diff --git a/src/freedombone b/src/freedombone
index a77a40ee..ffe0108f 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -281,6 +281,11 @@ CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/
# web site used to obtain the external IP address of the system
GET_IP_ADDRESS_URL="checkip.two-dns.de"
+# Password used for VoIP server
+VOIP_SERVER_PASSWORD=
+# Port on which VoIP server listens
+VOIP_PORT=64738
+
# other possible services to obtain the external IP address
EXTERNAL_IP_SERVICES=( \
'https://check.torproject.org/' \
@@ -367,6 +372,8 @@ function show_help {
echo ' --email Your email address'
echo ' --usb Path for the USB drive (eg. /dev/sdb1)'
echo ' --cjdns Enable CJDNS'
+ echo ' --vpass VoIP server password'
+ echo ' --vport VoIP server port'
echo ''
echo 'system types'
echo '------------'
@@ -943,6 +950,16 @@ case $key in
shift
ENABLE_CJDNS="yes"
;;
+ # VoIP server password
+ --vpass)
+ shift
+ VOIP_SERVER_PASSWORD=$1
+ ;;
+ # VoIP server port
+ --vport)
+ shift
+ VOIP_PORT=$1
+ ;;
*)
# unknown option
;;
@@ -995,6 +1012,12 @@ function read_configuration {
fi
if [ -f $CONFIGURATION_FILE ]; then
+ if grep -q "VOIP_PORT" $CONFIGURATION_FILE; then
+ VOIP_PORT=$(grep "VOIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then
+ VOIP_SERVER_PASSWORD=$(grep "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
if grep -q "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE; then
GET_IP_ADDRESS_URL=$(grep "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
@@ -4509,6 +4532,19 @@ function save_firewall_settings {
chmod +x /etc/network/if-up.d/iptables
}
+function configure_firewall_for_voip {
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then
+ return
+ fi
+ if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
+ return
+ fi
+ iptables -A INPUT -i eth0 -p udp --dport $VOIP_PORT -j ACCEPT
+ iptables -A INPUT -i eth0 -p tcp --dport $VOIP_PORT -j ACCEPT
+ save_firewall_settings
+ echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
+}
+
function configure_firewall_for_cjdns {
if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
return
@@ -8338,6 +8374,87 @@ function install_dynamicdns {
echo 'install_dynamicdns' >> $COMPLETION_FILE
}
+function get_voip_server_password {
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "VoIP server password" /home/$MY_USERNAME/README; then
+ if [ ! $VOIP_SERVER_PASSWORD ]; then
+ VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
+ fi
+}
+
+function install_voip {
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_TOR_DONGLE" ]]; then
+ return
+ fi
+ if grep -Fxq "install_voip" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install mumble-server
+
+ get_voip_server_password
+ if [ ! $VOIP_SERVER_PASSWORD ]; then
+ VOIP_SERVER_PASSWORD=$(openssl rand -base64 $MINIMUM_PASSWORD_LENGTH)
+ fi
+ if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+ VOIP_SERVER_PASSWORD=$(openssl rand -base64 $MINIMUM_PASSWORD_LENGTH)
+ fi
+
+ # Make an ssl cert for the server
+ makecert mumble
+
+ # Check that the cert was created
+ if [ ! -f /etc/ssl/certs/mumble.crt ]; then
+ echo 'VoIP server certificate not created'
+ exit 57892
+ fi
+ if [ ! -f /etc/ssl/private/mumble.key ]; then
+ echo 'VoIP server key not created'
+ exit 57893
+ fi
+
+ sed -i "s|welcometext=.*|welcometext=\"
Welcome to $DOMAIN_NAME VoIP.
Chat freely!
\"|g" /etc/mumble-server.ini
+
+ if [ $VOIP_SERVER_PASSWORD ]; then
+ sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini
+ fi
+
+ sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini
+ sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini
+ sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini
+ sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
+ sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
+ if ! grep -q "allowping" /etc/mumble-server.ini; then
+ echo 'allowping=False' >> /etc/mumble-server.ini
+ fi
+ sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
+ sed -i 's|#sslCert=.*|sslCert=/etc/ssl/certs/mumble.crt|g' /etc/mumble-server.ini
+ sed -i 's|#sslKey=.*|sslKey=/etc/ssl/privare/mumble.key|g' /etc/mumble-server.ini
+ sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
+ sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
+ sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
+ sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
+ sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
+ sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini
+ sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
+ sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
+ sed -i "s|port=.*|port=$VOIP_PORT|g" /etc/mumble-server.ini
+
+ service mumble-server restart
+
+ if ! grep -q "VoIP Server" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo 'VoIP Server' >> /home/$MY_USERNAME/README
+ echo '===========' >> /home/$MY_USERNAME/README
+ echo 'VoIP server password: $VOIP_SERVER_PASSWORD' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ fi
+
+ echo 'install_voip' >> $COMPLETION_FILE
+}
+
function install_final {
if grep -Fxq "install_final" $COMPLETION_FILE; then
return
@@ -8369,6 +8486,7 @@ configure_firewall_for_dns
configure_firewall_for_ftp
configure_firewall_for_web_access
configure_firewall_for_cjdns
+configure_firewall_for_voip
remove_proprietary_repos
change_debian_repos
enable_backports
@@ -8422,6 +8540,7 @@ install_xmpp
configure_firewall_for_xmpp
install_irc_server
configure_firewall_for_irc
+install_voip
install_wiki
install_blog
install_gnu_social