This commit is contained in:
Bob Mottram 2018-02-20 19:58:41 +00:00
commit 3c23979965
16 changed files with 113 additions and 965 deletions

View File

@ -32,4 +32,4 @@ While this code of conduct should be adhered to by participants, we recognize th
Serious or persistent offenders will be kicked from chat rooms and any of their subsequent patches will be unlikely to be upstreamed. In this context "serious" means that someone is causing others to feel unsafe or be unable to contribute, for whatever reason.
This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG/OpenPGP if you can, or XMPP with OTR/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.
This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG if you can, or XMPP with OpenPGP/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.

View File

@ -20,7 +20,7 @@ GNU Social is typically referred to as a microblogging system, although with a m
You can host your own GNU Social instance and then "/remote follow/" other users who may also be doing the same. With a federated structure this type of system is hard to censor or ban. Unlike Twitter, there are no bribed adverts pushed into your stream, and any trends happening are likely to be real rather than being manipulated by some opaque algorithm.
You should regard anything posted to GNU Social as being /public communication/ visible to anyone on the internet. There is a direct messaging capability between users but it's not particularly secure, so for one-to-one messages stick to better methods, such as XMPP with OTR/OMEMO or Tox.
You should regard anything posted to GNU Social as being /public communication/ visible to anyone on the internet. There is a direct messaging capability between users but it's not particularly secure, so for one-to-one messages stick to better methods, such as XMPP with OpenPGP/OMEMO or Tox.
Some general advice about life in the fediverse [[./fediverse.html][can be found here]].

View File

@ -68,7 +68,7 @@ Enter the LUKS password for the USB drive. When the restore is complete you can
* Distributed/remote backups
Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.
Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the control panel on a Freedombone system or with the *adduser <username>* command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the control panel on a Freedombone system or with the *adduser <username>* command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OpenPGP/OMEMO. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
#+BEGIN_SRC bash
ssh username@domainname -p 2222

View File

@ -46,4 +46,4 @@ While this code of conduct should be adhered to by participants, we recognize th
Serious or persistent offenders will be kicked from chat rooms and any of their subsequent patches will be unlikely to be upstreamed. In this context "serious" means that someone is causing others to feel unsafe or be unable to contribute, for whatever reason.
This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG/OpenPGP if you can, or XMPP with OTR/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.
This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG if you can, or XMPP with OpenPGP/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.

View File

@ -24,7 +24,7 @@ This site can also be accessed via a Tor browser at *http://yjxlc3imv7obva4grjae
*PGP/GPG Fingerprint:* 9ABB82C00ABF39F82680487DCC2536191FA7C33F
*XMPP:* bob@freedombone.net with OMEMO or OTR
*XMPP:* bob@freedombone.net with OMEMO or OpenPGP
*Matrix:* #fbone:matrix.freedombone.net

View File

@ -1,169 +0,0 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Adds a SIP phone user to the system
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-addsipuser
export TEXTDOMAINDIR="/usr/share/locale"
MY_USERNAME=
EXTENSION=
PASSWORD=
CONFIG_FILE=/etc/sipwitch.conf
USER_EXISTS="no"
function show_help {
echo ''
echo $"${PROJECT_NAME}-addsipuser -u [username] -e [extension] -p [password]"
echo ''
exit 0
}
function sip_user_exists {
IFS=''
while read line; do
if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
USER_EXISTS="yes"
return
fi
done < $CONFIG_FILE
}
function update_sip_user {
USER_FOUND=
NEW_CONFIG_FILE="${CONFIG_FILE}.new"
if [ -f $NEW_CONFIG_FILE ]; then
rm -f $NEW_CONFIG_FILE
fi
touch $NEW_CONFIG_FILE
IFS=''
while read line; do
if [ ! $USER_FOUND ]; then
if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
USER_FOUND="yes"
fi
else
if [[ "$line" == *"<extension>"* ]]; then
line=" <extension>$EXTENSION</extension>"
fi
if [[ "$line" == *"<secret>"* ]]; then
line=" <secret>$PASSWORD</secret>"
fi
if [[ "$line" == *"<display>"* ]]; then
line=" <display>$MY_USERNAME $EXTENSION</display>"
USER_FOUND=
fi
fi
echo $line >> $NEW_CONFIG_FILE
done < $CONFIG_FILE
mv $NEW_CONFIG_FILE $CONFIG_FILE
}
function add_sip_user {
NEW_CONFIG_FILE="${CONFIG_FILE}.new"
if [ -f $NEW_CONFIG_FILE ]; then
rm -f $NEW_CONFIG_FILE
fi
touch $NEW_CONFIG_FILE
IFS=''
while read line; do
if [[ "$line" == *'</provision>' ]]; then
echo " <user id=\"$MY_USERNAME\">" >> $NEW_CONFIG_FILE
echo " <extension>$EXTENSION</extension>" >> $NEW_CONFIG_FILE
echo " <secret>$PASSWORD</secret>" >> $NEW_CONFIG_FILE
echo " <display>$MY_USERNAME $EXTENSION</display>" >> $NEW_CONFIG_FILE
echo ' </user>' >> $NEW_CONFIG_FILE
fi
echo $line >> $NEW_CONFIG_FILE
done < $CONFIG_FILE
mv $NEW_CONFIG_FILE $CONFIG_FILE
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -aG sipwitch $MY_USERNAME
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
}
while [[ $# > 1 ]]
do
key="$1"
case $key in
-h|--help)
show_help
;;
-u|--user)
shift
MY_USERNAME="$1"
;;
-e|--extension)
shift
EXTENSION="$1"
;;
-p|--password)
shift
PASSWORD="$1"
;;
*)
# unknown option
;;
esac
shift
done
if ! [[ $MY_USERNAME && $EXTENSION && $PASSWORD ]]; then
show_help
fi
if [ ! -f $CONFIG_FILE ]; then
echo $"SIP configuration file not found"
exit 1
fi
# the user must already exist on the system
if [ ! -d /home/$MY_USERNAME ]; then
echo $"User $MY_USERNAME not found"
exit 2
fi
sip_user_exists
if [[ $USER_EXISTS == "yes" ]]; then
update_sip_user
echo $"SIP user $MY_USERNAME amended"
else
add_sip_user
echo $"SIP user $MY_USERNAME added"
fi
systemctl restart sipwitch
exit 0

View File

@ -185,11 +185,6 @@ function restore_remote_mumble {
rm -rf $temp_restore_dir
exit 7823
fi
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
else
cp -f $temp_restore_dir/sipwitch.conf /etc/sipwitch.conf
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 7823

View File

@ -1,497 +0,0 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# SIP functions
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS=''
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
SIP_SERVER_PASSWORD=
SIP_PORT=5060
SIP_TLS_PORT=5061
TURN_PORT=3478
TURN_TLS_PORT=5349
TURN_NONCE=
sip_variables=(ONION_ONLY
MY_USERNAME
SIP_PORT
SIP_TLS_PORT
SIP_SERVER_PASSWORD
TURN_PORT
TURN_TLS_PORT
TURN_NONCE)
function logging_on_sip {
echo -n ''
}
function logging_off_sip {
echo -n ''
}
function remove_user_sip {
remove_username="$1"
${PROJECT_NAME}-rmsipuser ${remove_username}
${PROJECT_NAME}-pass -u $remove_username --rmapp sip
# remove user from SIP TURN/STUN
if [ -f /etc/turnserver/turnusers.txt ]; then
sed -i "/${remove_username}:/d" /etc/turnserver/turnusers.txt
fi
}
function add_user_sip {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a sip -p "$new_user_password"
SIP_EXTENSION=$(${PROJECT_NAME}-sipfreeext)
${PROJECT_NAME}-addsipuser -u $new_username -e $SIP_EXTENSION -p "$new_user_password"
if [ ! "$?" = "0" ]; then
echo '1'
return
fi
# add user to the sipwitch group
if [ -f /etc/sipwitch.conf ]; then
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -aG sipwitch $new_username
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
fi
# add user for SIP STUN/TURN
if [ -d /etc/turnserver ]; then
if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
read_config_param "DEFAULT_DOMAIN_NAME"
echo "${new_username}:${new_user_password}:${DEFAULT_DOMAIN_NAME}:authorized" >> /etc/turnserver/turnusers.txt
fi
fi
echo '0'
}
function install_interactive_sip {
echo -n ''
APP_INSTALLED=1
}
function change_password_sip {
curr_username="$1"
new_user_password="$2"
#${PROJECT_NAME}-pass -u "$curr_username" -a sip -p "$new_user_password"
}
function reconfigure_sip {
echo -n ''
}
function upgrade_sip {
# remove the original sipwitch daemon if it exists
if [ -f /etc/init.d/sipwitch ]; then
rm -f /etc/init.d/sipwitch
fi
}
function backup_local_sip {
if [ -f /etc/sipwitch.conf ]; then
echo $"Backing up SIP settings"
temp_backup_dir=/root/tempsipbackup
if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir
fi
cp -f /etc/sipwitch.conf $temp_backup_dir
backup_directory_to_usb $temp_backup_dir sip
echo $"SIP settings backup complete"
fi
}
function restore_local_sip {
if [ -d $USB_MOUNT/backup/sip ]; then
echo $"Restoring SIP settings"
temp_restore_dir=/root/tempsip
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir sip
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
else
cp -f $temp_restore_dir/sipwitch.conf /etc/sipwitch.conf
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
function_check set_user_permissions
set_user_permissions
backup_unmount_drive
exit 3679
fi
rm -rf $temp_restore_dir
systemctl restart sipwitch
echo $"Restore of SIP settings complete"
fi
}
function backup_remote_sip {
if [ -f /etc/sipwitch.conf ]; then
echo $"Backing up SIP settings"
temp_backup_dir=/root/tempsipbackup
if [ ! -d $temp_backup_dir ]; then
mkdir -p $temp_backup_dir
fi
cp -f /etc/sipwitch.conf $temp_backup_dir
backup_directory_to_friend $temp_backup_dir sip
echo $"Backup SIP settings complete"
fi
}
function restore_remote_sip {
temp_restore_dir=/root/tempsip
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir sip
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
else
cp -f $temp_restore_dir/sipwitch.conf /etc/sipwitch.conf
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
function_check set_user_permissions
set_user_permissions
backup_unmount_drive
exit 3679
fi
rm -rf $temp_restore_dir
systemctl restart sipwitch
}
function remove_sip {
firewall_remove ${TURN_PORT}
firewall_remove ${TURN_TLS_PORT} tcp
firewall_remove ${SIP_PORT}
firewall_remove ${SIP_TLS_PORT}
function_check remove_onion_service
remove_onion_service sip ${SIP_PORT}
apt-get -yq remove --purge sipwitch
apt-get -yq remove --purge turnserver
if [ -f /etc/sipwitch.conf ]; then
rm /etc/sipwitch.conf
fi
if [ -d /etc/turnserver ]; then
rm -rf /etc/turnserver
fi
remove_completion_param install_sip
remove_completion_param configure_firewall_for_turn
remove_completion_param configure_firewall_for_sip4
}
function configure_firewall_for_turn {
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add TURN ${TURN_PORT}
firewall_add "TURN TLS" ${TURN_TLS_PORT} tcp
}
function configure_firewall_for_sip4 {
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add SIP ${SIP_PORT}
firewall_add "SIP TLS" ${SIP_TLS_PORT}
}
function update_sipwitch_daemon {
if [ ! -f /etc/init.d/sipwitch ]; then
return
fi
systemctl stop sipwitch
# remove the original sipwitch daemon if it exists
if [ -f /etc/init.d/sipwitch ]; then
rm -f /etc/init.d/sipwitch
fi
# daemon
echo '[Unit]' > /etc/systemd/system/sipwitch.service
echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
echo '' >> /etc/systemd/system/sipwitch.service
echo '[Service]' >> /etc/systemd/system/sipwitch.service
echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
echo '' >> /etc/systemd/system/sipwitch.service
echo '[Install]' >> /etc/systemd/system/sipwitch.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
systemctl enable sipwitch
systemctl daemon-reload
systemctl start sipwitch
}
function install_sip_main {
if [[ $(app_is_installed sip_main) == "1" ]]; then
return
fi
apt-get -yq install sipwitch
if [ -f $IMAGE_PASSWORD_FILE ]; then
SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
if [ ! $SIP_SERVER_PASSWORD ]; then
SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
fi
fi
echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
echo '<sipwitch>' >> /etc/sipwitch.conf
echo '<provision>' >> /etc/sipwitch.conf
echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
echo '<extension>201</extension>' >> /etc/sipwitch.conf
echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
echo '</user>' >> /etc/sipwitch.conf
echo '</provision>' >> /etc/sipwitch.conf
echo '<access>' >> /etc/sipwitch.conf
echo '</access>' >> /etc/sipwitch.conf
echo '<stack>' >> /etc/sipwitch.conf
echo " <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
echo ' <mapped>200</mapped>' >> /etc/sipwitch.conf
echo ' <threading>2</threading>' >> /etc/sipwitch.conf
echo ' <interface>*</interface>' >> /etc/sipwitch.conf
echo ' <dumping>false</dumping>' >> /etc/sipwitch.conf
echo ' <system>system</system>' >> /etc/sipwitch.conf
echo ' <anon>anonymous</anon>' >> /etc/sipwitch.conf
echo '</stack>' >> /etc/sipwitch.conf
echo '<timers>' >> /etc/sipwitch.conf
echo ' <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
echo ' <ring>4</ring>' >> /etc/sipwitch.conf
echo ' <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
echo ' <cfna>4</cfna>' >> /etc/sipwitch.conf
echo ' <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
echo ' <reset>6</reset>' >> /etc/sipwitch.conf
echo '</timers>' >> /etc/sipwitch.conf
echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
echo '<registry>' >> /etc/sipwitch.conf
echo ' <prefix>200</prefix>' >> /etc/sipwitch.conf
echo ' <range>100</range>' >> /etc/sipwitch.conf
echo ' <keysize>77</keysize>' >> /etc/sipwitch.conf
echo ' <mapped>200</mapped>' >> /etc/sipwitch.conf
echo ' <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
echo '</registry>' >> /etc/sipwitch.conf
echo '<routing>' >> /etc/sipwitch.conf
echo '</routing>' >> /etc/sipwitch.conf
echo '</sipwitch>' >> /etc/sipwitch.conf
sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
groupadd sipwitch
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -aG sipwitch $MY_USERNAME
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
${PROJECT_NAME}-pass -u $MY_USERNAME -a sip -p "$SIP_SERVER_PASSWORD"
function_check configure_firewall_for_sip4
configure_firewall_for_sip4
install_completed sip_main
}
function install_sip_turn {
if [[ $(app_is_installed sip_turn) == "1" ]]; then
return
fi
apt-get -yq install turnserver
# create a nonce if needed
if [ ! $TURN_NONCE ]; then
TURN_NONCE="$(create_password 30)"
fi
function_check create_site_certificate
create_site_certificate $DEFAULT_DOMAIN_NAME 'yes'
echo '##' > /etc/turnserver/turnserver.conf
echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
echo '#' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
echo "udp_port = $TURN_PORT" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
echo "tcp_port = $TURN_PORT" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
echo "tls_port = $TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TLS support.' >> /etc/turnserver/turnserver.conf
echo 'tls = true' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
echo '## standard.' >> /etc/turnserver/turnserver.conf
echo 'dtls = false' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
echo 'daemon = true' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Realm value.' >> /etc/turnserver/turnserver.conf
echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
echo "nonce_key = \"$TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
echo 'denied_address {' >> /etc/turnserver/turnserver.conf
echo ' address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
echo ' mask = "8"' >> /etc/turnserver/turnserver.conf
echo ' port = 0' >> /etc/turnserver/turnserver.conf
echo '}' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
echo 'denied_address {' >> /etc/turnserver/turnserver.conf
echo ' address = "::1"' >> /etc/turnserver/turnserver.conf
echo ' mask = "128"' >> /etc/turnserver/turnserver.conf
echo ' port = 0' >> /etc/turnserver/turnserver.conf
echo '}' >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
else
if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
fi
fi
echo '' >> /etc/turnserver/turnserver.conf
echo '## Private key file.' >> /etc/turnserver/turnserver.conf
echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Account method.' >> /etc/turnserver/turnserver.conf
echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
echo '' >> /etc/turnserver/turnserver.conf
echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
systemctl restart turnserver
function_check configure_firewall_for_turn
configure_firewall_for_turn
install_completed sip_turn
}
function install_sip {
install_sip_main
update_sipwitch_daemon
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0

View File

@ -76,7 +76,6 @@ done
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
SELECTED_USERNAME=
SIP_CONFIGURATION_FILE=/etc/sipwitch.conf
ADMIN_USER=
UPGRADE_SCRIPT_NAME="${PROJECT_NAME}-upgrade"
UPDATE_DATE_SCRIPT=/usr/bin/updatedate
@ -479,9 +478,6 @@ function show_users {
echo '====='
echo ''
echo -n -e "$(pad_string 'Name')"
if [[ $(app_is_installed sip) == "1" ]]; then
echo -n -e "$(pad_string 'SIP ext')"
fi
echo -n -e "$(pad_string 'Data')"
echo ''
echo '----------------------------------'
@ -489,25 +485,6 @@ function show_users {
USRNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USRNAME") == "1" ]]; then
echo -n -e "$(pad_string ${USRNAME})"
# get the SIP extension
SIPEXT=
if [ -f $SIP_CONFIGURATION_FILE ]; then
while read ext; do
if [[ $ext == *"user id"* ]]; then
CURR_UID=$(echo "$ext" | awk -F '"' '{print $2}' | awk -F '"' '{print $1}')
fi
if [[ $ext == *"extension"* ]]; then
if [[ $CURR_UID == $USRNAME ]]; then
SIPEXT=$(echo "$ext" | awk -F '>' '{print $2}' | awk -F '<' '{print $1}')
fi
fi
done < $SIP_CONFIGURATION_FILE
fi
if [ $SIPEXT ]; then
echo -n -e "$(pad_string SIP:${SIPEXT})"
else
echo -n -e "$(pad_string '')"
fi
# size of the home directory
echo "$(du -s -h /home/${USRNAME} | awk -F ' ' '{print $1}')"

View File

@ -1,112 +0,0 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Removes a SIP phone user from the system
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-rmsipuser
export TEXTDOMAINDIR="/usr/share/locale"
MY_USERNAME=$1
CONFIG_FILE=/etc/sipwitch.conf
USER_EXISTS="no"
function show_help {
echo ''
echo $"${PROJECT_NAME}-rmsipuser [username]"
echo ''
exit 0
}
function sip_user_exists {
IFS=''
while read line; do
if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
USER_EXISTS="yes"
return
fi
done < $CONFIG_FILE
}
function remove_sip_user {
USER_FOUND=
NEW_CONFIG_FILE="${CONFIG_FILE}.new"
if [ -f $NEW_CONFIG_FILE ]; then
rm -f $NEW_CONFIG_FILE
fi
touch $NEW_CONFIG_FILE
IFS=''
while read line; do
if [ ! $USER_FOUND ]; then
if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
USER_FOUND="yes"
fi
fi
if [ ! $USER_FOUND ]; then
echo "$line" >> $NEW_CONFIG_FILE
else
if [[ "$line" == *'</user>' ]]; then
USER_FOUND=
fi
fi
done < $CONFIG_FILE
mv $NEW_CONFIG_FILE $CONFIG_FILE
}
if [ ! $MY_USERNAME ]; then
show_help
fi
if [ ! -f $CONFIG_FILE ]; then
echo $"SIP configuration file not found"
exit 1
fi
# the user must already exist on the system
if [ ! -d /home/$MY_USERNAME ]; then
echo $"User $MY_USERNAME not found"
exit 2
fi
sip_user_exists
if [[ $USER_EXISTS != "yes" ]]; then
echo $'User not found within SIP configuration file'
exit 3
fi
systemctl stop sipwitch
remove_sip_user
systemctl start sipwitch
echo $"SIP user $MY_USERNAME removed"
exit 0

View File

@ -1,47 +0,0 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Returns the next free SIP extension number
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-sipfreeext
export TEXTDOMAINDIR="/usr/share/locale"
CONFIG_FILE=/etc/sipwitch.conf
maxnum=201
while (( maxnum < 299 )); do
if ! grep -q "extension>$maxnum<" $CONFIG_FILE; then
break;
fi
maxnum=$((maxnum + 1))
done
echo $maxnum
exit 0

View File

@ -76,7 +76,6 @@ function upgrade_installation_from_previous_versions {
sed -i 's|XMPP|xmpp|g' $COMPLETION_FILE
sed -i 's|voip|mumble|g' $COMPLETION_FILE
sed -i 's|VoIP|mumble|g' $COMPLETION_FILE
sed -i 's|SIP |sip |g' $COMPLETION_FILE
sed -i 's|Blog|htmly|g' $COMPLETION_FILE
sed -i 's|Hubzilla|hubzilla|g' $COMPLETION_FILE
sed -i 's|Gogs|gogs|g' $COMPLETION_FILE

View File

@ -3,10 +3,10 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-05-09 Tue 15:00 -->
<!-- 2018-02-20 Tue 10:55 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
<title>&lrm;</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" />
<meta name="description" content="How to use GNU Social"
@ -257,7 +257,7 @@ You can host your own GNU Social instance and then "<i>remote follow</i>" other
</p>
<p>
You should regard anything posted to GNU Social as being <i>public communication</i> visible to anyone on the internet. There is a direct messaging capability between users but it's not particularly secure, so for one-to-one messages stick to better methods, such as XMPP with OTR/OMEMO or Tox.
You should regard anything posted to GNU Social as being <i>public communication</i> visible to anyone on the internet. There is a direct messaging capability between users but it's not particularly secure, so for one-to-one messages stick to better methods, such as XMPP with OpenPGP/OMEMO or Tox.
</p>
<p>
@ -274,16 +274,16 @@ Some general advice about life in the fediverse <a href="./fediverse.html">can b
</div>
<div id="outline-container-org5123b46" class="outline-2">
<h2 id="org5123b46">Installation</h2>
<div class="outline-text-2" id="text-org5123b46">
<div id="outline-container-orgd505b7e" class="outline-2">
<h2 id="orgd505b7e">Installation</h2>
<div class="outline-text-2" id="text-orgd505b7e">
<p>
Log into your system with:
</p>
<div class="org-src-container">
<pre><code class="src src-bash">ssh myusername@mydomain -p 2222
</code></pre>
<pre class="src src-bash">ssh myusername@mydomain -p 2222
</pre>
</div>
<p>
@ -300,9 +300,9 @@ After the install has completed go to <b>Security settings</b> and select <b>Cre
</div>
</div>
<div id="outline-container-org9477256" class="outline-2">
<h2 id="org9477256">Initial setup</h2>
<div class="outline-text-2" id="text-org9477256">
<div id="outline-container-org23e7827" class="outline-2">
<h2 id="org23e7827">Initial setup</h2>
<div class="outline-text-2" id="text-org23e7827">
<p>
If you have just obtained a Lets Encrypt certificate as above then go to <b>About</b> on the administrator control panel and you should see your GNU Social domain listed there along with an onion address. You can then navigate to your site in a browser.
</p>
@ -329,9 +329,9 @@ GNU Social has a clutter-free mobile user interface which can be accessed via a
</div>
</div>
<div id="outline-container-org3314c00" class="outline-2">
<h2 id="org3314c00">Switching user interfaces</h2>
<div class="outline-text-2" id="text-org3314c00">
<div id="outline-container-orge65b439" class="outline-2">
<h2 id="orge65b439">Switching user interfaces</h2>
<div class="outline-text-2" id="text-orge65b439">
<p>
A few web based user interfaces are available for GNU SOcial. They are selectable by going to the <b>Administrator control panel</b> and choosing <b>App settings</b> then <b>gnusocial</b>.
</p>
@ -352,9 +352,9 @@ A few web based user interfaces are available for GNU SOcial. They are selectabl
</div>
</div>
<div id="outline-container-org52974f0" class="outline-2">
<h2 id="org52974f0">Using with Emacs</h2>
<div class="outline-text-2" id="text-org52974f0">
<div id="outline-container-org6444239" class="outline-2">
<h2 id="org6444239">Using with Emacs</h2>
<div class="outline-text-2" id="text-org6444239">
<div class="org-center">
<div class="figure">
@ -368,7 +368,7 @@ If you are an Emacs user it's also possible to set up GNU Social mode as follows
</p>
<div class="org-src-container">
<pre><code class="src src-bash">mkdir ~/elisp
<pre class="src src-bash">mkdir ~/elisp
git clone https://github.com/bashrc/gnu-social-mode ~/elisp/gnu-social-mode
<span class="org-builtin">echo</span> <span class="org-string">"(add-to-list 'load-path \"~/elisp/gnu-social-mode\")"</span> &gt;&gt; ~/.emacs
<span class="org-builtin">echo</span> <span class="org-string">"(require 'gnu-social-mode)"</span> &gt;&gt; ~/.emacs
@ -376,7 +376,7 @@ git clone https://github.com/bashrc/gnu-social-mode ~/elisp/gnu-social-mode
<span class="org-builtin">echo</span> <span class="org-string">" gnu-social-server \"yourgnusocialdomain\""</span> &gt;&gt; ~/.emacs
<span class="org-builtin">echo</span> <span class="org-string">" gnu-social-username \"yourusername\""</span> &gt;&gt; ~/.emacs
<span class="org-builtin">echo</span> <span class="org-string">" gnu-social-password \"gnusocialpassword\")"</span> &gt;&gt; ~/.emacs
</code></pre>
</pre>
</div>
<p>
@ -384,8 +384,8 @@ And as a quick reference the main keys are:
</p>
<div class="org-src-container">
<pre><code class="src src-bash">M-x gnu-social
</code></pre>
<pre class="src src-bash">M-x gnu-social
</pre>
</div>
<p>
@ -535,9 +535,9 @@ Showing timelines:
</div>
</div>
<div id="outline-container-orgd6dab31" class="outline-2">
<h2 id="orgd6dab31">Blocking controls</h2>
<div class="outline-text-2" id="text-orgd6dab31">
<div id="outline-container-org231ba8e" class="outline-2">
<h2 id="org231ba8e">Blocking controls</h2>
<div class="outline-text-2" id="text-org231ba8e">
<div class="org-center">
<div class="figure">

View File

@ -3,10 +3,10 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-10-31 Mon 16:23 -->
<!-- 2018-02-20 Tue 11:20 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
<title>&lrm;</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" />
<meta name="description" content="Turn the Beaglebone Black into a personal communications server"
@ -71,6 +71,7 @@
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
@ -188,7 +189,7 @@
@licstart The following is the entire license notice for the
JavaScript code in this tag.
Copyright (C) 2012-2013 Free Software Foundation, Inc.
Copyright (C) 2012-2017 Free Software Foundation, Inc.
The JavaScript code in this tag is free software: you can
redistribute it and/or modify it under the terms of the GNU
@ -256,31 +257,31 @@ for the JavaScript code in this tag.
</colgroup>
<tbody>
<tr>
<td class="org-left"><a href="#org5101793">Backup keys</a></td>
<td class="org-left"><a href="#org9e30c71">Backup keys</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgbd04f75">Backup to USB</a></td>
<td class="org-left"><a href="#org51128a3">Backup to USB</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org3944959">Restore from USB</a></td>
<td class="org-left"><a href="#org471bcb9">Restore from USB</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org4ffab21">Distributed/remote backups</a></td>
<td class="org-left"><a href="#orgbd325f2">Distributed/remote backups</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org52a7ed8">Restore from a friend</a></td>
<td class="org-left"><a href="#orged9af55">Restore from a friend</a></td>
</tr>
</tbody>
</table>
</div>
<div id="outline-container-org5101793" class="outline-2">
<h2 id="org5101793">Backup keys</h2>
<div class="outline-text-2" id="text-org5101793">
<div id="outline-container-org9e30c71" class="outline-2">
<h2 id="org9e30c71">Backup keys</h2>
<div class="outline-text-2" id="text-org9e30c71">
<p>
As part of the Freedombone installation the GPG key used to encrypt backups will have been added to the <i>.gnupg</i> keyring in your home directory. Ensure that you have a copy of all your keys by plugging in a LUKS encrypted USB drive and then running the commands:
</p>
@ -303,9 +304,9 @@ A pro-tip for the best possible security is to create multiple USB drives contai
</p>
</div>
</div>
<div id="outline-container-orgbd04f75" class="outline-2">
<h2 id="orgbd04f75">Backup to USB</h2>
<div class="outline-text-2" id="text-orgbd04f75">
<div id="outline-container-org51128a3" class="outline-2">
<h2 id="org51128a3">Backup to USB</h2>
<div class="outline-text-2" id="text-org51128a3">
<p>
First and foremost - <b>encrypt your USB drives</b>! Even if you think you have "<i>nothing to hide</i>" if you accidentally lose a USB thumb drive (it's easy to lose small objects) and it's not encrypted then potentially someone might be able to obtain enough information about you to commit identity fraud, take out loans, open bank accounts, etc. Use LUKS encryption. In Ubuntu you can do this using the <i>Disk Utility</i> application. Some instructions <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be found here</a>.
</p>
@ -336,9 +337,9 @@ When the backup ends remove the USB drive and keep it somewhere safe. Even if it
</p>
</div>
</div>
<div id="outline-container-org3944959" class="outline-2">
<h2 id="org3944959">Restore from USB</h2>
<div class="outline-text-2" id="text-org3944959">
<div id="outline-container-org471bcb9" class="outline-2">
<h2 id="org471bcb9">Restore from USB</h2>
<div class="outline-text-2" id="text-org471bcb9">
<p>
Log into the system and become the root user:
</p>
@ -361,15 +362,15 @@ Enter the LUKS password for the USB drive. When the restore is complete you can
</p>
</div>
</div>
<div id="outline-container-org4ffab21" class="outline-2">
<h2 id="org4ffab21">Distributed/remote backups</h2>
<div class="outline-text-2" id="text-org4ffab21">
<div id="outline-container-orgbd325f2" class="outline-2">
<h2 id="orgbd325f2">Distributed/remote backups</h2>
<div class="outline-text-2" id="text-orgbd325f2">
<p>
Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.
</p>
<p>
Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the control panel on a Freedombone system or with the <b>adduser &lt;username&gt;</b> command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the control panel on a Freedombone system or with the <b>adduser &lt;username&gt;</b> command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OpenPGP/OMEMO. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
</p>
<div class="org-src-container">
@ -386,12 +387,13 @@ You can then enter the usernames, domains and ssh logins for one or more remote
</p>
</div>
</div>
<div id="outline-container-org52a7ed8" class="outline-2">
<h2 id="org52a7ed8">Restore from a friend</h2>
<div class="outline-text-2" id="text-org52a7ed8">
</div><div id="outline-container-org9783b56" class="outline-3">
<h3 id="org9783b56">With a completely new Freedombone installation</h3>
<div class="outline-text-3" id="text-org9783b56">
<div id="outline-container-orged9af55" class="outline-2">
<h2 id="orged9af55">Restore from a friend</h2>
<div class="outline-text-2" id="text-orged9af55">
</div>
<div id="outline-container-orgf5b5789" class="outline-3">
<h3 id="orgf5b5789">With a completely new Freedombone installation</h3>
<div class="outline-text-3" id="text-orgf5b5789">
<p>
This is the ultimate disaster recovery scenario in which you are beginning completely from scratch with new hardware and a new Freedombone installation (configured with the same username and domain names). It is assumed that the old hardware was destroyed, but that you have the backup key stored on a USB thumb drive.
</p>
@ -418,9 +420,9 @@ Finally select <i>Restore from remote backup</i> and enter the domain name of th
</p>
</div>
</div>
<div id="outline-container-orgf7adedb" class="outline-3">
<h3 id="orgf7adedb">On an existing Freedombone installation</h3>
<div class="outline-text-3" id="text-orgf7adedb">
<div id="outline-container-orgda018d1" class="outline-3">
<h3 id="orgda018d1">On an existing Freedombone installation</h3>
<div class="outline-text-3" id="text-orgda018d1">
<p>
This is for more common situations in which maybe some data became corrupted and you want to restore it.
</p>

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-12-29 Fri 10:25 -->
<!-- 2018-02-20 Tue 11:21 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -246,27 +246,27 @@ for the JavaScript code in this tag.
<center><h1>Code of Conduct</h1></center>
<div id="outline-container-org7389049" class="outline-2">
<h2 id="org7389049">Be respectful</h2>
<div class="outline-text-2" id="text-org7389049">
<div id="outline-container-org52494ee" class="outline-2">
<h2 id="org52494ee">Be respectful</h2>
<div class="outline-text-2" id="text-org52494ee">
<p>
In any Free Software project with more than one participant inevitably there may be people with whom you may disagree, or find it difficult to cooperate. Accept that, but even so, remain respectful. Disagreement is no excuse for poor behaviour or personal attacks, and a community in which people feel threatened is not a healthy community.
</p>
</div>
</div>
<div id="outline-container-orgb4a8701" class="outline-2">
<h2 id="orgb4a8701">Assume good faith</h2>
<div class="outline-text-2" id="text-orgb4a8701">
<div id="outline-container-orgf45c2d3" class="outline-2">
<h2 id="orgf45c2d3">Assume good faith</h2>
<div class="outline-text-2" id="text-orgf45c2d3">
<p>
Freedombone Contributors have many ways of reaching our common goal of providing freedom respecting internet or mesh systems which may differ from your ways. Assume that other people are working towards this goal.
</p>
</div>
</div>
<div id="outline-container-org323e1d5" class="outline-2">
<h2 id="org323e1d5">Be collaborative</h2>
<div class="outline-text-2" id="text-org323e1d5">
<div id="outline-container-org2cd0532" class="outline-2">
<h2 id="org2cd0532">Be collaborative</h2>
<div class="outline-text-2" id="text-org2cd0532">
<p>
Freedombone is a moderately complex project, though nothing big and professional like GNU. It's good to ask for help when you need it. Similarly, offers for help should be seen in the context of our shared goal of improving the system.
</p>
@ -277,9 +277,9 @@ When you make something for the benefit of the project, be willing to explain to
</div>
</div>
<div id="outline-container-org2247eb7" class="outline-2">
<h2 id="org2247eb7">Try to be concise</h2>
<div class="outline-text-2" id="text-org2247eb7">
<div id="outline-container-orgbc9ebe6" class="outline-2">
<h2 id="orgbc9ebe6">Try to be concise</h2>
<div class="outline-text-2" id="text-orgbc9ebe6">
<p>
If you're submitting documentation then keep in mind that what you write once could be read by many other people. To avoid TL;DR keep it as short and concise as possible. This will also reduce the amount of translations effort needed.
</p>
@ -290,9 +290,9 @@ If you're discussing an issue or bug, try to stay on topic, especially in discus
</div>
</div>
<div id="outline-container-org9d2afa5" class="outline-2">
<h2 id="org9d2afa5">Be open</h2>
<div class="outline-text-2" id="text-org9d2afa5">
<div id="outline-container-org9cc58e7" class="outline-2">
<h2 id="org9cc58e7">Be open</h2>
<div class="outline-text-2" id="text-org9cc58e7">
<p>
Most ways of communication used within Freedombone (eg Matrix/XMPP) allow for public and private communication. Prefer public methods of communication for Freedombone-related messages, unless posting something sensitive.
</p>
@ -303,9 +303,9 @@ This applies to messages for help, too; not only is a public support request muc
</div>
</div>
<div id="outline-container-orgeac99f0" class="outline-2">
<h2 id="orgeac99f0">In case of problems</h2>
<div class="outline-text-2" id="text-orgeac99f0">
<div id="outline-container-orgcc0a62b" class="outline-2">
<h2 id="orgcc0a62b">In case of problems</h2>
<div class="outline-text-2" id="text-orgcc0a62b">
<p>
While this code of conduct should be adhered to by participants, we recognize that sometimes people may have a bad day, or be unaware of some of the guidelines in this code of conduct. When that happens, you may reply to them and point out this code of conduct. Such messages may be in public or in private, whatever is most appropriate. However, regardless of whether the message is public or not, it should still adhere to the relevant parts of this code of conduct; in particular, it should not be abusive or disrespectful. Assume good faith; it is more likely that participants are unaware of their bad behaviour than that they intentionally try to degrade the quality of the discussion.
</p>
@ -315,7 +315,7 @@ Serious or persistent offenders will be kicked from chat rooms and any of their
</p>
<p>
This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG/OpenPGP if you can, or XMPP with OTR/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.
This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG if you can, or XMPP with OpenPGP/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.
</p>
</div>
</div>

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2018-02-04 Sun 21:22 -->
<!-- 2018-02-20 Tue 11:19 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -248,9 +248,9 @@ for the JavaScript code in this tag.
<h1>Support</h1>
</center>
<div id="outline-container-orgbc8f3ea" class="outline-2">
<h2 id="orgbc8f3ea">Contact details</h2>
<div class="outline-text-2" id="text-orgbc8f3ea">
<div id="outline-container-org96625f0" class="outline-2">
<h2 id="org96625f0">Contact details</h2>
<div class="outline-text-2" id="text-org96625f0">
<p>
This site can also be accessed via a Tor browser at <b><a href="http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion">http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion</a></b>
</p>
@ -264,7 +264,7 @@ This site can also be accessed via a Tor browser at <b><a href="http://yjxlc3imv
</p>
<p>
<b>XMPP:</b> bob@freedombone.net with OMEMO or OTR
<b>XMPP:</b> bob@freedombone.net with OMEMO or OpenPGP
</p>
<p>
@ -277,22 +277,22 @@ This site can also be accessed via a Tor browser at <b><a href="http://yjxlc3imv
</div>
</div>
<div id="outline-container-org742c05a" class="outline-2">
<h2 id="org742c05a">Things which would be nice to have</h2>
<div class="outline-text-2" id="text-org742c05a">
<div id="outline-container-orgf7837ec" class="outline-2">
<h2 id="orgf7837ec">Things which would be nice to have</h2>
<div class="outline-text-2" id="text-orgf7837ec">
</div>
<div id="outline-container-org317c742" class="outline-3">
<h3 id="org317c742">Ideas</h3>
<div class="outline-text-3" id="text-org317c742">
<div id="outline-container-orgff56304" class="outline-3">
<h3 id="orgff56304">Ideas</h3>
<div class="outline-text-3" id="text-orgff56304">
<p>
Know of some fabulous web system which could run on Freedombone, but currently doesn't? Contact the above, and be prepared to make a compelling argument for why it should be included.
</p>
</div>
</div>
<div id="outline-container-orgafbb438" class="outline-3">
<h3 id="orgafbb438">Money</h3>
<div class="outline-text-3" id="text-orgafbb438">
<div id="outline-container-org2a3b4c0" class="outline-3">
<h3 id="org2a3b4c0">Money</h3>
<div class="outline-text-3" id="text-org2a3b4c0">
<p>
At the present time this project is not seeking any funding. There is no crowdfunding campaign and no slick marketing video. Those aren't ruled out as future possibilities, but for now they're just not needed.
</p>
@ -303,35 +303,35 @@ If you find this project useful then you may wish to consider donating to <a hre
</div>
</div>
<div id="outline-container-org2edf966" class="outline-3">
<h3 id="org2edf966">Testing and reporting bugs</h3>
<div class="outline-text-3" id="text-org2edf966">
<div id="outline-container-org0aab630" class="outline-3">
<h3 id="org0aab630">Testing and reporting bugs</h3>
<div class="outline-text-3" id="text-org0aab630">
<p>
Testing of the install on different hardware. Also pentesting on test installations to find vulnerabilities.
</p>
</div>
</div>
<div id="outline-container-org10bcaa2" class="outline-3">
<h3 id="org10bcaa2">Web design and artwork</h3>
<div class="outline-text-3" id="text-org10bcaa2">
<div id="outline-container-org9f29739" class="outline-3">
<h3 id="org9f29739">Web design and artwork</h3>
<div class="outline-text-3" id="text-org9f29739">
<p>
A better design for this website would be nice to have. Photos, icons or other artwork are all welcome. I've always liked the cartoon artwork of the <a href="https://www.mediagoblin.org/">Mediagoblin</a> project, and attractive graphics can help to get people initially interested.
</p>
</div>
</div>
<div id="outline-container-org881c8f8" class="outline-3">
<h3 id="org881c8f8">Howto videos</h3>
<div class="outline-text-3" id="text-org881c8f8">
<div id="outline-container-org73db84c" class="outline-3">
<h3 id="org73db84c">Howto videos</h3>
<div class="outline-text-3" id="text-org73db84c">
<p>
If you're good at making videos then a howto for installing Freedombone onto various types of hardware, or testing the mesh system in realistic/exotic scenarios would be good. You could even host videos on PeerTube or Mediagoblin.
</p>
</div>
</div>
<div id="outline-container-org237516c" class="outline-3">
<h3 id="org237516c">More education and promotion</h3>
<div class="outline-text-3" id="text-org237516c">
<div id="outline-container-org34d84b9" class="outline-3">
<h3 id="org34d84b9">More education and promotion</h3>
<div class="outline-text-3" id="text-org34d84b9">
<div class="org-center">
<div class="figure">
@ -349,18 +349,18 @@ Raising awareness beyond the near zero current level, overcoming fear and parano
</div>
</div>
<div id="outline-container-org92766d9" class="outline-3">
<h3 id="org92766d9">Translations</h3>
<div class="outline-text-3" id="text-org92766d9">
<div id="outline-container-orgb28d5fb" class="outline-3">
<h3 id="orgb28d5fb">Translations</h3>
<div class="outline-text-3" id="text-orgb28d5fb">
<p>
To add translations modify the json files within the <b>locale</b> subdirectory. Then make a pull request on the <a href="https://github.com/bashrc/freedombone">Github site</a>.
</p>
</div>
</div>
<div id="outline-container-orgaf00625" class="outline-3">
<h3 id="orgaf00625">Packaging</h3>
<div class="outline-text-3" id="text-orgaf00625">
<div id="outline-container-org6dfbb85" class="outline-3">
<h3 id="org6dfbb85">Packaging</h3>
<div class="outline-text-3" id="text-org6dfbb85">
<p>
Helping to package GNU Social and Hubzilla for Debian would be beneficial.
</p>