diff --git a/src/freedombone b/src/freedombone index a77a40ee..ffe0108f 100755 --- a/src/freedombone +++ b/src/freedombone @@ -281,6 +281,11 @@ CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/ # web site used to obtain the external IP address of the system GET_IP_ADDRESS_URL="checkip.two-dns.de" +# Password used for VoIP server +VOIP_SERVER_PASSWORD= +# Port on which VoIP server listens +VOIP_PORT=64738 + # other possible services to obtain the external IP address EXTERNAL_IP_SERVICES=( \ 'https://check.torproject.org/' \ @@ -367,6 +372,8 @@ function show_help { echo ' --email Your email address' echo ' --usb Path for the USB drive (eg. /dev/sdb1)' echo ' --cjdns Enable CJDNS' + echo ' --vpass VoIP server password' + echo ' --vport VoIP server port' echo '' echo 'system types' echo '------------' @@ -943,6 +950,16 @@ case $key in shift ENABLE_CJDNS="yes" ;; + # VoIP server password + --vpass) + shift + VOIP_SERVER_PASSWORD=$1 + ;; + # VoIP server port + --vport) + shift + VOIP_PORT=$1 + ;; *) # unknown option ;; @@ -995,6 +1012,12 @@ function read_configuration { fi if [ -f $CONFIGURATION_FILE ]; then + if grep -q "VOIP_PORT" $CONFIGURATION_FILE; then + VOIP_PORT=$(grep "VOIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi + if grep -q "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then + VOIP_SERVER_PASSWORD=$(grep "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') + fi if grep -q "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE; then GET_IP_ADDRESS_URL=$(grep "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi @@ -4509,6 +4532,19 @@ function save_firewall_settings { chmod +x /etc/network/if-up.d/iptables } +function configure_firewall_for_voip { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then + return + fi + iptables -A INPUT -i eth0 -p udp --dport $VOIP_PORT -j ACCEPT + iptables -A INPUT -i eth0 -p tcp --dport $VOIP_PORT -j ACCEPT + save_firewall_settings + echo 'configure_firewall_for_voip' >> $COMPLETION_FILE +} + function configure_firewall_for_cjdns { if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then return @@ -8338,6 +8374,87 @@ function install_dynamicdns { echo 'install_dynamicdns' >> $COMPLETION_FILE } +function get_voip_server_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "VoIP server password" /home/$MY_USERNAME/README; then + if [ ! $VOIP_SERVER_PASSWORD ]; then + VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi + fi +} + +function install_voip { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then + return + fi + if grep -Fxq "install_voip" $COMPLETION_FILE; then + return + fi + apt-get -y install mumble-server + + get_voip_server_password + if [ ! $VOIP_SERVER_PASSWORD ]; then + VOIP_SERVER_PASSWORD=$(openssl rand -base64 $MINIMUM_PASSWORD_LENGTH) + fi + if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then + VOIP_SERVER_PASSWORD=$(openssl rand -base64 $MINIMUM_PASSWORD_LENGTH) + fi + + # Make an ssl cert for the server + makecert mumble + + # Check that the cert was created + if [ ! -f /etc/ssl/certs/mumble.crt ]; then + echo 'VoIP server certificate not created' + exit 57892 + fi + if [ ! -f /etc/ssl/private/mumble.key ]; then + echo 'VoIP server key not created' + exit 57893 + fi + + sed -i "s|welcometext=.*|welcometext=\"
Welcome to $DOMAIN_NAME VoIP.
Chat freely!
\"|g" /etc/mumble-server.ini + + if [ $VOIP_SERVER_PASSWORD ]; then + sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini + fi + + sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini + sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini + sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini + sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini + sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini + if ! grep -q "allowping" /etc/mumble-server.ini; then + echo 'allowping=False' >> /etc/mumble-server.ini + fi + sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini + sed -i 's|#sslCert=.*|sslCert=/etc/ssl/certs/mumble.crt|g' /etc/mumble-server.ini + sed -i 's|#sslKey=.*|sslKey=/etc/ssl/privare/mumble.key|g' /etc/mumble-server.ini + sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini + sed -i 's|users=100|users=10|g' /etc/mumble-server.ini + sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini + sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini + sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini + sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini + sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini + sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini + sed -i "s|port=.*|port=$VOIP_PORT|g" /etc/mumble-server.ini + + service mumble-server restart + + if ! grep -q "VoIP Server" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'VoIP Server' >> /home/$MY_USERNAME/README + echo '===========' >> /home/$MY_USERNAME/README + echo 'VoIP server password: $VOIP_SERVER_PASSWORD' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + fi + + echo 'install_voip' >> $COMPLETION_FILE +} + function install_final { if grep -Fxq "install_final" $COMPLETION_FILE; then return @@ -8369,6 +8486,7 @@ configure_firewall_for_dns configure_firewall_for_ftp configure_firewall_for_web_access configure_firewall_for_cjdns +configure_firewall_for_voip remove_proprietary_repos change_debian_repos enable_backports @@ -8422,6 +8540,7 @@ install_xmpp configure_firewall_for_xmpp install_irc_server configure_firewall_for_irc +install_voip install_wiki install_blog install_gnu_social