs.service
+ sed -i "s|ExecStart=.*|ExecStart=$GOPATH/src/github.com/gogits/gogs/gogs web|g" /etc/systemd/system/gogs.service
+ sed -i "s|Environment.*|Environment=\"USER=git\" \"HOME=/home/git\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"|g" /etc/systemd/system/gogs.service
+ systemctl enable gogs
+ systemctl daemon-reload
+ systemctl restart gogs
- if [ ! -d /var/www/$GIT_DOMAIN_NAME ]; then
- mkdir /var/www/$GIT_DOMAIN_NAME
- fi
- if [ -d /var/www/$GIT_DOMAIN_NAME/htdocs ]; then
- rm -rf /var/www/$GIT_DOMAIN_NAME/htdocs
- fi
+ if [ ! -d /var/www/$GIT_DOMAIN_NAME ]; then
+ mkdir /var/www/$GIT_DOMAIN_NAME
+ fi
+ if [ -d /var/www/$GIT_DOMAIN_NAME/htdocs ]; then
+ rm -rf /var/www/$GIT_DOMAIN_NAME/htdocs
+ fi
- if [[ $ONION_ONLY == "no" ]]; then
- echo 'server {' > /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' listen 80;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- nginx_disable_sniffing $GIT_DOMAIN_NAME
- nginx_limits $GIT_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' location ^~ /user/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' location ^~ /admin/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- nginx_limits $GIT_DOMAIN_NAME '10G'
- nginx_ssl $GIT_DOMAIN_NAME
- nginx_disable_sniffing $GIT_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' log_not_found off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- else
- echo -n '' > /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- fi
- echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo " listen 127.0.0.1:${GIT_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- nginx_limits $GIT_DOMAIN_NAME '10G'
- nginx_disable_sniffing $GIT_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' log_not_found off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ if [[ $ONION_ONLY == "no" ]]; then
+ echo 'server {' > /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' listen 80;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ nginx_disable_sniffing $GIT_DOMAIN_NAME
+ nginx_limits $GIT_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' location ^~ /user/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' location ^~ /admin/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ nginx_limits $GIT_DOMAIN_NAME '10G'
+ nginx_ssl $GIT_DOMAIN_NAME
+ nginx_disable_sniffing $GIT_DOMAIN_NAME
+ echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' log_not_found off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ else
+ echo -n '' > /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ fi
+ echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo " listen 127.0.0.1:${GIT_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ nginx_limits $GIT_DOMAIN_NAME '10G'
+ nginx_disable_sniffing $GIT_DOMAIN_NAME
+ echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' log_not_found off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
- configure_php
+ configure_php
- create_site_certificate $GIT_DOMAIN_NAME
+ create_site_certificate $GIT_DOMAIN_NAME
- nginx_ensite $GIT_DOMAIN_NAME
+ nginx_ensite $GIT_DOMAIN_NAME
- if [ ! -d /var/lib/tor ]; then
- echo $'No Tor installation found. Gogs onion site cannot be configured.'
- exit 877367
- fi
- if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
- echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/' >> /etc/tor/torrc
- echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}" >> /etc/tor/torrc
- echo "HiddenServicePort 9418 127.0.0.1:9418" >> /etc/tor/torrc
- echo $'Added onion site for Gogs'
- fi
+ if [ ! -d /var/lib/tor ]; then
+ echo $'No Tor installation found. Gogs onion site cannot be configured.'
+ exit 877367
+ fi
+ if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
+ echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/' >> /etc/tor/torrc
+ echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}" >> /etc/tor/torrc
+ echo "HiddenServicePort 9418 127.0.0.1:9418" >> /etc/tor/torrc
+ echo $'Added onion site for Gogs'
+ fi
- systemctl restart tor
- wait_for_onion_service 'gogs'
+ systemctl restart tor
+ wait_for_onion_service 'gogs'
- GIT_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_gogs/hostname)
+ GIT_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_gogs/hostname)
- systemctl restart php5-fpm
- systemctl restart nginx
+ systemctl restart php5-fpm
+ systemctl restart nginx
- if ! grep -q "Gogs onion domain" /home/$MY_USERNAME/README; then
- echo "Gogs onion domain: ${GIT_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
- if ! grep -q "Gogs onion domain" $COMPLETION_FILE; then
- echo "Gogs onion domain:${GIT_ONION_HOSTNAME}" >> $COMPLETION_FILE
- fi
+ if ! grep -q "Gogs onion domain" /home/$MY_USERNAME/README; then
+ echo "Gogs onion domain: ${GIT_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
+ if ! grep -q "Gogs onion domain" $COMPLETION_FILE; then
+ echo "Gogs onion domain:${GIT_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ fi
- add_ddns_domain $GIT_DOMAIN_NAME
+ add_ddns_domain $GIT_DOMAIN_NAME
- # obtain the secret key
- GOGS_SECRET_KEY=
- if grep -q "Gogs secret key:" /home/$MY_USERNAME/README; then
- GOGS_SECRET_KEY=$(cat /home/$MY_USERNAME/README | grep "Gogs secret key:" | awk -F ':' '{print $2}' | sed 's/^ *//')
- else
- GOGS_SECRET_KEY="$(openssl rand -base64 20 | cut -c1-18)"
- echo "Gogs secret key:$GOGS_SECRET_KEY" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- fi
+ # obtain the secret key
+ GOGS_SECRET_KEY=
+ if grep -q "Gogs secret key:" /home/$MY_USERNAME/README; then
+ GOGS_SECRET_KEY=$(cat /home/$MY_USERNAME/README | grep "Gogs secret key:" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ else
+ GOGS_SECRET_KEY="$(openssl rand -base64 20 | cut -c1-18)"
+ echo "Gogs secret key:$GOGS_SECRET_KEY" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ fi
- # create the configuration
- if [ ! -d /home/git/go/src/github.com/gogits/gogs/custom/conf ]; then
- mkdir -p /home/git/go/src/github.com/gogits/gogs/custom/conf
- fi
- GOGS_CONFIG_FILE=/home/git/go/src/github.com/gogits/gogs/custom/conf/app.ini
- echo 'RUN_USER = git' > $GOGS_CONFIG_FILE
- echo 'RUN_MODE = prod' >> $GOGS_CONFIG_FILE
- echo '' >> $GOGS_CONFIG_FILE
- echo '[database]' >> $GOGS_CONFIG_FILE
- echo 'DB_TYPE = mysql' >> $GOGS_CONFIG_FILE
- echo 'HOST = 127.0.0.1:3306' >> $GOGS_CONFIG_FILE
- echo 'NAME = gogs' >> $GOGS_CONFIG_FILE
- echo 'USER = root' >> $GOGS_CONFIG_FILE
- echo "PASSWD = $MARIADB_PASSWORD" >> $GOGS_CONFIG_FILE
- echo 'SSL_MODE = disable' >> $GOGS_CONFIG_FILE
- echo 'PATH = data/gogs.db' >> $GOGS_CONFIG_FILE
- echo '' >> $GOGS_CONFIG_FILE
- echo '[repository]' >> $GOGS_CONFIG_FILE
- echo 'ROOT = /home/git/gogs-repositories' >> $GOGS_CONFIG_FILE
- echo '' >> $GOGS_CONFIG_FILE
- echo '[server]' >> $GOGS_CONFIG_FILE
- echo 'DOMAIN = coder.uk.to' >> $GOGS_CONFIG_FILE
- echo 'HTTP_PORT = 3000' >> $GOGS_CONFIG_FILE
- echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> $GOGS_CONFIG_FILE
- echo "SSH_PORT = $SSH_PORT" >> $GOGS_CONFIG_FILE
- echo '' >> $GOGS_CONFIG_FILE
- echo '[session]' >> $GOGS_CONFIG_FILE
- echo 'PROVIDER = file' >> $GOGS_CONFIG_FILE
- echo '' >> $GOGS_CONFIG_FILE
- echo '[log]' >> $GOGS_CONFIG_FILE
- echo 'MODE = file' >> $GOGS_CONFIG_FILE
- echo 'LEVEL = Info' >> $GOGS_CONFIG_FILE
- echo '' >> $GOGS_CONFIG_FILE
- echo '[security]' >> $GOGS_CONFIG_FILE
- echo 'INSTALL_LOCK = true' >> $GOGS_CONFIG_FILE
- echo "SECRET_KEY = $GOGS_SECRET_KEY" >> $GOGS_CONFIG_FILE
- echo '' >> $GOGS_CONFIG_FILE
- echo '[service]' >> $GOGS_CONFIG_FILE
- echo 'DISABLE_REGISTRATION = false' >> $GOGS_CONFIG_FILE
+ # create the configuration
+ if [ ! -d /home/git/go/src/github.com/gogits/gogs/custom/conf ]; then
+ mkdir -p /home/git/go/src/github.com/gogits/gogs/custom/conf
+ fi
+ GOGS_CONFIG_FILE=/home/git/go/src/github.com/gogits/gogs/custom/conf/app.ini
+ echo 'RUN_USER = git' > $GOGS_CONFIG_FILE
+ echo 'RUN_MODE = prod' >> $GOGS_CONFIG_FILE
+ echo '' >> $GOGS_CONFIG_FILE
+ echo '[database]' >> $GOGS_CONFIG_FILE
+ echo 'DB_TYPE = mysql' >> $GOGS_CONFIG_FILE
+ echo 'HOST = 127.0.0.1:3306' >> $GOGS_CONFIG_FILE
+ echo 'NAME = gogs' >> $GOGS_CONFIG_FILE
+ echo 'USER = root' >> $GOGS_CONFIG_FILE
+ echo "PASSWD = $MARIADB_PASSWORD" >> $GOGS_CONFIG_FILE
+ echo 'SSL_MODE = disable' >> $GOGS_CONFIG_FILE
+ echo 'PATH = data/gogs.db' >> $GOGS_CONFIG_FILE
+ echo '' >> $GOGS_CONFIG_FILE
+ echo '[repository]' >> $GOGS_CONFIG_FILE
+ echo 'ROOT = /home/git/gogs-repositories' >> $GOGS_CONFIG_FILE
+ echo '' >> $GOGS_CONFIG_FILE
+ echo '[server]' >> $GOGS_CONFIG_FILE
+ echo 'DOMAIN = coder.uk.to' >> $GOGS_CONFIG_FILE
+ echo 'HTTP_PORT = 3000' >> $GOGS_CONFIG_FILE
+ echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> $GOGS_CONFIG_FILE
+ echo "SSH_PORT = $SSH_PORT" >> $GOGS_CONFIG_FILE
+ echo '' >> $GOGS_CONFIG_FILE
+ echo '[session]' >> $GOGS_CONFIG_FILE
+ echo 'PROVIDER = file' >> $GOGS_CONFIG_FILE
+ echo '' >> $GOGS_CONFIG_FILE
+ echo '[log]' >> $GOGS_CONFIG_FILE
+ echo 'MODE = file' >> $GOGS_CONFIG_FILE
+ echo 'LEVEL = Info' >> $GOGS_CONFIG_FILE
+ echo '' >> $GOGS_CONFIG_FILE
+ echo '[security]' >> $GOGS_CONFIG_FILE
+ echo 'INSTALL_LOCK = true' >> $GOGS_CONFIG_FILE
+ echo "SECRET_KEY = $GOGS_SECRET_KEY" >> $GOGS_CONFIG_FILE
+ echo '' >> $GOGS_CONFIG_FILE
+ echo '[service]' >> $GOGS_CONFIG_FILE
+ echo 'DISABLE_REGISTRATION = false' >> $GOGS_CONFIG_FILE
- #cp -r /home/git/go/src/github.com/gogits/gogs/custom /home/git/gvm/pkgsets/go${GO_VERSION}/global/src/github.com/gogits/gogs
- chmod 750 $GOGS_CONFIG_FILE
- chown -R git:git /home/git
+ #cp -r /home/git/go/src/github.com/gogits/gogs/custom /home/git/gvm/pkgsets/go${GO_VERSION}/global/src/github.com/gogits/gogs
+ chmod 750 $GOGS_CONFIG_FILE
+ chown -R git:git /home/git
- systemctl restart gogs
+ systemctl restart gogs
- if ! grep -q "Gogs domain:" $COMPLETION_FILE; then
- echo "Gogs domain:$GIT_DOMAIN_NAME" >> $COMPLETION_FILE
- fi
- echo 'install_gogs' >> $COMPLETION_FILE
+ if ! grep -q "Gogs domain:" $COMPLETION_FILE; then
+ echo "Gogs domain:$GIT_DOMAIN_NAME" >> $COMPLETION_FILE
+ fi
+ echo 'install_gogs' >> $COMPLETION_FILE
}
function tox_avahi {
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "tox_avahi" $COMPLETION_FILE; then
- return
- fi
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "tox_avahi" $COMPLETION_FILE; then
+ return
+ fi
- if [ ! -d /etc/avahi ]; then
- echo $'tox_avahi: avahi is not installed'
- exit 87359
- fi
+ if [ ! -d /etc/avahi ]; then
+ echo $'tox_avahi: avahi is not installed'
+ exit 87359
+ fi
- # install a command to obtain the Tox ID
- cd $INSTALL_DIR
- git_clone $TOXID_REPO $INSTALL_DIR/toxid
- if [ ! -d $INSTALL_DIR/toxid ]; then
- exit 63921
- fi
- cd $INSTALL_DIR/toxid
- make
- if [ ! "$?" = "0" ]; then
- exit 58432
- fi
- make install
+ # install a command to obtain the Tox ID
+ cd $INSTALL_DIR
+ git_clone $TOXID_REPO $INSTALL_DIR/toxid
+ if [ ! -d $INSTALL_DIR/toxid ]; then
+ exit 63921
+ fi
+ cd $INSTALL_DIR/toxid
+ make
+ if [ ! "$?" = "0" ]; then
+ exit 58432
+ fi
+ make install
- toxavahi
+ toxavahi
- # publish regularly
- if ! grep -q "toxavahi" /etc/crontab; then
- echo "* * * * * root toxavahi > /dev/null" >> /etc/crontab
- fi
+ # publish regularly
+ if ! grep -q "toxavahi" /etc/crontab; then
+ echo "* * * * * root toxavahi > /dev/null" >> /etc/crontab
+ fi
- systemctl restart avahi-daemon
+ systemctl restart avahi-daemon
- echo 'tox_avahi' >> $COMPLETION_FILE
+ echo 'tox_avahi' >> $COMPLETION_FILE
}
function install_tox_node {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit $INSTALL_DIR/toxcore "toxcore commit" "$TOX_COMMIT" $TOX_REPO
+ # update to the next commit
+ set_repo_commit $INSTALL_DIR/toxcore "toxcore commit" "$TOX_COMMIT" $TOX_REPO
- if grep -Fxq "install_tox_node" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_tox_node" $COMPLETION_FILE; then
+ return
+ fi
- ${PROJECT_NAME}-mesh-install -f tox_node
- if [ ! "$?" = "0" ]; then
- echo $'Failed to install tox node'
- exit 26778
- fi
+ ${PROJECT_NAME}-mesh-install -f tox_node
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to install tox node'
+ exit 26778
+ fi
- TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT})
+ TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT})
- if ! grep -q "tox onion domain" $COMPLETION_FILE; then
- echo "tox onion domain:${TOX_ONION_HOSTNAME}" >> $COMPLETION_FILE
- else
- sed -i "s|tox onion domain.*|tox onion domain:${TOX_ONION_HOSTNAME}|g" $COMPLETION_FILE
- fi
+ if ! grep -q "tox onion domain" $COMPLETION_FILE; then
+ echo "tox onion domain:${TOX_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ else
+ sed -i "s|tox onion domain.*|tox onion domain:${TOX_ONION_HOSTNAME}|g" $COMPLETION_FILE
+ fi
- systemctl restart tox-bootstrapd.service
+ systemctl restart tox-bootstrapd.service
- TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1)
- if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
- echo $'Could not obtain the tox node public key'
- exit 6529
- fi
+ TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1)
+ if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
+ echo $'Could not obtain the tox node public key'
+ exit 6529
+ fi
- # save the public key for later reference
- echo "$TOX_PUBLIC_KEY" > $TOX_BOOTSTRAP_ID_FILE
+ # save the public key for later reference
+ echo "$TOX_PUBLIC_KEY" > $TOX_BOOTSTRAP_ID_FILE
- configure_firewall_for_tox
+ configure_firewall_for_tox
- if ! grep -q $"Your Tox node public key is" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo 'Tox' >> /home/$MY_USERNAME/README
- echo '===' >> /home/$MY_USERNAME/README
- echo $"tox onion domain: ${TOX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
- echo $"Your Tox node public key is: $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README
- echo $'In the Toxic client you can connect to it with:' >> /home/$MY_USERNAME/README
- echo " /connect $DEFAULT_DOMAIN_NAME.local $TOX_PORT $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if ! grep -q $"Your Tox node public key is" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo 'Tox' >> /home/$MY_USERNAME/README
+ echo '===' >> /home/$MY_USERNAME/README
+ echo $"tox onion domain: ${TOX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+ echo $"Your Tox node public key is: $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README
+ echo $'In the Toxic client you can connect to it with:' >> /home/$MY_USERNAME/README
+ echo " /connect $DEFAULT_DOMAIN_NAME.local $TOX_PORT $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo 'install_tox_node' >> $COMPLETION_FILE
+ echo 'install_tox_node' >> $COMPLETION_FILE
}
function install_tox_client {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
+ # update to the next commit
+ set_repo_commit $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
- if grep -Fxq "install_tox_client" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_tox_client" $COMPLETION_FILE; then
+ return
+ fi
- ${PROJECT_NAME}-mesh-install -f tox_client
- if [ ! "$?" = "0" ]; then
- echo $'Could not install Tox client'
- exit 67248
- fi
+ ${PROJECT_NAME}-mesh-install -f tox_client
+ if [ ! "$?" = "0" ]; then
+ echo $'Could not install Tox client'
+ exit 67248
+ fi
- # initial setup of username
- #su -c "echo 'n
- #/nick $MY_USERNAME
- #/exit
- #' | $TOXIC_FILE -d" - $MY_USERNAME
+ # initial setup of username
+ #su -c "echo 'n
+ #/nick $MY_USERNAME
+ #/exit
+ #' | $TOXIC_FILE -d" - $MY_USERNAME
- echo 'install_tox_client' >> $COMPLETION_FILE
+ echo 'install_tox_client' >> $COMPLETION_FILE
}
function install_xmpp {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install lua-sec lua-bitop
- apt-get -y install prosody prosody-modules mercurial
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install lua-sec lua-bitop
+ apt-get -y install prosody prosody-modules mercurial
- if [ ! -d /etc/prosody ]; then
- echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
- exit 52
- fi
+ if [ ! -d /etc/prosody ]; then
+ echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
+ exit 52
+ fi
- # obtain the prosody modules
- cd $INSTALL_DIR
- hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
- if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then
- echo $'mod_onions prosody module could not be found'
- exit 73254
- fi
+ # obtain the prosody modules
+ cd $INSTALL_DIR
+ hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
+ if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then
+ echo $'mod_onions prosody module could not be found'
+ exit 73254
+ fi
- # install the onions module
- cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua
- if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then
- echo $'mod_onions.lua could not be copied to the prosody modules directory'
- exit 63952
- fi
+ # install the onions module
+ cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua
+ if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then
+ echo $'mod_onions.lua could not be copied to the prosody modules directory'
+ exit 63952
+ fi
- # create a certificate
- if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
- ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
- check_certificates xmpp
- fi
- chown prosody:prosody /etc/ssl/private/xmpp.key
- chown prosody:prosody /etc/ssl/certs/xmpp.*
- cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
+ # create a certificate
+ if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
+ ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
+ check_certificates xmpp
+ fi
+ chown prosody:prosody /etc/ssl/private/xmpp.key
+ chown prosody:prosody /etc/ssl/certs/xmpp.*
+ cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
- sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
- sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
- if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
- sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
- fi
- if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
- sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
- fi
- if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
- sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
- fi
- if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
- sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
- fi
- if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
- sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
- fi
+ sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+ sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+ if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+ sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
+ fi
+ if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+ sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
+ fi
+ if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+ sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
+ fi
+ if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+ sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
+ fi
+ if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+ sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
+ fi
- sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
- sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
+ sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
+ sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
- if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
- echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- fi
- ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
+ if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+ echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ fi
+ ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
- sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
- sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
- if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
- sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
- fi
- if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
- sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
- fi
- if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
- sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
- fi
- if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
- sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua
- fi
- if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
- sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
- fi
- sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
- if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
- sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
- fi
- if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
- echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- fi
- sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
- sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
- sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
- sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
- sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
- sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
+ sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
+ sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
+ if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
+ sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
+ fi
+ if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
+ sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
+ fi
+ if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
+ sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
+ fi
+ if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
+ sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua
+ fi
+ if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
+ sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
+ fi
+ sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
+ if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
+ sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
+ fi
+ if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
+ echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ fi
+ sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
+ sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
+ sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
+ sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
+ sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
+ sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
- systemctl restart prosody
- touch /home/$MY_USERNAME/README
+ systemctl restart prosody
+ touch /home/$MY_USERNAME/README
- if [ ! -d /var/lib/tor ]; then
- echo $'No Tor installation found. XMPP onion site cannot be configured.'
- exit 877367
- fi
- if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
- echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
- echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
- echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
- echo $'Added onion site for XMPP chat'
- fi
+ if [ ! -d /var/lib/tor ]; then
+ echo $'No Tor installation found. XMPP onion site cannot be configured.'
+ exit 877367
+ fi
+ if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
+ echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
+ echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
+ echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
+ echo $'Added onion site for XMPP chat'
+ fi
- systemctl restart tor
- wait_for_onion_service 'xmpp'
+ systemctl restart tor
+ wait_for_onion_service 'xmpp'
- if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
- echo $'XMPP onion site hostname not found'
- exit 65349
- fi
- XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
- if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
- echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
- echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
- fi
- if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then
- echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
- else
- sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
- fi
+ if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
+ echo $'XMPP onion site hostname not found'
+ exit 65349
+ fi
+ XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
+ if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+ echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+ fi
+ if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then
+ echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ else
+ sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
+ fi
- if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
- if [ ${#XMPP_PASSWORD} -lt 8 ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- XMPP_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"
- fi
- fi
- prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'XMPP' >> /home/$MY_USERNAME/README
- echo '====' >> /home/$MY_USERNAME/README
- echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
- echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
- echo $'You can change it with: ' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
- echo 'install_xmpp' >> $COMPLETION_FILE
+ if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
+ if [ ${#XMPP_PASSWORD} -lt 8 ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ XMPP_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"
+ fi
+ fi
+ prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'XMPP' >> /home/$MY_USERNAME/README
+ echo '====' >> /home/$MY_USERNAME/README
+ echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+ echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
+ echo $'You can change it with: ' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
+ echo 'install_xmpp' >> $COMPLETION_FILE
}
function install_xmpp_client {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install profanity
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install profanity
- XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
- XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
- if [ ! -d $XMPP_CLIENT_DIR ]; then
- mkdir -p $XMPP_CLIENT_DIR
- fi
+ XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
+ XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
+ if [ ! -d $XMPP_CLIENT_DIR ]; then
+ mkdir -p $XMPP_CLIENT_DIR
+ fi
- if [[ $ONION_ONLY == 'no' ]]; then
- echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
- echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
- echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
- echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
- echo "muc.service=conference.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
- echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
- echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
- echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
- echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
- echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
- echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
- echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
- echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
- if [ ${#XMPP_PASSWORD} -gt 2 ]; then
- echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
- fi
- fi
+ if [[ $ONION_ONLY == 'no' ]]; then
+ echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
+ echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+ echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
+ echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
+ echo "muc.service=conference.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
+ echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
+ echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+ if [ ${#XMPP_PASSWORD} -gt 2 ]; then
+ echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+ fi
+ fi
- if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
- XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
- echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
- if [[ $ONION_ONLY == 'no' ]]; then
- echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
- else
- echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
- fi
- echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
- echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
- echo "muc.service=conference.${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
- echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
- echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
- echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
- echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
- echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
- echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
- echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
- echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
- if [ ${#XMPP_PASSWORD} -gt 2 ]; then
- echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
- fi
- fi
+ if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
+ XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
+ echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
+ if [[ $ONION_ONLY == 'no' ]]; then
+ echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
+ else
+ echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+ fi
+ echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
+ echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
+ echo "muc.service=conference.${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
+ echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
+ echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
+ echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+ if [ ${#XMPP_PASSWORD} -gt 2 ]; then
+ echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+ fi
+ fi
- if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
- mkdir /home/$MY_USERNAME/.config/profanity
- fi
- echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
- echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+ if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
+ mkdir /home/$MY_USERNAME/.config/profanity
+ fi
+ echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
+ echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
- echo 'install_xmpp_client' >> $COMPLETION_FILE
+ echo 'install_xmpp_client' >> $COMPLETION_FILE
}
function install_watchdog_script {
- if grep -Fxq "install_watchdog_script" $COMPLETION_FILE; then
- return
- fi
- echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- # application specific stuff is added later
- chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME
+ if grep -Fxq "install_watchdog_script" $COMPLETION_FILE; then
+ return
+ fi
+ echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+ # application specific stuff is added later
+ chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME
- if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then
- echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab
- fi
+ if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then
+ echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab
+ fi
- echo 'install_watchdog_script' >> $COMPLETION_FILE
+ echo 'install_watchdog_script' >> $COMPLETION_FILE
}
function install_irc_client {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "install_irc_client" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install irssi
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "install_irc_client" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install irssi
- if [ ! -d /home/$MY_USERNAME/.irssi ]; then
- mkdir /home/$MY_USERNAME/.irssi
- fi
+ if [ ! -d /home/$MY_USERNAME/.irssi ]; then
+ mkdir /home/$MY_USERNAME/.irssi
+ fi
- echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
- echo ' {' >> /home/$MY_USERNAME/.irssi/config
- echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
- echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
- echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config
- echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
- echo ' },' >> /home/$MY_USERNAME/.irssi/config
- echo ' {' >> /home/$MY_USERNAME/.irssi/config
- echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
- echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
- echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config
- echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
- echo ' },' >> /home/$MY_USERNAME/.irssi/config
- echo ' {' >> /home/$MY_USERNAME/.irssi/config
- echo " address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config
- if [[ $ONION_ONLY == 'no' ]]; then
- echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
- echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
- else
- IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}')
- echo " port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
- echo ' use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config
- fi
- echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
- echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
- echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
- if [ $IRC_PASSWORD ]; then
- echo " password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config
- fi
- echo ' }' >> /home/$MY_USERNAME/.irssi/config
- echo ');' >> /home/$MY_USERNAME/.irssi/config
- echo '' >> /home/$MY_USERNAME/.irssi/config
- echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
- echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
- echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
- echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
- echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
- echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
- echo ' };' >> /home/$MY_USERNAME/.irssi/config
- echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config
- echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
- echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
- echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
- echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
- echo ' };' >> /home/$MY_USERNAME/.irssi/config
- echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config
- echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
- echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
- echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
- echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
- echo ' };' >> /home/$MY_USERNAME/.irssi/config
- echo '};' >> /home/$MY_USERNAME/.irssi/config
- echo '' >> /home/$MY_USERNAME/.irssi/config
- echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
- echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
- echo ');' >> /home/$MY_USERNAME/.irssi/config
- echo '' >> /home/$MY_USERNAME/.irssi/config
- echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
- echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
- echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
- echo '};' >> /home/$MY_USERNAME/.irssi/config
- echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
+ echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
+ echo ' {' >> /home/$MY_USERNAME/.irssi/config
+ echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' },' >> /home/$MY_USERNAME/.irssi/config
+ echo ' {' >> /home/$MY_USERNAME/.irssi/config
+ echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' },' >> /home/$MY_USERNAME/.irssi/config
+ echo ' {' >> /home/$MY_USERNAME/.irssi/config
+ echo " address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config
+ if [[ $ONION_ONLY == 'no' ]]; then
+ echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
+ echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
+ else
+ IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}')
+ echo " port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
+ echo ' use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config
+ fi
+ echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
+ if [ $IRC_PASSWORD ]; then
+ echo " password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config
+ fi
+ echo ' }' >> /home/$MY_USERNAME/.irssi/config
+ echo ');' >> /home/$MY_USERNAME/.irssi/config
+ echo '' >> /home/$MY_USERNAME/.irssi/config
+ echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
+ echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
+ echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' };' >> /home/$MY_USERNAME/.irssi/config
+ echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config
+ echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' };' >> /home/$MY_USERNAME/.irssi/config
+ echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config
+ echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+ echo ' };' >> /home/$MY_USERNAME/.irssi/config
+ echo '};' >> /home/$MY_USERNAME/.irssi/config
+ echo '' >> /home/$MY_USERNAME/.irssi/config
+ echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
+ echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
+ echo ');' >> /home/$MY_USERNAME/.irssi/config
+ echo '' >> /home/$MY_USERNAME/.irssi/config
+ echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
+ echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
+ echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
+ echo '};' >> /home/$MY_USERNAME/.irssi/config
+ echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
+ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
- echo 'install_irc_client' >> $COMPLETION_FILE
+ echo 'install_irc_client' >> $COMPLETION_FILE
}
function install_irc_server {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install ngircd
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install ngircd
- if [ ! -d /etc/ngircd ]; then
- echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
- exit 53
- fi
+ if [ ! -d /etc/ngircd ]; then
+ echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
+ exit 53
+ fi
- if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
- ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
- check_certificates ngircd
- fi
+ if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
+ ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
+ check_certificates ngircd
+ fi
- DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
- fi
+ DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
+ fi
- # create a login password if needed
- if [ ! $IRC_PASSWORD ]; then
- IRC_PASSWORD="$(openssl rand -base64 32 | cut -c1-10)"
- fi
+ # create a login password if needed
+ if [ ! $IRC_PASSWORD ]; then
+ IRC_PASSWORD="$(openssl rand -base64 32 | cut -c1-10)"
+ fi
- echo '**************************************************' > /etc/ngircd/motd
- echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd
- echo '* *' >> /etc/ngircd/motd
- echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd
- echo '**************************************************' >> /etc/ngircd/motd
- sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
- sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
- sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
- sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
- sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
- sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
- sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
- sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
- sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf
- sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
- sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
- sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
- sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
- sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
- sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
- IRC_SALT="$(openssl rand -base64 32 | cut -c1-30)"
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- IRC_OPERATOR_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"
- fi
- sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
- sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
- sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
- sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
- sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
- sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
- sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
- if [ $IRC_PASSWORD ]; then
- sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
- fi
- # If we are on a mesh then DNS is not available
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
- fi
- # upgrade a cypher
- sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
- mkdir /var/run/ircd
- chown -R irc:irc /var/run/ircd
- mkdir /var/run/ngircd
- touch /var/run/ngircd/ngircd.pid
- chown -R irc:irc /var/run/ngircd
+ echo '**************************************************' > /etc/ngircd/motd
+ echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd
+ echo '* *' >> /etc/ngircd/motd
+ echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd
+ echo '**************************************************' >> /etc/ngircd/motd
+ sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
+ sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
+ sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
+ sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
+ sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
+ sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
+ sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
+ sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
+ sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf
+ sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
+ sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
+ sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
+ sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
+ sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
+ sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
+ IRC_SALT="$(openssl rand -base64 32 | cut -c1-30)"
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ IRC_OPERATOR_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"
+ fi
+ sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
+ sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
+ sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
+ sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
+ sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
+ sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
+ sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
+ if [ $IRC_PASSWORD ]; then
+ sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
+ fi
+ # If we are on a mesh then DNS is not available
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
+ fi
+ # upgrade a cypher
+ sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
+ mkdir /var/run/ircd
+ chown -R irc:irc /var/run/ircd
+ mkdir /var/run/ngircd
+ touch /var/run/ngircd/ngircd.pid
+ chown -R irc:irc /var/run/ngircd
- IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
- if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
- echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
- fi
+ IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
+ if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
+ echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
+ fi
- systemctl restart ngircd
+ systemctl restart ngircd
- # keep the daemon running
- echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+ # keep the daemon running
+ echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'IRC Server' >> /home/$MY_USERNAME/README
- echo '==========' >> /home/$MY_USERNAME/README
- echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- if [[ $ONION_ONLY != 'yes' ]]; then
- echo " irssi" >> /home/$MY_USERNAME/README
- echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
- echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
- else
- echo " usetorwith irssi" >> /home/$MY_USERNAME/README
- echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
- echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
- fi
- echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'IRC Server' >> /home/$MY_USERNAME/README
+ echo '==========' >> /home/$MY_USERNAME/README
+ echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ if [[ $ONION_ONLY != 'yes' ]]; then
+ echo " irssi" >> /home/$MY_USERNAME/README
+ echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
+ echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
+ else
+ echo " usetorwith irssi" >> /home/$MY_USERNAME/README
+ echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
+ echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+ fi
+ echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo 'install_irc_server' >> $COMPLETION_FILE
+ echo 'install_irc_server' >> $COMPLETION_FILE
}
function get_wiki_admin_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "Wiki password" /home/$MY_USERNAME/README; then
- WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "Wiki password" /home/$MY_USERNAME/README; then
+ WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
}
function install_wiki {
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then
- return
- fi
- if grep -Fxq "install_wiki" $COMPLETION_FILE; then
- return
- fi
- if [ ! $WIKI_DOMAIN_NAME ]; then
- return
- fi
- apt-get -y install dokuwiki
- apt-get -y remove --purge apache*
- if [ -d /etc/apache2 ]; then
- rm -rf /etc/apache2
- echo $'Removed Apache installation after Dokuwiki install'
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then
+ return
+ fi
+ if grep -Fxq "install_wiki" $COMPLETION_FILE; then
+ return
+ fi
+ if [ ! $WIKI_DOMAIN_NAME ]; then
+ return
+ fi
+ apt-get -y install dokuwiki
+ apt-get -y remove --purge apache*
+ if [ -d /etc/apache2 ]; then
+ rm -rf /etc/apache2
+ echo $'Removed Apache installation after Dokuwiki install'
+ fi
- if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
- mkdir /var/www/$WIKI_DOMAIN_NAME
- fi
- if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
- rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
- fi
+ if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
+ mkdir /var/www/$WIKI_DOMAIN_NAME
+ fi
+ if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
+ rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
+ fi
- ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
+ ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
- mkdir /var/lib/dokuwiki/custom
- cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
- ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
+ mkdir /var/lib/dokuwiki/custom
+ cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
+ ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
- chown www-data /var/lib/dokuwiki/custom
- chown www-data /var/lib/dokuwiki/custom/local.php
- chown -R www-data /etc/dokuwiki
- chown -R www-data /usr/share/dokuwiki/lib/
- chmod 600 /var/lib/dokuwiki/custom/local.php
- chmod -R 755 /usr/share/dokuwiki/lib
+ chown www-data /var/lib/dokuwiki/custom
+ chown www-data /var/lib/dokuwiki/custom/local.php
+ chown -R www-data /etc/dokuwiki
+ chown -R www-data /usr/share/dokuwiki/lib/
+ chmod 600 /var/lib/dokuwiki/custom/local.php
+ chmod -R 755 /usr/share/dokuwiki/lib
- sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
- sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
+ sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
+ sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
- sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
+ sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
- # set the admin user
- sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
+ # set the admin user
+ sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
- # disallow registration of new users
- if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
- echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
- fi
- if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
- echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
- fi
+ # disallow registration of new users
+ if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
+ echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
+ fi
+ if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
+ echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
+ fi
- if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
- echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
- fi
- if ! grep -q "authtype" /etc/dokuwiki/local.php; then
- echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
- fi
+ if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
+ echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
+ fi
+ if ! grep -q "authtype" /etc/dokuwiki/local.php; then
+ echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
+ fi
- get_wiki_admin_password
- if [ ! $WIKI_ADMIN_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- WIKI_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
- fi
- fi
- HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
- echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
- chmod 640 /var/lib/dokuwiki/acl/users.auth.php
+ get_wiki_admin_password
+ if [ ! $WIKI_ADMIN_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ WIKI_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
+ fi
+ fi
+ HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
+ echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
+ chmod 640 /var/lib/dokuwiki/acl/users.auth.php
- if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
- echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf
- fi
- if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
- echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf
- fi
- if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
- echo 'webm video/webm' >> /etc/dokuwiki/mime.conf
- fi
+ if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
+ echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf
+ fi
+ if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
+ echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf
+ fi
+ if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
+ echo 'webm video/webm' >> /etc/dokuwiki/mime.conf
+ fi
- WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
+ WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
- if [[ $ONION_ONLY == "no" ]]; then
- echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- nginx_disable_sniffing $WIKI_DOMAIN_NAME
- nginx_limits $WIKI_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- nginx_limits $WIKI_DOMAIN_NAME
- nginx_ssl $WIKI_DOMAIN_NAME
- nginx_disable_sniffing $WIKI_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # webmail' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location /webmail {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- else
- echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- fi
- echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- nginx_limits $WIKI_DOMAIN_NAME
- nginx_disable_sniffing $WIKI_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ if [[ $ONION_ONLY == "no" ]]; then
+ echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ nginx_disable_sniffing $WIKI_DOMAIN_NAME
+ nginx_limits $WIKI_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ nginx_limits $WIKI_DOMAIN_NAME
+ nginx_ssl $WIKI_DOMAIN_NAME
+ nginx_disable_sniffing $WIKI_DOMAIN_NAME
+ echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # webmail' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location /webmail {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ else
+ echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ fi
+ echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ nginx_limits $WIKI_DOMAIN_NAME
+ nginx_disable_sniffing $WIKI_DOMAIN_NAME
+ echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- create_site_certificate $WIKI_DOMAIN_NAME
+ create_site_certificate $WIKI_DOMAIN_NAME
- configure_php
+ configure_php
- nginx_ensite $WIKI_DOMAIN_NAME
+ nginx_ensite $WIKI_DOMAIN_NAME
- systemctl restart php5-fpm
- systemctl restart nginx
+ systemctl restart php5-fpm
+ systemctl restart nginx
- echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
- add_ddns_domain $WIKI_DOMAIN_NAME
+ add_ddns_domain $WIKI_DOMAIN_NAME
- # add some post-install instructions
- if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Wiki' >> /home/$MY_USERNAME/README
- echo '====' >> /home/$MY_USERNAME/README
- echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
- echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
- echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ # add some post-install instructions
+ if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Wiki' >> /home/$MY_USERNAME/README
+ echo '====' >> /home/$MY_USERNAME/README
+ echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+ echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+ echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
- echo 'install_wiki' >> $COMPLETION_FILE
+ echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
+ echo 'install_wiki' >> $COMPLETION_FILE
}
function get_blog_admin_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "Your blog password is" /home/$MY_USERNAME/README; then
- FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "Your blog password is" /home/$MY_USERNAME/README; then
+ FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
}
function install_blog {
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! $FULLBLOG_DOMAIN_NAME ]; then
- echo $'The blog domain name was not specified'
- exit 5062
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! $FULLBLOG_DOMAIN_NAME ]; then
+ echo $'The blog domain name was not specified'
+ exit 5062
+ fi
- # update to the next commit
- set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO
+ # update to the next commit
+ set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO
- if grep -Fxq "install_blog" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_blog" $COMPLETION_FILE; then
+ return
+ fi
- # for the avatar changing command
- apt-get -y install imagemagick
+ # for the avatar changing command
+ apt-get -y install imagemagick
- if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
- mkdir /var/www/$FULLBLOG_DOMAIN_NAME
- fi
+ if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
+ mkdir /var/www/$FULLBLOG_DOMAIN_NAME
+ fi
- cd /var/www/$FULLBLOG_DOMAIN_NAME
- git_clone $FULLBLOG_REPO htdocs
- cd htdocs
- git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT
- if ! grep -q "Blog commit" $COMPLETION_FILE; then
- echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
- fi
- cd /var/www/$FULLBLOG_DOMAIN_NAME
+ cd /var/www/$FULLBLOG_DOMAIN_NAME
+ git_clone $FULLBLOG_REPO htdocs
+ cd htdocs
+ git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT
+ if ! grep -q "Blog commit" $COMPLETION_FILE; then
+ echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
+ fi
+ cd /var/www/$FULLBLOG_DOMAIN_NAME
- chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
+ chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
- if [[ $ONION_ONLY == "no" ]]; then
- echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- nginx_limits $FULLBLOG_DOMAIN_NAME
- nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
- echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- nginx_limits $FULLBLOG_DOMAIN_NAME
- nginx_ssl $FULLBLOG_DOMAIN_NAME
- nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- else
- echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- fi
- echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- nginx_limits $FULLBLOG_DOMAIN_NAME
- nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ if [[ $ONION_ONLY == "no" ]]; then
+ echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ nginx_limits $FULLBLOG_DOMAIN_NAME
+ nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
+ echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ nginx_limits $FULLBLOG_DOMAIN_NAME
+ nginx_ssl $FULLBLOG_DOMAIN_NAME
+ nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
+ echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ else
+ echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ fi
+ echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ nginx_limits $FULLBLOG_DOMAIN_NAME
+ nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
+ echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- create_site_certificate $FULLBLOG_DOMAIN_NAME
+ create_site_certificate $FULLBLOG_DOMAIN_NAME
- configure_php
+ configure_php
- # blog settings
- cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ # blog settings
+ cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- # set social networks
- if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then
- sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- fi
- if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then
- sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- fi
+ # set social networks
+ if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then
+ sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ fi
+ if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then
+ sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ fi
- # clear proprietary social network strings
- sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ # clear proprietary social network strings
+ sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- # create a user password
- get_blog_admin_password
- if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
- fi
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'HTMLy Blog' >> /home/$MY_USERNAME/README
- echo '==========' >> /home/$MY_USERNAME/README
- echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README
- echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
- if [[ $ONION_ONLY == 'no' ]]; then
- echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
- fi
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ # create a user password
+ get_blog_admin_password
+ if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
+ fi
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'HTMLy Blog' >> /home/$MY_USERNAME/README
+ echo '==========' >> /home/$MY_USERNAME/README
+ echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+ echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+ if [[ $ONION_ONLY == 'no' ]]; then
+ echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
+ fi
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- # create a user
- echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
- echo "password = '$FULLBLOG_ADMIN_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
- echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
- echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
- echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+ # create a user
+ echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+ echo "password = '$FULLBLOG_ADMIN_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+ echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+ echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+ echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
- nginx_ensite $FULLBLOG_DOMAIN_NAME
+ nginx_ensite $FULLBLOG_DOMAIN_NAME
- FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})
+ FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})
- systemctl restart php5-fpm
- systemctl restart nginx
+ systemctl restart php5-fpm
+ systemctl restart nginx
- if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then
- echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
- echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
- echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then
+ echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+ echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
+ echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
- add_ddns_domain $FULLBLOG_DOMAIN_NAME
+ add_ddns_domain $FULLBLOG_DOMAIN_NAME
- echo 'install_blog' >> $COMPLETION_FILE
+ echo 'install_blog' >> $COMPLETION_FILE
}
function install_rss_reader {
- if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit $RSS_READER_PATH "RSS reader commit" "$RSS_READER_COMMIT" $RSS_READER_REPO
+ # update to the next commit
+ set_repo_commit $RSS_READER_PATH "RSS reader commit" "$RSS_READER_COMMIT" $RSS_READER_REPO
- if grep -Fxq "install_rss_reader" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_rss_reader" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
+ apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
- if [ ! -d /etc/share ]; then
- mkdir /etc/share
- fi
- cd /etc/share
- git_clone $RSS_READER_REPO tt-rss
- if [ ! -d $RSS_READER_PATH ]; then
- echo $'Could not clone RSS reader repo'
- exit 52925
- fi
- cd $RSS_READER_PATH
- git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
- if ! grep -q "RSS reader commit" $COMPLETION_FILE; then
- echo "RSS reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE
- fi
+ if [ ! -d /etc/share ]; then
+ mkdir /etc/share
+ fi
+ cd /etc/share
+ git_clone $RSS_READER_REPO tt-rss
+ if [ ! -d $RSS_READER_PATH ]; then
+ echo $'Could not clone RSS reader repo'
+ exit 52925
+ fi
+ cd $RSS_READER_PATH
+ git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
+ if ! grep -q "RSS reader commit" $COMPLETION_FILE; then
+ echo "RSS reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE
+ fi
- install_mariadb
- get_mariadb_password
- repair_databases_script
+ install_mariadb
+ get_mariadb_password
+ repair_databases_script
- get_mariadb_rss_reader_admin_password
- if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- RSS_READER_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
- fi
- fi
+ get_mariadb_rss_reader_admin_password
+ if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ RSS_READER_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
+ fi
+ fi
- create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
+ create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
- RSS_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_READER_ONION_PORT})
- RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_MOBILE_READER_ONION_PORT})
+ RSS_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_READER_ONION_PORT})
+ RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_MOBILE_READER_ONION_PORT})
- echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo " listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo " server_name $RSS_MOBILE_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' root /etc/share/ttrss-mobile;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' index index.html index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location /tt-rss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' try_files $uri $uri/ @ttrss_base;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' rewrite ^(.*)$ /index.html?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location @ttrss_base {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo 'server {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo " server_name $RSS_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' root /etc/share/tt-rss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo " rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo " listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo " server_name $RSS_MOBILE_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' root /etc/share/ttrss-mobile;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' index index.html index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location /tt-rss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' try_files $uri $uri/ @ttrss_base;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' rewrite ^(.*)$ /index.html?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location @ttrss_base {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo 'server {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo " server_name $RSS_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' root /etc/share/tt-rss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo " rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- if [ ! -f $RSS_READER_PATH/config.php ]; then
- # generate a config file
- RSS_FEED_CRYPT_KEY="$(openssl rand -base64 26 | cut -c1-24)"
- echo ' $RSS_READER_PATH/config.php
- echo " define ('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
- echo " define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
- echo " define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
- echo " define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
- echo " define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php
- echo " define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php
- echo " define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php
- echo " define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php
- echo " define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php
- echo " define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php
- echo " define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php
- echo " define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php
- echo " define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php
- echo " define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php
- echo " define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php
- echo " define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php
- echo " define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php
- echo " define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php
- echo " define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php
- echo " define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php
- echo " define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php
- echo " define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php
- echo " define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php
- echo " define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php
- echo " define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php
- echo " define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php
- echo " define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php
- echo " define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php
- echo " define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php
- echo " define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php
- echo " define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php
- echo " define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php
- echo " define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php
- echo " define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php
- echo " define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php
- echo " define('CHECK_FOR_UPDATES', false);" >> $RSS_READER_PATH/config.php
- echo " define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php
- echo " define('PLUGINS', 'auth_internal, note, gnusocial');" >> $RSS_READER_PATH/config.php
- echo " define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php
- echo " define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php
- fi
+ if [ ! -f $RSS_READER_PATH/config.php ]; then
+ # generate a config file
+ RSS_FEED_CRYPT_KEY="$(openssl rand -base64 26 | cut -c1-24)"
+ echo ' $RSS_READER_PATH/config.php
+ echo " define ('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
+ echo " define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
+ echo " define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
+ echo " define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
+ echo " define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php
+ echo " define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php
+ echo " define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php
+ echo " define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php
+ echo " define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php
+ echo " define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php
+ echo " define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php
+ echo " define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php
+ echo " define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php
+ echo " define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php
+ echo " define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php
+ echo " define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php
+ echo " define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php
+ echo " define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php
+ echo " define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php
+ echo " define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php
+ echo " define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php
+ echo " define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php
+ echo " define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php
+ echo " define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php
+ echo " define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php
+ echo " define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php
+ echo " define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php
+ echo " define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php
+ echo " define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php
+ echo " define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php
+ echo " define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php
+ echo " define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php
+ echo " define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php
+ echo " define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php
+ echo " define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php
+ echo " define('CHECK_FOR_UPDATES', false);" >> $RSS_READER_PATH/config.php
+ echo " define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php
+ echo " define('PLUGINS', 'auth_internal, note, gnusocial');" >> $RSS_READER_PATH/config.php
+ echo " define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php
+ echo " define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php
+ fi
- # initialize the database
- if [ ! -f $RSS_READER_PATH/schema/ttrss_schema_mysql.sql ]; then
- echo $'No database schema found for rss reader'
- exit 52926
- fi
- mysql -u root --password="$MARIADB_PASSWORD" -D ttrss < $RSS_READER_PATH/schema/ttrss_schema_mysql.sql
+ # initialize the database
+ if [ ! -f $RSS_READER_PATH/schema/ttrss_schema_mysql.sql ]; then
+ echo $'No database schema found for rss reader'
+ exit 52926
+ fi
+ mysql -u root --password="$MARIADB_PASSWORD" -D ttrss < $RSS_READER_PATH/schema/ttrss_schema_mysql.sql
- # change the password from the default
- RSS_READER_ADMIN_PASSWORD_HASH=$(echo -n "${RSS_READER_ADMIN_PASSWORD}" | sha1sum | awk -F ' ' '{print $1}')
- mysql -u root --password="$MARIADB_PASSWORD" -e "update ttrss_users set pwd_hash = 'SHA1:${RSS_READER_ADMIN_PASSWORD_HASH}', salt= '' WHERE login = 'admin';" ttrss
+ # change the password from the default
+ RSS_READER_ADMIN_PASSWORD_HASH=$(echo -n "${RSS_READER_ADMIN_PASSWORD}" | sha1sum | awk -F ' ' '{print $1}')
+ mysql -u root --password="$MARIADB_PASSWORD" -e "update ttrss_users set pwd_hash = 'SHA1:${RSS_READER_ADMIN_PASSWORD_HASH}', salt= '' WHERE login = 'admin';" ttrss
- rss_reader_modifications
+ rss_reader_modifications
- configure_php
+ configure_php
- nginx_ensite $RSS_READER_DOMAIN_NAME
- systemctl restart php5-fpm
- systemctl restart nginx
+ nginx_ensite $RSS_READER_DOMAIN_NAME
+ systemctl restart php5-fpm
+ systemctl restart nginx
- if ! grep -q "RSS reader onion domain" $COMPLETION_FILE; then
- echo "RSS reader onion domain:${RSS_READER_ONION_HOSTNAME}" >> $COMPLETION_FILE
- fi
- if ! grep -q "RSS reader domain" $COMPLETION_FILE; then
- echo "RSS reader domain:${RSS_READER_DOMAIN_NAME}" >> $COMPLETION_FILE
- fi
+ if ! grep -q "RSS reader onion domain" $COMPLETION_FILE; then
+ echo "RSS reader onion domain:${RSS_READER_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ fi
+ if ! grep -q "RSS reader domain" $COMPLETION_FILE; then
+ echo "RSS reader domain:${RSS_READER_DOMAIN_NAME}" >> $COMPLETION_FILE
+ fi
- # daemon to update feeds
- echo '[Unit]' > /etc/systemd/system/ttrss.service
- echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
- echo 'After=network.target mysql.service' >> /etc/systemd/system/ttrss.service
- echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
- echo '' >> /etc/systemd/system/ttrss.service
- echo '[Service]' >> /etc/systemd/system/ttrss.service
- echo 'User=www-data' >> /etc/systemd/system/ttrss.service
- echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon" >> /etc/systemd/system/ttrss.service
- echo '' >> /etc/systemd/system/ttrss.service
- echo '[Install]' >> /etc/systemd/system/ttrss.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service
- systemctl enable ttrss
- systemctl daemon-reload
- systemctl start ttrss
+ # daemon to update feeds
+ echo '[Unit]' > /etc/systemd/system/ttrss.service
+ echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
+ echo 'After=network.target mysql.service' >> /etc/systemd/system/ttrss.service
+ echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
+ echo '' >> /etc/systemd/system/ttrss.service
+ echo '[Service]' >> /etc/systemd/system/ttrss.service
+ echo 'User=www-data' >> /etc/systemd/system/ttrss.service
+ echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon" >> /etc/systemd/system/ttrss.service
+ echo '' >> /etc/systemd/system/ttrss.service
+ echo '[Install]' >> /etc/systemd/system/ttrss.service
+ echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service
+ systemctl enable ttrss
+ systemctl daemon-reload
+ systemctl start ttrss
- # some post-install instructions for the user
- if ! grep -q $"RSS Reader" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'RSS Reader' >> /home/$MY_USERNAME/README
- echo '==========' >> /home/$MY_USERNAME/README
- echo $"RSS reader domain: ${RSS_READER_DOMAIN_NAME}" >> /home/$MY_USERNAME/README
- echo $"RSS reader onion domain: ${RSS_READER_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
- echo $"RSS reader admin username: admin" >> /home/$MY_USERNAME/README
- echo $"RSS reader admin password: ${RSS_READER_ADMIN_PASSWORD}" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ # some post-install instructions for the user
+ if ! grep -q $"RSS Reader" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'RSS Reader' >> /home/$MY_USERNAME/README
+ echo '==========' >> /home/$MY_USERNAME/README
+ echo $"RSS reader domain: ${RSS_READER_DOMAIN_NAME}" >> /home/$MY_USERNAME/README
+ echo $"RSS reader onion domain: ${RSS_READER_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+ echo $"RSS reader admin username: admin" >> /home/$MY_USERNAME/README
+ echo $"RSS reader admin password: ${RSS_READER_ADMIN_PASSWORD}" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo 'install_rss_reader' >> $COMPLETION_FILE
+ echo 'install_rss_reader' >> $COMPLETION_FILE
}
function install_rss_reader_gnusocial {
- if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- if [ ! $MICROBLOG_DOMAIN_NAME ]; then
- return
- fi
+ if [ ! $MICROBLOG_DOMAIN_NAME ]; then
+ return
+ fi
- if [ ! $RSS_READER_PATH ]; then
- RSS_READER_PATH=/etc/share/tt-rss
- fi
- RSS_READER_GNUSOCIAL_PATH=${RSS_READER_PATH}/plugins/gnusocial
+ if [ ! $RSS_READER_PATH ]; then
+ RSS_READER_PATH=/etc/share/tt-rss
+ fi
+ RSS_READER_GNUSOCIAL_PATH=${RSS_READER_PATH}/plugins/gnusocial
- # update to the next commit
- set_repo_commit $RSS_READER_GNUSOCIAL_PATH "RSS reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT" $RSS_READER_GNUSOCIAL_REPO
- chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
+ # update to the next commit
+ set_repo_commit $RSS_READER_GNUSOCIAL_PATH "RSS reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT" $RSS_READER_GNUSOCIAL_REPO
+ chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
- if grep -Fxq "install_rss_reader_gnusocial" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_rss_reader_gnusocial" $COMPLETION_FILE; then
+ return
+ fi
- if [ ! -d $INSTALL_DIR ]; then
- mkdir -p $INSTALL_DIR
- fi
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir -p $INSTALL_DIR
+ fi
- cd $INSTALL_DIR
- git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial
- if [ ! -d $INSTALL_DIR/ttrss-gnusocial ]; then
- echo $'Could not clone repo for RSS reader GNU Social plugin'
- exit 52838
- fi
- cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH
- cd $RSS_READER_GNUSOCIAL_PATH
- git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT
- if ! grep -q "RSS reader gnusocial commit" $COMPLETION_FILE; then
- echo "RSS reader gnusocial commit:$RSS_READER_GNUSOCIAL_COMMIT" >> $COMPLETION_FILE
- fi
- chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
+ cd $INSTALL_DIR
+ git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial
+ if [ ! -d $INSTALL_DIR/ttrss-gnusocial ]; then
+ echo $'Could not clone repo for RSS reader GNU Social plugin'
+ exit 52838
+ fi
+ cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH
+ cd $RSS_READER_GNUSOCIAL_PATH
+ git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT
+ if ! grep -q "RSS reader gnusocial commit" $COMPLETION_FILE; then
+ echo "RSS reader gnusocial commit:$RSS_READER_GNUSOCIAL_COMMIT" >> $COMPLETION_FILE
+ fi
+ chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
- echo 'install_rss_reader_gnusocial' >> $COMPLETION_FILE
+ echo 'install_rss_reader_gnusocial' >> $COMPLETION_FILE
}
function install_rss_mobile_reader {
- if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- if [ ! $RSS_READER_PATH ]; then
- RSS_READER_PATH=/etc/share/tt-rss
- fi
+ if [ ! $RSS_READER_PATH ]; then
+ RSS_READER_PATH=/etc/share/tt-rss
+ fi
- if [ ! -d $RSS_READER_PATH ]; then
- echo $'tt-rss is not installed, so the mobile version cannot be installed'
- exit 63452
- fi
+ if [ ! -d $RSS_READER_PATH ]; then
+ echo $'tt-rss is not installed, so the mobile version cannot be installed'
+ exit 63452
+ fi
- RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
+ RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
- # remove any previous install
- if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
- if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
- sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
- sed -i '/RSS mobile reader commit/d' $COMPLETION_FILE
- rm -rf $RSS_READER_PATH/g2ttree-mobile
- fi
- fi
+ # remove any previous install
+ if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
+ if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
+ sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
+ sed -i '/RSS mobile reader commit/d' $COMPLETION_FILE
+ rm -rf $RSS_READER_PATH/g2ttree-mobile
+ fi
+ fi
- # update to the next commit
- set_repo_commit $RSS_MOBILE_READER_PATH "RSS mobile reader commit" "$RSS_MOBILE_READER_COMMIT" $RSS_MOBILE_READER_REPO
+ # update to the next commit
+ set_repo_commit $RSS_MOBILE_READER_PATH "RSS mobile reader commit" "$RSS_MOBILE_READER_COMMIT" $RSS_MOBILE_READER_REPO
- if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
+ return
+ fi
- cd /etc/share
- git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
- if [ ! -d $RSS_MOBILE_READER_PATH ]; then
- echo $'Could not clone RSS mobile reader repo'
- exit 24816
- fi
- cd $RSS_MOBILE_READER_PATH
- git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
- if ! grep -q "RSS mobile reader commit" $COMPLETION_FILE; then
- echo "RSS mobile reader commit:$RSS_MOBILE_READER_COMMIT" >> $COMPLETION_FILE
- fi
+ cd /etc/share
+ git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
+ if [ ! -d $RSS_MOBILE_READER_PATH ]; then
+ echo $'Could not clone RSS mobile reader repo'
+ exit 24816
+ fi
+ cd $RSS_MOBILE_READER_PATH
+ git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
+ if ! grep -q "RSS mobile reader commit" $COMPLETION_FILE; then
+ echo "RSS mobile reader commit:$RSS_MOBILE_READER_COMMIT" >> $COMPLETION_FILE
+ fi
- echo 'define({' > $RSS_MOBILE_READER_PATH/scripts/conf.js
- echo ' apiPath: "/tt-rss/"' >> $RSS_MOBILE_READER_PATH/scripts/conf.js
- echo '});' >> $RSS_MOBILE_READER_PATH/scripts/conf.js
+ echo 'define({' > $RSS_MOBILE_READER_PATH/scripts/conf.js
+ echo ' apiPath: "/tt-rss/"' >> $RSS_MOBILE_READER_PATH/scripts/conf.js
+ echo '});' >> $RSS_MOBILE_READER_PATH/scripts/conf.js
- # link to the main site
- ln -s $RSS_READER_PATH $RSS_MOBILE_READER_PATH/tt-rss
+ # link to the main site
+ ln -s $RSS_READER_PATH $RSS_MOBILE_READER_PATH/tt-rss
- chown -R www-data:www-data $RSS_MOBILE_READER_PATH
- chown -R www-data:www-data $RSS_READER_PATH
- chmod a+x $RSS_MOBILE_READER_PATH
+ chown -R www-data:www-data $RSS_MOBILE_READER_PATH
+ chown -R www-data:www-data $RSS_READER_PATH
+ chmod a+x $RSS_MOBILE_READER_PATH
- echo 'install_rss_mobile_reader' >> $COMPLETION_FILE
+ echo 'install_rss_mobile_reader' >> $COMPLETION_FILE
}
function install_gnu_social {
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! $MICROBLOG_DOMAIN_NAME ]; then
- echo $'No domain name was given for the microblog'
- exit 7359
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! $MICROBLOG_DOMAIN_NAME ]; then
+ echo $'No domain name was given for the microblog'
+ exit 7359
+ fi
- # update to the next commit
- set_repo_commit /var/www/$MICROBLOG_DOMAIN_NAME/htdocs "GNU Social commit" "$MICROBLOG_COMMIT" $MICROBLOG_REPO
+ # update to the next commit
+ set_repo_commit /var/www/$MICROBLOG_DOMAIN_NAME/htdocs "GNU Social commit" "$MICROBLOG_COMMIT" $MICROBLOG_REPO
- if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
+ return
+ fi
- install_mariadb
- get_mariadb_password
- repair_databases_script
+ install_mariadb
+ get_mariadb_password
+ repair_databases_script
- apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
+ apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
- if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then
- mkdir /var/www/$MICROBLOG_DOMAIN_NAME
- fi
- if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
- git_clone $MICROBLOG_REPO /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
- if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
- echo $'Unable to clone gnusocial repo'
- exit 87525
- fi
- fi
+ if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then
+ mkdir /var/www/$MICROBLOG_DOMAIN_NAME
+ fi
+ if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
+ git_clone $MICROBLOG_REPO /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
+ if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
+ echo $'Unable to clone gnusocial repo'
+ exit 87525
+ fi
+ fi
- cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
- git checkout $MICROBLOG_COMMIT -b $MICROBLOG_COMMIT
- if ! grep -q "GNU Social commit" $COMPLETION_FILE; then
- echo "GNU Social commit:$MICROBLOG_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/GNU Social commit.*/GNU Social commit:$MICROBLOG_COMMIT/g" $COMPLETION_FILE
- fi
+ cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
+ git checkout $MICROBLOG_COMMIT -b $MICROBLOG_COMMIT
+ if ! grep -q "GNU Social commit" $COMPLETION_FILE; then
+ echo "GNU Social commit:$MICROBLOG_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/GNU Social commit.*/GNU Social commit:$MICROBLOG_COMMIT/g" $COMPLETION_FILE
+ fi
- chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
- chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
- chmod +x /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php
+ chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
+ chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
+ chmod +x /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php
- get_mariadb_gnusocial_admin_password
- if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- MICROBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- MICROBLOG_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
- fi
- fi
+ get_mariadb_gnusocial_admin_password
+ if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ MICROBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ MICROBLOG_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
+ fi
+ fi
- create_database gnusocial "$MICROBLOG_ADMIN_PASSWORD" $MY_USERNAME
+ create_database gnusocial "$MICROBLOG_ADMIN_PASSWORD" $MY_USERNAME
- if [ ! -f "/etc/aliases" ]; then
- touch /etc/aliases
- fi
- if ! grep -q "www-data: root" /etc/aliases; then
- echo 'www-data: root' >> /etc/aliases
- fi
- if ! grep -q "/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" /etc/aliases; then
- echo "*: /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" >> /etc/aliases
- fi
- newaliases
+ if [ ! -f "/etc/aliases" ]; then
+ touch /etc/aliases
+ fi
+ if ! grep -q "www-data: root" /etc/aliases; then
+ echo 'www-data: root' >> /etc/aliases
+ fi
+ if ! grep -q "/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" /etc/aliases; then
+ echo "*: /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" >> /etc/aliases
+ fi
+ newaliases
- add_ddns_domain $MICROBLOG_DOMAIN_NAME
+ add_ddns_domain $MICROBLOG_DOMAIN_NAME
- microblog_nginx_site=/etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
- if [[ $ONION_ONLY == "no" ]]; then
- nginx_http_redirect $MICROBLOG_DOMAIN_NAME
- echo 'server {' >> $microblog_nginx_site
- echo ' listen 443 ssl;' >> $microblog_nginx_site
- echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Security' >> $microblog_nginx_site
- nginx_ssl $MICROBLOG_DOMAIN_NAME
- nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
- nginx_limits $MICROBLOG_DOMAIN_NAME '15m'
- echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Logs' >> $microblog_nginx_site
- echo ' access_log off;' >> $microblog_nginx_site
- echo ' error_log off;' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Root' >> $microblog_nginx_site
- echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Index' >> $microblog_nginx_site
- echo ' index index.php;' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # PHP' >> $microblog_nginx_site
- echo ' location ~ \.php {' >> $microblog_nginx_site
- echo ' include snippets/fastcgi-php.conf;' >> $microblog_nginx_site
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $microblog_nginx_site
- echo ' }' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Location' >> $microblog_nginx_site
- echo ' location / {' >> $microblog_nginx_site
- echo ' try_files $uri $uri/ @gnusocial;' >> $microblog_nginx_site
- echo ' }' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Fancy URLs' >> $microblog_nginx_site
- echo ' location @gnusocial {' >> $microblog_nginx_site
- echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $microblog_nginx_site
- echo ' }' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Restrict access that is unnecessary anyway' >> $microblog_nginx_site
- echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site
- echo ' deny all;' >> $microblog_nginx_site
- echo ' }' >> $microblog_nginx_site
- echo '}' >> $microblog_nginx_site
- else
- echo -n '' > $microblog_nginx_site
- fi
- echo 'server {' >> $microblog_nginx_site
- echo " listen 127.0.0.1:$MICROBLOG_ONION_PORT default_server;" >> $microblog_nginx_site
- echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Logs' >> $microblog_nginx_site
- echo ' access_log off;' >> $microblog_nginx_site
- echo ' error_log off;' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Root' >> $microblog_nginx_site
- echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Index' >> $microblog_nginx_site
- echo ' index index.php;' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # PHP' >> $microblog_nginx_site
- echo ' location ~ \.php {' >> $microblog_nginx_site
- echo ' include snippets/fastcgi-php.conf;' >> $microblog_nginx_site
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $microblog_nginx_site
- echo ' }' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Location' >> $microblog_nginx_site
- echo ' location / {' >> $microblog_nginx_site
- echo ' try_files $uri $uri/ @gnusocial;' >> $microblog_nginx_site
- echo ' }' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Fancy URLs' >> $microblog_nginx_site
- echo ' location @gnusocial {' >> $microblog_nginx_site
- echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $microblog_nginx_site
- echo ' }' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- echo ' # Restrict access that is unnecessary anyway' >> $microblog_nginx_site
- echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site
- echo ' deny all;' >> $microblog_nginx_site
- echo ' }' >> $microblog_nginx_site
- echo '' >> $microblog_nginx_site
- nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
- nginx_limits $MICROBLOG_DOMAIN_NAME '15m'
- echo '}' >> $microblog_nginx_site
+ microblog_nginx_site=/etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
+ if [[ $ONION_ONLY == "no" ]]; then
+ nginx_http_redirect $MICROBLOG_DOMAIN_NAME
+ echo 'server {' >> $microblog_nginx_site
+ echo ' listen 443 ssl;' >> $microblog_nginx_site
+ echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Security' >> $microblog_nginx_site
+ nginx_ssl $MICROBLOG_DOMAIN_NAME
+ nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
+ nginx_limits $MICROBLOG_DOMAIN_NAME '15m'
+ echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Logs' >> $microblog_nginx_site
+ echo ' access_log off;' >> $microblog_nginx_site
+ echo ' error_log off;' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Root' >> $microblog_nginx_site
+ echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Index' >> $microblog_nginx_site
+ echo ' index index.php;' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # PHP' >> $microblog_nginx_site
+ echo ' location ~ \.php {' >> $microblog_nginx_site
+ echo ' include snippets/fastcgi-php.conf;' >> $microblog_nginx_site
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $microblog_nginx_site
+ echo ' }' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Location' >> $microblog_nginx_site
+ echo ' location / {' >> $microblog_nginx_site
+ echo ' try_files $uri $uri/ @gnusocial;' >> $microblog_nginx_site
+ echo ' }' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Fancy URLs' >> $microblog_nginx_site
+ echo ' location @gnusocial {' >> $microblog_nginx_site
+ echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $microblog_nginx_site
+ echo ' }' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Restrict access that is unnecessary anyway' >> $microblog_nginx_site
+ echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site
+ echo ' deny all;' >> $microblog_nginx_site
+ echo ' }' >> $microblog_nginx_site
+ echo '}' >> $microblog_nginx_site
+ else
+ echo -n '' > $microblog_nginx_site
+ fi
+ echo 'server {' >> $microblog_nginx_site
+ echo " listen 127.0.0.1:$MICROBLOG_ONION_PORT default_server;" >> $microblog_nginx_site
+ echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Logs' >> $microblog_nginx_site
+ echo ' access_log off;' >> $microblog_nginx_site
+ echo ' error_log off;' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Root' >> $microblog_nginx_site
+ echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Index' >> $microblog_nginx_site
+ echo ' index index.php;' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # PHP' >> $microblog_nginx_site
+ echo ' location ~ \.php {' >> $microblog_nginx_site
+ echo ' include snippets/fastcgi-php.conf;' >> $microblog_nginx_site
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $microblog_nginx_site
+ echo ' }' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Location' >> $microblog_nginx_site
+ echo ' location / {' >> $microblog_nginx_site
+ echo ' try_files $uri $uri/ @gnusocial;' >> $microblog_nginx_site
+ echo ' }' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Fancy URLs' >> $microblog_nginx_site
+ echo ' location @gnusocial {' >> $microblog_nginx_site
+ echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $microblog_nginx_site
+ echo ' }' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ echo ' # Restrict access that is unnecessary anyway' >> $microblog_nginx_site
+ echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site
+ echo ' deny all;' >> $microblog_nginx_site
+ echo ' }' >> $microblog_nginx_site
+ echo '' >> $microblog_nginx_site
+ nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
+ nginx_limits $MICROBLOG_DOMAIN_NAME '15m'
+ echo '}' >> $microblog_nginx_site
- configure_php
+ configure_php
- create_site_certificate $MICROBLOG_DOMAIN_NAME 'yes'
+ create_site_certificate $MICROBLOG_DOMAIN_NAME 'yes'
- # Ensure that the database gets backed up locally, if remote
- # backups are not being used
- backup_databases_script_header
+ # Ensure that the database gets backed up locally, if remote
+ # backups are not being used
+ backup_databases_script_header
- backup_database_local gnusocial
+ backup_database_local gnusocial
- nginx_ensite $MICROBLOG_DOMAIN_NAME
+ nginx_ensite $MICROBLOG_DOMAIN_NAME
- # NOTE: For the typical case always enable SSL and only
- # disable it if in onion only mode. This is due to complexities
- # with the way URLs are generated by GNU Social
- gnu_social_ssl='always'
- if [[ $ONION_ONLY != 'no' ]]; then
- gnu_social_ssl='never'
- fi
+ # NOTE: For the typical case always enable SSL and only
+ # disable it if in onion only mode. This is due to complexities
+ # with the way URLs are generated by GNU Social
+ gnu_social_ssl='always'
+ if [[ $ONION_ONLY != 'no' ]]; then
+ gnu_social_ssl='never'
+ fi
- MICROBLOG_ONION_HOSTNAME=$(add_onion_service microblog 80 ${MICROBLOG_ONION_PORT})
+ MICROBLOG_ONION_HOSTNAME=$(add_onion_service microblog 80 ${MICROBLOG_ONION_PORT})
- MICROBLOG_SERVER=${MICROBLOG_DOMAIN_NAME}
- if [[ $ONION_ONLY != 'no' ]]; then
- MICROBLOG_SERVER=${MICROBLOG_ONION_HOSTNAME}
- fi
+ MICROBLOG_SERVER=${MICROBLOG_DOMAIN_NAME}
+ if [[ $ONION_ONLY != 'no' ]]; then
+ MICROBLOG_SERVER=${MICROBLOG_ONION_HOSTNAME}
+ fi
- # Create the configuration
- gnu_social_installer=/var/www/${MICROBLOG_DOMAIN_NAME}/htdocs/scripts/install_cli.php
- if [ ! -f $gnu_social_installer ]; then
- echo $'No GNU Social commandline installer found'
- exit 53026
- fi
- ${gnu_social_installer} --server "${MICROBLOG_SERVER}" \
- --host="localhost" --database="gnusocial" \
- --dbtype=mysql --username="root" -v \
- --password="$MARIADB_PASSWORD" \
- --sitename=$"GNU Social" --fancy='yes' \
- --admin-nick="$MY_USERNAME" \
- --admin-pass="$MICROBLOG_ADMIN_PASSWORD" \
- --site-profile="community" \
- --ssl=${gnu_social_ssl}
- # There can be a lot of warnings here so the return value check is disabled
- #if [ ! "$?" = "0" ]; then
- # # failed to install
- # echo $'Could not install GNU Social'
- # exit 72357
- #fi
+ # Create the configuration
+ gnu_social_installer=/var/www/${MICROBLOG_DOMAIN_NAME}/htdocs/scripts/install_cli.php
+ if [ ! -f $gnu_social_installer ]; then
+ echo $'No GNU Social commandline installer found'
+ exit 53026
+ fi
+ ${gnu_social_installer} --server "${MICROBLOG_SERVER}" \
+ --host="localhost" --database="gnusocial" \
+ --dbtype=mysql --username="root" -v \
+ --password="$MARIADB_PASSWORD" \
+ --sitename=$"GNU Social" --fancy='yes' \
+ --admin-nick="$MY_USERNAME" \
+ --admin-pass="$MICROBLOG_ADMIN_PASSWORD" \
+ --site-profile="community" \
+ --ssl=${gnu_social_ssl}
+ # There can be a lot of warnings here so the return value check is disabled
+ #if [ ! "$?" = "0" ]; then
+ # # failed to install
+ # echo $'Could not install GNU Social'
+ # exit 72357
+ #fi
- # check microblog has a config file
- microblog_config_file=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
- if [ ! -f $microblog_config_file ]; then
- echo $'Microblog config.php not found'
- exit 87586
- fi
+ # check microblog has a config file
+ microblog_config_file=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
+ if [ ! -f $microblog_config_file ]; then
+ echo $'Microblog config.php not found'
+ exit 87586
+ fi
- # Some useful settings
- if ! grep -q "Recommended GNU social settings" $microblog_config_file; then
- echo "" >> $microblog_config_file
- echo "// Recommended GNU social settings" >> $microblog_config_file
- echo "\$config['thumbnail']['maxsize'] = 3000;" >> $microblog_config_file
- echo "\$config['profile']['delete'] = true;" >> $microblog_config_file
- echo "\$config['profile']['changenick'] = true;" >> $microblog_config_file
- echo "\$config['public']['localonly'] = false;" >> $microblog_config_file
- echo "addPlugin('StoreRemoteMedia');" >> $microblog_config_file
- echo "\$config['queue']['enabled'] = true;" >> $microblog_config_file
- echo "\$config['queue']['daemon'] = true;" >> $microblog_config_file
- fi
+ # Some useful settings
+ if ! grep -q "Recommended GNU social settings" $microblog_config_file; then
+ echo "" >> $microblog_config_file
+ echo "// Recommended GNU social settings" >> $microblog_config_file
+ echo "\$config['thumbnail']['maxsize'] = 3000;" >> $microblog_config_file
+ echo "\$config['profile']['delete'] = true;" >> $microblog_config_file
+ echo "\$config['profile']['changenick'] = true;" >> $microblog_config_file
+ echo "\$config['public']['localonly'] = false;" >> $microblog_config_file
+ echo "addPlugin('StoreRemoteMedia');" >> $microblog_config_file
+ echo "\$config['queue']['enabled'] = true;" >> $microblog_config_file
+ echo "\$config['queue']['daemon'] = true;" >> $microblog_config_file
+ fi
- # This improves performance
- sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $microblog_config_file
+ # This improves performance
+ sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $microblog_config_file
- systemctl restart php5-fpm
- systemctl restart nginx
+ systemctl restart php5-fpm
+ systemctl restart nginx
- freedombone-addemail -u $MY_USERNAME -e "noreply@$MICROBLOG_DOMAIN_NAME" -g gnusocial --public no
+ freedombone-addemail -u $MY_USERNAME -e "noreply@$MICROBLOG_DOMAIN_NAME" -g gnusocial --public no
- # some post-install instructions for the user
- if ! grep -q $"Microblog administrator" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Microblog' >> /home/$MY_USERNAME/README
- echo '=========' >> /home/$MY_USERNAME/README
- echo $"Microblog administrator nickname: $MY_USERNAME" >> /home/$MY_USERNAME/README
- echo $"Microblog administrator password: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ # some post-install instructions for the user
+ if ! grep -q $"Microblog administrator" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Microblog' >> /home/$MY_USERNAME/README
+ echo '=========' >> /home/$MY_USERNAME/README
+ echo $"Microblog administrator nickname: $MY_USERNAME" >> /home/$MY_USERNAME/README
+ echo $"Microblog administrator password: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- if ! grep -q "Microblog onion domain" /home/$MY_USERNAME/README; then
- echo $"Microblog onion domain: ${MICROBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
- echo "GNU Social onion domain:${MICROBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ if ! grep -q "Microblog onion domain" /home/$MY_USERNAME/README; then
+ echo $"Microblog onion domain: ${MICROBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
+ echo "GNU Social onion domain:${MICROBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
- echo "GNU Social domain:$MICROBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
- echo 'install_gnu_social' >> $COMPLETION_FILE
+ echo "GNU Social domain:$MICROBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
+ echo 'install_gnu_social' >> $COMPLETION_FILE
}
function expire_gnu_social_posts {
- # To prevent the database size from growing endlessly this script expires posts
- # after a number of months
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
- return
- fi
+ # To prevent the database size from growing endlessly this script expires posts
+ # after a number of months
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
+ return
+ fi
- gnusocial_expire_script=/usr/bin/gnusocial-expire
+ gnusocial_expire_script=/usr/bin/gnusocial-expire
- echo ' $gnusocial_expire_script
- echo '' >> $gnusocial_expire_script
- echo '// GNU Social post expiry script, based on StatExpire by Tony Baldwin' >> $gnusocial_expire_script
- echo '// https://github.com/tonybaldwin/statexpire' >> $gnusocial_expire_script
- echo '' >> $gnusocial_expire_script
- echo '$oldate=date(("Y-m-d"), strtotime("-3 months"));' >> $gnusocial_expire_script
- echo '$username="root";' >> $gnusocial_expire_script
- echo "\$password=trim(file_get_contents(\"$DATABASE_PASSWORD_FILE\"));" >> $gnusocial_expire_script
- echo '$database="gnusocial";' >> $gnusocial_expire_script
- echo '' >> $gnusocial_expire_script
- echo 'if (!$link = mysql_connect("localhost", $username, $password)) {' >> $gnusocial_expire_script
- echo ' echo "Could not connect to mariadb";' >> $gnusocial_expire_script
- echo ' exit;' >> $gnusocial_expire_script
- echo '}' >> $gnusocial_expire_script
- echo '' >> $gnusocial_expire_script
- echo 'if (!mysql_select_db($database, $link)) {' >> $gnusocial_expire_script
- echo ' echo "Could not select gnusocial database";' >> $gnusocial_expire_script
- echo ' exit;' >> $gnusocial_expire_script
- echo '}' >> $gnusocial_expire_script
- echo '' >> $gnusocial_expire_script
- echo "\$notice_query=\"DELETE FROM notice WHERE created <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_script
- echo "\$conversation_query=\"DELETE FROM conversation WHERE created <= '$oldate 01:01:01'\";" >> $gnusocial_expire_script
- echo "\$reply_query=\"DELETE FROM reply WHERE modified <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_script
- echo '' >> $gnusocial_expire_script
- echo 'mysql_query($notice_query);' >> $gnusocial_expire_script
- echo '$rowaff1=mysql_affected_rows();' >> $gnusocial_expire_script
- echo 'mysql_query($conversation_query);' >> $gnusocial_expire_script
- echo '$rowaff2=mysql_affected_rows();' >> $gnusocial_expire_script
- echo 'mysql_query($reply_query);' >> $gnusocial_expire_script
- echo '$rowaff3=mysql_affected_rows();' >> $gnusocial_expire_script
- echo 'mysql_close();' >> $gnusocial_expire_script
- echo '' >> $gnusocial_expire_script
- echo 'echo "Expire GNU Social posts: $rowaff1 notices, $rowaff2 conversations, and $rowaff3 replies deleted from database.\n";' >> $gnusocial_expire_script
- chmod +x $gnusocial_expire_script
+ echo ' $gnusocial_expire_script
+ echo '' >> $gnusocial_expire_script
+ echo '// GNU Social post expiry script, based on StatExpire by Tony Baldwin' >> $gnusocial_expire_script
+ echo '// https://github.com/tonybaldwin/statexpire' >> $gnusocial_expire_script
+ echo '' >> $gnusocial_expire_script
+ echo '$oldate=date(("Y-m-d"), strtotime("-3 months"));' >> $gnusocial_expire_script
+ echo '$username="root";' >> $gnusocial_expire_script
+ echo "\$password=trim(file_get_contents(\"$DATABASE_PASSWORD_FILE\"));" >> $gnusocial_expire_script
+ echo '$database="gnusocial";' >> $gnusocial_expire_script
+ echo '' >> $gnusocial_expire_script
+ echo 'if (!$link = mysql_connect("localhost", $username, $password)) {' >> $gnusocial_expire_script
+ echo ' echo "Could not connect to mariadb";' >> $gnusocial_expire_script
+ echo ' exit;' >> $gnusocial_expire_script
+ echo '}' >> $gnusocial_expire_script
+ echo '' >> $gnusocial_expire_script
+ echo 'if (!mysql_select_db($database, $link)) {' >> $gnusocial_expire_script
+ echo ' echo "Could not select gnusocial database";' >> $gnusocial_expire_script
+ echo ' exit;' >> $gnusocial_expire_script
+ echo '}' >> $gnusocial_expire_script
+ echo '' >> $gnusocial_expire_script
+ echo "\$notice_query=\"DELETE FROM notice WHERE created <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_script
+ echo "\$conversation_query=\"DELETE FROM conversation WHERE created <= '$oldate 01:01:01'\";" >> $gnusocial_expire_script
+ echo "\$reply_query=\"DELETE FROM reply WHERE modified <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_script
+ echo '' >> $gnusocial_expire_script
+ echo 'mysql_query($notice_query);' >> $gnusocial_expire_script
+ echo '$rowaff1=mysql_affected_rows();' >> $gnusocial_expire_script
+ echo 'mysql_query($conversation_query);' >> $gnusocial_expire_script
+ echo '$rowaff2=mysql_affected_rows();' >> $gnusocial_expire_script
+ echo 'mysql_query($reply_query);' >> $gnusocial_expire_script
+ echo '$rowaff3=mysql_affected_rows();' >> $gnusocial_expire_script
+ echo 'mysql_close();' >> $gnusocial_expire_script
+ echo '' >> $gnusocial_expire_script
+ echo 'echo "Expire GNU Social posts: $rowaff1 notices, $rowaff2 conversations, and $rowaff3 replies deleted from database.\n";' >> $gnusocial_expire_script
+ chmod +x $gnusocial_expire_script
- # Add a cron job
- if ! grep -q "$gnusocial_expire_script" /etc/crontab; then
- echo "10 3 5 * * root /usr/bin/timeout 500 /usr/bin/php $gnusocial_expire_script" >> /etc/crontab
- fi
+ # Add a cron job
+ if ! grep -q "$gnusocial_expire_script" /etc/crontab; then
+ echo "10 3 5 * * root /usr/bin/timeout 500 /usr/bin/php $gnusocial_expire_script" >> /etc/crontab
+ fi
- # remove old expire script
- if [ -f /etc/cron.weekly/clear-microblog-database ]; then
- rm /etc/cron.weekly/clear-microblog-database
- fi
+ # remove old expire script
+ if [ -f /etc/cron.weekly/clear-microblog-database ]; then
+ rm /etc/cron.weekly/clear-microblog-database
+ fi
}
function install_gnu_social_theme {
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter "GNU Social theme commit" "$MICROBLOG_THEME_COMMIT" $MICROBLOG_THEME_REPO
+ # update to the next commit
+ set_repo_commit /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter "GNU Social theme commit" "$MICROBLOG_THEME_COMMIT" $MICROBLOG_THEME_REPO
- if grep -Fxq "install_gnu_social_theme" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_gnu_social_theme" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install wget
+ apt-get -y install wget
- if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins ]; then
- mkdir -p /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
- fi
+ if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins ]; then
+ mkdir -p /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
+ fi
- cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
- git_clone $MICROBLOG_THEME_REPO Qvitter
- cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter
- git checkout $MICROBLOG_THEME_COMMIT -b $MICROBLOG_THEME_COMMIT
+ cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
+ git_clone $MICROBLOG_THEME_REPO Qvitter
+ cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter
+ git checkout $MICROBLOG_THEME_COMMIT -b $MICROBLOG_THEME_COMMIT
- # download a custom background image
- MICROBLOG_BACKGROUND_IMAGE_URL_EXT=
- if [ $MICROBLOG_BACKGROUND_IMAGE_URL ]; then
- if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".jpeg" || $$MICROBLOG_BACKGROUND_IMAGE_URL == *".jpg" ]]; then
- MICROBLOG_BACKGROUND_IMAGE_URL_EXT="jpg"
- fi
- if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".png" ]]; then
- MICROBLOG_BACKGROUND_IMAGE_URL_EXT="png"
- fi
- if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".gif" ]]; then
- MICROBLOG_BACKGROUND_IMAGE_URL_EXT="gif"
- fi
- if [ $MICROBLOG_BACKGROUND_IMAGE_URL_EXT ]; then
- wget $MICROBLOG_BACKGROUND_IMAGE_URL -O img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}
- if [ ! -f img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT} ]; then
- echo "$MICROBLOG_BACKGROUND_IMAGE_URL"
- echo $'Custom background image for microblog could not be downloaded'
- exit 87524
- fi
- fi
- fi
+ # download a custom background image
+ MICROBLOG_BACKGROUND_IMAGE_URL_EXT=
+ if [ $MICROBLOG_BACKGROUND_IMAGE_URL ]; then
+ if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".jpeg" || $$MICROBLOG_BACKGROUND_IMAGE_URL == *".jpg" ]]; then
+ MICROBLOG_BACKGROUND_IMAGE_URL_EXT="jpg"
+ fi
+ if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".png" ]]; then
+ MICROBLOG_BACKGROUND_IMAGE_URL_EXT="png"
+ fi
+ if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".gif" ]]; then
+ MICROBLOG_BACKGROUND_IMAGE_URL_EXT="gif"
+ fi
+ if [ $MICROBLOG_BACKGROUND_IMAGE_URL_EXT ]; then
+ wget $MICROBLOG_BACKGROUND_IMAGE_URL -O img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}
+ if [ ! -f img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT} ]; then
+ echo "$MICROBLOG_BACKGROUND_IMAGE_URL"
+ echo $'Custom background image for microblog could not be downloaded'
+ exit 87524
+ fi
+ fi
+ fi
- microblog_config_file=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
- if ! grep -q "addPlugin('Qvitter')" $microblog_config_file; then
- MICROBLOG_WELCOME_MESSAGE=$(echo $MICROBLOG_WELCOME_MESSAGE | sed "s|\$MICROBLOG_DOMAIN_NAME|$MICROBLOG_DOMAIN_NAME|g")
- echo "" >> $microblog_config_file
- echo "// Qvitter settings" >> $microblog_config_file
- echo "addPlugin('Qvitter');" >> $microblog_config_file
- echo "\$config['site']['qvitter']['enabledbydefault'] = true;" >> $microblog_config_file
- echo "\$config['site']['qvitter']['defaultbackgroundcolor'] = '#f4f4f4';" >> $microblog_config_file
- echo "\$config['site']['qvitter']['defaultlinkcolor'] = '#0084B4';" >> $microblog_config_file
- echo "\$config['site']['qvitter']['timebetweenpolling'] = 120000; // two minutes" >> $microblog_config_file
- echo "\$config['site']['qvitter']['urlshortenerapiurl'] = 'http://qttr.at/shortener.php';" >> $microblog_config_file
- echo "\$config['site']['qvitter']['urlshortenersignature'] = 'b6afeec983';" >> $microblog_config_file
- if [ $MICROBLOG_BACKGROUND_IMAGE_URL ]; then
- echo "\$config['site']['qvitter']['sitebackground'] = 'img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}';" >> $microblog_config_file
- else
- echo "\$config['site']['qvitter']['sitebackground'] = 'img/vagnsmossen.jpg';" >> $microblog_config_file
- fi
- echo "\$config['site']['qvitter']['favicon'] = 'img/favicon.ico?v=4';" >> $microblog_config_file
- echo "\$config['site']['qvitter']['sprite'] = Plugin::staticPath('Qvitter', '').'img/sprite.png?v=40';" >> $microblog_config_file
- echo "\$config['site']['qvitter']['enablewelcometext'] = true;" >> $microblog_config_file
- echo "\$config['site']['qvitter']['customwelcometext']['en'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
- echo "\$config['site']['qvitter']['customwelcometext']['de'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
- echo "\$config['site']['qvitter']['customwelcometext']['fr'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
- echo "\$config['site']['qvitter']['customwelcometext']['es'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
- echo "\$config['site']['qvitter']['blocked_ips'] = array();" >> $microblog_config_file
- else
- if [ $MICROBLOG_BACKGROUND_IMAGE_URL_EXT ]; then
- if [ -f img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT} ]; then
- sed -i "s|\$config['site']['qvitter']['sitebackground'].*|\$config['site']['qvitter']['sitebackground'] = 'img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}';|g" $microblog_config_file
- fi
- fi
- fi
+ microblog_config_file=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
+ if ! grep -q "addPlugin('Qvitter')" $microblog_config_file; then
+ MICROBLOG_WELCOME_MESSAGE=$(echo $MICROBLOG_WELCOME_MESSAGE | sed "s|\$MICROBLOG_DOMAIN_NAME|$MICROBLOG_DOMAIN_NAME|g")
+ echo "" >> $microblog_config_file
+ echo "// Qvitter settings" >> $microblog_config_file
+ echo "addPlugin('Qvitter');" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['enabledbydefault'] = true;" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['defaultbackgroundcolor'] = '#f4f4f4';" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['defaultlinkcolor'] = '#0084B4';" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['timebetweenpolling'] = 120000; // two minutes" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['urlshortenerapiurl'] = 'http://qttr.at/shortener.php';" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['urlshortenersignature'] = 'b6afeec983';" >> $microblog_config_file
+ if [ $MICROBLOG_BACKGROUND_IMAGE_URL ]; then
+ echo "\$config['site']['qvitter']['sitebackground'] = 'img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}';" >> $microblog_config_file
+ else
+ echo "\$config['site']['qvitter']['sitebackground'] = 'img/vagnsmossen.jpg';" >> $microblog_config_file
+ fi
+ echo "\$config['site']['qvitter']['favicon'] = 'img/favicon.ico?v=4';" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['sprite'] = Plugin::staticPath('Qvitter', '').'img/sprite.png?v=40';" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['enablewelcometext'] = true;" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['customwelcometext']['en'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['customwelcometext']['de'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['customwelcometext']['fr'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['customwelcometext']['es'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
+ echo "\$config['site']['qvitter']['blocked_ips'] = array();" >> $microblog_config_file
+ else
+ if [ $MICROBLOG_BACKGROUND_IMAGE_URL_EXT ]; then
+ if [ -f img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT} ]; then
+ sed -i "s|\$config['site']['qvitter']['sitebackground'].*|\$config['site']['qvitter']['sitebackground'] = 'img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}';|g" $microblog_config_file
+ fi
+ fi
+ fi
- if ! grep -q "GNU Social theme commit" $COMPLETION_FILE; then
- echo "GNU Social theme commit:$MICROBLOG_THEME_COMMIT" >> $COMPLETION_FILE
- fi
+ if ! grep -q "GNU Social theme commit" $COMPLETION_FILE; then
+ echo "GNU Social theme commit:$MICROBLOG_THEME_COMMIT" >> $COMPLETION_FILE
+ fi
- chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
+ chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
- echo 'install_gnu_social_theme' >> $COMPLETION_FILE
+ echo 'install_gnu_social_theme' >> $COMPLETION_FILE
}
function install_gnu_social_markdown {
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- MICROBLOG_PATH=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs
+ MICROBLOG_PATH=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs
- # update to the next commit
- set_repo_commit $MICROBLOG_PATH/local/plugins/Markdown "GNU Social Markdown commit" "$MICROBLOG_MARKDOWN_COMMIT" $MICROBLOG_MARKDOWN_REPO
+ # update to the next commit
+ set_repo_commit $MICROBLOG_PATH/local/plugins/Markdown "GNU Social Markdown commit" "$MICROBLOG_MARKDOWN_COMMIT" $MICROBLOG_MARKDOWN_REPO
- if grep -Fxq "install_gnu_social_markdown" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_gnu_social_markdown" $COMPLETION_FILE; then
+ return
+ fi
- if [ -d $MICROBLOG_PATH/local/plugins/Markdown ]; then
- rm -rf $MICROBLOG_PATH/local/plugins/Markdown
- fi
+ if [ -d $MICROBLOG_PATH/local/plugins/Markdown ]; then
+ rm -rf $MICROBLOG_PATH/local/plugins/Markdown
+ fi
- if [ ! -d $MICROBLOG_PATH/local/plugins ]; then
- mkdir -p $MICROBLOG_PATH/local/plugins
- fi
+ if [ ! -d $MICROBLOG_PATH/local/plugins ]; then
+ mkdir -p $MICROBLOG_PATH/local/plugins
+ fi
- cd $MICROBLOG_PATH/local/plugins
- git_clone $MICROBLOG_MARKDOWN_REPO Markdown
- cd $MICROBLOG_PATH/local/plugins/Markdown
- git checkout $MICROBLOG_MARKDOWN_COMMIT -b $MICROBLOG_MARKDOWN_COMMIT
+ cd $MICROBLOG_PATH/local/plugins
+ git_clone $MICROBLOG_MARKDOWN_REPO Markdown
+ cd $MICROBLOG_PATH/local/plugins/Markdown
+ git checkout $MICROBLOG_MARKDOWN_COMMIT -b $MICROBLOG_MARKDOWN_COMMIT
- microblog_config_file=$MICROBLOG_PATH/config.php
- if ! grep -q "addPlugin('Markdown'" $microblog_config_file; then
- echo "" >> $microblog_config_file
- echo "// Markdown settings" >> $microblog_config_file
- echo "addPlugin('Markdown');" >> $microblog_config_file
- fi
+ microblog_config_file=$MICROBLOG_PATH/config.php
+ if ! grep -q "addPlugin('Markdown'" $microblog_config_file; then
+ echo "" >> $microblog_config_file
+ echo "// Markdown settings" >> $microblog_config_file
+ echo "addPlugin('Markdown');" >> $microblog_config_file
+ fi
- if ! grep -q "GNU Social Markdown commit" $COMPLETION_FILE; then
- echo "GNU Social Markdown commit:$MICROBLOG_MARKDOWN_COMMIT" >> $COMPLETION_FILE
- fi
+ if ! grep -q "GNU Social Markdown commit" $COMPLETION_FILE; then
+ echo "GNU Social Markdown commit:$MICROBLOG_MARKDOWN_COMMIT" >> $COMPLETION_FILE
+ fi
- chown -R www-data:www-data $MICROBLOG_PATH
+ chown -R www-data:www-data $MICROBLOG_PATH
- echo 'install_gnu_social_markdown' >> $COMPLETION_FILE
+ echo 'install_gnu_social_markdown' >> $COMPLETION_FILE
}
function install_search_engine {
- # Note: currently socks5 outgoing proxies to other search engines does not work
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! -d /etc/nginx ]; then
- echo $'Webserver is not installed'
- exit 62429
- fi
+ # Note: currently socks5 outgoing proxies to other search engines does not work
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! -d /etc/nginx ]; then
+ echo $'Webserver is not installed'
+ exit 62429
+ fi
- # update to a new commit if needed
- set_repo_commit $SEARCH_ENGINE_PATH/searx "Search engine commit" "$SEARCH_ENGINE_COMMIT" $SEARCH_ENGINE_REPO
- if grep "Search engine key" $COMPLETION_FILE; then
- if [ -f ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml ]; then
- # note: this might change to a --tor option in a later version
- if ! grep 'socks5://127.0.0.1:9050' ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml; then
- echo 'outgoing: # communication with search engines' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- echo ' proxies:' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- echo ' http : socks5://127.0.0.1:9050' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- echo ' https: socks5://127.0.0.1:9050' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- fi
- SEARCH_ENGINE_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
- sed -i "s|secret_key.*|secret_key : \"${SEARCH_ENGINE_SECRET_KEY}\"|g" ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
- SEARCH_ENGINE_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
- sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARCH_ENGINE_ONION_HOSTNAME}\/' ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- fi
- fi
- fi
+ # update to a new commit if needed
+ set_repo_commit $SEARCH_ENGINE_PATH/searx "Search engine commit" "$SEARCH_ENGINE_COMMIT" $SEARCH_ENGINE_REPO
+ if grep "Search engine key" $COMPLETION_FILE; then
+ if [ -f ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml ]; then
+ # note: this might change to a --tor option in a later version
+ if ! grep 'socks5://127.0.0.1:9050' ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml; then
+ echo 'outgoing: # communication with search engines' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ echo ' proxies:' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ echo ' http : socks5://127.0.0.1:9050' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ echo ' https: socks5://127.0.0.1:9050' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ fi
+ SEARCH_ENGINE_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
+ sed -i "s|secret_key.*|secret_key : \"${SEARCH_ENGINE_SECRET_KEY}\"|g" ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
+ SEARCH_ENGINE_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
+ sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARCH_ENGINE_ONION_HOSTNAME}\/' ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ fi
+ fi
+ fi
- if grep -Fxq "install_search_engine" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_search_engine" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
- apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi
+ apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
+ apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi
- pip install --upgrade pip
+ pip install --upgrade pip
- pip install certifi
- if [ ! "$?" = "0" ]; then
- echo $'Failed to install certifi'
- exit 737692
- fi
+ pip install certifi
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to install certifi'
+ exit 737692
+ fi
- pip install pyyaml
- if [ ! "$?" = "0" ]; then
- echo $'Failed to install pyyaml'
- exit 469242
- fi
+ pip install pyyaml
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to install pyyaml'
+ exit 469242
+ fi
- pip install flask --upgrade
- if [ ! "$?" = "0" ]; then
- echo $'Failed to install flask'
- exit 888575
- fi
+ pip install flask --upgrade
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to install flask'
+ exit 888575
+ fi
- pip install flask_restless --upgrade
- if [ ! "$?" = "0" ]; then
- echo $'Failed to install flask_restless'
- exit 54835
- fi
+ pip install flask_restless --upgrade
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to install flask_restless'
+ exit 54835
+ fi
- pip install flask_babel --upgrade
- if [ ! "$?" = "0" ]; then
- echo $'Failed to install flask_babel'
- exit 63738
- fi
+ pip install flask_babel --upgrade
+ if [ ! "$?" = "0" ]; then
+ echo $'Failed to install flask_babel'
+ exit 63738
+ fi
- if [ ! -d $SEARCH_ENGINE_PATH ]; then
- mkdir -p $SEARCH_ENGINE_PATH
- fi
+ if [ ! -d $SEARCH_ENGINE_PATH ]; then
+ mkdir -p $SEARCH_ENGINE_PATH
+ fi
- # clone the repo
- cd $SEARCH_ENGINE_PATH
- git_clone $SEARCH_ENGINE_REPO searx
- git checkout $SEARCH_ENGINE_COMMIT -b $SEARCH_ENGINE_COMMIT
- if ! grep -q "Search engine commit" $COMPLETION_FILE; then
- echo "Search engine commit:$SEARCH_ENGINE_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/Search engine commit.*/Search engine commit:$SEARCH_ENGINE_COMMIT/g" $COMPLETION_FILE
- fi
+ # clone the repo
+ cd $SEARCH_ENGINE_PATH
+ git_clone $SEARCH_ENGINE_REPO searx
+ git checkout $SEARCH_ENGINE_COMMIT -b $SEARCH_ENGINE_COMMIT
+ if ! grep -q "Search engine commit" $COMPLETION_FILE; then
+ echo "Search engine commit:$SEARCH_ENGINE_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/Search engine commit.*/Search engine commit:$SEARCH_ENGINE_COMMIT/g" $COMPLETION_FILE
+ fi
- # create an onion service
- SEARCH_ENGINE_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARCH_ENGINE_ONION_PORT})
- if ! grep "Search engine onion domain" $COMPLETION_FILE; then
- echo "Search engine onion domain:${SEARCH_ENGINE_ONION_HOSTNAME}" >> $COMPLETION_FILE
- else
- sed -i "s|Search engine onion domain.*|Search engine onion domain:${SEARCH_ENGINE_ONION_HOSTNAME}|g" $COMPLETION_FILE
- fi
+ # create an onion service
+ SEARCH_ENGINE_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARCH_ENGINE_ONION_PORT})
+ if ! grep "Search engine onion domain" $COMPLETION_FILE; then
+ echo "Search engine onion domain:${SEARCH_ENGINE_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ else
+ sed -i "s|Search engine onion domain.*|Search engine onion domain:${SEARCH_ENGINE_ONION_HOSTNAME}|g" $COMPLETION_FILE
+ fi
- # an unprivileged user to run as
- useradd -d ${SEARCH_ENGINE_PATH}/searx/ -s /bin/false searx
- adduser searx debian-tor
+ # an unprivileged user to run as
+ useradd -d ${SEARCH_ENGINE_PATH}/searx/ -s /bin/false searx
+ adduser searx debian-tor
- # daemon
- echo '[Unit]' > /etc/systemd/system/searx.service
- echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
- echo 'After=syslog.target' >> /etc/systemd/system/searx.service
- echo 'After=network.target' >> /etc/systemd/system/searx.service
- echo '' >> /etc/systemd/system/searx.service
- echo '[Service]' >> /etc/systemd/system/searx.service
- echo 'Type=simple' >> /etc/systemd/system/searx.service
- echo 'User=searx' >> /etc/systemd/system/searx.service
- echo 'Group=searx' >> /etc/systemd/system/searx.service
- echo "WorkingDirectory=${SEARCH_ENGINE_PATH}/searx" >> /etc/systemd/system/searx.service
- echo "ExecStart=/usr/bin/python ${SEARCH_ENGINE_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
- echo 'Restart=always' >> /etc/systemd/system/searx.service
- echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
- echo '' >> /etc/systemd/system/searx.service
- echo '[Install]' >> /etc/systemd/system/searx.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service
+ # daemon
+ echo '[Unit]' > /etc/systemd/system/searx.service
+ echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
+ echo 'After=syslog.target' >> /etc/systemd/system/searx.service
+ echo 'After=network.target' >> /etc/systemd/system/searx.service
+ echo '' >> /etc/systemd/system/searx.service
+ echo '[Service]' >> /etc/systemd/system/searx.service
+ echo 'Type=simple' >> /etc/systemd/system/searx.service
+ echo 'User=searx' >> /etc/systemd/system/searx.service
+ echo 'Group=searx' >> /etc/systemd/system/searx.service
+ echo "WorkingDirectory=${SEARCH_ENGINE_PATH}/searx" >> /etc/systemd/system/searx.service
+ echo "ExecStart=/usr/bin/python ${SEARCH_ENGINE_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
+ echo 'Restart=always' >> /etc/systemd/system/searx.service
+ echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
+ echo '' >> /etc/systemd/system/searx.service
+ echo '[Install]' >> /etc/systemd/system/searx.service
+ echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service
- # create a webserver file
- echo 'server {' > /etc/nginx/sites-available/searx
- echo " listen 127.0.0.1:${SEARCH_ENGINE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
- echo " root ${SEARCH_ENGINE_PATH}/searx;" >> /etc/nginx/sites-available/searx
- echo " server_name ${SEARCH_ENGINE_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
- echo ' access_log off;' >> /etc/nginx/sites-available/searx
- echo " error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
- echo '' >> /etc/nginx/sites-available/searx
- nginx_limits searx '1M'
- nginx_disable_sniffing searx
- echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
- echo '' >> /etc/nginx/sites-available/searx
- echo ' location / {' >> /etc/nginx/sites-available/searx
- echo ' proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
- echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx
- echo ' proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx
- echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx
- echo ' proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
- echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
- echo ' proxy_redirect off;' >> /etc/nginx/sites-available/searx
+ # create a webserver file
+ echo 'server {' > /etc/nginx/sites-available/searx
+ echo " listen 127.0.0.1:${SEARCH_ENGINE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
+ echo " root ${SEARCH_ENGINE_PATH}/searx;" >> /etc/nginx/sites-available/searx
+ echo " server_name ${SEARCH_ENGINE_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
+ echo ' access_log off;' >> /etc/nginx/sites-available/searx
+ echo " error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
+ echo '' >> /etc/nginx/sites-available/searx
+ nginx_limits searx '1M'
+ nginx_disable_sniffing searx
+ echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
+ echo '' >> /etc/nginx/sites-available/searx
+ echo ' location / {' >> /etc/nginx/sites-available/searx
+ echo ' proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
+ echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx
+ echo ' proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx
+ echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx
+ echo ' proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
+ echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
+ echo ' proxy_redirect off;' >> /etc/nginx/sites-available/searx
- echo " auth_basic \"${SEARCH_ENGINE_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
- echo ' auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
- echo ' }' >> /etc/nginx/sites-available/searx
- echo '' >> /etc/nginx/sites-available/searx
- echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
- echo '' >> /etc/nginx/sites-available/searx
- echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
- echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
- echo '' >> /etc/nginx/sites-available/searx
- echo ' location = /robots.txt {' >> /etc/nginx/sites-available/searx
- echo ' allow all;' >> /etc/nginx/sites-available/searx
- echo ' log_not_found off;' >> /etc/nginx/sites-available/searx
- echo ' access_log off;' >> /etc/nginx/sites-available/searx
- echo ' }' >> /etc/nginx/sites-available/searx
- echo '}' >> /etc/nginx/sites-available/searx
+ echo " auth_basic \"${SEARCH_ENGINE_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
+ echo ' auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
+ echo ' }' >> /etc/nginx/sites-available/searx
+ echo '' >> /etc/nginx/sites-available/searx
+ echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
+ echo '' >> /etc/nginx/sites-available/searx
+ echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
+ echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
+ echo '' >> /etc/nginx/sites-available/searx
+ echo ' location = /robots.txt {' >> /etc/nginx/sites-available/searx
+ echo ' allow all;' >> /etc/nginx/sites-available/searx
+ echo ' log_not_found off;' >> /etc/nginx/sites-available/searx
+ echo ' access_log off;' >> /etc/nginx/sites-available/searx
+ echo ' }' >> /etc/nginx/sites-available/searx
+ echo '}' >> /etc/nginx/sites-available/searx
- # replace the secret key
- if ! grep "Search engine key" $COMPLETION_FILE; then
- SEARCH_ENGINE_SECRET_KEY="$(openssl rand -base64 32 | cut -c1-30)"
- echo "Search engine key:${SEARCH_ENGINE_SECRET_KEY}" >> $COMPLETION_FILE
- else
- SEARCH_ENGINE_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
- fi
- sed -i "s|secret_key.*|secret_key : \"${SEARCH_ENGINE_SECRET_KEY}\"|g" ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- sed -i "s|secret_key.*|secret_key : \"${SEARCH_ENGINE_SECRET_KEY}\"|g" ${SEARCH_ENGINE_PATH}/searx/searx/settings_robot.yml
- sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARCH_ENGINE_ONION_HOSTNAME}\/' ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARCH_ENGINE_ONION_HOSTNAME}\/' ${SEARCH_ENGINE_PATH}/searx/searx/settings_robot.yml
+ # replace the secret key
+ if ! grep "Search engine key" $COMPLETION_FILE; then
+ SEARCH_ENGINE_SECRET_KEY="$(openssl rand -base64 32 | cut -c1-30)"
+ echo "Search engine key:${SEARCH_ENGINE_SECRET_KEY}" >> $COMPLETION_FILE
+ else
+ SEARCH_ENGINE_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
+ fi
+ sed -i "s|secret_key.*|secret_key : \"${SEARCH_ENGINE_SECRET_KEY}\"|g" ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ sed -i "s|secret_key.*|secret_key : \"${SEARCH_ENGINE_SECRET_KEY}\"|g" ${SEARCH_ENGINE_PATH}/searx/searx/settings_robot.yml
+ sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARCH_ENGINE_ONION_HOSTNAME}\/' ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARCH_ENGINE_ONION_HOSTNAME}\/' ${SEARCH_ENGINE_PATH}/searx/searx/settings_robot.yml
- # note: this might change to a --tor option in a later version
- if ! grep 'socks5://127.0.0.1:9050' ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml; then
- echo 'outgoing: # communication with search engines' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- echo ' proxies:' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- echo ' http : socks5://127.0.0.1:9050' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- echo ' https: socks5://127.0.0.1:9050' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
- fi
+ # note: this might change to a --tor option in a later version
+ if ! grep 'socks5://127.0.0.1:9050' ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml; then
+ echo 'outgoing: # communication with search engines' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ echo ' proxies:' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ echo ' http : socks5://127.0.0.1:9050' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ echo ' https: socks5://127.0.0.1:9050' >> ${SEARCH_ENGINE_PATH}/searx/searx/settings.yml
+ fi
- chown -R searx:searx ${SEARCH_ENGINE_PATH}/searx
+ chown -R searx:searx ${SEARCH_ENGINE_PATH}/searx
- # enable the site
- nginx_ensite searx
+ # enable the site
+ nginx_ensite searx
- # restart the web server
- systemctl restart php5-fpm
- systemctl restart nginx
+ # restart the web server
+ systemctl restart php5-fpm
+ systemctl restart nginx
- # start the daemon
- systemctl enable searx.service
- systemctl daemon-reload
- systemctl start searx.service
+ # start the daemon
+ systemctl enable searx.service
+ systemctl daemon-reload
+ systemctl start searx.service
- if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then
- if [ ${#SEARCH_ENGINE_PASSWORD} -lt 8 ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- SEARCH_ENGINE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- SEARCH_ENGINE_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
- fi
- fi
- echo "$SEARCH_ENGINE_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Search Engine' >> /home/$MY_USERNAME/README
- echo '=============' >> /home/$MY_USERNAME/README
- echo $"Search engine onion domain: ${SEARCH_ENGINE_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
- echo $"Your search engine password is: $SEARCH_ENGINE_PASSWORD" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then
+ if [ ${#SEARCH_ENGINE_PASSWORD} -lt 8 ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ SEARCH_ENGINE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ SEARCH_ENGINE_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
+ fi
+ fi
+ echo "$SEARCH_ENGINE_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Search Engine' >> /home/$MY_USERNAME/README
+ echo '=============' >> /home/$MY_USERNAME/README
+ echo $"Search engine onion domain: ${SEARCH_ENGINE_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+ echo $"Your search engine password is: $SEARCH_ENGINE_PASSWORD" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo 'install_search_engine' >> $COMPLETION_FILE
+ echo 'install_search_engine' >> $COMPLETION_FILE
}
function install_webmail {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- WEB_PATH=/var/www
- WEBMAIL_PATH=$WEB_PATH/webmail
+ WEB_PATH=/var/www
+ WEBMAIL_PATH=$WEB_PATH/webmail
- # update to a new commit if needed
- set_repo_commit $WEBMAIL_PATH "Webmail commit" "$WEBMAIL_COMMIT" $WEBMAIL_REPO
+ # update to a new commit if needed
+ set_repo_commit $WEBMAIL_PATH "Webmail commit" "$WEBMAIL_COMMIT" $WEBMAIL_REPO
- if grep -Fxq "install_webmail" $COMPLETION_FILE; then
- return
- fi
- if [ -d /etc/apache2 ]; then
- rm -rf /etc/apache2
- echo $'Removed Apache installation after Dokuwiki install'
- fi
+ if grep -Fxq "install_webmail" $COMPLETION_FILE; then
+ return
+ fi
+ if [ -d /etc/apache2 ]; then
+ rm -rf /etc/apache2
+ echo $'Removed Apache installation after Dokuwiki install'
+ fi
- install_mariadb
- get_mariadb_password
- repair_databases_script
+ install_mariadb
+ get_mariadb_password
+ repair_databases_script
- apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
- apt-get -y install php5-dev imagemagick php5-imagick php5-sqlite php-auth-sasl php-net-smtp php-mime-type
- apt-get -y install php-mail-mime php-mail-mimedecode php-net-ldap3 php5-pspell
- pear install Net_IDNA2
+ apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
+ apt-get -y install php5-dev imagemagick php5-imagick php5-sqlite php-auth-sasl php-net-smtp php-mime-type
+ apt-get -y install php-mail-mime php-mail-mimedecode php-net-ldap3 php5-pspell
+ pear install Net_IDNA2
- if [ ! -f $WEBMAIL_PATH/index.php ]; then
- cd $WEB_PATH
- git_clone $WEBMAIL_REPO webmail
- cd $WEBMAIL_PATH
- git checkout $WEBMAIL_COMMIT -b $WEBMAIL_COMMIT
- if ! grep -q "Webmail commit" $COMPLETION_FILE; then
- echo "Webmail commit:$WEBMAIL_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/Webmail commit.*/Webmail commit:$WEBMAIL_COMMIT/g" $COMPLETION_FILE
- fi
- fi
- if [ ! -f $WEBMAIL_PATH/index.php ]; then
- echo $'Did not clone webmail repo'
- exit 52825
- fi
+ if [ ! -f $WEBMAIL_PATH/index.php ]; then
+ cd $WEB_PATH
+ git_clone $WEBMAIL_REPO webmail
+ cd $WEBMAIL_PATH
+ git checkout $WEBMAIL_COMMIT -b $WEBMAIL_COMMIT
+ if ! grep -q "Webmail commit" $COMPLETION_FILE; then
+ echo "Webmail commit:$WEBMAIL_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/Webmail commit.*/Webmail commit:$WEBMAIL_COMMIT/g" $COMPLETION_FILE
+ fi
+ fi
+ if [ ! -f $WEBMAIL_PATH/index.php ]; then
+ echo $'Did not clone webmail repo'
+ exit 52825
+ fi
- WEBMAIL_ONION_HOSTNAME=$(add_onion_service webmail 80 ${WEBMAIL_ONION_PORT})
- echo "Webmail onion domain:${WEBMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ WEBMAIL_ONION_HOSTNAME=$(add_onion_service webmail 80 ${WEBMAIL_ONION_PORT})
+ echo "Webmail onion domain:${WEBMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
- get_mariadb_webmail_admin_password
- if [ ! $WEBMAIL_ADMIN_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- WEBMAIL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- WEBMAIL_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
- fi
- fi
- create_database webmail "$WEBMAIL_ADMIN_PASSWORD"
- mysql -u root --password="$MARIADB_PASSWORD" -D webmail < $WEBMAIL_PATH/SQL/mysql.initial.sql
+ get_mariadb_webmail_admin_password
+ if [ ! $WEBMAIL_ADMIN_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ WEBMAIL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ WEBMAIL_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
+ fi
+ fi
+ create_database webmail "$WEBMAIL_ADMIN_PASSWORD"
+ mysql -u root --password="$MARIADB_PASSWORD" -D webmail < $WEBMAIL_PATH/SQL/mysql.initial.sql
- if [ ! -d /var/www/$DEFAULT_DOMAIN_NAME/htdocs ]; then
- mkdir -p /var/www/$DEFAULT_DOMAIN_NAME/htdocs
- fi
- ln -s $WEBMAIL_PATH /var/www/$DEFAULT_DOMAIN_NAME/htdocs/webmail
+ if [ ! -d /var/www/$DEFAULT_DOMAIN_NAME/htdocs ]; then
+ mkdir -p /var/www/$DEFAULT_DOMAIN_NAME/htdocs
+ fi
+ ln -s $WEBMAIL_PATH /var/www/$DEFAULT_DOMAIN_NAME/htdocs/webmail
- if [ ! -f /var/www/webmail/config/config.inc.php ]; then
- # generate the configuration
- echo ' /var/www/webmail/config/config.inc.php
- echo "\$config['db_dsnw'] = 'mysql://root:${MARIADB_PASSWORD}@localhost/webmail';" >> /var/www/webmail/config/config.inc.php
- echo "\$config['default_host'] = 'localhost';" >> /var/www/webmail/config/config.inc.php
- echo "\$config['support_url'] = '';" >> /var/www/webmail/config/config.inc.php
- WEBMAIL_DES_KEY="$(openssl rand -base64 32 | cut -c1-25)"
- echo "\$config['des_key'] = '${WEBMAIL_DES_KEY}';" >> /var/www/webmail/config/config.inc.php
- echo "\$config['product_name'] = '${PROJECT_NAME}';" >> /var/www/webmail/config/config.inc.php
- echo "\$config['plugins'] = array('enigma');" >> /var/www/webmail/config/config.inc.php
- echo "\$config['mime_param_folding'] = 0;" >> /var/www/webmail/config/config.inc.php
- echo "\$config['enable_installer'] = false;" >> /var/www/webmail/config/config.inc.php
- fi
+ if [ ! -f /var/www/webmail/config/config.inc.php ]; then
+ # generate the configuration
+ echo ' /var/www/webmail/config/config.inc.php
+ echo "\$config['db_dsnw'] = 'mysql://root:${MARIADB_PASSWORD}@localhost/webmail';" >> /var/www/webmail/config/config.inc.php
+ echo "\$config['default_host'] = 'localhost';" >> /var/www/webmail/config/config.inc.php
+ echo "\$config['support_url'] = '';" >> /var/www/webmail/config/config.inc.php
+ WEBMAIL_DES_KEY="$(openssl rand -base64 32 | cut -c1-25)"
+ echo "\$config['des_key'] = '${WEBMAIL_DES_KEY}';" >> /var/www/webmail/config/config.inc.php
+ echo "\$config['product_name'] = '${PROJECT_NAME}';" >> /var/www/webmail/config/config.inc.php
+ echo "\$config['plugins'] = array('enigma');" >> /var/www/webmail/config/config.inc.php
+ echo "\$config['mime_param_folding'] = 0;" >> /var/www/webmail/config/config.inc.php
+ echo "\$config['enable_installer'] = false;" >> /var/www/webmail/config/config.inc.php
+ fi
- chown -R www-data:www-data $WEBMAIL_PATH
+ chown -R www-data:www-data $WEBMAIL_PATH
- echo 'server {' > /etc/nginx/sites-available/webmail
- echo " listen 127.0.0.1:$WEBMAIL_ONION_PORT default_server;" >> /etc/nginx/sites-available/webmail
- echo " server_name $WEBMAIL_ONION_HOSTNAME;" >> /etc/nginx/sites-available/webmail
- echo " root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
- echo ' index index.php index.html index.htm;' >> /etc/nginx/sites-available/webmail
- echo ' access_log off;' >> /etc/nginx/sites-available/webmail
- echo ' error_log off;' >> /etc/nginx/sites-available/webmail
- echo ' location / {' >> /etc/nginx/sites-available/webmail
- echo ' try_files $uri $uri/ /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/webmail
- echo ' }' >> /etc/nginx/sites-available/webmail
- echo ' error_page 404 /404.html;' >> /etc/nginx/sites-available/webmail
- echo ' error_page 500 502 503 504 /50x.html;' >> /etc/nginx/sites-available/webmail
- echo ' location = /50x.html {' >> /etc/nginx/sites-available/webmail
- echo " root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
- echo ' }' >> /etc/nginx/sites-available/webmail
- echo ' location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {' >> /etc/nginx/sites-available/webmail
- echo ' deny all;' >> /etc/nginx/sites-available/webmail
- echo ' }' >> /etc/nginx/sites-available/webmail
- echo ' location ~ ^/(config|temp|logs)/ {' >> /etc/nginx/sites-available/webmail
- echo ' deny all;' >> /etc/nginx/sites-available/webmail
- echo ' }' >> /etc/nginx/sites-available/webmail
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/webmail
- echo ' deny all;' >> /etc/nginx/sites-available/webmail
- echo ' access_log off;' >> /etc/nginx/sites-available/webmail
- echo ' log_not_found off;' >> /etc/nginx/sites-available/webmail
- echo ' }' >> /etc/nginx/sites-available/webmail
- echo ' location ~ \.php$ {' >> /etc/nginx/sites-available/webmail
- echo ' try_files $uri =404;' >> /etc/nginx/sites-available/webmail
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/webmail
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/webmail
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/webmail
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/webmail
- echo ' }' >> /etc/nginx/sites-available/webmail
- echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/webmail
- echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/webmail
- echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/webmail
- echo '}' >> /etc/nginx/sites-available/webmail
+ echo 'server {' > /etc/nginx/sites-available/webmail
+ echo " listen 127.0.0.1:$WEBMAIL_ONION_PORT default_server;" >> /etc/nginx/sites-available/webmail
+ echo " server_name $WEBMAIL_ONION_HOSTNAME;" >> /etc/nginx/sites-available/webmail
+ echo " root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
+ echo ' index index.php index.html index.htm;' >> /etc/nginx/sites-available/webmail
+ echo ' access_log off;' >> /etc/nginx/sites-available/webmail
+ echo ' error_log off;' >> /etc/nginx/sites-available/webmail
+ echo ' location / {' >> /etc/nginx/sites-available/webmail
+ echo ' try_files $uri $uri/ /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/webmail
+ echo ' }' >> /etc/nginx/sites-available/webmail
+ echo ' error_page 404 /404.html;' >> /etc/nginx/sites-available/webmail
+ echo ' error_page 500 502 503 504 /50x.html;' >> /etc/nginx/sites-available/webmail
+ echo ' location = /50x.html {' >> /etc/nginx/sites-available/webmail
+ echo " root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
+ echo ' }' >> /etc/nginx/sites-available/webmail
+ echo ' location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {' >> /etc/nginx/sites-available/webmail
+ echo ' deny all;' >> /etc/nginx/sites-available/webmail
+ echo ' }' >> /etc/nginx/sites-available/webmail
+ echo ' location ~ ^/(config|temp|logs)/ {' >> /etc/nginx/sites-available/webmail
+ echo ' deny all;' >> /etc/nginx/sites-available/webmail
+ echo ' }' >> /etc/nginx/sites-available/webmail
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/webmail
+ echo ' deny all;' >> /etc/nginx/sites-available/webmail
+ echo ' access_log off;' >> /etc/nginx/sites-available/webmail
+ echo ' log_not_found off;' >> /etc/nginx/sites-available/webmail
+ echo ' }' >> /etc/nginx/sites-available/webmail
+ echo ' location ~ \.php$ {' >> /etc/nginx/sites-available/webmail
+ echo ' try_files $uri =404;' >> /etc/nginx/sites-available/webmail
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/webmail
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/webmail
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/webmail
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/webmail
+ echo ' }' >> /etc/nginx/sites-available/webmail
+ echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/webmail
+ echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/webmail
+ echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/webmail
+ echo '}' >> /etc/nginx/sites-available/webmail
- nginx_ensite webmail
- systemctl restart php5-fpm
- systemctl restart nginx
+ nginx_ensite webmail
+ systemctl restart php5-fpm
+ systemctl restart nginx
- if ! grep -q "Webmail" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo 'Webmail' >> /home/$MY_USERNAME/README
- echo '=======' >> /home/$MY_USERNAME/README
- if [[ $ONION_ONLY == 'no' ]]; then
- echo $"Open https://$DEFAULT_DOMAIN_NAME/webmail/index.php" >> /home/$MY_USERNAME/README
- else
- echo $"Open http://$WEBMAIL_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
- fi
- echo $"MariaDB webmail admin password: $WEBMAIL_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if ! grep -q "Webmail" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo 'Webmail' >> /home/$MY_USERNAME/README
+ echo '=======' >> /home/$MY_USERNAME/README
+ if [[ $ONION_ONLY == 'no' ]]; then
+ echo $"Open https://$DEFAULT_DOMAIN_NAME/webmail/index.php" >> /home/$MY_USERNAME/README
+ else
+ echo $"Open http://$WEBMAIL_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+ fi
+ echo $"MariaDB webmail admin password: $WEBMAIL_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo 'install_webmail' >> $COMPLETION_FILE
+ echo 'install_webmail' >> $COMPLETION_FILE
}
function install_hubzilla {
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! $HUBZILLA_DOMAIN_NAME ]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! $HUBZILLA_DOMAIN_NAME ]; then
+ return
+ fi
- HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
+ HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
- # update to a new commit if needed
- set_repo_commit $HUBZILLA_PATH "Hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
- set_repo_commit $HUBZILLA_PATH "Hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
- if [ -d $HUBZILLA_PATH/redmatrix-themes1 ]; then
- cd $HUBZILLA_PATH/redmatrix-themes1
- git stash
- git pull
- cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
- chown -R www-data:www-data $HUBZILLA_PATH
- fi
+ # update to a new commit if needed
+ set_repo_commit $HUBZILLA_PATH "Hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
+ set_repo_commit $HUBZILLA_PATH "Hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
+ if [ -d $HUBZILLA_PATH/redmatrix-themes1 ]; then
+ cd $HUBZILLA_PATH/redmatrix-themes1
+ git stash
+ git pull
+ cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
+ chown -R www-data:www-data $HUBZILLA_PATH
+ fi
- if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then
+ return
+ fi
- install_mariadb
- get_mariadb_password
- repair_databases_script
+ install_mariadb
+ get_mariadb_password
+ repair_databases_script
- apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
- apt-get -y install php5-dev imagemagick php5-imagick
+ apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
+ apt-get -y install php5-dev imagemagick php5-imagick
- if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
- mkdir /var/www/$HUBZILLA_DOMAIN_NAME
- fi
- if [ ! -d $HUBZILLA_PATH ]; then
- mkdir $HUBZILLA_PATH
- fi
+ if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
+ mkdir /var/www/$HUBZILLA_DOMAIN_NAME
+ fi
+ if [ ! -d $HUBZILLA_PATH ]; then
+ mkdir $HUBZILLA_PATH
+ fi
- if [ ! -f $HUBZILLA_PATH/index.php ]; then
- cd $INSTALL_DIR
- git_clone $HUBZILLA_REPO hubzilla
- git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
- if ! grep -q "Hubzilla commit" $COMPLETION_FILE; then
- echo "Hubzilla commit:$HUBZILLA_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/Hubzilla commit.*/Hubzilla commit:$HUBZILLA_COMMIT/g" $COMPLETION_FILE
- fi
+ if [ ! -f $HUBZILLA_PATH/index.php ]; then
+ cd $INSTALL_DIR
+ git_clone $HUBZILLA_REPO hubzilla
+ git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
+ if ! grep -q "Hubzilla commit" $COMPLETION_FILE; then
+ echo "Hubzilla commit:$HUBZILLA_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/Hubzilla commit.*/Hubzilla commit:$HUBZILLA_COMMIT/g" $COMPLETION_FILE
+ fi
- rm -rf $HUBZILLA_PATH
- mv hubzilla $HUBZILLA_PATH
+ rm -rf $HUBZILLA_PATH
+ mv hubzilla $HUBZILLA_PATH
- git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
- cd $HUBZILLA_PATH/addon
- git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
- if ! grep -q "Hubzilla addons commit" $COMPLETION_FILE; then
- echo "Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/Hubzilla addons commit.*/Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT/g" $COMPLETION_FILE
- fi
+ git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
+ cd $HUBZILLA_PATH/addon
+ git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
+ if ! grep -q "Hubzilla addons commit" $COMPLETION_FILE; then
+ echo "Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/Hubzilla addons commit.*/Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT/g" $COMPLETION_FILE
+ fi
- # some extra themes
- git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
- cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
+ # some extra themes
+ git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
+ cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
- chown -R www-data:www-data $HUBZILLA_PATH
- fi
+ chown -R www-data:www-data $HUBZILLA_PATH
+ fi
- HUBZILLA_ONION_HOSTNAME=
- if [[ $ONION_ONLY != "no" ]]; then
- HUBZILLA_ONION_HOSTNAME=$(add_onion_service hubzilla 80 ${HUBZILLA_ONION_PORT})
- echo "Hubzilla onion domain:${HUBZILLA_ONION_HOSTNAME}" >> $COMPLETION_FILE
- fi
+ HUBZILLA_ONION_HOSTNAME=
+ if [[ $ONION_ONLY != "no" ]]; then
+ HUBZILLA_ONION_HOSTNAME=$(add_onion_service hubzilla 80 ${HUBZILLA_ONION_PORT})
+ echo "Hubzilla onion domain:${HUBZILLA_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ fi
- get_mariadb_hubzilla_admin_password
- if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- HUBZILLA_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
- fi
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo 'Hubzilla' >> /home/$MY_USERNAME/README
- echo '========' >> /home/$MY_USERNAME/README
- if [[ $ONION_ONLY == 'no' ]]; then
- echo $"Open https://$HUBZILLA_DOMAIN_NAME and register a new user" >> /home/$MY_USERNAME/README
- else
- echo $"Open http://$HUBZILLA_ONION_HOSTNAME and register a new user" >> /home/$MY_USERNAME/README
- fi
- echo $"Your MariaDB Hubzilla admin password is: $HUBZILLA_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ get_mariadb_hubzilla_admin_password
+ if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ HUBZILLA_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
+ fi
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo 'Hubzilla' >> /home/$MY_USERNAME/README
+ echo '========' >> /home/$MY_USERNAME/README
+ if [[ $ONION_ONLY == 'no' ]]; then
+ echo $"Open https://$HUBZILLA_DOMAIN_NAME and register a new user" >> /home/$MY_USERNAME/README
+ else
+ echo $"Open http://$HUBZILLA_ONION_HOSTNAME and register a new user" >> /home/$MY_USERNAME/README
+ fi
+ echo $"Your MariaDB Hubzilla admin password is: $HUBZILLA_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- create_database hubzilla "$HUBZILLA_ADMIN_PASSWORD"
+ create_database hubzilla "$HUBZILLA_ADMIN_PASSWORD"
- if ! grep -q "$HUBZILLA_PATH" /etc/crontab; then
- echo "12,22,32,42,52 * * * * root cd $HUBZILLA_PATH; /usr/bin/timeout 500 /usr/bin/php include/poller.php" >> /etc/crontab
- fi
+ if ! grep -q "$HUBZILLA_PATH" /etc/crontab; then
+ echo "12,22,32,42,52 * * * * root cd $HUBZILLA_PATH; /usr/bin/timeout 500 /usr/bin/php include/poller.php" >> /etc/crontab
+ fi
- add_ddns_domain $HUBZILLA_DOMAIN_NAME
+ add_ddns_domain $HUBZILLA_DOMAIN_NAME
- if [[ $ONION_ONLY == "no" ]]; then
- nginx_http_redirect $HUBZILLA_DOMAIN_NAME
- echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- nginx_limits $HUBZILLA_DOMAIN_NAME
- nginx_ssl $HUBZILLA_DOMAIN_NAME
- nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- else
- echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " server_name $HUBZILLA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- nginx_limits $HUBZILLA_DOMAIN_NAME
- nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
- fi
+ if [[ $ONION_ONLY == "no" ]]; then
+ nginx_http_redirect $HUBZILLA_DOMAIN_NAME
+ echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ nginx_limits $HUBZILLA_DOMAIN_NAME
+ nginx_ssl $HUBZILLA_DOMAIN_NAME
+ nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
+ echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ else
+ echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " server_name $HUBZILLA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ nginx_limits $HUBZILLA_DOMAIN_NAME
+ nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
+ echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+ fi
- configure_php
+ configure_php
- create_site_certificate $HUBZILLA_DOMAIN_NAME 'yes'
+ create_site_certificate $HUBZILLA_DOMAIN_NAME 'yes'
- if [ ! -d $HUBZILLA_PATH/view/tpl/smarty3 ]; then
- mkdir $HUBZILLA_PATH/view/tpl/smarty3
- fi
- if [ ! -d "$HUBZILLA_PATH/store" ]; then
- mkdir "$HUBZILLA_PATH/store"
- fi
- if [ ! -d "$HUBZILLA_PATH/store/[data]" ]; then
- mkdir "$HUBZILLA_PATH/store/[data]"
- fi
- if [ ! -d "$HUBZILLA_PATH/store/[data]/smarty3" ]; then
- mkdir "$HUBZILLA_PATH/store/[data]/smarty3"
- chmod 777 "$HUBZILLA_PATH/store/[data]/smarty3"
- fi
- chmod 777 $HUBZILLA_PATH/view/tpl
- chown -R www-data:www-data "$HUBZILLA_PATH/store"
- chmod 777 $HUBZILLA_PATH/view/tpl/smarty3
+ if [ ! -d $HUBZILLA_PATH/view/tpl/smarty3 ]; then
+ mkdir $HUBZILLA_PATH/view/tpl/smarty3
+ fi
+ if [ ! -d "$HUBZILLA_PATH/store" ]; then
+ mkdir "$HUBZILLA_PATH/store"
+ fi
+ if [ ! -d "$HUBZILLA_PATH/store/[data]" ]; then
+ mkdir "$HUBZILLA_PATH/store/[data]"
+ fi
+ if [ ! -d "$HUBZILLA_PATH/store/[data]/smarty3" ]; then
+ mkdir "$HUBZILLA_PATH/store/[data]/smarty3"
+ chmod 777 "$HUBZILLA_PATH/store/[data]/smarty3"
+ fi
+ chmod 777 $HUBZILLA_PATH/view/tpl
+ chown -R www-data:www-data "$HUBZILLA_PATH/store"
+ chmod 777 $HUBZILLA_PATH/view/tpl/smarty3
- # Ensure that the database gets backed up locally, if remote
- # backups are not being used
- backup_databases_script_header
+ # Ensure that the database gets backed up locally, if remote
+ # backups are not being used
+ backup_databases_script_header
- backup_database_local hubzilla
+ backup_database_local hubzilla
- chown -R www-data:www-data $HUBZILLA_PATH
+ chown -R www-data:www-data $HUBZILLA_PATH
- nginx_ensite $HUBZILLA_DOMAIN_NAME
+ nginx_ensite $HUBZILLA_DOMAIN_NAME
- # initialize the database
- if [ ! -f $HUBZILLA_PATH/install/schema_mysql.sql ]; then
- echo $'No database schema found for hubzilla'
- exit 252782
- fi
- mysql -u root --password="$MARIADB_PASSWORD" -D hubzilla < $HUBZILLA_PATH/install/schema_mysql.sql
- if [ ! "$?" = "0" ]; then
- exit 62952
- fi
+ # initialize the database
+ if [ ! -f $HUBZILLA_PATH/install/schema_mysql.sql ]; then
+ echo $'No database schema found for hubzilla'
+ exit 252782
+ fi
+ mysql -u root --password="$MARIADB_PASSWORD" -D hubzilla < $HUBZILLA_PATH/install/schema_mysql.sql
+ if [ ! "$?" = "0" ]; then
+ exit 62952
+ fi
- # create the config file
- echo ' $HUBZILLA_PATH/.htconfig.php
- echo "\$db_host = 'localhost';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$db_port = '0';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$db_user = 'root';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$db_data = 'hubzilla';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$db_type = '0';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$default_timezone = 'Europe/London';" >> $HUBZILLA_PATH/.htconfig.php
- if [[ $ONION_ONLY == 'no' ]]; then
- echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> $HUBZILLA_PATH/.htconfig.php
- else
- echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> $HUBZILLA_PATH/.htconfig.php
- fi
- echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> $HUBZILLA_PATH/.htconfig.php
- HUBZILLA_LOCATION_HASH="$(openssl rand -base64 32 | cut -c1-30)"
- echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$a->config['system']['register_text'] = '';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$a->config['system']['verify_email'] = 1;" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$a->config['system']['sellpage'] = '';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$a->config['system']['max_import_size'] = 200000;" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$a->config['system']['php_path'] = '/usr/bin/php';" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;" >> $HUBZILLA_PATH/.htconfig.php
- echo "\$a->config['system']['theme'] = 'redbasic';" >> $HUBZILLA_PATH/.htconfig.php
- chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
- chmod 755 $HUBZILLA_PATH/.htconfig.php
+ # create the config file
+ echo ' $HUBZILLA_PATH/.htconfig.php
+ echo "\$db_host = 'localhost';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$db_port = '0';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$db_user = 'root';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$db_data = 'hubzilla';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$db_type = '0';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$default_timezone = 'Europe/London';" >> $HUBZILLA_PATH/.htconfig.php
+ if [[ $ONION_ONLY == 'no' ]]; then
+ echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> $HUBZILLA_PATH/.htconfig.php
+ else
+ echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> $HUBZILLA_PATH/.htconfig.php
+ fi
+ echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> $HUBZILLA_PATH/.htconfig.php
+ HUBZILLA_LOCATION_HASH="$(openssl rand -base64 32 | cut -c1-30)"
+ echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$a->config['system']['register_text'] = '';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$a->config['system']['verify_email'] = 1;" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$a->config['system']['sellpage'] = '';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$a->config['system']['max_import_size'] = 200000;" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$a->config['system']['php_path'] = '/usr/bin/php';" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;" >> $HUBZILLA_PATH/.htconfig.php
+ echo "\$a->config['system']['theme'] = 'redbasic';" >> $HUBZILLA_PATH/.htconfig.php
+ chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
+ chmod 755 $HUBZILLA_PATH/.htconfig.php
- systemctl restart php5-fpm
- systemctl restart nginx
- systemctl restart cron
+ systemctl restart php5-fpm
+ systemctl restart nginx
+ systemctl restart cron
- freedombone-addemail -u $MY_USERNAME -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
+ freedombone-addemail -u $MY_USERNAME -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
- echo "Hubzilla domain:${HUBZILLA_DOMAIN_NAME}" >> $COMPLETION_FILE
- echo 'install_hubzilla' >> $COMPLETION_FILE
+ echo "Hubzilla domain:${HUBZILLA_DOMAIN_NAME}" >> $COMPLETION_FILE
+ echo 'install_hubzilla' >> $COMPLETION_FILE
}
function script_for_attaching_usb_drive {
- if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
- return
- fi
- echo '#!/bin/bash' > /usr/bin/attach-music
- echo 'remove-music' >> /usr/bin/attach-music
- echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
- echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music
- echo 'fi' >> /usr/bin/attach-music
- echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
- echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
- echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
- echo 'service minidlna restart' >> /usr/bin/attach-music
- echo 'minidlnad -R' >> /usr/bin/attach-music
- chmod +x /usr/bin/attach-music
- ln -s /usr/bin/attach-music /usr/bin/attach-usb
- ln -s /usr/bin/attach-music /usr/bin/attach-videos
- ln -s /usr/bin/attach-music /usr/bin/attach-pictures
- ln -s /usr/bin/attach-music /usr/bin/attach-media
+ if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
+ return
+ fi
+ echo '#!/bin/bash' > /usr/bin/attach-music
+ echo 'remove-music' >> /usr/bin/attach-music
+ echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
+ echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music
+ echo 'fi' >> /usr/bin/attach-music
+ echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
+ echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
+ echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
+ echo 'service minidlna restart' >> /usr/bin/attach-music
+ echo 'minidlnad -R' >> /usr/bin/attach-music
+ chmod +x /usr/bin/attach-music
+ ln -s /usr/bin/attach-music /usr/bin/attach-usb
+ ln -s /usr/bin/attach-music /usr/bin/attach-videos
+ ln -s /usr/bin/attach-music /usr/bin/attach-pictures
+ ln -s /usr/bin/attach-music /usr/bin/attach-media
- echo '#!/bin/bash' > /usr/bin/remove-music
- echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
- echo " umount $USB_MOUNT" >> /usr/bin/remove-music
- echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music
- echo 'fi' >> /usr/bin/remove-music
- chmod +x /usr/bin/remove-music
- ln -s /usr/bin/remove-music /usr/bin/detach-music
- ln -s /usr/bin/remove-music /usr/bin/detach-usb
- ln -s /usr/bin/remove-music /usr/bin/remove-usb
- ln -s /usr/bin/remove-music /usr/bin/detach-media
- ln -s /usr/bin/remove-music /usr/bin/remove-media
- ln -s /usr/bin/remove-music /usr/bin/detach-videos
- ln -s /usr/bin/remove-music /usr/bin/remove-videos
- ln -s /usr/bin/remove-music /usr/bin/detach-pictures
- ln -s /usr/bin/remove-music /usr/bin/remove-pictures
+ echo '#!/bin/bash' > /usr/bin/remove-music
+ echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
+ echo " umount $USB_MOUNT" >> /usr/bin/remove-music
+ echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music
+ echo 'fi' >> /usr/bin/remove-music
+ chmod +x /usr/bin/remove-music
+ ln -s /usr/bin/remove-music /usr/bin/detach-music
+ ln -s /usr/bin/remove-music /usr/bin/detach-usb
+ ln -s /usr/bin/remove-music /usr/bin/remove-usb
+ ln -s /usr/bin/remove-music /usr/bin/detach-media
+ ln -s /usr/bin/remove-music /usr/bin/remove-media
+ ln -s /usr/bin/remove-music /usr/bin/detach-videos
+ ln -s /usr/bin/remove-music /usr/bin/remove-videos
+ ln -s /usr/bin/remove-music /usr/bin/detach-pictures
+ ln -s /usr/bin/remove-music /usr/bin/remove-pictures
- echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
+ echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
}
function install_dlna_server {
- if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then
- return
- fi
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- apt-get -y install minidlna
+ if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ apt-get -y install minidlna
- if [ ! -f /etc/minidlna.conf ]; then
- echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
- exit 55
- fi
+ if [ ! -f /etc/minidlna.conf ]; then
+ echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
+ exit 55
+ fi
- sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
- if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
- echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
- fi
- if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
- echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
- fi
- if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
- echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
- fi
- if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
- echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
- fi
- if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
- echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
- fi
- sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
- if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
- else
- sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
- fi
- sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
- sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
- sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
- sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
- sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
- service minidlna force-reload
- service minidlna reload
+ sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
+ if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
+ echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
+ fi
+ if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
+ echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
+ fi
+ if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
+ echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
+ fi
+ if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
+ echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
+ fi
+ if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
+ echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
+ fi
+ sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
+ if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
+ else
+ sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
+ fi
+ sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
+ sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
+ sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
+ sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
+ sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
+ service minidlna force-reload
+ service minidlna reload
- sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
- if ! grep -q "max_user_watches" $COMPLETION_FILE; then
- echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
- fi
- /sbin/sysctl -p
+ sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
+ if ! grep -q "max_user_watches" $COMPLETION_FILE; then
+ echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
+ fi
+ /sbin/sysctl -p
- echo 'install_dlna_server' >> $COMPLETION_FILE
+ echo 'install_dlna_server' >> $COMPLETION_FILE
}
function install_mediagoblin {
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
+ return
+ fi
- MEDIAGOBLIN_WORKING_DIRECTORY=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
+ MEDIAGOBLIN_WORKING_DIRECTORY=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
- # update to a new commit if needed
- set_repo_commit $MEDIAGOBLIN_WORKING_DIRECTORY "Mediagoblin commit" "$MEDIAGOBLIN_COMMIT" $MEDIAGOBLIN_REPO
- if [ -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
- chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
- fi
+ # update to a new commit if needed
+ set_repo_commit $MEDIAGOBLIN_WORKING_DIRECTORY "Mediagoblin commit" "$MEDIAGOBLIN_COMMIT" $MEDIAGOBLIN_REPO
+ if [ -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
+ chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
+ fi
- if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install git-core python python-dev python-lxml python-pil
- apt-get -y install python-virtualenv npm nodejs-legacy automake
- apt-get -y install fcgiwrap
+ apt-get -y install git-core python python-dev python-lxml python-pil
+ apt-get -y install python-virtualenv npm nodejs-legacy automake
+ apt-get -y install fcgiwrap
- #apt-get -y install postgresql postgresql-client python-psycopg2
- #apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject
- #apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools
- #apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev
- #apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools
- #su -c "createuser -A -D mediagoblin" - postgres
- #su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres
+ #apt-get -y install postgresql postgresql-client python-psycopg2
+ #apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject
+ #apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools
+ #apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev
+ #apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools
+ #su -c "createuser -A -D mediagoblin" - postgres
+ #su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres
- useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
- groupadd mediagoblin
- usermod --append -G mediagoblin mediagoblin
+ useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
+ groupadd mediagoblin
+ usermod --append -G mediagoblin mediagoblin
- if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
- mkdir -p $MEDIAGOBLIN_WORKING_DIRECTORY
- fi
+ if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
+ mkdir -p $MEDIAGOBLIN_WORKING_DIRECTORY
+ fi
- git_clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_WORKING_DIRECTORY
- cd $MEDIAGOBLIN_WORKING_DIRECTORY
- git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT
- git submodule init
- git submodule update
+ git_clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_WORKING_DIRECTORY
+ cd $MEDIAGOBLIN_WORKING_DIRECTORY
+ git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT
+ git submodule init
+ git submodule update
- if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then
- echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE
- fi
+ if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then
+ echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE
+ fi
- chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin
- if [ ! "$?" = "0" ]; then
- exit 278826
- fi
+ chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin
+ if [ ! "$?" = "0" ]; then
+ exit 278826
+ fi
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./configure" - mediagoblin
- if [ ! "$?" = "0" ]; then
- exit 462826
- fi
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./configure" - mediagoblin
+ if [ ! "$?" = "0" ]; then
+ exit 462826
+ fi
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && make" - mediagoblin
- if [ ! "$?" = "0" ]; then
- exit 738229
- fi
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && make" - mediagoblin
+ if [ ! "$?" = "0" ]; then
+ exit 738229
+ fi
- if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev ]; then
- mkdir $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
- fi
- chmod 750 $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install flup==1.0.3.dev-20110405" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade billiard" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Paste" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade amqp" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade anyjson" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py-bcrypt" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade wtforms" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade python-dateutil" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alembic" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade waitress" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade imagesize" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alabaster" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade snowballstemmer" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade docutils" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Pygments" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade beautifulsoup4" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade WebOb" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py" - mediagoblin
- su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade execnet" - mediagoblin
+ if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev ]; then
+ mkdir $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
+ fi
+ chmod 750 $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install flup==1.0.3.dev-20110405" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade billiard" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Paste" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade amqp" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade anyjson" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py-bcrypt" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade wtforms" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade python-dateutil" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alembic" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade waitress" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade imagesize" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alabaster" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade snowballstemmer" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade docutils" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Pygments" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade beautifulsoup4" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade WebOb" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py" - mediagoblin
+ su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade execnet" - mediagoblin
- # create some directories
- mkdir /var/log/mediagoblin
- chown -hR mediagoblin:www-data /var/log/mediagoblin
- mkdir /var/run/mediagoblin
- chown -hR mediagoblin:www-data /var/run/mediagoblin
+ # create some directories
+ mkdir /var/log/mediagoblin
+ chown -hR mediagoblin:www-data /var/log/mediagoblin
+ mkdir /var/run/mediagoblin
+ chown -hR mediagoblin:www-data /var/run/mediagoblin
- if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin.ini ]; then
- echo $'mediagoblin.ini not found'
- exit 737529
- fi
- if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/paste.ini ]; then
- echo $'paste.ini not found'
- exit 52762
- fi
+ if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin.ini ]; then
+ echo $'mediagoblin.ini not found'
+ exit 737529
+ fi
+ if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/paste.ini ]; then
+ echo $'paste.ini not found'
+ exit 52762
+ fi
- cp -av mediagoblin.ini mediagoblin_local.ini
- cp -av paste.ini paste_local.ini
+ cp -av mediagoblin.ini mediagoblin_local.ini
+ cp -av paste.ini paste_local.ini
- chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
+ chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
- # init with systemd
- echo '[Unit]' > /etc/systemd/system/mediagoblin-celeryd.service
- echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo 'After=network.target' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo '[Service]' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo 'Type=simple' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-celeryd.service
- echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin_local.ini \\" >> /etc/systemd/system/mediagoblin-celeryd.service
- echo ' CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/celery worker \\" >> /etc/systemd/system/mediagoblin-celeryd.service
- echo ' --logfile=/var/log/mediagoblin/celery.log \' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo ' --loglevel=INFO' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo '[Install]' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+ # init with systemd
+ echo '[Unit]' > /etc/systemd/system/mediagoblin-celeryd.service
+ echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo 'After=network.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo '[Service]' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo 'Type=simple' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin_local.ini \\" >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo ' CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/celery worker \\" >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo ' --logfile=/var/log/mediagoblin/celery.log \' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo ' --loglevel=INFO' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo '[Install]' >> /etc/systemd/system/mediagoblin-celeryd.service
+ echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-celeryd.service
- echo '[Unit]' > /etc/systemd/system/mediagoblin-paster.service
- echo 'Description=Mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
- echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-paster.service
- echo 'After=network.target' >> /etc/systemd/system/mediagoblin-paster.service
- echo '' >> /etc/systemd/system/mediagoblin-paster.service
- echo '[Service]' >> /etc/systemd/system/mediagoblin-paster.service
- echo 'Type=forking' >> /etc/systemd/system/mediagoblin-paster.service
- echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
- echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
- echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/mediagoblin-paster.service
- echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-paster.service
- echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
- echo " $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini \\" >> /etc/systemd/system/mediagoblin-paster.service
- echo ' --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
- echo ' --log-file=/var/log/mediagoblin/mediagoblin.log \' >> /etc/systemd/system/mediagoblin-paster.service
- echo ' --daemon \' >> /etc/systemd/system/mediagoblin-paster.service
- echo ' --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543' >> /etc/systemd/system/mediagoblin-paster.service
- echo "ExecStop=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
- echo ' --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
- echo " $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini stop" >> /etc/systemd/system/mediagoblin-paster.service
- echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/mediagoblin-paster.service
- echo '' >> /etc/systemd/system/mediagoblin-paster.service
- echo '[Install]' >> /etc/systemd/system/mediagoblin-paster.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-paster.service
- systemctl daemon-reload
- systemctl enable mediagoblin-celeryd
- systemctl enable mediagoblin-paster
- systemctl daemon-reload
- systemctl start mediagoblin-celeryd
- systemctl start mediagoblin-paster
+ echo '[Unit]' > /etc/systemd/system/mediagoblin-paster.service
+ echo 'Description=Mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+ echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-paster.service
+ echo 'After=network.target' >> /etc/systemd/system/mediagoblin-paster.service
+ echo '' >> /etc/systemd/system/mediagoblin-paster.service
+ echo '[Service]' >> /etc/systemd/system/mediagoblin-paster.service
+ echo 'Type=forking' >> /etc/systemd/system/mediagoblin-paster.service
+ echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+ echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+ echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/mediagoblin-paster.service
+ echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-paster.service
+ echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
+ echo " $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini \\" >> /etc/systemd/system/mediagoblin-paster.service
+ echo ' --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
+ echo ' --log-file=/var/log/mediagoblin/mediagoblin.log \' >> /etc/systemd/system/mediagoblin-paster.service
+ echo ' --daemon \' >> /etc/systemd/system/mediagoblin-paster.service
+ echo ' --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543' >> /etc/systemd/system/mediagoblin-paster.service
+ echo "ExecStop=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
+ echo ' --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
+ echo " $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini stop" >> /etc/systemd/system/mediagoblin-paster.service
+ echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/mediagoblin-paster.service
+ echo '' >> /etc/systemd/system/mediagoblin-paster.service
+ echo '[Install]' >> /etc/systemd/system/mediagoblin-paster.service
+ echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-paster.service
+ systemctl daemon-reload
+ systemctl enable mediagoblin-celeryd
+ systemctl enable mediagoblin-paster
+ systemctl daemon-reload
+ systemctl start mediagoblin-celeryd
+ systemctl start mediagoblin-paster
- MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
- if ! grep -q "Mediagoblin onion domain" $COMPLETION_FILE; then
- echo "Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}" >> $COMPLETION_FILE
- else
- sed -i "s|Mediagoblin onion domain.*|Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}|g" $COMPLETION_FILE
- fi
- if [[ $MEDIAGOBLIN_ONION_HOSTNAME == *"not found"* ]]; then
- echo $'Problem creating onion address for mediagoblin'
- exit 672652
- fi
+ MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
+ if ! grep -q "Mediagoblin onion domain" $COMPLETION_FILE; then
+ echo "Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ else
+ sed -i "s|Mediagoblin onion domain.*|Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}|g" $COMPLETION_FILE
+ fi
+ if [[ $MEDIAGOBLIN_ONION_HOSTNAME == *"not found"* ]]; then
+ echo $'Problem creating onion address for mediagoblin'
+ exit 672652
+ fi
- # web config
- MEDIAGOBLIN_VIRTUAL_HOST=/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
- nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
- if [[ $ONION_ONLY == 'no' ]]; then
- echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' listen 443 ssl;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' default_type application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
- nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
- nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- else
- echo -n '' > $MEDIAGOBLIN_VIRTUAL_HOST
- fi
+ # web config
+ MEDIAGOBLIN_VIRTUAL_HOST=/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+ nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
+ if [[ $ONION_ONLY == 'no' ]]; then
+ echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' listen 443 ssl;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' default_type application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
+ nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
+ nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ else
+ echo -n '' > $MEDIAGOBLIN_VIRTUAL_HOST
+ fi
- echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' default_type application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
- nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
- echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' default_type application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
+ nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+ echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
- create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME
+ create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME
- nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
- systemctl restart php5-fpm
- systemctl restart nginx
+ nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
+ systemctl restart php5-fpm
+ systemctl restart nginx
- add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+ add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
- if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then
- echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE
- else
- sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE
- fi
+ if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then
+ echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE
+ else
+ sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE
+ fi
- echo 'install_mediagoblin' >> $COMPLETION_FILE
+ echo 'install_mediagoblin' >> $COMPLETION_FILE
}
function create_upgrade_script {
- if [ -f /usr/local/bin/${PROJECT_NAME}-upgrade ]; then
- cp /usr/local/bin/${PROJECT_NAME}-upgrade /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
- else
- cp /usr/bin/${PROJECT_NAME}-upgrade /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
- fi
+ if [ -f /usr/local/bin/${PROJECT_NAME}-upgrade ]; then
+ cp /usr/local/bin/${PROJECT_NAME}-upgrade /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
+ else
+ cp /usr/bin/${PROJECT_NAME}-upgrade /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
+ fi
- if grep -Fxq "create_upgrade_script" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "create_upgrade_script" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install unattended-upgrades
+ apt-get -y install unattended-upgrades
- echo 'create_upgrade_script' >> $COMPLETION_FILE
+ echo 'create_upgrade_script' >> $COMPLETION_FILE
}
function intrusion_detection {
- if grep -Fxq "intrusion_detection" $COMPLETION_FILE; then
- return
- fi
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- apt-get -y install tripwire
- apt-get -y autoremove
- cd /etc/tripwire
- cp site.key $DEFAULT_DOMAIN_NAME-site.key
- echo '*** Installing intrusion detection ***'
- echo '
+ if grep -Fxq "intrusion_detection" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ apt-get -y install tripwire
+ apt-get -y autoremove
+ cd /etc/tripwire
+ cp site.key $DEFAULT_DOMAIN_NAME-site.key
+ echo '*** Installing intrusion detection ***'
+ echo '
' | tripwire --init
- # make a script for easy resetting of the tripwire
- echo '#!/bin/sh' > /usr/bin/reset-tripwire
- echo 'tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt' >> /usr/bin/reset-tripwire
- chmod +x /usr/bin/reset-tripwire
+ # make a script for easy resetting of the tripwire
+ echo '#!/bin/sh' > /usr/bin/reset-tripwire
+ echo 'tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt' >> /usr/bin/reset-tripwire
+ chmod +x /usr/bin/reset-tripwire
- sed -i 's/SYSLOGREPORTING.*/SYSLOGREPORTING =false/g' /etc/tripwire/twcfg.txt
- # only send emails if something has changed
- sed -i 's|MAILNOVIOLATIONS.*|MAILNOVIOLATIONS = false|g' /etc/tripwire/twcfg.txt
- sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt
- sed -i 's|/etc/rc.boot.*||g' /etc/tripwire/twpol.txt
- # Don't show any changes to /proc
- sed -i 's|/proc.*||g' /etc/tripwire/twpol.txt
- # Don't report log changes
- sed -i 's|/var/log.*||g' /etc/tripwire/twpol.txt
- # Ignore /etc/tripwire
- if ! grep -q '!/etc/tripwire' /etc/tripwire/twpol.txt; then
- sed -i '\|/etc\t\t->.*|a\ !/etc/tripwire ;' /etc/tripwire/twpol.txt
- fi
- # ignore tt-rss cache
- if ! grep -q '!/etc/share/tt-rss/cache' /etc/tripwire/twpol.txt; then
- sed -i '\|/etc\t\t->.*|a\ !/etc/share/tt-rss/cache ;' /etc/tripwire/twpol.txt
- fi
- if ! grep -q '!/etc/share/tt-rss/lock' /etc/tripwire/twpol.txt; then
- sed -i '\|/etc\t\t->.*|a\ !/etc/share/tt-rss/lock ;' /etc/tripwire/twpol.txt
- fi
- # Avoid logging the changed database
- sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
- # recreate the configuration
- echo '
+ sed -i 's/SYSLOGREPORTING.*/SYSLOGREPORTING =false/g' /etc/tripwire/twcfg.txt
+ # only send emails if something has changed
+ sed -i 's|MAILNOVIOLATIONS.*|MAILNOVIOLATIONS = false|g' /etc/tripwire/twcfg.txt
+ sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt
+ sed -i 's|/etc/rc.boot.*||g' /etc/tripwire/twpol.txt
+ # Don't show any changes to /proc
+ sed -i 's|/proc.*||g' /etc/tripwire/twpol.txt
+ # Don't report log changes
+ sed -i 's|/var/log.*||g' /etc/tripwire/twpol.txt
+ # Ignore /etc/tripwire
+ if ! grep -q '!/etc/tripwire' /etc/tripwire/twpol.txt; then
+ sed -i '\|/etc\t\t->.*|a\ !/etc/tripwire ;' /etc/tripwire/twpol.txt
+ fi
+ # ignore tt-rss cache
+ if ! grep -q '!/etc/share/tt-rss/cache' /etc/tripwire/twpol.txt; then
+ sed -i '\|/etc\t\t->.*|a\ !/etc/share/tt-rss/cache ;' /etc/tripwire/twpol.txt
+ fi
+ if ! grep -q '!/etc/share/tt-rss/lock' /etc/tripwire/twpol.txt; then
+ sed -i '\|/etc\t\t->.*|a\ !/etc/share/tt-rss/lock ;' /etc/tripwire/twpol.txt
+ fi
+ # Avoid logging the changed database
+ sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
+ # recreate the configuration
+ echo '
- ' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
- # reset
- echo '
+ ' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
+ # reset
+ echo '
- ' | reset-tripwire
+ ' | reset-tripwire
- echo 'intrusion_detection' >> $COMPLETION_FILE
+ echo 'intrusion_detection' >> $COMPLETION_FILE
}
# see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
# Local Redirection and Anonymizing Middlebox
function route_outgoing_traffic_through_tor {
- if grep -Fxq "route_outgoing_traffic_through_tor" $COMPLETION_FILE; then
- return
- fi
- if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
- return
- fi
- apt-get -y install tor tor-arm
+ if grep -Fxq "route_outgoing_traffic_through_tor" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
+ return
+ fi
+ apt-get -y install tor tor-arm
- ### set variables
- # Destinations you don't want routed through Tor
- _non_tor="192.168.1.0/24 192.168.0.0/24"
+ ### set variables
+ # Destinations you don't want routed through Tor
+ _non_tor="192.168.1.0/24 192.168.0.0/24"
- # The user that Tor runs as
- _tor_uid="debian-tor"
+ # The user that Tor runs as
+ _tor_uid="debian-tor"
- # Tor's TransPort
- _trans_port="9040"
+ # Tor's TransPort
+ _trans_port="9040"
- # Your internal interface
- _int_if="eth0"
+ # Your internal interface
+ _int_if="eth0"
- ### Set iptables *nat
- iptables -t nat -A OUTPUT -o lo -j RETURN
- iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
- iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
+ ### Set iptables *nat
+ iptables -t nat -A OUTPUT -o lo -j RETURN
+ iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
+ iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
- # Allow clearnet access for hosts in $_non_tor
- for _clearnet in $_non_tor; do
- iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
- iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN
- done
+ # Allow clearnet access for hosts in $_non_tor
+ for _clearnet in $_non_tor; do
+ iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
+ iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN
+ done
- # Redirect all other pre-routing and output to Tor
- iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
- iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53
- iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port
+ # Redirect all other pre-routing and output to Tor
+ iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
+ iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53
+ iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port
- ### set iptables *filter
- iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ### set iptables *filter
+ iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Allow clearnet access for hosts in $_non_tor
- for _clearnet in $_non_tor 127.0.0.0/8; do
- iptables -A OUTPUT -d $_clearnet -j ACCEPT
- done
+ # Allow clearnet access for hosts in $_non_tor
+ for _clearnet in $_non_tor 127.0.0.0/8; do
+ iptables -A OUTPUT -d $_clearnet -j ACCEPT
+ done
- # Allow only Tor output
- iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
- iptables -A OUTPUT -j REJECT
+ # Allow only Tor output
+ iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
+ iptables -A OUTPUT -j REJECT
- save_firewall_settings
+ save_firewall_settings
- if ! grep -q "fs.file-max" /etc/sysctl.conf; then
- echo "fs.file-max=100000" >> /etc/sysctl.conf
- /sbin/sysctl -p
- fi
+ if ! grep -q "fs.file-max" /etc/sysctl.conf; then
+ echo "fs.file-max=100000" >> /etc/sysctl.conf
+ /sbin/sysctl -p
+ fi
- echo 'domain localdomain' > /etc/resolv.conf
- echo 'search localdomain' >> /etc/resolv.conf
- echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
+ echo 'domain localdomain' > /etc/resolv.conf
+ echo 'search localdomain' >> /etc/resolv.conf
+ echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
- if ! grep -q "VirtualAddrNetworkIPv4" /etc/tor/torrc; then
- echo 'VirtualAddrNetworkIPv4 10.192.0.0/10' >> /etc/tor/torrc
- fi
+ if ! grep -q "VirtualAddrNetworkIPv4" /etc/tor/torrc; then
+ echo 'VirtualAddrNetworkIPv4 10.192.0.0/10' >> /etc/tor/torrc
+ fi
- if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
- echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
- fi
+ if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
+ echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
+ fi
- if ! grep -q "TransPort" /etc/tor/torrc; then
- echo 'TransPort 9040' >> /etc/tor/torrc
- fi
+ if ! grep -q "TransPort" /etc/tor/torrc; then
+ echo 'TransPort 9040' >> /etc/tor/torrc
+ fi
- if ! grep -q "TransListenAddress 127.0.0.1" /etc/tor/torrc; then
- echo 'TransListenAddress 127.0.0.1' >> /etc/tor/torrc
- fi
+ if ! grep -q "TransListenAddress 127.0.0.1" /etc/tor/torrc; then
+ echo 'TransListenAddress 127.0.0.1' >> /etc/tor/torrc
+ fi
- if ! grep -q "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
- echo "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
- fi
+ if ! grep -q "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
+ echo "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
+ fi
- if ! grep -q "DNSPort" /etc/tor/torrc; then
- echo 'DNSPort 53' >> /etc/tor/torrc
- fi
+ if ! grep -q "DNSPort" /etc/tor/torrc; then
+ echo 'DNSPort 53' >> /etc/tor/torrc
+ fi
- if ! grep -q "DNSListenAddress 127.0.0.1" /etc/tor/torrc; then
- echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
- fi
+ if ! grep -q "DNSListenAddress 127.0.0.1" /etc/tor/torrc; then
+ echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
+ fi
- if ! grep -q "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
- echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
- fi
+ if ! grep -q "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
+ echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
+ fi
- echo 'route_outgoing_traffic_through_tor' >> $COMPLETION_FILE
+ echo 'route_outgoing_traffic_through_tor' >> $COMPLETION_FILE
}
# A command to create a git repository for a project
function create_git_project {
- if grep -Fxq "create_git_project" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install git
+ if grep -Fxq "create_git_project" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install git
- echo '#!/bin/bash' > /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo 'GIT_PROJECT_NAME=$1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo 'if [ ! $GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo ' echo "Please specify a project name, without any spaces"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo ' exit 1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo 'if [ ! -d /home/$USER/projects/$GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo ' mkdir -p /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo 'cd /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo 'git init --bare' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo -n 'echo "Your project has been created, ' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo 'use the following command to clone the repository"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo -n " git clone ssh://$MY_USERNAME@$DEFAULT_DOMAIN_NAME:$SSH_PORT" >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo '/home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo '#!/bin/bash' > /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo 'GIT_PROJECT_NAME=$1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo 'if [ ! $GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo ' echo "Please specify a project name, without any spaces"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo ' exit 1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo 'if [ ! -d /home/$USER/projects/$GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo ' mkdir -p /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo 'cd /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo 'git init --bare' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo -n 'echo "Your project has been created, ' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo 'use the following command to clone the repository"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo -n " git clone ssh://$MY_USERNAME@$DEFAULT_DOMAIN_NAME:$SSH_PORT" >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo '/home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+ chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND
- echo 'create_git_project' >> $COMPLETION_FILE
+ echo 'create_git_project' >> $COMPLETION_FILE
}
function check_date {
- curr_date=$(date)
- if [[ $curr_date == *"1970"* ]]; then
- apt-get -y install ntp
- fi
+ curr_date=$(date)
+ if [[ $curr_date == *"1970"* ]]; then
+ apt-get -y install ntp
+ fi
}
function install_dynamicdns {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit $INSTALL_DIR/inadyn "inadyn commit" "$INADYN_COMMIT" $INADYN_REPO
+ # update to the next commit
+ set_repo_commit $INSTALL_DIR/inadyn "inadyn commit" "$INADYN_COMMIT" $INADYN_REPO
- if grep -Fxq "install_dynamicdns" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_dynamicdns" $COMPLETION_FILE; then
+ return
+ fi
- # Here we compile from source because the current package
- # doesn't support https, which could result in passwords
- # being leaked
- # Debian version 1.99.4-1
- # https version 1.99.8
+ # Here we compile from source because the current package
+ # doesn't support https, which could result in passwords
+ # being leaked
+ # Debian version 1.99.4-1
+ # https version 1.99.8
- apt-get -y install build-essential curl libgnutls28-dev automake1.11
- if [ ! -d $INSTALL_DIR/inadyn ]; then
- git_clone $INADYN_REPO $INSTALL_DIR/inadyn
- fi
- if [ ! -d $INSTALL_DIR/inadyn ]; then
- echo 'inadyn repo not cloned'
- echo -n | openssl s_client -showcerts -connect github.com:443 -CApath /etc/ssl/certs
- exit 6785
- fi
- cd $INSTALL_DIR/inadyn
- git checkout $INADYN_COMMIT -b $INADYN_COMMIT
- if ! grep -q "inadyn commit" $COMPLETION_FILE; then
- echo "inadyn commit:$INADYN_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/inadyn commit.*/inadyn commit:$INADYN_COMMIT/g" $COMPLETION_FILE
- fi
+ apt-get -y install build-essential curl libgnutls28-dev automake1.11
+ if [ ! -d $INSTALL_DIR/inadyn ]; then
+ git_clone $INADYN_REPO $INSTALL_DIR/inadyn
+ fi
+ if [ ! -d $INSTALL_DIR/inadyn ]; then
+ echo 'inadyn repo not cloned'
+ echo -n | openssl s_client -showcerts -connect github.com:443 -CApath /etc/ssl/certs
+ exit 6785
+ fi
+ cd $INSTALL_DIR/inadyn
+ git checkout $INADYN_COMMIT -b $INADYN_COMMIT
+ if ! grep -q "inadyn commit" $COMPLETION_FILE; then
+ echo "inadyn commit:$INADYN_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/inadyn commit.*/inadyn commit:$INADYN_COMMIT/g" $COMPLETION_FILE
+ fi
- ./configure
- if [ ! "$?" = "0" ]; then
- exit 74890
- fi
- USE_OPENSSL=1 make
- if [ ! "$?" = "0" ]; then
- exit 74858
- fi
- make install
- if [ ! "$?" = "0" ]; then
- exit 3785
- fi
+ ./configure
+ if [ ! "$?" = "0" ]; then
+ exit 74890
+ fi
+ USE_OPENSSL=1 make
+ if [ ! "$?" = "0" ]; then
+ exit 74858
+ fi
+ make install
+ if [ ! "$?" = "0" ]; then
+ exit 3785
+ fi
- # create an unprivileged user
- #useradd -r -s /bin/false debian-inadyn
+ # create an unprivileged user
+ #useradd -r -s /bin/false debian-inadyn
- # create a configuration file
- echo 'background' > /etc/inadyn.conf
- echo 'verbose 1' >> /etc/inadyn.conf
- echo 'period 300' >> /etc/inadyn.conf
- echo 'startup-delay 60' >> /etc/inadyn.conf
- echo 'cache-dir /run/inadyn' >> /etc/inadyn.conf
- echo 'logfile /dev/null' >> /etc/inadyn.conf
- chmod 600 /etc/inadyn.conf
+ # create a configuration file
+ echo 'background' > /etc/inadyn.conf
+ echo 'verbose 1' >> /etc/inadyn.conf
+ echo 'period 300' >> /etc/inadyn.conf
+ echo 'startup-delay 60' >> /etc/inadyn.conf
+ echo 'cache-dir /run/inadyn' >> /etc/inadyn.conf
+ echo 'logfile /dev/null' >> /etc/inadyn.conf
+ chmod 600 /etc/inadyn.conf
- echo '[Unit]' > /etc/systemd/system/inadyn.service
- echo 'Description=inadyn (DynDNS updater)' >> /etc/systemd/system/inadyn.service
- echo 'After=network.target' >> /etc/systemd/system/inadyn.service
- echo '' >> /etc/systemd/system/inadyn.service
- echo '[Service]' >> /etc/systemd/system/inadyn.service
- echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf' >> /etc/systemd/system/inadyn.service
- echo 'Restart=always' >> /etc/systemd/system/inadyn.service
- echo 'Type=forking' >> /etc/systemd/system/inadyn.service
- echo '' >> /etc/systemd/system/inadyn.service
- echo '[Install]' >> /etc/systemd/system/inadyn.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/inadyn.service
- systemctl enable inadyn
- systemctl start inadyn
- systemctl daemon-reload
+ echo '[Unit]' > /etc/systemd/system/inadyn.service
+ echo 'Description=inadyn (DynDNS updater)' >> /etc/systemd/system/inadyn.service
+ echo 'After=network.target' >> /etc/systemd/system/inadyn.service
+ echo '' >> /etc/systemd/system/inadyn.service
+ echo '[Service]' >> /etc/systemd/system/inadyn.service
+ echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf' >> /etc/systemd/system/inadyn.service
+ echo 'Restart=always' >> /etc/systemd/system/inadyn.service
+ echo 'Type=forking' >> /etc/systemd/system/inadyn.service
+ echo '' >> /etc/systemd/system/inadyn.service
+ echo '[Install]' >> /etc/systemd/system/inadyn.service
+ echo 'WantedBy=multi-user.target' >> /etc/systemd/system/inadyn.service
+ systemctl enable inadyn
+ systemctl start inadyn
+ systemctl daemon-reload
- echo 'install_dynamicdns' >> $COMPLETION_FILE
+ echo 'install_dynamicdns' >> $COMPLETION_FILE
}
function get_voip_server_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "VoIP server password" /home/$MY_USERNAME/README; then
- if [ ! $VOIP_SERVER_PASSWORD ]; then
- VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "VoIP server password" /home/$MY_USERNAME/README; then
+ if [ ! $VOIP_SERVER_PASSWORD ]; then
+ VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
+ fi
}
function get_sip_server_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "SIP server password" /home/$MY_USERNAME/README; then
- if [ ! $SIP_SERVER_PASSWORD ]; then
- SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
- fi
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "SIP server password" /home/$MY_USERNAME/README; then
+ if [ ! $SIP_SERVER_PASSWORD ]; then
+ SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
+ fi
}
function install_ipfs {
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
+ return
+ fi
- select_go_version
+ select_go_version
- # update to the next commit
- set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO
+ # update to the next commit
+ set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO
- if grep -Fxq "install_ipfs" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_ipfs" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install golang libpam0g-dev fuse
+ apt-get -y install golang libpam0g-dev fuse
- if [ ! -d /home/git ]; then
- # add a gogs user account
- adduser --disabled-login --gecos 'Gogs' git
+ if [ ! -d /home/git ]; then
+ # add a gogs user account
+ adduser --disabled-login --gecos 'Gogs' git
- # install Go
- if ! grep -q "export GOPATH=" ~/.bashrc; then
- echo "export GOPATH=$GOPATH" >> ~/.bashrc
- else
- sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
- fi
- systemctl set-environment GOPATH=$GOPATH
- if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
- echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
- else
- sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
- fi
- if [ ! -d $GOPATH ]; then
- mkdir -p $GOPATH
- fi
- fi
+ # install Go
+ if ! grep -q "export GOPATH=" ~/.bashrc; then
+ echo "export GOPATH=$GOPATH" >> ~/.bashrc
+ else
+ sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
+ fi
+ systemctl set-environment GOPATH=$GOPATH
+ if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
+ echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
+ else
+ sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
+ fi
+ if [ ! -d $GOPATH ]; then
+ mkdir -p $GOPATH
+ fi
+ fi
- IPFS_PATH=$GOPATH/bin
- export PATH="$GOPATH/bin:$PATH:"
- if ! grep -q 'GOPATH/bin' ~/.bashrc; then
- echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
- else
- sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
- fi
+ IPFS_PATH=$GOPATH/bin
+ export PATH="$GOPATH/bin:$PATH:"
+ if ! grep -q 'GOPATH/bin' ~/.bashrc; then
+ echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
+ else
+ sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
+ fi
- # set gopath for the user
- if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
- echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc
- echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
- else
- sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc
- fi
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
+ # set gopath for the user
+ if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
+ echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc
+ echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
+ else
+ sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc
+ fi
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
- IPFS_GO_REPO2=$(echo "$IPFS_GO_REPO" | sed 's|https://||g')
- go get -u ${IPFS_GO_REPO2}/cmd/ipfs
- if [ ! "$?" = "0" ]; then
- exit 8242
- fi
+ IPFS_GO_REPO2=$(echo "$IPFS_GO_REPO" | sed 's|https://||g')
+ go get -u ${IPFS_GO_REPO2}/cmd/ipfs
+ if [ ! "$?" = "0" ]; then
+ exit 8242
+ fi
- cd $GOPATH/src/$IPFS_GO_REPO2
- git checkout $IPFS_COMMIT -b $IPFS_COMMIT
- if ! grep -q "ipfs commit" $COMPLETION_FILE; then
- echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
- fi
+ cd $GOPATH/src/$IPFS_GO_REPO2
+ git checkout $IPFS_COMMIT -b $IPFS_COMMIT
+ if ! grep -q "ipfs commit" $COMPLETION_FILE; then
+ echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
+ fi
- # initialise
- su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
- if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
- echo "IPFS could not be initialised for user $MY_USERNAME"
- exit 7358
- fi
+ # initialise
+ su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
+ if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
+ echo "IPFS could not be initialised for user $MY_USERNAME"
+ exit 7358
+ fi
- # directories to mount to
- if [ ! -d /ipfs ]; then
- mkdir /ipfs
- mkdir /ipns
- chown $MY_USERNAME:$MY_USERNAME /ipfs
- chown $MY_USERNAME:$MY_USERNAME /ipns
- fi
+ # directories to mount to
+ if [ ! -d /ipfs ]; then
+ mkdir /ipfs
+ mkdir /ipns
+ chown $MY_USERNAME:$MY_USERNAME /ipfs
+ chown $MY_USERNAME:$MY_USERNAME /ipns
+ fi
- if [ -f /etc/fuse.conf ]; then
- chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
- fi
- if [ -f /dev/fuse ]; then
- chown $MY_USERNAME:$MY_USERNAME /dev/fuse
- fi
+ if [ -f /etc/fuse.conf ]; then
+ chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+ fi
+ if [ -f /dev/fuse ]; then
+ chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+ fi
- echo '[Unit]' > /etc/systemd/system/ipfs.service
- echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service
- echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
- echo 'After=network.target' >> /etc/systemd/system/ipfs.service
- echo '' >> /etc/systemd/system/ipfs.service
- echo '[Service]' >> /etc/systemd/system/ipfs.service
- echo 'Type=simple' >> /etc/systemd/system/ipfs.service
- echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
- echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
- echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
- echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
- echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
- echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service
- echo '' >> /etc/systemd/system/ipfs.service
- echo '[Install]' >> /etc/systemd/system/ipfs.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
+ echo '[Unit]' > /etc/systemd/system/ipfs.service
+ echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service
+ echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
+ echo 'After=network.target' >> /etc/systemd/system/ipfs.service
+ echo '' >> /etc/systemd/system/ipfs.service
+ echo '[Service]' >> /etc/systemd/system/ipfs.service
+ echo 'Type=simple' >> /etc/systemd/system/ipfs.service
+ echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
+ echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
+ echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
+ echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
+ echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
+ echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service
+ echo '' >> /etc/systemd/system/ipfs.service
+ echo '[Install]' >> /etc/systemd/system/ipfs.service
+ echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
- systemctl enable ipfs
- systemctl daemon-reload
- systemctl restart ipfs
+ systemctl enable ipfs
+ systemctl daemon-reload
+ systemctl restart ipfs
- if [ -d /etc/avahi ]; then
- su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
- if [ ! -f /tmp/ipfsid ]; then
- echo 'No IPFS identity was created'
- exit 37895
- fi
- IPFS_PEER_ID=$(cat /tmp/ipfsid)
- if [ ${#IPFS_PEER_ID} -lt 10 ]; then
- echo 'Invalid IPFS peer ID'
- echo "$IPFS_PEER_ID"
- exit 74782
- fi
- # Add an avahi service
- echo '' > /etc/avahi/services/ipfs.service
- echo '' >> /etc/avahi/services/ipfs.service
- echo '' >> /etc/avahi/services/ipfs.service
- echo ' %h IPFS' >> /etc/avahi/services/ipfs.service
- echo ' ' >> /etc/avahi/services/ipfs.service
- echo ' _ipfs._tcp' >> /etc/avahi/services/ipfs.service
- echo " $IPFS_PORT" >> /etc/avahi/services/ipfs.service
- echo " $IPFS_PEER_ID" >> /etc/avahi/services/ipfs.service
- echo ' ' >> /etc/avahi/services/ipfs.service
- echo '' >> /etc/avahi/services/ipfs.service
- rm /tmp/ipfsid
- fi
+ if [ -d /etc/avahi ]; then
+ su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
+ if [ ! -f /tmp/ipfsid ]; then
+ echo 'No IPFS identity was created'
+ exit 37895
+ fi
+ IPFS_PEER_ID=$(cat /tmp/ipfsid)
+ if [ ${#IPFS_PEER_ID} -lt 10 ]; then
+ echo 'Invalid IPFS peer ID'
+ echo "$IPFS_PEER_ID"
+ exit 74782
+ fi
+ # Add an avahi service
+ echo '' > /etc/avahi/services/ipfs.service
+ echo '' >> /etc/avahi/services/ipfs.service
+ echo '' >> /etc/avahi/services/ipfs.service
+ echo ' %h IPFS' >> /etc/avahi/services/ipfs.service
+ echo ' ' >> /etc/avahi/services/ipfs.service
+ echo ' _ipfs._tcp' >> /etc/avahi/services/ipfs.service
+ echo " $IPFS_PORT" >> /etc/avahi/services/ipfs.service
+ echo " $IPFS_PEER_ID" >> /etc/avahi/services/ipfs.service
+ echo ' ' >> /etc/avahi/services/ipfs.service
+ echo '' >> /etc/avahi/services/ipfs.service
+ rm /tmp/ipfsid
+ fi
- echo 'install_ipfs' >> $COMPLETION_FILE
+ echo 'install_ipfs' >> $COMPLETION_FILE
}
function install_voip {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
- return
- fi
- if grep -Fxq "install_voip" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install mumble-server
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
+ return
+ fi
+ if grep -Fxq "install_voip" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install mumble-server
- get_voip_server_password
- if [ ! $VOIP_SERVER_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- VOIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- VOIP_SERVER_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
- if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
- VOIP_SERVER_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
- fi
- fi
- fi
+ get_voip_server_password
+ if [ ! $VOIP_SERVER_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ VOIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ VOIP_SERVER_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
+ if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+ VOIP_SERVER_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
+ fi
+ fi
+ fi
- # Make an ssl cert for the server
- if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
- ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
- check_certificates mumble
- fi
+ # Make an ssl cert for the server
+ if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
+ ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
+ check_certificates mumble
+ fi
- # Check that the cert was created
- if [ ! -f /etc/ssl/certs/mumble.crt ]; then
- echo $'VoIP server certificate not created'
- exit 57892
- fi
- if [ ! -f /etc/ssl/private/mumble.key ]; then
- echo $'VoIP server key not created'
- exit 57893
- fi
- if [ ! -d /var/lib/mumble-server ]; then
- mkdir /var/lib/mumble-server
- fi
- cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
- cp /etc/ssl/private/mumble.key /var/lib/mumble-server
- chown -R mumble-server:mumble-server /var/lib/mumble-server
+ # Check that the cert was created
+ if [ ! -f /etc/ssl/certs/mumble.crt ]; then
+ echo $'VoIP server certificate not created'
+ exit 57892
+ fi
+ if [ ! -f /etc/ssl/private/mumble.key ]; then
+ echo $'VoIP server key not created'
+ exit 57893
+ fi
+ if [ ! -d /var/lib/mumble-server ]; then
+ mkdir /var/lib/mumble-server
+ fi
+ cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
+ cp /etc/ssl/private/mumble.key /var/lib/mumble-server
+ chown -R mumble-server:mumble-server /var/lib/mumble-server
- sed -i "s|welcometext=.*|welcometext=\"
Welcome to $DEFAULT_DOMAIN_NAME VoIP.
Chat freely!
\"|g" /etc/mumble-server.ini
+ sed -i "s|welcometext=.*|welcometext=\"
Welcome to $DEFAULT_DOMAIN_NAME VoIP.
Chat freely!
\"|g" /etc/mumble-server.ini
- if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
- sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini
- fi
+ if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+ sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini
+ fi
- sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini
- sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini
- sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini
- sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
- sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
- if ! grep -q "allowping" /etc/mumble-server.ini; then
- echo 'allowping=False' >> /etc/mumble-server.ini
- fi
- sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
- sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini
- sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
- sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
- sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
- sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
- sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
- sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
- sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini
- sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
- sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
- sed -i "s|port=.*|port=${VOIP_PORT}|g" /etc/mumble-server.ini
+ sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini
+ sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini
+ sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini
+ sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
+ sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
+ if ! grep -q "allowping" /etc/mumble-server.ini; then
+ echo 'allowping=False' >> /etc/mumble-server.ini
+ fi
+ sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
+ sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini
+ sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
+ sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
+ sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
+ sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
+ sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
+ sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
+ sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini
+ sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
+ sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
+ sed -i "s|port=.*|port=${VOIP_PORT}|g" /etc/mumble-server.ini
- VOIP_ONION_HOSTNAME=$(add_onion_service voip ${VOIP_PORT} ${VOIP_PORT})
- if ! grep -q $"VoIP onion domain" $COMPLETION_FILE; then
- echo "VoIP onion domain:$VOIP_ONION_HOSTNAME" >> $COMPLETION_FILE
- fi
+ VOIP_ONION_HOSTNAME=$(add_onion_service voip ${VOIP_PORT} ${VOIP_PORT})
+ if ! grep -q $"VoIP onion domain" $COMPLETION_FILE; then
+ echo "VoIP onion domain:$VOIP_ONION_HOSTNAME" >> $COMPLETION_FILE
+ fi
- systemctl restart mumble-server
+ systemctl restart mumble-server
- if ! grep -q $"VoIP Server" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'VoIP Server' >> /home/$MY_USERNAME/README
- echo '===========' >> /home/$MY_USERNAME/README
- echo $"VoIP onion domain:$VOIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
- echo $'VoIP server username: mumble-server' >> /home/$MY_USERNAME/README
- if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then
- echo $"VoIP server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
- fi
- echo '' >> /home/$MY_USERNAME/README
- echo $'To connect to the VoIP server use your username and the server password shown above.' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if ! grep -q $"VoIP Server" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'VoIP Server' >> /home/$MY_USERNAME/README
+ echo '===========' >> /home/$MY_USERNAME/README
+ echo $"VoIP onion domain:$VOIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+ echo $'VoIP server username: mumble-server' >> /home/$MY_USERNAME/README
+ if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then
+ echo $"VoIP server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
+ fi
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'To connect to the VoIP server use your username and the server password shown above.' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo 'install_voip' >> $COMPLETION_FILE
+ echo 'install_voip' >> $COMPLETION_FILE
}
function update_sipwitch_daemon {
- if [ ! -f /etc/init.d/sipwitch ]; then
- return
- fi
- service sipwitch stop
+ if [ ! -f /etc/init.d/sipwitch ]; then
+ return
+ fi
+ service sipwitch stop
- # remove the original sipwitch daemon if it exists
- if [ -f /etc/init.d/sipwitch ]; then
- rm -f /etc/init.d/sipwitch
- fi
+ # remove the original sipwitch daemon if it exists
+ if [ -f /etc/init.d/sipwitch ]; then
+ rm -f /etc/init.d/sipwitch
+ fi
- # daemon
- echo '[Unit]' > /etc/systemd/system/sipwitch.service
- echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
- echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
- echo '' >> /etc/systemd/system/sipwitch.service
- echo '[Service]' >> /etc/systemd/system/sipwitch.service
- echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
- echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
- echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
- echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
- echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
- echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
- echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
- echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
- echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
- echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
- echo '' >> /etc/systemd/system/sipwitch.service
- echo '[Install]' >> /etc/systemd/system/sipwitch.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
+ # daemon
+ echo '[Unit]' > /etc/systemd/system/sipwitch.service
+ echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
+ echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
+ echo '' >> /etc/systemd/system/sipwitch.service
+ echo '[Service]' >> /etc/systemd/system/sipwitch.service
+ echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
+ echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
+ echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
+ echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
+ echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
+ echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
+ echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
+ echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
+ echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
+ echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
+ echo '' >> /etc/systemd/system/sipwitch.service
+ echo '[Install]' >> /etc/systemd/system/sipwitch.service
+ echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
- systemctl enable sipwitch
- systemctl daemon-reload
- systemctl start sipwitch
+ systemctl enable sipwitch
+ systemctl daemon-reload
+ systemctl start sipwitch
}
function install_sip {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
- return
- fi
- if grep -Fxq "install_sip" $COMPLETION_FILE; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
+ return
+ fi
+ if grep -Fxq "install_sip" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install sipwitch
+ apt-get -y install sipwitch
- get_sip_server_password
- if [ ! $SIP_SERVER_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- SIP_SERVER_PASSWORD="$(openssl rand -base64 12 | cut -c1-10)"
- fi
- fi
+ get_sip_server_password
+ if [ ! $SIP_SERVER_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ SIP_SERVER_PASSWORD="$(openssl rand -base64 12 | cut -c1-10)"
+ fi
+ fi
- echo '' > /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
+ echo '' > /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
- echo "" >> /etc/sipwitch.conf
- echo '201' >> /etc/sipwitch.conf
- echo "$SIP_SERVER_PASSWORD" >> /etc/sipwitch.conf
- echo "$MY_USERNAME 201" >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
+ echo "" >> /etc/sipwitch.conf
+ echo '201' >> /etc/sipwitch.conf
+ echo "$SIP_SERVER_PASSWORD" >> /etc/sipwitch.conf
+ echo "$MY_USERNAME 201" >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo " $DEFAULT_DOMAIN_NAME" >> /etc/sipwitch.conf
- echo ' 200' >> /etc/sipwitch.conf
- echo ' 2' >> /etc/sipwitch.conf
- echo ' *' >> /etc/sipwitch.conf
- echo ' false' >> /etc/sipwitch.conf
- echo ' system' >> /etc/sipwitch.conf
- echo ' anonymous' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo ' ' >> /etc/sipwitch.conf
- echo ' 4' >> /etc/sipwitch.conf
- echo ' ' >> /etc/sipwitch.conf
- echo ' 4' >> /etc/sipwitch.conf
- echo ' ' >> /etc/sipwitch.conf
- echo ' 6' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo ' 200' >> /etc/sipwitch.conf
- echo ' 100' >> /etc/sipwitch.conf
- echo ' 77' >> /etc/sipwitch.conf
- echo ' 200' >> /etc/sipwitch.conf
- echo ' ' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
- echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo " $DEFAULT_DOMAIN_NAME" >> /etc/sipwitch.conf
+ echo ' 200' >> /etc/sipwitch.conf
+ echo ' 2' >> /etc/sipwitch.conf
+ echo ' *' >> /etc/sipwitch.conf
+ echo ' false' >> /etc/sipwitch.conf
+ echo ' system' >> /etc/sipwitch.conf
+ echo ' anonymous' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo ' ' >> /etc/sipwitch.conf
+ echo ' 4' >> /etc/sipwitch.conf
+ echo ' ' >> /etc/sipwitch.conf
+ echo ' 4' >> /etc/sipwitch.conf
+ echo ' ' >> /etc/sipwitch.conf
+ echo ' 6' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo ' 200' >> /etc/sipwitch.conf
+ echo ' 100' >> /etc/sipwitch.conf
+ echo ' 77' >> /etc/sipwitch.conf
+ echo ' 200' >> /etc/sipwitch.conf
+ echo ' ' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
+ echo '' >> /etc/sipwitch.conf
- sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
- sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
- groupadd sipwitch
- usermod -aG sipwitch $MY_USERNAME
+ sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
+ sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
+ groupadd sipwitch
+ usermod -aG sipwitch $MY_USERNAME
- SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
- if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then
- echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE
- fi
+ SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
+ if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then
+ echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE
+ fi
- if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'SIP Server' >> /home/$MY_USERNAME/README
- echo '==========' >> /home/$MY_USERNAME/README
- echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
- echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
- echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
- echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'SIP Server' >> /home/$MY_USERNAME/README
+ echo '==========' >> /home/$MY_USERNAME/README
+ echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+ echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+ echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
+ echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo 'install_sip' >> $COMPLETION_FILE
+ echo 'install_sip' >> $COMPLETION_FILE
}
function install_sip_turn {
- if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
- return
- fi
- if grep -Fxq "install_sip_turn" $COMPLETION_FILE; then
- return
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
+ return
+ fi
+ if grep -Fxq "install_sip_turn" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install turnserver
+ apt-get -y install turnserver
- # create a nonce if needed
- if [ ! $VOIP_TURN_NONCE ]; then
- VOIP_TURN_NONCE="$(openssl rand -base64 32 | cut -c1-30)"
- fi
+ # create a nonce if needed
+ if [ ! $VOIP_TURN_NONCE ]; then
+ VOIP_TURN_NONCE="$(openssl rand -base64 32 | cut -c1-30)"
+ fi
- create_site_certificate $DEFAULT_DOMAIN_NAME
+ create_site_certificate $DEFAULT_DOMAIN_NAME
- echo '##' > /etc/turnserver/turnserver.conf
- echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
- echo '#' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
- echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
- echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
- echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
- echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
- echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
- echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
- echo "udp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
- echo "tcp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
- echo "tls_port = $VOIP_TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## TLS support.' >> /etc/turnserver/turnserver.conf
- echo 'tls = true' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
- echo '## standard.' >> /etc/turnserver/turnserver.conf
- echo 'dtls = false' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
- echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
- echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
- echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
- echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
- echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
- echo 'daemon = true' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
- echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
- echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
- echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Realm value.' >> /etc/turnserver/turnserver.conf
- echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
- echo "nonce_key = \"$VOIP_TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
- echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
- echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
- echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
- echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
- echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
- echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
- echo 'denied_address {' >> /etc/turnserver/turnserver.conf
- echo ' address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
- echo ' mask = "8"' >> /etc/turnserver/turnserver.conf
- echo ' port = 0' >> /etc/turnserver/turnserver.conf
- echo '}' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
- echo 'denied_address {' >> /etc/turnserver/turnserver.conf
- echo ' address = "::1"' >> /etc/turnserver/turnserver.conf
- echo ' mask = "128"' >> /etc/turnserver/turnserver.conf
- echo ' port = 0' >> /etc/turnserver/turnserver.conf
- echo '}' >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
- echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
- if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
- echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
- else
- if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
- echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
- fi
- fi
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Private key file.' >> /etc/turnserver/turnserver.conf
- echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Account method.' >> /etc/turnserver/turnserver.conf
- echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
- echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
- echo '' >> /etc/turnserver/turnserver.conf
- echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
- echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
+ echo '##' > /etc/turnserver/turnserver.conf
+ echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
+ echo '#' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
+ echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
+ echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
+ echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
+ echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
+ echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
+ echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
+ echo "udp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
+ echo "tcp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
+ echo "tls_port = $VOIP_TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## TLS support.' >> /etc/turnserver/turnserver.conf
+ echo 'tls = true' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
+ echo '## standard.' >> /etc/turnserver/turnserver.conf
+ echo 'dtls = false' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
+ echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
+ echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
+ echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
+ echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
+ echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
+ echo 'daemon = true' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
+ echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
+ echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
+ echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Realm value.' >> /etc/turnserver/turnserver.conf
+ echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
+ echo "nonce_key = \"$VOIP_TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
+ echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
+ echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
+ echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
+ echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
+ echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
+ echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
+ echo 'denied_address {' >> /etc/turnserver/turnserver.conf
+ echo ' address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
+ echo ' mask = "8"' >> /etc/turnserver/turnserver.conf
+ echo ' port = 0' >> /etc/turnserver/turnserver.conf
+ echo '}' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
+ echo 'denied_address {' >> /etc/turnserver/turnserver.conf
+ echo ' address = "::1"' >> /etc/turnserver/turnserver.conf
+ echo ' mask = "128"' >> /etc/turnserver/turnserver.conf
+ echo ' port = 0' >> /etc/turnserver/turnserver.conf
+ echo '}' >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
+ echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
+ if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
+ echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
+ else
+ if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
+ echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
+ fi
+ fi
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Private key file.' >> /etc/turnserver/turnserver.conf
+ echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Account method.' >> /etc/turnserver/turnserver.conf
+ echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
+ echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
+ echo '' >> /etc/turnserver/turnserver.conf
+ echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
+ echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
- echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
+ echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
- systemctl restart turnserver
+ systemctl restart turnserver
- echo 'install_sip_turn' >> $COMPLETION_FILE
+ echo 'install_sip_turn' >> $COMPLETION_FILE
}
function install_final {
- if grep -Fxq "install_final" $COMPLETION_FILE; then
- return
- fi
- # unmount any attached usb drive
- if [ -d $USB_MOUNT ]; then
- umount $USB_MOUNT
- rm -rf $USB_MOUNT
- fi
- split_gpg_key_into_fragments
- echo 'install_final' >> $COMPLETION_FILE
- clear
- echo ''
- echo $"
- *** ${PROJECT_NAME} installation is complete. Rebooting... ***
+ if grep -Fxq "install_final" $COMPLETION_FILE; then
+ return
+ fi
+ # unmount any attached usb drive
+ if [ -d $USB_MOUNT ]; then
+ umount $USB_MOUNT
+ rm -rf $USB_MOUNT
+ fi
+ split_gpg_key_into_fragments
+ echo 'install_final' >> $COMPLETION_FILE
+ clear
+ echo ''
+ echo $"
+ *** ${PROJECT_NAME} installation is complete. Rebooting... ***
- Now forward these ports from your internet router
+ Now forward these ports from your internet router
- HTTP 80
- HTTPS 443
- SSH 2222
- DLNA 1900
- DLNA 8200
- XMPP 5222-5223
- XMPP 5269
- XMPP 5280-5281
- IRC 6697
- Git 9418
- Email 25
- Email 587
- Email 465
- Email 993
- VoIP 64738
- VoIP 5060
- Tox 33445
- "
- if [ -f "/home/$MY_USERNAME/README" ]; then
- echo $"See /home/$MY_USERNAME/README for post-installation instructions."
- echo ''
- fi
- # add user menu on ssh login
- if ! grep -q 'control' /home/$MY_USERNAME/.bashrc; then
- echo 'control' >> /home/$MY_USERNAME/.bashrc
- fi
- if [ ! -f $IMAGE_PASSWORD_FILE ]; then
- reboot
- fi
+ HTTP 80
+ HTTPS 443
+ SSH 2222
+ DLNA 1900
+ DLNA 8200
+ XMPP 5222-5223
+ XMPP 5269
+ XMPP 5280-5281
+ IRC 6697
+ Git 9418
+ Email 25
+ Email 587
+ Email 465
+ Email 993
+ VoIP 64738
+ VoIP 5060
+ Tox 33445
+ "
+ if [ -f "/home/$MY_USERNAME/README" ]; then
+ echo $"See /home/$MY_USERNAME/README for post-installation instructions."
+ echo ''
+ fi
+ # add user menu on ssh login
+ if ! grep -q 'control' /home/$MY_USERNAME/.bashrc; then
+ echo 'control' >> /home/$MY_USERNAME/.bashrc
+ fi
+ if [ ! -f $IMAGE_PASSWORD_FILE ]; then
+ reboot
+ fi
}