Merge branch 'stretch' of https://github.com/bashrc/freedombone
This commit is contained in:
commit
6791362368
|
@ -655,11 +655,11 @@ function install_gogs {
|
|||
echo $'No Tor installation found. Gogs onion site cannot be configured.'
|
||||
exit 877367
|
||||
fi
|
||||
if ! grep -q "hidden_service_gogs" $ONION_SERVICES_FILE; then
|
||||
if ! grep -q "hidden_service_gogs" "$ONION_SERVICES_FILE"; then
|
||||
{ echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/';
|
||||
echo 'HiddenServiceVersion 3';
|
||||
echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}";
|
||||
echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> $ONION_SERVICES_FILE
|
||||
echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> "$ONION_SERVICES_FILE"
|
||||
echo $'Added onion site for Gogs'
|
||||
fi
|
||||
|
||||
|
|
|
@ -656,12 +656,12 @@ function install_keyserver {
|
|||
|
||||
chown debian-sks: $sksconf_file
|
||||
|
||||
if ! grep -q "hidden_service_sks" $ONION_SERVICES_FILE; then
|
||||
if ! grep -q "hidden_service_sks" "$ONION_SERVICES_FILE"; then
|
||||
{ echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/';
|
||||
echo 'HiddenServiceVersion 3';
|
||||
echo "HiddenServicePort 11370 127.0.0.1:11370";
|
||||
echo "HiddenServicePort 11373 127.0.0.1:11371";
|
||||
echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> $ONION_SERVICES_FILE
|
||||
echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> "$ONION_SERVICES_FILE"
|
||||
echo $'Added onion site for sks'
|
||||
fi
|
||||
|
||||
|
|
|
@ -702,7 +702,7 @@ function install_home_server {
|
|||
|
||||
#MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
|
||||
add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT}
|
||||
echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> $ONION_SERVICES_FILE
|
||||
echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> "$ONION_SERVICES_FILE"
|
||||
systemctl restart tor
|
||||
|
||||
if [ ! "${MATRIX_PASSWORD}" ]; then
|
||||
|
|
|
@ -36,7 +36,7 @@ PLEROMA_CODE=
|
|||
PLEROMA_PORT=4000
|
||||
PLEROMA_ONION_PORT=8011
|
||||
PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
|
||||
PLEROMA_COMMIT='fc6f5bcad3ad94eefbfcb24ca361e818ed0319d6'
|
||||
PLEROMA_COMMIT='5b6d6d7f2d9363c494642bfda4d6e4d12daa53c7'
|
||||
PLEROMA_ADMIN_PASSWORD=
|
||||
PLEROMA_DIR=/etc/pleroma
|
||||
PLEROMA_SECRET_KEY=""
|
||||
|
@ -62,6 +62,24 @@ pleroma_variables=(ONION_ONLY
|
|||
MY_EMAIL_ADDRESS
|
||||
MY_USERNAME)
|
||||
|
||||
function pleroma_add_filtering {
|
||||
if grep -q "# begin filtering" $pleroma_secret; then
|
||||
return
|
||||
fi
|
||||
sed -i '/pbkdf2_rounds/a reject: []' $pleroma_secret
|
||||
sed -i '/pbkdf2_rounds/a federated_timeline_removal: [],' $pleroma_secret
|
||||
sed -i '/pbkdf2_rounds/a media_nsfw: [],' $pleroma_secret
|
||||
sed -i '/pbkdf2_rounds/a media_removal: [],' $pleroma_secret
|
||||
sed -i '/pbkdf2_rounds/a config :pleroma, :mrf_simple,' $pleroma_secret
|
||||
sed -i '/pbkdf2_rounds/a # begin filtering' $pleroma_secret
|
||||
|
||||
sed -i 's|reject: | reject: |g' $pleroma_secret
|
||||
sed -i 's|federated_timeline_removal: | federated_timeline_removal: |g' $pleroma_secret
|
||||
sed -i 's|media_nsfw: | media_nsfw: |g' $pleroma_secret
|
||||
sed -i 's|media_removal: | media_removal: |g' $pleroma_secret
|
||||
create_pleroma_blocklist
|
||||
}
|
||||
|
||||
function pleroma_enable_chat {
|
||||
if [[ "$1" == 't'* || "$1" == 'y'* || "$1" == 'T'* || "$1" == 'Y'* ]]; then
|
||||
sed -i 's|"chatDisabled":.*|"chatDisabled": false,|g' $PLEROMA_DIR/priv/static/static/config.json
|
||||
|
@ -91,6 +109,7 @@ function create_pleroma_blocklist {
|
|||
echo 'users_query="DELETE FROM users WHERE"';
|
||||
echo 'websub_server_subscriptions_query="DELETE FROM websub_server_subscriptions WHERE"';
|
||||
echo 'websub_server_subscriptions_updated=';
|
||||
echo 'filter_str=';
|
||||
echo 'while read blocked; do';
|
||||
echo " if [[ \"\$blocked\" == *\".\"* || \"\$blocked\" == *\"@\"* ]]; then";
|
||||
echo " if [ \${#blocked} -gt 4 ]; then";
|
||||
|
@ -102,6 +121,13 @@ function create_pleroma_blocklist {
|
|||
echo " users_query=\"\${users_query} nickname ilike '%\${blocked}%'\"";
|
||||
echo ' objects_updated=1';
|
||||
echo " if [[ \"\$blocked\" != *\"@\"* ]]; then";
|
||||
echo ' # Create a filter string for the pleroma configuration';
|
||||
echo " if [ \"\$filter_str\" ]; then";
|
||||
echo " filter_str=\"\${filter_str}, \\\"\$blocked\\\"\"";
|
||||
echo ' else';
|
||||
echo " filter_str=\"\\\"\${blocked}\\\"\"";
|
||||
echo ' fi';
|
||||
echo '';
|
||||
echo " if ! grep -q \"127.0.0.1 \$blocked\" /etc/hosts; then";
|
||||
echo " echo \"127.0.0.1 \$blocked\" >> /etc/hosts";
|
||||
echo ' fi';
|
||||
|
@ -115,6 +141,19 @@ function create_pleroma_blocklist {
|
|||
echo ' fi';
|
||||
echo 'done </root/freedombone-firewall-domains.cfg';
|
||||
echo '';
|
||||
echo "if [ \"\$filter_str\" ]; then";
|
||||
echo " if ! grep -q \" \$filter_str \" $pleroma_secret; then";
|
||||
echo " sed -i \"s| media_removal:.*| media_removal: [ \$filter_str ],|g\" $pleroma_secret";
|
||||
echo " sed -i \"s| federated_timeline_removal:.*| federated_timeline_removal: [ \$filter_str ],|g\" $pleroma_secret";
|
||||
echo " sed -i \"s| reject:.*| reject: [ \$filter_str ]|g\" $pleroma_secret";
|
||||
echo " chown -R pleroma:pleroma $PLEROMA_DIR";
|
||||
echo ' sudo -u pleroma mix clean';
|
||||
echo ' sudo -u pleroma mix deps.compile';
|
||||
echo ' sudo -u pleroma mix compile';
|
||||
echo ' systemctl restart pleroma';
|
||||
echo ' fi';
|
||||
echo 'fi';
|
||||
echo '';
|
||||
echo 'cd /etc/postgresql';
|
||||
echo "if [ \$objects_updated ]; then";
|
||||
echo " sudo -u postgres psql -d pleroma -c \"\$objects_query\"";
|
||||
|
@ -755,6 +794,8 @@ function upgrade_pleroma {
|
|||
read_config_param PLEROMA_DOMAIN_NAME
|
||||
read_config_param PLEROMA_EXPIRE_MONTHS
|
||||
|
||||
pleroma_add_filtering
|
||||
|
||||
if ! grep -q "/media/" /etc/cron.daily/pleroma-expire; then
|
||||
rm $pleroma_expire_posts_script
|
||||
fi
|
||||
|
@ -1308,6 +1349,8 @@ function install_pleroma {
|
|||
fi
|
||||
sed -i 's|"chatDisabled":.*|"chatDisabled": true,|g' $PLEROMA_DIR/priv/static/static/config.json
|
||||
|
||||
pleroma_add_filtering
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable pleroma
|
||||
systemctl start pleroma
|
||||
|
|
|
@ -376,6 +376,7 @@ function install_dat {
|
|||
}
|
||||
|
||||
function mesh_install_scuttlebot {
|
||||
#shellcheck disable=SC2153
|
||||
if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
|
||||
return
|
||||
fi
|
||||
|
|
|
@ -51,6 +51,7 @@ prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest
|
|||
# From https://hg.prosody.im/prosody-modules
|
||||
prosody_modules_filename='prosody-modules-20180322.tar.gz'
|
||||
prosody_modules_hash='982d0dfcef98e9cb9cee4cc3801b8ce9a503a32e44c32b99df6fe94545b90072'
|
||||
xmpp_encryption_warning=$"For security reasons, OMEMO or PGP encryption is required for conversations on this server."
|
||||
|
||||
xmpp_variables=(ONION_ONLY
|
||||
INSTALLED_WITHIN_DOCKER
|
||||
|
@ -62,6 +63,37 @@ xmpp_variables=(ONION_ONLY
|
|||
DEFAULT_DOMAIN_NAME
|
||||
XMPP_DOMAIN_CODE)
|
||||
|
||||
function xmpp_update_e2e_policy {
|
||||
filename="$1"
|
||||
|
||||
read_config_param DEFAULT_DOMAIN_NAME
|
||||
read_config_param ONION_ONLY
|
||||
|
||||
if ! grep -q "e2e_policy_muc" "$filename"; then
|
||||
echo "e2e_policy_muc = \"none\"" >> "$filename"
|
||||
else
|
||||
sed -i 's|e2e_policy_muc.*|e2e_policy_muc = "none"|g' "$filename"
|
||||
fi
|
||||
if ! grep -q "e2e_policy_chat" "$filename"; then
|
||||
echo "e2e_policy_chat = \"required\"" >> "$filename"
|
||||
else
|
||||
sed -i 's|e2e_policy_chat.*|e2e_policy_chat = "required"|g' "$filename"
|
||||
fi
|
||||
if ! grep -q "e2e_policy_message_required_chat" "$filename"; then
|
||||
echo "e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"" >> "$filename"
|
||||
else
|
||||
sed -i "s|e2e_policy_message_required_chat.*|e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"|g" "$filename"
|
||||
fi
|
||||
|
||||
if [[ "$ONION_ONLY" != 'no' ]]; then
|
||||
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
|
||||
sed -i "s|VirtualHost \".*.onion.*|VirtualHost \"${XMPP_ONION_HOSTNAME}\"|g" "$filename"
|
||||
# TLS is not strictly needed for onion transport security
|
||||
sed -i 's|c2s_require_encryption =.*|c2s_require_encryption = false|g' "$filename"
|
||||
sed -i 's|s2s_require_encryption =.*|s2s_require_encryption = false|g' "$filename"
|
||||
fi
|
||||
}
|
||||
|
||||
function logging_on_xmpp {
|
||||
if [ -d /etc/prosody ]; then
|
||||
if [ ! -d /var/log/prosody ]; then
|
||||
|
@ -425,6 +457,10 @@ function upgrade_xmpp {
|
|||
usermod -a -G ssl-cert prosody
|
||||
fi
|
||||
fi
|
||||
|
||||
xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||
xmpp_update_e2e_policy /etc/prosody/prosody.cfg.lua
|
||||
|
||||
prosody_daemon_restart_script
|
||||
function_check update_prosody_modules
|
||||
update_prosody_modules
|
||||
|
@ -608,7 +644,7 @@ function remove_xmpp {
|
|||
|
||||
function_check remove_onion_service
|
||||
remove_onion_service xmpp 5222 5223 5269
|
||||
sed -i '/HiddenServiceVersion 2/d' $ONION_SERVICES_FILE
|
||||
sed -i '/HiddenServiceVersion 2/d' "$ONION_SERVICES_FILE"
|
||||
|
||||
apt-mark -q unhold prosody
|
||||
apt-get -yq remove --purge prosody
|
||||
|
@ -818,11 +854,16 @@ function xmpp_create_config {
|
|||
else
|
||||
echo " dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
||||
fi
|
||||
|
||||
{ echo '}';
|
||||
echo '';
|
||||
echo 'c2s_require_encryption = true';
|
||||
echo 's2s_require_encryption = true';
|
||||
echo '';
|
||||
echo 'e2e_policy_muc = "none"';
|
||||
echo 'e2e_policy_chat = "required"';
|
||||
echo "e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"";
|
||||
echo '';
|
||||
echo 's2s_secure_auth = false';
|
||||
echo '';
|
||||
echo 'authentication = "internal_hashed"';
|
||||
|
@ -838,6 +879,9 @@ function xmpp_create_config {
|
|||
echo ''; } >> /etc/prosody/prosody.cfg.lua
|
||||
if [[ "$ONION_ONLY" != 'no' ]]; then
|
||||
echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/prosody.cfg.lua
|
||||
# TLS is not needed for onion transport security
|
||||
sed -i 's|s2s_require_encryption =.*|s2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
|
||||
sed -i 's|c2s_require_encryption =.*|c2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
|
||||
else
|
||||
echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
|
||||
fi
|
||||
|
@ -1068,6 +1112,14 @@ function install_xmpp {
|
|||
else
|
||||
sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||
fi
|
||||
|
||||
if [[ "$ONION_ONLY" != 'no' ]]; then
|
||||
sed -i 's|c2s_require_encryption.*|c2s_require_encryption = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||
sed -i 's|s2s_require_encryption.*|s2s_require_encryption = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||
fi
|
||||
|
||||
xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||
|
||||
if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
||||
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||
else
|
||||
|
@ -1079,11 +1131,11 @@ function install_xmpp {
|
|||
echo $'No Tor installation found. xmpp onion site cannot be configured.'
|
||||
exit 877367
|
||||
fi
|
||||
if ! grep -q "hidden_service_xmpp" $ONION_SERVICES_FILE; then
|
||||
if ! grep -q "hidden_service_xmpp" "$ONION_SERVICES_FILE"; then
|
||||
{ echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/';
|
||||
echo 'HiddenServiceVersion 2';
|
||||
echo "HiddenServicePort 5222 127.0.0.1:5222";
|
||||
echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> $ONION_SERVICES_FILE
|
||||
echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> "$ONION_SERVICES_FILE"
|
||||
echo $'Added onion site for xmpp chat'
|
||||
fi
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ HIDDEN_SERVICE_PATH='/var/lib/tor/hidden_service_'
|
|||
ONION_SERVICES_FILE=/etc/torrc.d/${PROJECT_NAME}
|
||||
|
||||
function torrc_migrate {
|
||||
if [ -f $ONION_SERVICES_FILE ]; then
|
||||
if [ -f "$ONION_SERVICES_FILE" ]; then
|
||||
if grep -q "#%include /etc/torrc.d" /etc/tor/torrc; then
|
||||
sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
|
||||
systemctl restart tor
|
||||
|
@ -45,9 +45,9 @@ function torrc_migrate {
|
|||
|
||||
mkdir /etc/torrc.d
|
||||
|
||||
grep "HiddenServiceDir\\|HiddenServiceVersion\\|HiddenServicePort" /etc/tor/torrc | grep -v "#HiddenServiceDir" >> $ONION_SERVICES_FILE
|
||||
grep "HiddenServiceDir\\|HiddenServiceVersion\\|HiddenServicePort" /etc/tor/torrc | grep -v "#HiddenServiceDir" >> "$ONION_SERVICES_FILE"
|
||||
|
||||
if ! grep "HiddenServiceVersion" $ONION_SERVICES_FILE; then
|
||||
if ! grep "HiddenServiceVersion" "$ONION_SERVICES_FILE"; then
|
||||
systemctl restart tor
|
||||
return
|
||||
fi
|
||||
|
@ -121,17 +121,17 @@ function remove_onion_service {
|
|||
nick="$3"
|
||||
|
||||
if [ ${#nick} -gt 0 ]; then
|
||||
sed -i "/stealth ${nick}/d" $ONION_SERVICES_FILE
|
||||
sed -i "/stealth ${nick}/d" "$ONION_SERVICES_FILE"
|
||||
fi
|
||||
sed -i "/hidden_service_${onion_service_name}/,+1 d" $ONION_SERVICES_FILE
|
||||
sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" $ONION_SERVICES_FILE
|
||||
sed -i "/127.0.0.1:${onion_service_port_to}/d" $ONION_SERVICES_FILE
|
||||
sed -i "/hidden_service_${onion_service_name}/,+1 d" "$ONION_SERVICES_FILE"
|
||||
sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" "$ONION_SERVICES_FILE"
|
||||
sed -i "/127.0.0.1:${onion_service_port_to}/d" "$ONION_SERVICES_FILE"
|
||||
if [ "$3" ]; then
|
||||
sed -i "/127.0.0.1:${3}/d" $ONION_SERVICES_FILE
|
||||
sed -i "/127.0.0.1:${3}/d" "$ONION_SERVICES_FILE"
|
||||
if [ "$4" ]; then
|
||||
sed -i "/127.0.0.1:${4}/d" $ONION_SERVICES_FILE
|
||||
sed -i "/127.0.0.1:${4}/d" "$ONION_SERVICES_FILE"
|
||||
if [ "$5" ]; then
|
||||
sed -i "/127.0.0.1:${5}/d" $ONION_SERVICES_FILE
|
||||
sed -i "/127.0.0.1:${5}/d" "$ONION_SERVICES_FILE"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
@ -164,16 +164,16 @@ function add_onion_service {
|
|||
USE_V2_ONION_ADDRESS=
|
||||
exit 877367
|
||||
fi
|
||||
if ! grep -q "hidden_service_${onion_service_name}" $ONION_SERVICES_FILE; then
|
||||
echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> $ONION_SERVICES_FILE
|
||||
if ! grep -q "hidden_service_${onion_service_name}" "$ONION_SERVICES_FILE"; then
|
||||
echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> "$ONION_SERVICES_FILE"
|
||||
if [ ! $USE_V2_ONION_ADDRESS ]; then
|
||||
echo 'HiddenServiceVersion 3' >> $ONION_SERVICES_FILE
|
||||
echo 'HiddenServiceVersion 3' >> "$ONION_SERVICES_FILE"
|
||||
else
|
||||
echo 'HiddenServiceVersion 2' >> $ONION_SERVICES_FILE
|
||||
echo 'HiddenServiceVersion 2' >> "$ONION_SERVICES_FILE"
|
||||
fi
|
||||
echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> $ONION_SERVICES_FILE
|
||||
echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> "$ONION_SERVICES_FILE"
|
||||
if [ ${#onion_stealth_name} -gt 0 ]; then
|
||||
echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> $ONION_SERVICES_FILE
|
||||
echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> "$ONION_SERVICES_FILE"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
Loading…
Reference in New Issue