From a8979e3bb796643fbc28c8c1cca5bb5cb44f6ed6 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 25 Jul 2016 21:00:45 +0100 Subject: [PATCH] Tidying --- src/freedombone-app-batman | 46 +- src/freedombone-app-blog | 796 +++++++++++++------------- src/freedombone-app-cjdns | 810 +++++++++++++------------- src/freedombone-app-dlna | 314 +++++----- src/freedombone-app-emacs | 248 ++++---- src/freedombone-app-ipfs | 404 ++++++------- src/freedombone-app-irc | 466 +++++++-------- src/freedombone-app-mediagoblin | 552 +++++++++--------- src/freedombone-app-mumble | 424 +++++++------- src/freedombone-app-searx | 472 +++++++-------- src/freedombone-app-sip | 692 +++++++++++----------- src/freedombone-app-syncthing | 474 +++++++-------- src/freedombone-app-tox | 816 +++++++++++++------------- src/freedombone-app-vpn | 46 +- src/freedombone-app-wiki | 758 ++++++++++++------------ src/freedombone-app-xmpp | 748 ++++++++++++------------ src/freedombone-app-zeronet | 982 ++++++++++++++++---------------- 17 files changed, 4524 insertions(+), 4524 deletions(-) diff --git a/src/freedombone-app-batman b/src/freedombone-app-batman index 7667ada5..cf3137f3 100755 --- a/src/freedombone-app-batman +++ b/src/freedombone-app-batman @@ -35,10 +35,10 @@ BATMAN_CELLID='any' function configure_firewall_for_batma { if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then - return + return fi if [[ $ENABLE_BATMAN != "yes" ]]; then - return + return fi function_check save_firewall_settings @@ -72,13 +72,13 @@ function restore_remote_batman { function remove_batman { if ! grep -Fxq "install_batman" $COMPLETION_FILE; then - return + return fi ${PROJECT_NAME}-mesh-install -f batman --remove yes if [ ! "$?" = "0" ]; then - echo $'Failed to remove batman' - exit 79353 + echo $'Failed to remove batman' + exit 79353 fi sed -i '/install_batman/d' $COMPLETION_FILE sed -i '/configure_firewall_for_batman/d' $COMPLETION_FILE @@ -90,15 +90,15 @@ function mesh_install_batman { chroot "$rootdir" apt-get -y install wireless-tools rfkill if ! grep -q "batman_adv" $rootdir/etc/modules; then - echo 'batman_adv' >> $rootdir/etc/modules + echo 'batman_adv' >> $rootdir/etc/modules fi BATMAN_SCRIPT=$rootdir/var/lib/batman if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then - cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT + cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT else - cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT + cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT fi BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service @@ -124,32 +124,32 @@ function mesh_install_batman { function install_batman { if [ $INSTALLING_MESH ]; then - mesh_install_batman - return + mesh_install_batman + return fi if grep -Fxq "install_batman" $COMPLETION_FILE; then - return + return fi if [[ $ENABLE_BATMAN != "yes" ]]; then - return + return fi ${PROJECT_NAME}-mesh-install -f batman if [ ! "$?" = "0" ]; then - echo $'Failed to install batman' - exit 72524 + echo $'Failed to install batman' + exit 72524 fi if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README - echo '=============================' >> /home/$MY_USERNAME/README - echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README - echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README - echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README + echo '=============================' >> /home/$MY_USERNAME/README + echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README + echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README + echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README fi function_check configure_firewall_for_batman diff --git a/src/freedombone-app-blog b/src/freedombone-app-blog index a29a1e28..7cb2c9f7 100755 --- a/src/freedombone-app-blog +++ b/src/freedombone-app-blog @@ -39,481 +39,481 @@ MY_BLOG_TITLE="My Blog" MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog" function reconfigure_blog { - echo -n '' + echo -n '' } function upgrade_blog { - if ! grep -Fxq "install_blog" $COMPLETION_FILE; then - return - fi - function_check set_repo_commit - set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO + if ! grep -Fxq "install_blog" $COMPLETION_FILE; then + return + fi + function_check set_repo_commit + set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO - # update blog avatar - ${PROJECT_NAME}-blog + # update blog avatar + ${PROJECT_NAME}-blog } function backup_local_blog { - FULLBLOG_DOMAIN_NAME='blog' - if grep -q "Blog domain" $COMPLETION_FILE; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') - fi + FULLBLOG_DOMAIN_NAME='blog' + if grep -q "Blog domain" $COMPLETION_FILE; then + FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') + fi - source_directory=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - if [ -d $source_directory ]; then - dest_directory=blog - echo $"Backing up $source_directory to $dest_directory" + source_directory=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs + if [ -d $source_directory ]; then + dest_directory=blog + echo $"Backing up $source_directory to $dest_directory" - function_check suspend_site - suspend_site ${FULLBLOG_DOMAIN_NAME} + function_check suspend_site + suspend_site ${FULLBLOG_DOMAIN_NAME} - function_check backup_directory_to_usb - backup_directory_to_usb $source_directory $dest_directory + function_check backup_directory_to_usb + backup_directory_to_usb $source_directory $dest_directory - function_check restart_site - restart_site + function_check restart_site + restart_site - echo $"Backup to $dest_directory complete" - fi + echo $"Backup to $dest_directory complete" + fi } function restore_local_blog { - FULLBLOG_DOMAIN_NAME='blog' - if grep -q "Blog domain" $COMPLETION_FILE; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') - fi - if [ $FULLBLOG_DOMAIN_NAME ]; then - echo $"Restoring blog installation" - temp_restore_dir=/root/tempblog - restore_directory_from_usb $temp_restore_dir blog - rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ - if [ ! "$?" = "0" ]; then - set_user_permissions - backup_unmount_drive - exit 593 + FULLBLOG_DOMAIN_NAME='blog' + if grep -q "Blog domain" $COMPLETION_FILE; then + FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') fi - rm -rf $temp_restore_dir - if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then - echo $"No content directory found after restoring blog" - set_user_permissions - backup_unmount_drive - exit 287 - fi - chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - # Ensure that the bundled SSL cert is being used - if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then - sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} - fi - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then - mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post + if [ $FULLBLOG_DOMAIN_NAME ]; then + echo $"Restoring blog installation" + temp_restore_dir=/root/tempblog + restore_directory_from_usb $temp_restore_dir blog + rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs + cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ + if [ ! "$?" = "0" ]; then + set_user_permissions + backup_unmount_drive + exit 593 + fi + rm -rf $temp_restore_dir + if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then + echo $"No content directory found after restoring blog" + set_user_permissions + backup_unmount_drive + exit 287 + fi + chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs + # Ensure that the bundled SSL cert is being used + if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then + sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} + fi + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then + mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post + fi + fi + done + if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then + ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key + ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem fi - fi - done - if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem fi - fi } function backup_remote_blog { - if grep -q "Blog domain" $COMPLETION_FILE; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') - temp_backup_dir=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - if [ -d $temp_backup_dir ]; then - echo $"Backing up blog" - backup_directory_to_friend $temp_backup_dir blog - echo $"Backup of blog complete" - else - echo $"Blog domain specified but not found in $temp_backup_dir" - exit 2578 + if grep -q "Blog domain" $COMPLETION_FILE; then + FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') + temp_backup_dir=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs + if [ -d $temp_backup_dir ]; then + echo $"Backing up blog" + backup_directory_to_friend $temp_backup_dir blog + echo $"Backup of blog complete" + else + echo $"Blog domain specified but not found in $temp_backup_dir" + exit 2578 + fi fi - fi } function restore_remote_blog { - if [ -d $SERVER_DIRECTORY/backup/blog ]; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') - echo $"Restoring blog installation $FULLBLOG_DOMAIN_NAME" - temp_restore_dir=/root/tempblog - mkdir $temp_restore_dir - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir blog - rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ - if [ ! "$?" = "0" ]; then - exit 593 - fi - rm -rf $temp_restore_dir - if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then - echo $"No content directory found after restoring blog" - exit 287 - fi - # Ensure that the bundled SSL cert is being used - if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then - sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} - fi - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then - mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post + if [ -d $SERVER_DIRECTORY/backup/blog ]; then + FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') + echo $"Restoring blog installation $FULLBLOG_DOMAIN_NAME" + temp_restore_dir=/root/tempblog + mkdir $temp_restore_dir + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir blog + rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs + cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ + if [ ! "$?" = "0" ]; then + exit 593 fi - fi - done - if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem + rm -rf $temp_restore_dir + if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then + echo $"No content directory found after restoring blog" + exit 287 + fi + # Ensure that the bundled SSL cert is being used + if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then + sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} + fi + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then + mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post + fi + fi + done + if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then + ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key + ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem + fi + echo $"Restore of blog complete" fi - echo $"Restore of blog complete" - fi } function remove_blog { - if ! grep -Fxq "install_blog" $COMPLETION_FILE; then - return - fi - if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then - rm -rf /var/www/$FULLBLOG_DOMAIN_NAME - fi - nginx_dissite $FULLBLOG_DOMAIN_NAME - if [ ! -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME ]; then - rm -rf /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - fi - if [ $FULLBLOG_CODE ]; then - if [ -f /usr/bin/dynamicdns ]; then - sed -i "/$FULLBLOG_DOMAIN_NAME/d" /usr/bin/dynamicdns - sed -i "/$FULLBLOG_CODE/d" /usr/bin/dynamicdns + if ! grep -Fxq "install_blog" $COMPLETION_FILE; then + return fi - fi - function_check remove_onion_service - remove_onion_service blog ${FULLBLOG_ONION_PORT} - sed -i '/install_blog/d' $COMPLETION_FILE - sed -i '/Blog .*/d' $COMPLETION_FILE + if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then + rm -rf /var/www/$FULLBLOG_DOMAIN_NAME + fi + nginx_dissite $FULLBLOG_DOMAIN_NAME + if [ ! -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME ]; then + rm -rf /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + fi + if [ $FULLBLOG_CODE ]; then + if [ -f /usr/bin/dynamicdns ]; then + sed -i "/$FULLBLOG_DOMAIN_NAME/d" /usr/bin/dynamicdns + sed -i "/$FULLBLOG_CODE/d" /usr/bin/dynamicdns + fi + fi + function_check remove_onion_service + remove_onion_service blog ${FULLBLOG_ONION_PORT} + sed -i '/install_blog/d' $COMPLETION_FILE + sed -i '/Blog .*/d' $COMPLETION_FILE } function get_blog_admin_password { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "Your blog password is" /home/$MY_USERNAME/README; then - FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//') + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "Your blog password is" /home/$MY_USERNAME/README; then + FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi fi - fi } function install_blog_social_networks { - # set social networks - if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then - sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - fi - if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then - sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - fi + # set social networks + if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then + sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + fi + if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then + sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + fi - # clear proprietary social network strings - sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + # clear proprietary social network strings + sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini } function install_blog_user { - # create a user password - function_check get_blog_admin_password - get_blog_admin_password - if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + # create a user password + function_check get_blog_admin_password + get_blog_admin_password + if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'HTMLy Blog' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README + echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + if [[ $ONION_ONLY == 'no' ]]; then + echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README + fi + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README fi - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'HTMLy Blog' >> /home/$MY_USERNAME/README - echo '==========' >> /home/$MY_USERNAME/README - echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README - echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README - if [[ $ONION_ONLY == 'no' ]]; then - echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README - fi - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - # create a user - FULLBLOG_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD") - if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then - echo $'Blog admin password could not be hashed' - exit 625728 - fi - echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + # create a user + FULLBLOG_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD") + if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then + echo $'Blog admin password could not be hashed' + exit 625728 + fi + echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini } function install_blog_settings { - cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini } function install_blog_website { - function_check nginx_http_redirect - nginx_http_redirect $FULLBLOG_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - function_check nginx_limits - nginx_limits $FULLBLOG_DOMAIN_NAME - function_check nginx_ssl - nginx_ssl $FULLBLOG_DOMAIN_NAME - function_check nginx_disable_sniffing - nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + function_check nginx_http_redirect + nginx_http_redirect $FULLBLOG_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + function_check nginx_limits + nginx_limits $FULLBLOG_DOMAIN_NAME + function_check nginx_ssl + nginx_ssl $FULLBLOG_DOMAIN_NAME + function_check nginx_disable_sniffing + nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME } function install_blog_website_onion { - echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - function_check nginx_limits - nginx_limits $FULLBLOG_DOMAIN_NAME - function_check nginx_disable_sniffing - nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + function_check nginx_limits + nginx_limits $FULLBLOG_DOMAIN_NAME + function_check nginx_disable_sniffing + nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME } function install_blog_from_repo { - if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then - mkdir /var/www/$FULLBLOG_DOMAIN_NAME - fi + if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then + mkdir /var/www/$FULLBLOG_DOMAIN_NAME + fi - cd /var/www/$FULLBLOG_DOMAIN_NAME - git_clone $FULLBLOG_REPO htdocs - cd htdocs - git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT - if ! grep -q "Blog commit" $COMPLETION_FILE; then - echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE - fi + cd /var/www/$FULLBLOG_DOMAIN_NAME + git_clone $FULLBLOG_REPO htdocs + cd htdocs + git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT + if ! grep -q "Blog commit" $COMPLETION_FILE; then + echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE + fi } function install_blog { - if [ ! $FULLBLOG_DOMAIN_NAME ]; then - echo $'The blog domain name was not specified' - exit 5062 - fi + if [ ! $FULLBLOG_DOMAIN_NAME ]; then + echo $'The blog domain name was not specified' + exit 5062 + fi - if grep -Fxq "install_blog" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_blog" $COMPLETION_FILE; then + return + fi - # for the avatar changing command - apt-get -y install imagemagick + # for the avatar changing command + apt-get -y install imagemagick - function_check install_blog_from_repo - install_blog_from_repo + function_check install_blog_from_repo + install_blog_from_repo - if [[ $ONION_ONLY == "no" ]]; then - function_check install_blog_website - install_blog_website - else - echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - fi - function_check install_blog_website_onion - install_blog_website_onion + if [[ $ONION_ONLY == "no" ]]; then + function_check install_blog_website + install_blog_website + else + echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + fi + function_check install_blog_website_onion + install_blog_website_onion - function_check create_site_certificate - create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes' + function_check create_site_certificate + create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes' - function_check configure_php - configure_php + function_check configure_php + configure_php - function_check install_blog_settings - install_blog_settings + function_check install_blog_settings + install_blog_settings - function_check install_blog_social_networks - install_blog_social_networks + function_check install_blog_social_networks + install_blog_social_networks - function_check install_blog_user - install_blog_user + function_check install_blog_user + install_blog_user - chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs + chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs - FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT}) + FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT}) - function_check nginx_ensite - nginx_ensite $FULLBLOG_DOMAIN_NAME + function_check nginx_ensite + nginx_ensite $FULLBLOG_DOMAIN_NAME - systemctl restart php5-fpm - systemctl restart nginx + systemctl restart php5-fpm + systemctl restart nginx - if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then - echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README - echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE + if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then + echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README + echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE - function_check add_ddns_domain - add_ddns_domain $FULLBLOG_DOMAIN_NAME + function_check add_ddns_domain + add_ddns_domain $FULLBLOG_DOMAIN_NAME - if ! grep -q "Blog domain:" $COMPLETION_FILE; then - echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE - fi + if ! grep -q "Blog domain:" $COMPLETION_FILE; then + echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE + fi - echo 'install_blog' >> $COMPLETION_FILE + echo 'install_blog' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-cjdns b/src/freedombone-app-cjdns index 8374b4d9..a6e3b2b2 100755 --- a/src/freedombone-app-cjdns +++ b/src/freedombone-app-cjdns @@ -42,498 +42,498 @@ CJDCMD_REPO="https://github.com/inhies/cjdcmd" CJDCMD_COMMIT='973cca6ed0eecf9041c3403a40193c0b1291b808' function reconfigure_cjdns { - echo -n '' + echo -n '' } function upgrade_cjdns { - if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then - return - fi - function_check set_repo_commit - set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO + if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then + return + fi + function_check set_repo_commit + set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO } function configure_firewall_for_cjdns { - if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then - return - fi - if [[ $ENABLE_CJDNS != "yes" ]]; then - return - fi - ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE - ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT - ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT + if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then + return + fi + if [[ $ENABLE_CJDNS != "yes" ]]; then + return + fi + ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE + ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT + ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE + function_check save_firewall_settings + save_firewall_settings + echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE } function get_cjdns_public_key { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "cjdns public key" /home/$MY_USERNAME/README; then - if [ ! $CJDNS_PUBLIC_KEY ]; then - CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "cjdns public key" /home/$MY_USERNAME/README; then + if [ ! $CJDNS_PUBLIC_KEY ]; then + CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi fi - fi } function get_cjdns_private_key { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "cjdns private key" /home/$MY_USERNAME/README; then - if [ ! $CJDNS_PRIVATE_KEY ]; then - CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "cjdns private key" /home/$MY_USERNAME/README; then + if [ ! $CJDNS_PRIVATE_KEY ]; then + CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi fi - fi } function get_cjdns_ipv6_address { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then - if [ ! $CJDNS_IPV6 ]; then - CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then + if [ ! $CJDNS_IPV6 ]; then + CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi fi - fi } function get_cjdns_port { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "cjdns port" /home/$MY_USERNAME/README; then - if [ ! $CJDNS_PORT ]; then - CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "cjdns port" /home/$MY_USERNAME/README; then + if [ ! $CJDNS_PORT ]; then + CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi fi - fi } function get_cjdns_password { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "cjdns password" /home/$MY_USERNAME/README; then - if [ ! $CJDNS_PASSWORD ]; then - CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "cjdns password" /home/$MY_USERNAME/README; then + if [ ! $CJDNS_PASSWORD ]; then + CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi fi - fi } function backup_local_cjdns { - echo -n '' + echo -n '' } function restore_local_cjdns { - if [ -d $USB_MOUNT/backup/cjdns ]; then - echo $"Restoring cjdns installation" - temp_restore_dir=/root/tempcjdns - function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir cjdns - rm -rf /etc/cjdns - cp -r $temp_restore_dir/etc/cjdns /etc/ - if [ ! "$?" = "0" ]; then - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 8472 + if [ -d $USB_MOUNT/backup/cjdns ]; then + echo $"Restoring cjdns installation" + temp_restore_dir=/root/tempcjdns + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir cjdns + rm -rf /etc/cjdns + cp -r $temp_restore_dir/etc/cjdns /etc/ + if [ ! "$?" = "0" ]; then + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 8472 + fi + rm -rf $temp_restore_dir fi - rm -rf $temp_restore_dir - fi } function backup_remote_cjdns { - echo -n '' + echo -n '' } function restore_remote_cjdns { - if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then - echo $"Restoring cjdns installation" - temp_restore_dir=/root/tempcjdns - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir cjdns - rm -rf /etc/cjdns - cp -r $temp_restore_dir/etc/cjdns /etc/ - if [ ! "$?" = "0" ]; then - exit 7438 + if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then + echo $"Restoring cjdns installation" + temp_restore_dir=/root/tempcjdns + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir cjdns + rm -rf /etc/cjdns + cp -r $temp_restore_dir/etc/cjdns /etc/ + if [ ! "$?" = "0" ]; then + exit 7438 + fi + rm -rf $temp_restore_dir fi - rm -rf $temp_restore_dir - fi } function remove_cjdns { - if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then - return - fi - service cjdns stop - ip6tables -D nat -D POSTROUTING -o tun0 -j MASQUERADE - ip6tables -D FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -D INPUT -p udp --dport $CJDNS_PORT -j ACCEPT - ip6tables -D INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then + return + fi + service cjdns stop + ip6tables -D nat -D POSTROUTING -o tun0 -j MASQUERADE + ip6tables -D FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -D INPUT -p udp --dport $CJDNS_PORT -j ACCEPT + ip6tables -D INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - rm -rf /etc/cjdns - sed -i '/install_cjdns/d' $COMPLETION_FILE - sed -i '/cjdns /d' $COMPLETION_FILE - sed -i '/configure_firewall_for_cjdns/d' $COMPLETION_FILE + rm -rf /etc/cjdns + sed -i '/install_cjdns/d' $COMPLETION_FILE + sed -i '/cjdns /d' $COMPLETION_FILE + sed -i '/configure_firewall_for_cjdns/d' $COMPLETION_FILE } function install_cjdns_main { - if [[ $ENABLE_CJDNS != "yes" ]]; then - return - fi + if [[ $ENABLE_CJDNS != "yes" ]]; then + return + fi - if grep -Fxq "install_cjdns_main" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_cjdns_main" $COMPLETION_FILE; then + return + fi - apt-get -y install nodejs git build-essential nmap + apt-get -y install nodejs git build-essential nmap - # if a README exists then obtain the cjdns parameters - function_check get_cjdns_ipv6_address - get_cjdns_ipv6_address + # if a README exists then obtain the cjdns parameters + function_check get_cjdns_ipv6_address + get_cjdns_ipv6_address - function_check get_cjdns_public_key - get_cjdns_public_key + function_check get_cjdns_public_key + get_cjdns_public_key - function_check get_cjdns_private_key - get_cjdns_private_key + function_check get_cjdns_private_key + get_cjdns_private_key - function_check get_cjdns_port - get_cjdns_port + function_check get_cjdns_port + get_cjdns_port - function_check get_cjdns_password - get_cjdns_password + function_check get_cjdns_password + get_cjdns_password - # special compile settings for running ./do on the Beaglebone Black - if [[ $INSTALLING_ON_BBB == "yes" ]]; then - CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized" - export LDFLAGS="$CFLAGS" - fi + # special compile settings for running ./do on the Beaglebone Black + if [[ $INSTALLING_ON_BBB == "yes" ]]; then + CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized" + export LDFLAGS="$CFLAGS" + fi - if [ ! -d /etc/cjdns ]; then - function_check git_pull - git_clone $CJDNS_REPO /etc/cjdns - cd /etc/cjdns + if [ ! -d /etc/cjdns ]; then + function_check git_pull + git_clone $CJDNS_REPO /etc/cjdns + cd /etc/cjdns - git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT - if ! grep -q "cjdns commit" $COMPLETION_FILE; then - echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE + git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT + if ! grep -q "cjdns commit" $COMPLETION_FILE; then + echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE + fi + + ./do + if [ ! "$?" = "0" ]; then + exit 7439 + fi + # create a configuration + if [ ! -f /etc/cjdns/cjdroute.conf ]; then + ./cjdroute --genconf > /etc/cjdns/cjdroute.conf + if [ ! "$?" = "0" ]; then + exit 5922 + fi + fi + # create a user to run as + useradd cjdns else - sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE + cd /etc/cjdns + function_check git_pull + git_pull $CJDNS_REPO + ./do + if [ ! "$?" = "0" ]; then + exit 9926 + fi fi - ./do + # set permissions + chown -R cjdns:cjdns /etc/cjdns + chmod 600 /etc/cjdns/cjdroute.conf + + /sbin/ip tuntap add mode tun user cjdns dev cjdroute0 + + # insert values into the configuration file + if [ $CJDNS_PRIVATE_KEY ]; then + sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf + else + CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p) + fi + if [ $CJDNS_PUBLIC_KEY ]; then + sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf + else + CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p) + fi + if [ $CJDNS_IPV6 ]; then + sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf + else + CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p) + fi + if [ $CJDNS_PASSWORD ]; then + sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf + else + CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p) + fi + if [ $CJDNS_PORT ]; then + sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf + else + CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p) + fi + + function_check enable_ipv6 + enable_ipv6 + + echo '#!/bin/sh -e' > /etc/init.d/cjdns + echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns + echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns + echo '# Provides: cjdroute' >> /etc/init.d/cjdns + echo '# Required-Start: $remote_fs $network' >> /etc/init.d/cjdns + echo '# Required-Stop: $remote_fs $network' >> /etc/init.d/cjdns + echo '# Default-Start: 2 3 4 5' >> /etc/init.d/cjdns + echo '# Default-Stop: 0 1 6' >> /etc/init.d/cjdns + echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns + echo '# Description: A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns + echo '# cjdns git repo: https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns + echo '### END INIT INFO' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo 'PROG="cjdroute"' >> /etc/init.d/cjdns + echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns + echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns + echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns + echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns + echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo 'start() {' >> /etc/init.d/cjdns + echo ' # Start it up with the user cjdns' >> /etc/init.d/cjdns + echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns + echo ' then' >> /etc/init.d/cjdns + echo ' echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns + echo ' else' >> /etc/init.d/cjdns + echo ' echo " * Starting cjdroute"' >> /etc/init.d/cjdns + echo ' su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns + echo ' /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns + echo ' /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns + echo ' /sbin/ip link set tun0 up' >> /etc/init.d/cjdns + echo ' /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns + echo ' fi' >> /etc/init.d/cjdns + echo '}' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo 'stop() {' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo ' if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns + echo ' then' >> /etc/init.d/cjdns + echo ' echo "cjdns isnt running."' >> /etc/init.d/cjdns + echo ' else' >> /etc/init.d/cjdns + echo ' echo "Killing cjdroute"' >> /etc/init.d/cjdns + echo ' killall cjdroute' >> /etc/init.d/cjdns + echo ' fi' >> /etc/init.d/cjdns + echo '}' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo 'status() {' >> /etc/init.d/cjdns + echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns + echo ' then' >> /etc/init.d/cjdns + echo ' echo "Cjdns is running"' >> /etc/init.d/cjdns + echo ' else' >> /etc/init.d/cjdns + echo ' echo "Cjdns is not running"' >> /etc/init.d/cjdns + echo ' fi' >> /etc/init.d/cjdns + echo '}' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo ' update() {' >> /etc/init.d/cjdns + echo ' cd $GIT_PATH' >> /etc/init.d/cjdns + echo ' echo "Updating..."' >> /etc/init.d/cjdns + echo ' git pull' >> /etc/init.d/cjdns + echo ' ./do' >> /etc/init.d/cjdns + echo '}' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns + echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns + echo ' echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns + echo ' exit 1' >> /etc/init.d/cjdns + echo 'fi' >> /etc/init.d/cjdns + echo '' >> /etc/init.d/cjdns + echo 'case $1 in' >> /etc/init.d/cjdns + echo ' start)' >> /etc/init.d/cjdns + echo ' start' >> /etc/init.d/cjdns + echo ' exit 0' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo ' stop)' >> /etc/init.d/cjdns + echo ' stop' >> /etc/init.d/cjdns + echo ' exit 0' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo ' reload|restart|force-reload)' >> /etc/init.d/cjdns + echo ' stop' >> /etc/init.d/cjdns + echo ' sleep 1' >> /etc/init.d/cjdns + echo ' start' >> /etc/init.d/cjdns + echo ' exit 0' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo ' status)' >> /etc/init.d/cjdns + echo ' status' >> /etc/init.d/cjdns + echo ' exit 0' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo ' update|upgrade)' >> /etc/init.d/cjdns + echo ' update' >> /etc/init.d/cjdns + echo ' stop' >> /etc/init.d/cjdns + echo ' sleep 2' >> /etc/init.d/cjdns + echo ' start' >> /etc/init.d/cjdns + echo ' exit 0' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo ' **)' >> /etc/init.d/cjdns + echo ' echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns + echo ' exit 1' >> /etc/init.d/cjdns + echo ' ;;' >> /etc/init.d/cjdns + echo 'esac' >> /etc/init.d/cjdns + chmod +x /etc/init.d/cjdns + update-rc.d cjdns defaults + service cjdns start if [ ! "$?" = "0" ]; then - exit 7439 + systemctl status cjdns.service + exit 8260 fi - # create a configuration - if [ ! -f /etc/cjdns/cjdroute.conf ]; then - ./cjdroute --genconf > /etc/cjdns/cjdroute.conf - if [ ! "$?" = "0" ]; then - exit 5922 - fi - fi - # create a user to run as - useradd cjdns - else - cd /etc/cjdns - function_check git_pull - git_pull $CJDNS_REPO - ./do + + apt-get -y install radvd + echo 'interface eth0' > /etc/radvd.conf + echo '{' >> /etc/radvd.conf + echo ' AdvSendAdvert on;' >> /etc/radvd.conf + echo ' prefix fdfc::1/64' >> /etc/radvd.conf + echo ' {' >> /etc/radvd.conf + echo ' AdvRouterAddr on;' >> /etc/radvd.conf + echo ' };' >> /etc/radvd.conf + echo '};' >> /etc/radvd.conf + systemctl restart radvd if [ ! "$?" = "0" ]; then - exit 9926 + systemctl status radvd.service + exit 4395 fi - fi - # set permissions - chown -R cjdns:cjdns /etc/cjdns - chmod 600 /etc/cjdns/cjdroute.conf - - /sbin/ip tuntap add mode tun user cjdns dev cjdroute0 - - # insert values into the configuration file - if [ $CJDNS_PRIVATE_KEY ]; then - sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf - else - CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p) - fi - if [ $CJDNS_PUBLIC_KEY ]; then - sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf - else - CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p) - fi - if [ $CJDNS_IPV6 ]; then - sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf - else - CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p) - fi - if [ $CJDNS_PASSWORD ]; then - sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf - else - CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p) - fi - if [ $CJDNS_PORT ]; then - sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf - else - CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p) - fi - - function_check enable_ipv6 - enable_ipv6 - - echo '#!/bin/sh -e' > /etc/init.d/cjdns - echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns - echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns - echo '# Provides: cjdroute' >> /etc/init.d/cjdns - echo '# Required-Start: $remote_fs $network' >> /etc/init.d/cjdns - echo '# Required-Stop: $remote_fs $network' >> /etc/init.d/cjdns - echo '# Default-Start: 2 3 4 5' >> /etc/init.d/cjdns - echo '# Default-Stop: 0 1 6' >> /etc/init.d/cjdns - echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns - echo '# Description: A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns - echo '# cjdns git repo: https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns - echo '### END INIT INFO' >> /etc/init.d/cjdns - echo '' >> /etc/init.d/cjdns - echo 'PROG="cjdroute"' >> /etc/init.d/cjdns - echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns - echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns - echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns - echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns - echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns - echo '' >> /etc/init.d/cjdns - echo 'start() {' >> /etc/init.d/cjdns - echo ' # Start it up with the user cjdns' >> /etc/init.d/cjdns - echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns - echo ' then' >> /etc/init.d/cjdns - echo ' echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns - echo ' else' >> /etc/init.d/cjdns - echo ' echo " * Starting cjdroute"' >> /etc/init.d/cjdns - echo ' su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns - echo ' /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns - echo ' /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns - echo ' /sbin/ip link set tun0 up' >> /etc/init.d/cjdns - echo ' /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns - echo ' fi' >> /etc/init.d/cjdns - echo '}' >> /etc/init.d/cjdns - echo '' >> /etc/init.d/cjdns - echo 'stop() {' >> /etc/init.d/cjdns - echo '' >> /etc/init.d/cjdns - echo ' if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns - echo ' then' >> /etc/init.d/cjdns - echo ' echo "cjdns isnt running."' >> /etc/init.d/cjdns - echo ' else' >> /etc/init.d/cjdns - echo ' echo "Killing cjdroute"' >> /etc/init.d/cjdns - echo ' killall cjdroute' >> /etc/init.d/cjdns - echo ' fi' >> /etc/init.d/cjdns - echo '}' >> /etc/init.d/cjdns - echo '' >> /etc/init.d/cjdns - echo 'status() {' >> /etc/init.d/cjdns - echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns - echo ' then' >> /etc/init.d/cjdns - echo ' echo "Cjdns is running"' >> /etc/init.d/cjdns - echo ' else' >> /etc/init.d/cjdns - echo ' echo "Cjdns is not running"' >> /etc/init.d/cjdns - echo ' fi' >> /etc/init.d/cjdns - echo '}' >> /etc/init.d/cjdns - echo '' >> /etc/init.d/cjdns - echo ' update() {' >> /etc/init.d/cjdns - echo ' cd $GIT_PATH' >> /etc/init.d/cjdns - echo ' echo "Updating..."' >> /etc/init.d/cjdns - echo ' git pull' >> /etc/init.d/cjdns - echo ' ./do' >> /etc/init.d/cjdns - echo '}' >> /etc/init.d/cjdns - echo '' >> /etc/init.d/cjdns - echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns - echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns - echo ' echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns - echo ' exit 1' >> /etc/init.d/cjdns - echo 'fi' >> /etc/init.d/cjdns - echo '' >> /etc/init.d/cjdns - echo 'case $1 in' >> /etc/init.d/cjdns - echo ' start)' >> /etc/init.d/cjdns - echo ' start' >> /etc/init.d/cjdns - echo ' exit 0' >> /etc/init.d/cjdns - echo ' ;;' >> /etc/init.d/cjdns - echo ' stop)' >> /etc/init.d/cjdns - echo ' stop' >> /etc/init.d/cjdns - echo ' exit 0' >> /etc/init.d/cjdns - echo ' ;;' >> /etc/init.d/cjdns - echo ' reload|restart|force-reload)' >> /etc/init.d/cjdns - echo ' stop' >> /etc/init.d/cjdns - echo ' sleep 1' >> /etc/init.d/cjdns - echo ' start' >> /etc/init.d/cjdns - echo ' exit 0' >> /etc/init.d/cjdns - echo ' ;;' >> /etc/init.d/cjdns - echo ' status)' >> /etc/init.d/cjdns - echo ' status' >> /etc/init.d/cjdns - echo ' exit 0' >> /etc/init.d/cjdns - echo ' ;;' >> /etc/init.d/cjdns - echo ' update|upgrade)' >> /etc/init.d/cjdns - echo ' update' >> /etc/init.d/cjdns - echo ' stop' >> /etc/init.d/cjdns - echo ' sleep 2' >> /etc/init.d/cjdns - echo ' start' >> /etc/init.d/cjdns - echo ' exit 0' >> /etc/init.d/cjdns - echo ' ;;' >> /etc/init.d/cjdns - echo ' **)' >> /etc/init.d/cjdns - echo ' echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns - echo ' exit 1' >> /etc/init.d/cjdns - echo ' ;;' >> /etc/init.d/cjdns - echo 'esac' >> /etc/init.d/cjdns - chmod +x /etc/init.d/cjdns - update-rc.d cjdns defaults - service cjdns start - if [ ! "$?" = "0" ]; then - systemctl status cjdns.service - exit 8260 - fi - - apt-get -y install radvd - echo 'interface eth0' > /etc/radvd.conf - echo '{' >> /etc/radvd.conf - echo ' AdvSendAdvert on;' >> /etc/radvd.conf - echo ' prefix fdfc::1/64' >> /etc/radvd.conf - echo ' {' >> /etc/radvd.conf - echo ' AdvRouterAddr on;' >> /etc/radvd.conf - echo ' };' >> /etc/radvd.conf - echo '};' >> /etc/radvd.conf - systemctl restart radvd - if [ ! "$?" = "0" ]; then - systemctl status radvd.service - exit 4395 - fi - - if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then - echo '' >> /etc/network/interfaces - echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces - echo 'iface eth0 inet6 static' >> /etc/network/interfaces - echo ' pre-up modprobe ipv6' >> /etc/network/interfaces - echo ' address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces - echo ' netmask 64' >> /etc/network/interfaces - service network-manager restart - if [ ! "$?" = "0" ]; then - systemctl status networking.service - exit 6949 + if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then + echo '' >> /etc/network/interfaces + echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces + echo 'iface eth0 inet6 static' >> /etc/network/interfaces + echo ' pre-up modprobe ipv6' >> /etc/network/interfaces + echo ' address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces + echo ' netmask 64' >> /etc/network/interfaces + service network-manager restart + if [ ! "$?" = "0" ]; then + systemctl status networking.service + exit 6949 + fi fi - fi - if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then - CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}') + if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then + CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}') - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README - echo '=======================' >> /home/$MY_USERNAME/README - echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README - echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README - echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README - echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README - echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README - echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README - echo $'to you using your default password' >> /home/$MY_USERNAME/README - echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README - echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README - echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README - echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README - echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README - echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README - echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README - echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README - echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README - echo $'each password is for.' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README - echo ' http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README - echo ' http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README + echo '=======================' >> /home/$MY_USERNAME/README + echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README + echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README + echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README + echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README + echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README + echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README + echo $'to you using your default password' >> /home/$MY_USERNAME/README + echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README + echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README + echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README + echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README + echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README + echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README + echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README + echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README + echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README + echo $'each password is for.' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README + echo ' http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README + echo ' http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi - function_check configure_firewall_for_cjdns - configure_firewall_for_cjdns + function_check configure_firewall_for_cjdns + configure_firewall_for_cjdns - echo 'install_cjdns_main' >> $COMPLETION_FILE + echo 'install_cjdns_main' >> $COMPLETION_FILE } function install_cjdns_tools { - if grep -Fxq "install_cjdns_tools" $COMPLETION_FILE; then - return - fi - if [[ $ENABLE_CJDNS != "yes" ]]; then - return - fi - if [ ! -d /etc/cjdns ]; then - install_cjdns - fi + if grep -Fxq "install_cjdns_tools" $COMPLETION_FILE; then + return + fi + if [[ $ENABLE_CJDNS != "yes" ]]; then + return + fi + if [ ! -d /etc/cjdns ]; then + install_cjdns + fi - function_check select_go_version - select_go_version + function_check select_go_version + select_go_version - apt-get -y install golang mercurial - if [ ! -f ~/.bashrc ]; then - touch ~/.bashrc - fi + apt-get -y install golang mercurial + if [ ! -f ~/.bashrc ]; then + touch ~/.bashrc + fi - if [ ! -d /home/git ]; then - # add a gogs user account - adduser --disabled-login --gecos 'Gogs' git + if [ ! -d /home/git ]; then + # add a gogs user account + adduser --disabled-login --gecos 'Gogs' git + + # install Go + if ! grep -q "export GOPATH=" ~/.bashrc; then + echo "export GOPATH=$GOPATH" >> ~/.bashrc + fi + systemctl set-environment GOPATH=$GOPATH + if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then + echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc + fi + if [ ! -d $GOPATH ]; then + mkdir -p $GOPATH + fi + fi - # install Go if ! grep -q "export GOPATH=" ~/.bashrc; then - echo "export GOPATH=$GOPATH" >> ~/.bashrc + echo "export GOPATH=$GOPATH" >> ~/.bashrc fi - systemctl set-environment GOPATH=$GOPATH - if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then - echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc + expected_go_path='export PATH=$PATH:'${GOPATH}'/bin' + export PATH=$PATH:${GOPATH}/bin + if ! grep -q "$expected_go_path" ~/.bashrc; then + echo "$expected_go_path" >> ~/.bashrc fi - if [ ! -d $GOPATH ]; then - mkdir -p $GOPATH + export PATH=$PATH:$GOPATH/bin + CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g') + go get $CJDCMD_REPO2 + if [ ! -f $GOPATH/bin/cjdcmd ]; then + echo $'cjdcmd was not compiled. Check your golang installation' + exit 7439 fi - fi + cp $GOPATH/bin/cjdcmd /usr/bin - if ! grep -q "export GOPATH=" ~/.bashrc; then - echo "export GOPATH=$GOPATH" >> ~/.bashrc - fi - expected_go_path='export PATH=$PATH:'${GOPATH}'/bin' - export PATH=$PATH:${GOPATH}/bin - if ! grep -q "$expected_go_path" ~/.bashrc; then - echo "$expected_go_path" >> ~/.bashrc - fi - export PATH=$PATH:$GOPATH/bin - CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g') - go get $CJDCMD_REPO2 - if [ ! -f $GOPATH/bin/cjdcmd ]; then - echo $'cjdcmd was not compiled. Check your golang installation' - exit 7439 - fi - cp $GOPATH/bin/cjdcmd /usr/bin + # initialise from the cjdns config + /usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf - # initialise from the cjdns config - /usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf - - echo 'install_cjdns_tools' >> $COMPLETION_FILE + echo 'install_cjdns_tools' >> $COMPLETION_FILE } function install_cjdns { - if grep -Fxq "install_cjdns" $COMPLETION_FILE; then - return - fi - install_cjdns_main - install_cjdns_tools - echo 'install_cjdns' >> $COMPLETION_FILE + if grep -Fxq "install_cjdns" $COMPLETION_FILE; then + return + fi + install_cjdns_main + install_cjdns_tools + echo 'install_cjdns' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-dlna b/src/freedombone-app-dlna index 61e59979..734e663b 100755 --- a/src/freedombone-app-dlna +++ b/src/freedombone-app-dlna @@ -31,205 +31,205 @@ VARIANTS='full media' function reconfigure_dlna { - echo '' + echo '' } function upgrade_dlna { - echo '' + echo '' } function configure_firewall_for_dlna { - if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - iptables -A INPUT -p udp --dport 1900 -j ACCEPT - iptables -A INPUT -p tcp --dport 8200 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -p udp --dport 1900 -j ACCEPT + iptables -A INPUT -p tcp --dport 8200 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=('DLNA 1900') - OPEN_PORTS+=('DLNA 8200') - echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE + OPEN_PORTS+=('DLNA 1900') + OPEN_PORTS+=('DLNA 8200') + echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE } function backup_local_dlna { - source_directory=/var/cache/minidlna - if [ -d $source_directory ]; then - dest_directory=dlna - echo $"Backing up $source_directory to $dest_directory" + source_directory=/var/cache/minidlna + if [ -d $source_directory ]; then + dest_directory=dlna + echo $"Backing up $source_directory to $dest_directory" - function_check backup_directory_to_usb - backup_directory_to_usb $source_directory $dest_directory + function_check backup_directory_to_usb + backup_directory_to_usb $source_directory $dest_directory - echo $"Backup to $dest_directory complete" - fi + echo $"Backup to $dest_directory complete" + fi } function restore_local_dlna { - if [ -d /var/cache/minidlna ]; then - if [ -d $USB_MOUNT/backup/dlna ]; then - echo $"Restoring DLNA cache" - temp_restore_dir=/root/tempdlna - function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir dlna - cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/ - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 982572 - fi - rm -rf $temp_restore_dir + if [ -d /var/cache/minidlna ]; then + if [ -d $USB_MOUNT/backup/dlna ]; then + echo $"Restoring DLNA cache" + temp_restore_dir=/root/tempdlna + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir dlna + cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/ + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 982572 + fi + rm -rf $temp_restore_dir + fi fi - fi } function backup_remote_dlna { - if [ -d /var/cache/minidlna ]; then - echo $"Backing up DLNA cache" - backup_directory_to_friend /var/cache/minidlna dlna - echo $"Backup of DLNA cache complete" - fi + if [ -d /var/cache/minidlna ]; then + echo $"Backing up DLNA cache" + backup_directory_to_friend /var/cache/minidlna dlna + echo $"Backup of DLNA cache complete" + fi } function restore_remote_dlna { - if [ -d /var/cache/minidlna ]; then - if [ -d $SERVER_DIRECTORY/backup/dlna ]; then - echo $"Restoring DLNA cache" - temp_restore_dir=/root/tempdlna - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir dlna - cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/ - if [ ! "$?" = "0" ]; then - exit 982 - fi - rm -rf $temp_restore_dir - echo $"Restore of DLNA complete" + if [ -d /var/cache/minidlna ]; then + if [ -d $SERVER_DIRECTORY/backup/dlna ]; then + echo $"Restoring DLNA cache" + temp_restore_dir=/root/tempdlna + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir dlna + cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/ + if [ ! "$?" = "0" ]; then + exit 982 + fi + rm -rf $temp_restore_dir + echo $"Restore of DLNA complete" + fi fi - fi } function remove_dlna { - if ! grep -Fxq "install_dlna" $COMPLETION_FILE; then - return - fi - service minidlna stop - apt-get -y remove --purge minidlna - if [ -f /etc/minidlna.conf ]; then - rm /etc/minidlna.conf - fi - iptables -D INPUT -p udp --dport 1900 -j ACCEPT - iptables -D INPUT -p tcp --dport 8200 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - sed -i '/install_dlna/d' $COMPLETION_FILE + if ! grep -Fxq "install_dlna" $COMPLETION_FILE; then + return + fi + service minidlna stop + apt-get -y remove --purge minidlna + if [ -f /etc/minidlna.conf ]; then + rm /etc/minidlna.conf + fi + iptables -D INPUT -p udp --dport 1900 -j ACCEPT + iptables -D INPUT -p tcp --dport 8200 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings + sed -i '/install_dlna/d' $COMPLETION_FILE } function install_dlna_main { - if grep -Fxq "install_dlna_main" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_dlna_main" $COMPLETION_FILE; then + return + fi - apt-get -y install minidlna + apt-get -y install minidlna - if [ ! -f /etc/minidlna.conf ]; then - echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE" - exit 55 - fi + if [ ! -f /etc/minidlna.conf ]; then + echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE" + exit 55 + fi - sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf - if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then - echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf - fi - if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then - echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf - fi - if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then - echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf - fi - if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then - echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf - fi - if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then - echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf - fi - sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf - if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then - sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf - else - sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf - fi - sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf - sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf - sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf - sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf - sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf - service minidlna force-reload - service minidlna reload + sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf + if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then + echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf + fi + if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then + echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf + fi + if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then + echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf + fi + if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then + echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf + fi + if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then + echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf + fi + sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf + if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then + sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf + else + sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf + fi + sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf + sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf + sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf + sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf + sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf + service minidlna force-reload + service minidlna reload - sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf - if ! grep -q "max_user_watches" $COMPLETION_FILE; then - echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf - fi - /sbin/sysctl -p + sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf + if ! grep -q "max_user_watches" $COMPLETION_FILE; then + echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf + fi + /sbin/sysctl -p - function_check configure_firewall_for_dlna - configure_firewall_for_dlna - echo 'install_dlna_main' >> $COMPLETION_FILE + function_check configure_firewall_for_dlna + configure_firewall_for_dlna + echo 'install_dlna_main' >> $COMPLETION_FILE } function script_for_attaching_usb_drive { - if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then - return - fi - echo '#!/bin/bash' > /usr/bin/attach-music - echo 'remove-music' >> /usr/bin/attach-music - echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music - echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music - echo 'fi' >> /usr/bin/attach-music - echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music - echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music - echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music - echo 'service minidlna restart' >> /usr/bin/attach-music - echo 'minidlnad -R' >> /usr/bin/attach-music - chmod +x /usr/bin/attach-music - ln -s /usr/bin/attach-music /usr/bin/attach-usb - ln -s /usr/bin/attach-music /usr/bin/attach-videos - ln -s /usr/bin/attach-music /usr/bin/attach-pictures - ln -s /usr/bin/attach-music /usr/bin/attach-media + if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then + return + fi + echo '#!/bin/bash' > /usr/bin/attach-music + echo 'remove-music' >> /usr/bin/attach-music + echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music + echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music + echo 'fi' >> /usr/bin/attach-music + echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music + echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music + echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music + echo 'service minidlna restart' >> /usr/bin/attach-music + echo 'minidlnad -R' >> /usr/bin/attach-music + chmod +x /usr/bin/attach-music + ln -s /usr/bin/attach-music /usr/bin/attach-usb + ln -s /usr/bin/attach-music /usr/bin/attach-videos + ln -s /usr/bin/attach-music /usr/bin/attach-pictures + ln -s /usr/bin/attach-music /usr/bin/attach-media - echo '#!/bin/bash' > /usr/bin/remove-music - echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music - echo " umount $USB_MOUNT" >> /usr/bin/remove-music - echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music - echo 'fi' >> /usr/bin/remove-music - chmod +x /usr/bin/remove-music - ln -s /usr/bin/remove-music /usr/bin/detach-music - ln -s /usr/bin/remove-music /usr/bin/detach-usb - ln -s /usr/bin/remove-music /usr/bin/remove-usb - ln -s /usr/bin/remove-music /usr/bin/detach-media - ln -s /usr/bin/remove-music /usr/bin/remove-media - ln -s /usr/bin/remove-music /usr/bin/detach-videos - ln -s /usr/bin/remove-music /usr/bin/remove-videos - ln -s /usr/bin/remove-music /usr/bin/detach-pictures - ln -s /usr/bin/remove-music /usr/bin/remove-pictures + echo '#!/bin/bash' > /usr/bin/remove-music + echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music + echo " umount $USB_MOUNT" >> /usr/bin/remove-music + echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music + echo 'fi' >> /usr/bin/remove-music + chmod +x /usr/bin/remove-music + ln -s /usr/bin/remove-music /usr/bin/detach-music + ln -s /usr/bin/remove-music /usr/bin/detach-usb + ln -s /usr/bin/remove-music /usr/bin/remove-usb + ln -s /usr/bin/remove-music /usr/bin/detach-media + ln -s /usr/bin/remove-music /usr/bin/remove-media + ln -s /usr/bin/remove-music /usr/bin/detach-videos + ln -s /usr/bin/remove-music /usr/bin/remove-videos + ln -s /usr/bin/remove-music /usr/bin/detach-pictures + ln -s /usr/bin/remove-music /usr/bin/remove-pictures - echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE + echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE } function install_dlna { - if grep -Fxq "install_dlna" $COMPLETION_FILE; then - return - fi - install_dlna_main - script_for_attaching_usb_drive - echo 'install_dlna' >> $COMPLETION_FILE + if grep -Fxq "install_dlna" $COMPLETION_FILE; then + return + fi + install_dlna_main + script_for_attaching_usb_drive + echo 'install_dlna' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-emacs b/src/freedombone-app-emacs index 4cecec7d..bccc3515 100755 --- a/src/freedombone-app-emacs +++ b/src/freedombone-app-emacs @@ -31,154 +31,154 @@ VARIANTS='all' function reconfigure_emacs { - echo -n '' + echo -n '' } function upgrade_emacs { - echo -n '' + echo -n '' } function backup_local_emacs { - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ -d /home/$USERNAME/.emacs.d ]; then - echo $"Backing up Emacs config for $USERNAME" - if [ -f /home/$USERNAME/.emacs ]; then - cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [ -d /home/$USERNAME/.emacs.d ]; then + echo $"Backing up Emacs config for $USERNAME" + if [ -f /home/$USERNAME/.emacs ]; then + cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs + fi + function_check backup_directory_to_usb + backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME + fi fi - function_check backup_directory_to_usb - backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME - fi - fi - done + done } function restore_local_emacs { - temp_restore_dir=/root/tempemacs - if [ -d $USB_MOUNT/backup/emacs ]; then - for d in $USB_MOUNT/backup/emacs/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ ! -d /home/$USERNAME ]; then - ${PROJECT_NAME}-adduser $USERNAME - fi - echo $"Restoring Emacs config for $USERNAME" - function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir emacs/$USERNAME - cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 664 - fi - cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs - rm -rf $temp_restore_dir - fi - done - fi + temp_restore_dir=/root/tempemacs + if [ -d $USB_MOUNT/backup/emacs ]; then + for d in $USB_MOUNT/backup/emacs/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $6}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [ ! -d /home/$USERNAME ]; then + ${PROJECT_NAME}-adduser $USERNAME + fi + echo $"Restoring Emacs config for $USERNAME" + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir emacs/$USERNAME + cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 664 + fi + cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs + rm -rf $temp_restore_dir + fi + done + fi } function backup_remote_emacs { - echo -n '' + echo -n '' } function restore_remote_emacs { - echo -n '' + echo -n '' } function remove_emacs { - if ! grep -Fxq "install_emacs" $COMPLETION_FILE; then - return - fi - apt-get -y remove --purge emacs24 - update-alternatives --set editor /usr/bin/nano - sed -i '/install_emacs/d' $COMPLETION_FILE + if ! grep -Fxq "install_emacs" $COMPLETION_FILE; then + return + fi + apt-get -y remove --purge emacs24 + update-alternatives --set editor /usr/bin/nano + sed -i '/install_emacs/d' $COMPLETION_FILE } function install_emacs { - if grep -Fxq "install_emacs" $COMPLETION_FILE; then - return - fi - update-alternatives --set editor /usr/bin/emacs24 + if grep -Fxq "install_emacs" $COMPLETION_FILE; then + return + fi + update-alternatives --set editor /usr/bin/emacs24 - # A minimal emacs configuration - #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs - #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs - #echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs - echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs - echo "'goto-line)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs - echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs - echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs - echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs - echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs - echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs - echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs - echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs - echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs - echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs - echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs - cp /home/$MY_USERNAME/.emacs /root/.emacs - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs + # A minimal emacs configuration + #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs + #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs + #echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs + echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs + echo "'goto-line)" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs + echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs + echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs + echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs + echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs + echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs + echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs + echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs + echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs + echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs + echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs + echo '' >> /home/$MY_USERNAME/.emacs + echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs + echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs + cp /home/$MY_USERNAME/.emacs /root/.emacs + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs - echo 'install_emacs' >> $COMPLETION_FILE + echo 'install_emacs' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-ipfs b/src/freedombone-app-ipfs index e569e571..39e6da91 100755 --- a/src/freedombone-app-ipfs +++ b/src/freedombone-app-ipfs @@ -35,251 +35,251 @@ IPFS_COMMIT='20b06a4cbce8884f5b194da6e98cb11f2c77f166' IPFS_PORT=4001 function reconfigure_ipfs { - echo -n '' + echo -n '' } function upgrade_ipfs { - if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then - return - fi + if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then + return + fi - function_check select_go_version - select_go_version + function_check select_go_version + select_go_version - function_check set_repo_commit - set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO + function_check set_repo_commit + set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO } function backup_local_ipfs { - if ! grep -q "Admin user" $COMPLETION_FILE; then - return - fi - ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') - source_directory=/home/$ADMIN_USERNAME/.ipfs - if [ -d $source_directory ]; then - dest_directory=ipfs - echo $"Backing up $source_directory to $dest_directory" + if ! grep -q "Admin user" $COMPLETION_FILE; then + return + fi + ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') + source_directory=/home/$ADMIN_USERNAME/.ipfs + if [ -d $source_directory ]; then + dest_directory=ipfs + echo $"Backing up $source_directory to $dest_directory" - function_check backup_directory_to_usb - backup_directory_to_usb $source_directory $dest_directory + function_check backup_directory_to_usb + backup_directory_to_usb $source_directory $dest_directory - echo $"Backup to $dest_directory complete" - fi + echo $"Backup to $dest_directory complete" + fi } function restore_local_ipfs { - if ! grep -q "Admin user" $COMPLETION_FILE; then - return - fi - if [ -d $USB_MOUNT/backup/ipfs ]; then - echo $"Restoring IPFS" - temp_restore_dir=/root/tempipfs - function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir ipfs - ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') - cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 27627 + if ! grep -q "Admin user" $COMPLETION_FILE; then + return + fi + if [ -d $USB_MOUNT/backup/ipfs ]; then + echo $"Restoring IPFS" + temp_restore_dir=/root/tempipfs + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir ipfs + ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') + cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 27627 + fi + rm -rf $temp_restore_dir + echo $"Restore of IPFS complete" fi - rm -rf $temp_restore_dir - echo $"Restore of IPFS complete" - fi } function backup_remote_ipfs { - if ! grep -q "Admin user" $COMPLETION_FILE; then - return - fi - ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') - if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then - echo $"Backing up IPFS" - backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs - echo $"Backup of IPFS complete" - fi + if ! grep -q "Admin user" $COMPLETION_FILE; then + return + fi + ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}') + if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then + echo $"Backing up IPFS" + backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs + echo $"Backup of IPFS complete" + fi } function restore_remote_ipfs { - if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then - echo $"Restoring IPFS" - temp_restore_dir=/root/tempipfs - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir ipfs - cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs - if [ ! "$?" = "0" ]; then - function_check set_user_permissions - set_user_permissions - rm -rf $temp_restore_dir - exit 276357 + if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then + echo $"Restoring IPFS" + temp_restore_dir=/root/tempipfs + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir ipfs + cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs + if [ ! "$?" = "0" ]; then + function_check set_user_permissions + set_user_permissions + rm -rf $temp_restore_dir + exit 276357 + fi + rm -rf $temp_restore_dir + echo $"Restore of IPFS complete" fi - rm -rf $temp_restore_dir - echo $"Restore of IPFS complete" - fi } function remove_ipfs { - if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then - return - fi - function_check select_go_version - select_go_version - systemctl stop ipfs - systemctl disable ipfs - systemctl daemon-reload - rm /etc/systemd/system/ipfs.service - rm -rf $GOPATH/src/github.com/ipfs - iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - sed -i '/install_ipfs/d' $COMPLETION_FILE - sed -i '/ipfs /d' $COMPLETION_FILE - sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE + if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then + return + fi + function_check select_go_version + select_go_version + systemctl stop ipfs + systemctl disable ipfs + systemctl daemon-reload + rm /etc/systemd/system/ipfs.service + rm -rf $GOPATH/src/github.com/ipfs + iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings + sed -i '/install_ipfs/d' $COMPLETION_FILE + sed -i '/ipfs /d' $COMPLETION_FILE + sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE } function configure_firewall_for_ipfs { - if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("IPFS $IPFS_PORT") - echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE + OPEN_PORTS+=("IPFS $IPFS_PORT") + echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE } function install_ipfs { - if grep -Fxq "install_ipfs" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_ipfs" $COMPLETION_FILE; then + return + fi - function_check select_go_version - select_go_version + function_check select_go_version + select_go_version - apt-get -y install golang libpam0g-dev fuse + apt-get -y install golang libpam0g-dev fuse - if [ ! -d /home/git ]; then - # add a gogs user account - adduser --disabled-login --gecos 'Gogs' git + if [ ! -d /home/git ]; then + # add a gogs user account + adduser --disabled-login --gecos 'Gogs' git - # install Go - if ! grep -q "export GOPATH=" ~/.bashrc; then - echo "export GOPATH=$GOPATH" >> ~/.bashrc + # install Go + if ! grep -q "export GOPATH=" ~/.bashrc; then + echo "export GOPATH=$GOPATH" >> ~/.bashrc + else + sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc + fi + systemctl set-environment GOPATH=$GOPATH + if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then + echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc + else + sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc + fi + if [ ! -d $GOPATH ]; then + mkdir -p $GOPATH + fi + fi + + IPFS_PATH=$GOPATH/bin + export PATH="$GOPATH/bin:$PATH:" + if ! grep -q 'GOPATH/bin' ~/.bashrc; then + echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc else - sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc + sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc fi - systemctl set-environment GOPATH=$GOPATH - if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then - echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc + + # set gopath for the user + if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then + echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc + echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc else - sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc + sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc fi - if [ ! -d $GOPATH ]; then - mkdir -p $GOPATH + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc + + IPFS_GO_REPO2=$(echo "$IPFS_GO_REPO" | sed 's|https://||g') + go get -u ${IPFS_GO_REPO2}/cmd/ipfs + if [ ! "$?" = "0" ]; then + exit 8242 fi - fi - IPFS_PATH=$GOPATH/bin - export PATH="$GOPATH/bin:$PATH:" - if ! grep -q 'GOPATH/bin' ~/.bashrc; then - echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc - else - sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc - fi - - # set gopath for the user - if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then - echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc - echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc - else - sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc - fi - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc - - IPFS_GO_REPO2=$(echo "$IPFS_GO_REPO" | sed 's|https://||g') - go get -u ${IPFS_GO_REPO2}/cmd/ipfs - if [ ! "$?" = "0" ]; then - exit 8242 - fi - - cd $GOPATH/src/$IPFS_GO_REPO2 - git checkout $IPFS_COMMIT -b $IPFS_COMMIT - if ! grep -q "ipfs commit" $COMPLETION_FILE; then - echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE - fi - - # initialise - su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME - if [ ! -d /home/$MY_USERNAME/.ipfs ]; then - echo "IPFS could not be initialised for user $MY_USERNAME" - exit 7358 - fi - - # directories to mount to - if [ ! -d /ipfs ]; then - mkdir /ipfs - mkdir /ipns - chown $MY_USERNAME:$MY_USERNAME /ipfs - chown $MY_USERNAME:$MY_USERNAME /ipns - fi - - if [ -f /etc/fuse.conf ]; then - chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf - fi - if [ -f /dev/fuse ]; then - chown $MY_USERNAME:$MY_USERNAME /dev/fuse - fi - - echo '[Unit]' > /etc/systemd/system/ipfs.service - echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service - echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service - echo 'After=network.target' >> /etc/systemd/system/ipfs.service - echo '' >> /etc/systemd/system/ipfs.service - echo '[Service]' >> /etc/systemd/system/ipfs.service - echo 'Type=simple' >> /etc/systemd/system/ipfs.service - echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service - echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service - echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service - echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service - echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service - echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service - echo '' >> /etc/systemd/system/ipfs.service - echo '[Install]' >> /etc/systemd/system/ipfs.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service - - systemctl enable ipfs - systemctl daemon-reload - systemctl restart ipfs - - if [ -d /etc/avahi ]; then - su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME - if [ ! -f /tmp/ipfsid ]; then - echo 'No IPFS identity was created' - exit 37895 + cd $GOPATH/src/$IPFS_GO_REPO2 + git checkout $IPFS_COMMIT -b $IPFS_COMMIT + if ! grep -q "ipfs commit" $COMPLETION_FILE; then + echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE fi - IPFS_PEER_ID=$(cat /tmp/ipfsid) - if [ ${#IPFS_PEER_ID} -lt 10 ]; then - echo 'Invalid IPFS peer ID' - echo "$IPFS_PEER_ID" - exit 74782 + + # initialise + su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME + if [ ! -d /home/$MY_USERNAME/.ipfs ]; then + echo "IPFS could not be initialised for user $MY_USERNAME" + exit 7358 fi - # Add an avahi service - function_check create_avahi_service - create_avahi_service ipfs "ipfs" udp $IPFS_PORT "$IPFS_PEER_ID" - rm /tmp/ipfsid - fi - function_check configure_firewall_for_ipfs - configure_firewall_for_ipfs + # directories to mount to + if [ ! -d /ipfs ]; then + mkdir /ipfs + mkdir /ipns + chown $MY_USERNAME:$MY_USERNAME /ipfs + chown $MY_USERNAME:$MY_USERNAME /ipns + fi - echo 'install_ipfs' >> $COMPLETION_FILE + if [ -f /etc/fuse.conf ]; then + chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf + fi + if [ -f /dev/fuse ]; then + chown $MY_USERNAME:$MY_USERNAME /dev/fuse + fi + + echo '[Unit]' > /etc/systemd/system/ipfs.service + echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service + echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service + echo 'After=network.target' >> /etc/systemd/system/ipfs.service + echo '' >> /etc/systemd/system/ipfs.service + echo '[Service]' >> /etc/systemd/system/ipfs.service + echo 'Type=simple' >> /etc/systemd/system/ipfs.service + echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service + echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service + echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service + echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service + echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service + echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service + echo '' >> /etc/systemd/system/ipfs.service + echo '[Install]' >> /etc/systemd/system/ipfs.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service + + systemctl enable ipfs + systemctl daemon-reload + systemctl restart ipfs + + if [ -d /etc/avahi ]; then + su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME + if [ ! -f /tmp/ipfsid ]; then + echo 'No IPFS identity was created' + exit 37895 + fi + IPFS_PEER_ID=$(cat /tmp/ipfsid) + if [ ${#IPFS_PEER_ID} -lt 10 ]; then + echo 'Invalid IPFS peer ID' + echo "$IPFS_PEER_ID" + exit 74782 + fi + # Add an avahi service + function_check create_avahi_service + create_avahi_service ipfs "ipfs" udp $IPFS_PORT "$IPFS_PEER_ID" + rm /tmp/ipfsid + fi + + function_check configure_firewall_for_ipfs + configure_firewall_for_ipfs + + echo 'install_ipfs' >> $COMPLETION_FILE } diff --git a/src/freedombone-app-irc b/src/freedombone-app-irc index 9a783280..248fbfb4 100755 --- a/src/freedombone-app-irc +++ b/src/freedombone-app-irc @@ -37,276 +37,276 @@ IRC_ONION_PORT=6697 IRC_PASSWORD= function reconfigure_irc { - echo -n '' + echo -n '' } function upgrade_irc { - echo -n '' + echo -n '' } function backup_local_irc { - echo -n '' + echo -n '' } function restore_local_irc { - echo -n '' + echo -n '' } function backup_remote_irc { - echo -n '' + echo -n '' } function restore_remote_irc { - echo -n '' + echo -n '' } function remove_irc { - if ! grep -Fxq "install_irc" $COMPLETION_FILE; then - return - fi - systemctl stop ngircd - apt-get -y remove --purge ngircd - apt-get -y remove --purge irssi - if [ -d /etc/ngircd ]; then - rm -rf /etc/ngircd - fi - iptables -D INPUT -p tcp --dport $IRC_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - function_check remove_onion_service - remove_onion_service irc ${IRC_ONION_PORT} - sed -i '/install_irc/d' $COMPLETION_FILE - sed -i '/IRC /d' $COMPLETION_FILE - sed -i '/configure_firewall_for_irc/d' $COMPLETION_FILE + if ! grep -Fxq "install_irc" $COMPLETION_FILE; then + return + fi + systemctl stop ngircd + apt-get -y remove --purge ngircd + apt-get -y remove --purge irssi + if [ -d /etc/ngircd ]; then + rm -rf /etc/ngircd + fi + iptables -D INPUT -p tcp --dport $IRC_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings + function_check remove_onion_service + remove_onion_service irc ${IRC_ONION_PORT} + sed -i '/install_irc/d' $COMPLETION_FILE + sed -i '/IRC /d' $COMPLETION_FILE + sed -i '/configure_firewall_for_irc/d' $COMPLETION_FILE } function configure_firewall_for_irc { - if [ ! -d /etc/ngircd ]; then - return - fi - if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT - iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if [ ! -d /etc/ngircd ]; then + return + fi + if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT + iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("IRC $IRC_PORT") - echo 'configure_firewall_for_irc' >> $COMPLETION_FILE + OPEN_PORTS+=("IRC $IRC_PORT") + echo 'configure_firewall_for_irc' >> $COMPLETION_FILE } function install_irc_server { - if grep -Fxq "install_irc_server" $COMPLETION_FILE; then - return - fi - apt-get -y install ngircd - - if [ ! -d /etc/ngircd ]; then - echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE" - exit 53 - fi - - if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then - ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH - function_check check_certificates - check_certificates ngircd - fi - - DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME - if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local" - fi - - # create a login password if needed - if [ ! $IRC_PASSWORD ]; then - IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - fi - - echo '**************************************************' > /etc/ngircd/motd - echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd - echo '* *' >> /etc/ngircd/motd - echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd - echo '**************************************************' >> /etc/ngircd/motd - sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf - sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf - sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf - sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf - sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf - sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf - sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf - sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf - sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf - sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf - sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf - sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf - sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf - sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf - sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf - IRC_SALT="$(create_password 30)" - if [ -f $IMAGE_PASSWORD_FILE ]; then - IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - fi - sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf - sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf - sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf - sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf - sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf - sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf - sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf - if [ $IRC_PASSWORD ]; then - sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf - fi - # If we are on a mesh then DNS is not available - if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf - fi - # upgrade a cypher - sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf - mkdir /var/run/ircd - chown -R irc:irc /var/run/ircd - mkdir /var/run/ngircd - touch /var/run/ngircd/ngircd.pid - chown -R irc:irc /var/run/ngircd - - IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT}) - if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then - echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE - fi - - systemctl restart ngircd - - # keep the daemon running - echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - - if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'IRC Server' >> /home/$MY_USERNAME/README - echo '==========' >> /home/$MY_USERNAME/README - echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - if [[ $ONION_ONLY != 'yes' ]]; then - echo " irssi" >> /home/$MY_USERNAME/README - echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README - echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README - else - echo " usetorwith irssi" >> /home/$MY_USERNAME/README - echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README - echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README + if grep -Fxq "install_irc_server" $COMPLETION_FILE; then + return fi - echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + apt-get -y install ngircd - function_check configure_firewall_for_irc - configure_firewall_for_irc - echo 'install_irc_server' >> $COMPLETION_FILE + if [ ! -d /etc/ngircd ]; then + echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE" + exit 53 + fi + + if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then + ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH + function_check check_certificates + check_certificates ngircd + fi + + DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME + if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local" + fi + + # create a login password if needed + if [ ! $IRC_PASSWORD ]; then + IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + + echo '**************************************************' > /etc/ngircd/motd + echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd + echo '* *' >> /etc/ngircd/motd + echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd + echo '**************************************************' >> /etc/ngircd/motd + sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf + sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf + sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf + sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf + sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf + sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf + sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf + sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf + sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf + sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf + sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf + sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf + sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf + sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf + sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf + IRC_SALT="$(create_password 30)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf + sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf + sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf + sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf + sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf + sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf + sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf + if [ $IRC_PASSWORD ]; then + sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf + fi + # If we are on a mesh then DNS is not available + if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf + fi + # upgrade a cypher + sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf + mkdir /var/run/ircd + chown -R irc:irc /var/run/ircd + mkdir /var/run/ngircd + touch /var/run/ngircd/ngircd.pid + chown -R irc:irc /var/run/ngircd + + IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT}) + if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then + echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE + fi + + systemctl restart ngircd + + # keep the daemon running + echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + + if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'IRC Server' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + if [[ $ONION_ONLY != 'yes' ]]; then + echo " irssi" >> /home/$MY_USERNAME/README + echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README + echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README + else + echo " usetorwith irssi" >> /home/$MY_USERNAME/README + echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README + echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README + fi + echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + + function_check configure_firewall_for_irc + configure_firewall_for_irc + echo 'install_irc_server' >> $COMPLETION_FILE } function install_irc_client { - if grep -Fxq "install_irc_client" $COMPLETION_FILE; then - return - fi - apt-get -y install irssi + if grep -Fxq "install_irc_client" $COMPLETION_FILE; then + return + fi + apt-get -y install irssi - if [ ! -d /home/$MY_USERNAME/.irssi ]; then - mkdir /home/$MY_USERNAME/.irssi - fi + if [ ! -d /home/$MY_USERNAME/.irssi ]; then + mkdir /home/$MY_USERNAME/.irssi + fi - echo 'servers = (' > /home/$MY_USERNAME/.irssi/config - echo ' {' >> /home/$MY_USERNAME/.irssi/config - echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config - echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config - echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config - echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config - echo ' },' >> /home/$MY_USERNAME/.irssi/config - echo ' {' >> /home/$MY_USERNAME/.irssi/config - echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config - echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config - echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config - echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config - echo ' },' >> /home/$MY_USERNAME/.irssi/config - echo ' {' >> /home/$MY_USERNAME/.irssi/config - echo " address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config - if [[ $ONION_ONLY == 'no' ]]; then - echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config - echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config - else - IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}') - echo " port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config - echo ' use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config - fi - echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config - echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config - echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config - if [ $IRC_PASSWORD ]; then - echo " password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config - fi - echo ' }' >> /home/$MY_USERNAME/.irssi/config - echo ');' >> /home/$MY_USERNAME/.irssi/config - echo '' >> /home/$MY_USERNAME/.irssi/config - echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config - echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config - echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' };' >> /home/$MY_USERNAME/.irssi/config - echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config - echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' };' >> /home/$MY_USERNAME/.irssi/config - echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config - echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' };' >> /home/$MY_USERNAME/.irssi/config - echo '};' >> /home/$MY_USERNAME/.irssi/config - echo '' >> /home/$MY_USERNAME/.irssi/config - echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config - echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config - echo ');' >> /home/$MY_USERNAME/.irssi/config - echo '' >> /home/$MY_USERNAME/.irssi/config - echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config - echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config - echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config - echo '};' >> /home/$MY_USERNAME/.irssi/config - echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config + echo 'servers = (' > /home/$MY_USERNAME/.irssi/config + echo ' {' >> /home/$MY_USERNAME/.irssi/config + echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config + echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config + echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config + echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config + echo ' },' >> /home/$MY_USERNAME/.irssi/config + echo ' {' >> /home/$MY_USERNAME/.irssi/config + echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config + echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config + echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config + echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config + echo ' },' >> /home/$MY_USERNAME/.irssi/config + echo ' {' >> /home/$MY_USERNAME/.irssi/config + echo " address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config + if [[ $ONION_ONLY == 'no' ]]; then + echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config + echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config + else + IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}') + echo " port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config + echo ' use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config + fi + echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config + echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config + echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config + if [ $IRC_PASSWORD ]; then + echo " password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config + fi + echo ' }' >> /home/$MY_USERNAME/.irssi/config + echo ');' >> /home/$MY_USERNAME/.irssi/config + echo '' >> /home/$MY_USERNAME/.irssi/config + echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config + echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config + echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' };' >> /home/$MY_USERNAME/.irssi/config + echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config + echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' };' >> /home/$MY_USERNAME/.irssi/config + echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config + echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' };' >> /home/$MY_USERNAME/.irssi/config + echo '};' >> /home/$MY_USERNAME/.irssi/config + echo '' >> /home/$MY_USERNAME/.irssi/config + echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config + echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config + echo ');' >> /home/$MY_USERNAME/.irssi/config + echo '' >> /home/$MY_USERNAME/.irssi/config + echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config + echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config + echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config + echo '};' >> /home/$MY_USERNAME/.irssi/config + echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi - echo 'install_irc_client' >> $COMPLETION_FILE + echo 'install_irc_client' >> $COMPLETION_FILE } function install_irc { - if grep -Fxq "install_irc" $COMPLETION_FILE; then - return - fi - install_irc_server - install_irc_client - echo 'install_irc' >> $COMPLETION_FILE + if grep -Fxq "install_irc" $COMPLETION_FILE; then + return + fi + install_irc_server + install_irc_client + echo 'install_irc' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-mediagoblin b/src/freedombone-app-mediagoblin index 28d7ac72..d023faca 100755 --- a/src/freedombone-app-mediagoblin +++ b/src/freedombone-app-mediagoblin @@ -38,242 +38,311 @@ MEDIAGOBLIN_ADMIN_PASSWORD= MEDIAGOBLIN_ONION_PORT=8096 function reconfigure_mediagoblin { - echo -n '' + echo -n '' } function upgrade_mediagoblin { - echo -n '' + echo -n '' } function backup_local_mediagoblin { - echo -n '' + echo -n '' } function restore_local_mediagoblin { - echo -n '' + echo -n '' } function backup_remote_mediagoblin { - if grep -q "Mediagoblin domain" $COMPLETION_FILE; then - MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}') - function_check suspend_site - suspend_site ${MEDIAGOBLIN_DOMAIN_NAME} + if grep -q "Mediagoblin domain" $COMPLETION_FILE; then + MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}') + function_check suspend_site + suspend_site ${MEDIAGOBLIN_DOMAIN_NAME} - echo $"Backing up Mediagoblin" + echo $"Backing up Mediagoblin" - backup_directory_to_friend /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs mediagoblin + backup_directory_to_friend /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs mediagoblin - function_check restart_site - restart_site + function_check restart_site + restart_site - echo $"Backup of Mediagoblin complete" - fi + echo $"Backup of Mediagoblin complete" + fi } function restore_remote_mediagoblin { - if grep -q "Mediagoblin domain" $COMPLETION_FILE; then - MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}') - if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then - echo $"Restoring Mediagoblin installation" - temp_restore_dir=/root/tempmediagoblin - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir mediagoblin - cp -r $temp_restore_dir/* / - if [ ! "$?" = "0" ]; then - exit 5626 - fi - rm -rf $temp_restore_dir - echo $"Restore of Mediagoblin complete" + if grep -q "Mediagoblin domain" $COMPLETION_FILE; then + MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}') + if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then + echo $"Restoring Mediagoblin installation" + temp_restore_dir=/root/tempmediagoblin + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir mediagoblin + cp -r $temp_restore_dir/* / + if [ ! "$?" = "0" ]; then + exit 5626 + fi + rm -rf $temp_restore_dir + echo $"Restore of Mediagoblin complete" + fi + chown -hR mediagoblin:www-data /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs fi - chown -hR mediagoblin:www-data /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs - fi } function remove_mediagoblin { - echo -n '' + echo -n '' } function install_mediagoblin { - if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then - return - fi + if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then + return + fi - MEDIAGOBLIN_WORKING_DIRECTORY=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs + MEDIAGOBLIN_WORKING_DIRECTORY=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs + + # update to a new commit if needed + function_check set_repo_commit + set_repo_commit $MEDIAGOBLIN_WORKING_DIRECTORY "Mediagoblin commit" "$MEDIAGOBLIN_COMMIT" $MEDIAGOBLIN_REPO + if [ -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then + chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY + fi + + if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then + return + fi + + apt-get -y install git-core python python-dev python-lxml python-pil + apt-get -y install python-virtualenv npm nodejs-legacy automake + apt-get -y install fcgiwrap + + #apt-get -y install postgresql postgresql-client python-psycopg2 + #apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject + #apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools + #apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev + #apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools + #su -c "createuser -A -D mediagoblin" - postgres + #su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres + + useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin + groupadd mediagoblin + usermod --append -G mediagoblin mediagoblin + + if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then + mkdir -p $MEDIAGOBLIN_WORKING_DIRECTORY + fi + + function_check git_clone + git_clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_WORKING_DIRECTORY + cd $MEDIAGOBLIN_WORKING_DIRECTORY + git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT + git submodule init + git submodule update + + if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then + echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE + fi - # update to a new commit if needed - function_check set_repo_commit - set_repo_commit $MEDIAGOBLIN_WORKING_DIRECTORY "Mediagoblin commit" "$MEDIAGOBLIN_COMMIT" $MEDIAGOBLIN_REPO - if [ -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY - fi + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin + if [ ! "$?" = "0" ]; then + exit 278826 + fi - if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then - return - fi + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./configure" - mediagoblin + if [ ! "$?" = "0" ]; then + exit 462826 + fi - apt-get -y install git-core python python-dev python-lxml python-pil - apt-get -y install python-virtualenv npm nodejs-legacy automake - apt-get -y install fcgiwrap + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && make" - mediagoblin + if [ ! "$?" = "0" ]; then + exit 738229 + fi - #apt-get -y install postgresql postgresql-client python-psycopg2 - #apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject - #apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools - #apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev - #apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools - #su -c "createuser -A -D mediagoblin" - postgres - #su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres + if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev ]; then + mkdir $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev + fi + chmod 750 $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install flup==1.0.3.dev-20110405" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade billiard" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Paste" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade amqp" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade anyjson" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py-bcrypt" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade wtforms" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade python-dateutil" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alembic" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade waitress" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade imagesize" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alabaster" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade snowballstemmer" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade docutils" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Pygments" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade beautifulsoup4" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade WebOb" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py" - mediagoblin + su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade execnet" - mediagoblin - useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin - groupadd mediagoblin - usermod --append -G mediagoblin mediagoblin + # create some directories + mkdir /var/log/mediagoblin + chown -hR mediagoblin:www-data /var/log/mediagoblin + mkdir /var/run/mediagoblin + chown -hR mediagoblin:www-data /var/run/mediagoblin - if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then - mkdir -p $MEDIAGOBLIN_WORKING_DIRECTORY - fi + if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin.ini ]; then + echo $'mediagoblin.ini not found' + exit 737529 + fi + if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/paste.ini ]; then + echo $'paste.ini not found' + exit 52762 + fi - function_check git_clone - git_clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_WORKING_DIRECTORY - cd $MEDIAGOBLIN_WORKING_DIRECTORY - git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT - git submodule init - git submodule update + cp -av mediagoblin.ini mediagoblin_local.ini + cp -av paste.ini paste_local.ini - if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then - echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE - fi + chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY - chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin - if [ ! "$?" = "0" ]; then - exit 278826 - fi + # init with systemd + echo '[Unit]' > /etc/systemd/system/mediagoblin-celeryd.service + echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/mediagoblin-celeryd.service + echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-celeryd.service + echo 'After=network.target' >> /etc/systemd/system/mediagoblin-celeryd.service + echo '' >> /etc/systemd/system/mediagoblin-celeryd.service + echo '[Service]' >> /etc/systemd/system/mediagoblin-celeryd.service + echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service + echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service + echo 'Type=simple' >> /etc/systemd/system/mediagoblin-celeryd.service + echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-celeryd.service + echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin_local.ini \\" >> /etc/systemd/system/mediagoblin-celeryd.service + echo ' CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery' >> /etc/systemd/system/mediagoblin-celeryd.service + echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/celery worker \\" >> /etc/systemd/system/mediagoblin-celeryd.service + echo ' --logfile=/var/log/mediagoblin/celery.log \' >> /etc/systemd/system/mediagoblin-celeryd.service + echo ' --loglevel=INFO' >> /etc/systemd/system/mediagoblin-celeryd.service + echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/mediagoblin-celeryd.service + echo '' >> /etc/systemd/system/mediagoblin-celeryd.service + echo '[Install]' >> /etc/systemd/system/mediagoblin-celeryd.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-celeryd.service - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./configure" - mediagoblin - if [ ! "$?" = "0" ]; then - exit 462826 - fi + echo '[Unit]' > /etc/systemd/system/mediagoblin-paster.service + echo 'Description=Mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service + echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-paster.service + echo 'After=network.target' >> /etc/systemd/system/mediagoblin-paster.service + echo '' >> /etc/systemd/system/mediagoblin-paster.service + echo '[Service]' >> /etc/systemd/system/mediagoblin-paster.service + echo 'Type=forking' >> /etc/systemd/system/mediagoblin-paster.service + echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service + echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service + echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/mediagoblin-paster.service + echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-paster.service + echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service + echo " $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini \\" >> /etc/systemd/system/mediagoblin-paster.service + echo ' --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service + echo ' --log-file=/var/log/mediagoblin/mediagoblin.log \' >> /etc/systemd/system/mediagoblin-paster.service + echo ' --daemon \' >> /etc/systemd/system/mediagoblin-paster.service + echo ' --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543' >> /etc/systemd/system/mediagoblin-paster.service + echo "ExecStop=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service + echo ' --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service + echo " $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini stop" >> /etc/systemd/system/mediagoblin-paster.service + echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/mediagoblin-paster.service + echo '' >> /etc/systemd/system/mediagoblin-paster.service + echo '[Install]' >> /etc/systemd/system/mediagoblin-paster.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-paster.service + systemctl daemon-reload + systemctl enable mediagoblin-celeryd + systemctl enable mediagoblin-paster + systemctl daemon-reload + systemctl start mediagoblin-celeryd + systemctl start mediagoblin-paster - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && make" - mediagoblin - if [ ! "$?" = "0" ]; then - exit 738229 - fi + MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT}) + if ! grep -q "Mediagoblin onion domain" $COMPLETION_FILE; then + echo "Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}" >> $COMPLETION_FILE + else + sed -i "s|Mediagoblin onion domain.*|Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}|g" $COMPLETION_FILE + fi + if [[ $MEDIAGOBLIN_ONION_HOSTNAME == *"not found"* ]]; then + echo $'Problem creating onion address for mediagoblin' + exit 672652 + fi - if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev ]; then - mkdir $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev - fi - chmod 750 $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install flup==1.0.3.dev-20110405" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade billiard" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Paste" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade amqp" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade anyjson" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py-bcrypt" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade wtforms" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade python-dateutil" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alembic" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade waitress" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade imagesize" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alabaster" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade snowballstemmer" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade docutils" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Pygments" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade beautifulsoup4" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade WebOb" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py" - mediagoblin - su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade execnet" - mediagoblin + # web config + MEDIAGOBLIN_VIRTUAL_HOST=/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME + function_check nginx_http_redirect + nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME + if [[ $ONION_ONLY == 'no' ]]; then + echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' listen 443 ssl;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' default_type application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + function_check nginx_limits + nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m' + function_check nginx_ssl + nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME + function_check nginx_disable_sniffing + nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST + else + echo -n '' > $MEDIAGOBLIN_VIRTUAL_HOST + fi - # create some directories - mkdir /var/log/mediagoblin - chown -hR mediagoblin:www-data /var/log/mediagoblin - mkdir /var/run/mediagoblin - chown -hR mediagoblin:www-data /var/run/mediagoblin - - if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin.ini ]; then - echo $'mediagoblin.ini not found' - exit 737529 - fi - if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/paste.ini ]; then - echo $'paste.ini not found' - exit 52762 - fi - - cp -av mediagoblin.ini mediagoblin_local.ini - cp -av paste.ini paste_local.ini - - chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY - - # init with systemd - echo '[Unit]' > /etc/systemd/system/mediagoblin-celeryd.service - echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/mediagoblin-celeryd.service - echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-celeryd.service - echo 'After=network.target' >> /etc/systemd/system/mediagoblin-celeryd.service - echo '' >> /etc/systemd/system/mediagoblin-celeryd.service - echo '[Service]' >> /etc/systemd/system/mediagoblin-celeryd.service - echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service - echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service - echo 'Type=simple' >> /etc/systemd/system/mediagoblin-celeryd.service - echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-celeryd.service - echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin_local.ini \\" >> /etc/systemd/system/mediagoblin-celeryd.service - echo ' CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery' >> /etc/systemd/system/mediagoblin-celeryd.service - echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/celery worker \\" >> /etc/systemd/system/mediagoblin-celeryd.service - echo ' --logfile=/var/log/mediagoblin/celery.log \' >> /etc/systemd/system/mediagoblin-celeryd.service - echo ' --loglevel=INFO' >> /etc/systemd/system/mediagoblin-celeryd.service - echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/mediagoblin-celeryd.service - echo '' >> /etc/systemd/system/mediagoblin-celeryd.service - echo '[Install]' >> /etc/systemd/system/mediagoblin-celeryd.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-celeryd.service - - echo '[Unit]' > /etc/systemd/system/mediagoblin-paster.service - echo 'Description=Mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service - echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-paster.service - echo 'After=network.target' >> /etc/systemd/system/mediagoblin-paster.service - echo '' >> /etc/systemd/system/mediagoblin-paster.service - echo '[Service]' >> /etc/systemd/system/mediagoblin-paster.service - echo 'Type=forking' >> /etc/systemd/system/mediagoblin-paster.service - echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service - echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service - echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/mediagoblin-paster.service - echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-paster.service - echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service - echo " $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini \\" >> /etc/systemd/system/mediagoblin-paster.service - echo ' --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service - echo ' --log-file=/var/log/mediagoblin/mediagoblin.log \' >> /etc/systemd/system/mediagoblin-paster.service - echo ' --daemon \' >> /etc/systemd/system/mediagoblin-paster.service - echo ' --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543' >> /etc/systemd/system/mediagoblin-paster.service - echo "ExecStop=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service - echo ' --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service - echo " $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini stop" >> /etc/systemd/system/mediagoblin-paster.service - echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/mediagoblin-paster.service - echo '' >> /etc/systemd/system/mediagoblin-paster.service - echo '[Install]' >> /etc/systemd/system/mediagoblin-paster.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-paster.service - systemctl daemon-reload - systemctl enable mediagoblin-celeryd - systemctl enable mediagoblin-paster - systemctl daemon-reload - systemctl start mediagoblin-celeryd - systemctl start mediagoblin-paster - - MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT}) - if ! grep -q "Mediagoblin onion domain" $COMPLETION_FILE; then - echo "Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}" >> $COMPLETION_FILE - else - sed -i "s|Mediagoblin onion domain.*|Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}|g" $COMPLETION_FILE - fi - if [[ $MEDIAGOBLIN_ONION_HOSTNAME == *"not found"* ]]; then - echo $'Problem creating onion address for mediagoblin' - exit 672652 - fi - - # web config - MEDIAGOBLIN_VIRTUAL_HOST=/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME - function_check nginx_http_redirect - nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME - if [[ $ONION_ONLY == 'no' ]]; then echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' listen 443 ssl;' >> $MEDIAGOBLIN_VIRTUAL_HOST + echo " listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> $MEDIAGOBLIN_VIRTUAL_HOST echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST echo ' # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST @@ -285,8 +354,6 @@ function install_mediagoblin { echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST function_check nginx_limits nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m' - function_check nginx_ssl - nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME function_check nginx_disable_sniffing nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST @@ -301,7 +368,7 @@ function install_mediagoblin { echo ' # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST + echo " server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST echo ' access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST echo ' error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST @@ -336,90 +403,23 @@ function install_mediagoblin { echo ' fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - else - echo -n '' > $MEDIAGOBLIN_VIRTUAL_HOST - fi - echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo " listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' default_type application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - function_check nginx_limits - nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m' - function_check nginx_disable_sniffing - nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo " server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo " alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo ' }' >> $MEDIAGOBLIN_VIRTUAL_HOST - echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST + function_check create_site_certificate + create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME - function_check create_site_certificate - create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME + nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME + systemctl restart php5-fpm + systemctl restart nginx - nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME - systemctl restart php5-fpm - systemctl restart nginx + add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME - add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME + if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then + echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE + else + sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE + fi - if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then - echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE - else - sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE - fi - - echo 'install_mediagoblin' >> $COMPLETION_FILE + echo 'install_mediagoblin' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-mumble b/src/freedombone-app-mumble index 42901bc6..356045f7 100755 --- a/src/freedombone-app-mumble +++ b/src/freedombone-app-mumble @@ -40,256 +40,256 @@ VOIP_DATABASE="mumble-server.sqlite" VOIP_CONFIG_FILE="mumble-server.ini" function reconfigure_mumble { - echo -n '' + echo -n '' } function upgrade_mumble { - echo -n '' + echo -n '' } function backup_local_mumble { - if [ -f /etc/mumble-server.ini ]; then - echo $"Backing up Mumble settings" - temp_backup_dir=/root/tempvoipbackup - if [ ! -d $temp_backup_dir ]; then - mkdir -p $temp_backup_dir + if [ -f /etc/mumble-server.ini ]; then + echo $"Backing up Mumble settings" + temp_backup_dir=/root/tempvoipbackup + if [ ! -d $temp_backup_dir ]; then + mkdir -p $temp_backup_dir + fi + cp -f /etc/mumble-server.ini $temp_backup_dir + cp -f /var/lib/mumble-server/mumble-server.sqlite $temp_backup_dir + backup_directory_to_usb $temp_backup_dir voip + echo $"Mumble settings backup complete" fi - cp -f /etc/mumble-server.ini $temp_backup_dir - cp -f /var/lib/mumble-server/mumble-server.sqlite $temp_backup_dir - backup_directory_to_usb $temp_backup_dir voip - echo $"Mumble settings backup complete" - fi } function restore_local_mumble { - if [ -d $USB_MOUNT/backup/voip ]; then - echo $"Restoring VoIP settings" - temp_restore_dir=/root/tempvoip - function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir voip - cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/ - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 3679 + if [ -d $USB_MOUNT/backup/voip ]; then + echo $"Restoring VoIP settings" + temp_restore_dir=/root/tempvoip + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir voip + cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/ + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 3679 + fi + cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/ + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 276 + fi + rm -rf $temp_restore_dir + cp /etc/ssl/certs/mumble* /var/lib/mumble-server + cp /etc/ssl/private/mumble* /var/lib/mumble-server + chown -R mumble-server:mumble-server /var/lib/mumble-server + service mumble-server restart fi - cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/ - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 276 - fi - rm -rf $temp_restore_dir - cp /etc/ssl/certs/mumble* /var/lib/mumble-server - cp /etc/ssl/private/mumble* /var/lib/mumble-server - chown -R mumble-server:mumble-server /var/lib/mumble-server - service mumble-server restart - fi } function backup_remote_mumble { - if [ -f /etc/mumble-server.ini ]; then - echo $"Backing up VoIP settings" - if [ ! -d /root/tempvoipbackup ]; then - mkdir -p /root/tempvoipbackup + if [ -f /etc/mumble-server.ini ]; then + echo $"Backing up VoIP settings" + if [ ! -d /root/tempvoipbackup ]; then + mkdir -p /root/tempvoipbackup + fi + cp -f /etc/mumble-server.ini /root/tempvoipbackup + cp -f /var/lib/mumble-server/mumble-server.sqlite /root/tempvoipbackup + backup_directory_to_friend /root/tempvoipbackup voip + echo $"Backup of VoIP settings complete" fi - cp -f /etc/mumble-server.ini /root/tempvoipbackup - cp -f /var/lib/mumble-server/mumble-server.sqlite /root/tempvoipbackup - backup_directory_to_friend /root/tempvoipbackup voip - echo $"Backup of VoIP settings complete" - fi } function restore_remote_mumble { - if [ -d $SERVER_DIRECTORY/backup/voip ]; then - echo $"Restoring Mumble settings" - temp_restore_dir=/root/tempvoip - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir voip - cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/ - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - exit 7823 + if [ -d $SERVER_DIRECTORY/backup/voip ]; then + echo $"Restoring Mumble settings" + temp_restore_dir=/root/tempvoip + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir voip + cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/ + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + exit 7823 + fi + cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + exit 7823 + fi + cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/ + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + exit 276 + fi + rm -rf $temp_restore_dir + cp /etc/ssl/certs/mumble* /var/lib/mumble-server + cp /etc/ssl/private/mumble* /var/lib/mumble-server + chown -R mumble-server:mumble-server /var/lib/mumble-server + service mumble-server restart + echo $"Restore of Mumble complete" fi - cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - exit 7823 - fi - cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/ - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - exit 276 - fi - rm -rf $temp_restore_dir - cp /etc/ssl/certs/mumble* /var/lib/mumble-server - cp /etc/ssl/private/mumble* /var/lib/mumble-server - chown -R mumble-server:mumble-server /var/lib/mumble-server - service mumble-server restart - echo $"Restore of Mumble complete" - fi } function remove_mumble { - if !grep -Fxq "install_mumble" $COMPLETION_FILE; then - if ! grep -Fxq "install_voip" $COMPLETION_FILE; then - return + if !grep -Fxq "install_mumble" $COMPLETION_FILE; then + if ! grep -Fxq "install_voip" $COMPLETION_FILE; then + return + fi fi - fi - apt-get -y remove --purge mumble-server - if [[ $ONION_ONLY == "no" ]]; then - iptables -D INPUT -p udp --dport $VOIP_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $VOIP_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - fi - if [ -f /etc/mumble-server.ini ]; then - rm /etc/mumble-server.ini - fi - function_check remove_onion_service - remove_onion_service voip ${VOIP_PORT} - sed -i '/install_mumble/d' $COMPLETION_FILE - sed -i '/install_voip/d' $COMPLETION_FILE - sed -i '/configure_firewall_for_voip/d' $COMPLETION_FILE - sed -i '/VoIP /d' $COMPLETION_FILE + apt-get -y remove --purge mumble-server + if [[ $ONION_ONLY == "no" ]]; then + iptables -D INPUT -p udp --dport $VOIP_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport $VOIP_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings + fi + if [ -f /etc/mumble-server.ini ]; then + rm /etc/mumble-server.ini + fi + function_check remove_onion_service + remove_onion_service voip ${VOIP_PORT} + sed -i '/install_mumble/d' $COMPLETION_FILE + sed -i '/install_voip/d' $COMPLETION_FILE + sed -i '/configure_firewall_for_voip/d' $COMPLETION_FILE + sed -i '/VoIP /d' $COMPLETION_FILE } function get_voip_server_password { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "VoIP server password" /home/$MY_USERNAME/README; then - if [ ! $VOIP_SERVER_PASSWORD ]; then - VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi - else - if grep -q "Mumble server password" /home/$MY_USERNAME/README; then - if [ ! $VOIP_SERVER_PASSWORD ]; then - VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Mumble server password" | awk -F ':' '{print $2}' | sed 's/^ *//') + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "VoIP server password" /home/$MY_USERNAME/README; then + if [ ! $VOIP_SERVER_PASSWORD ]; then + VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + else + if grep -q "Mumble server password" /home/$MY_USERNAME/README; then + if [ ! $VOIP_SERVER_PASSWORD ]; then + VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Mumble server password" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi fi - fi fi - fi } function configure_firewall_for_voip { - if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT + iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("Mumble $VOIP_PORT") - echo 'configure_firewall_for_voip' >> $COMPLETION_FILE + OPEN_PORTS+=("Mumble $VOIP_PORT") + echo 'configure_firewall_for_voip' >> $COMPLETION_FILE } function install_mumble { - if grep -Fxq "install_mumble" $COMPLETION_FILE; then - return - fi - if grep -Fxq "install_voip" $COMPLETION_FILE; then - return - fi - apt-get -y install mumble-server - - function_check get_voip_server_password - get_voip_server_password - if [ ! $VOIP_SERVER_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - VOIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then - VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - fi + if grep -Fxq "install_mumble" $COMPLETION_FILE; then + return fi - fi - - # Make an ssl cert for the server - if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then - ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH - function_check check_certificates - check_certificates mumble - fi - - # Check that the cert was created - if [ ! -f /etc/ssl/certs/mumble.crt ]; then - echo $'VoIP server certificate not created' - exit 57892 - fi - if [ ! -f /etc/ssl/private/mumble.key ]; then - echo $'VoIP server key not created' - exit 57893 - fi - if [ ! -d /var/lib/mumble-server ]; then - mkdir /var/lib/mumble-server - fi - cp /etc/ssl/certs/mumble.* /var/lib/mumble-server - cp /etc/ssl/private/mumble.key /var/lib/mumble-server - chown -R mumble-server:mumble-server /var/lib/mumble-server - - sed -i "s|welcometext=.*|welcometext=\"
Welcome to $DEFAULT_DOMAIN_NAME VoIP.
Chat freely!
\"|g" /etc/mumble-server.ini - - if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then - sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini - fi - - sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini - sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini - sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini - sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini - sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini - if ! grep -q "allowping" /etc/mumble-server.ini; then - echo 'allowping=False' >> /etc/mumble-server.ini - fi - sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini - sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini - sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini - sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini - sed -i 's|users=100|users=10|g' /etc/mumble-server.ini - sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini - sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini - sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini - sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini - sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini - sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini - sed -i "s|port=.*|port=${VOIP_PORT}|g" /etc/mumble-server.ini - - VOIP_ONION_HOSTNAME=$(add_onion_service voip ${VOIP_PORT} ${VOIP_PORT}) - if ! grep -q $"VoIP onion domain" $COMPLETION_FILE; then - echo "VoIP onion domain:$VOIP_ONION_HOSTNAME" >> $COMPLETION_FILE - fi - - systemctl restart mumble-server - - if ! grep -q $"Mumble Server" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Mumble Server' >> /home/$MY_USERNAME/README - echo '=============' >> /home/$MY_USERNAME/README - echo $"Mumble onion domain:$VOIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README - echo $'Mumble server username: mumble-server' >> /home/$MY_USERNAME/README - if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then - echo $"Mumble server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README + if grep -Fxq "install_voip" $COMPLETION_FILE; then + return fi - echo '' >> /home/$MY_USERNAME/README - echo $'To connect to the Mumble server use your username and the server password shown above.' >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + apt-get -y install mumble-server - function_check configure_firewall_for_voip - configure_firewall_for_voip - echo 'install_mumble' >> $COMPLETION_FILE + function_check get_voip_server_password + get_voip_server_password + if [ ! $VOIP_SERVER_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + VOIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then + VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + fi + fi + + # Make an ssl cert for the server + if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then + ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH + function_check check_certificates + check_certificates mumble + fi + + # Check that the cert was created + if [ ! -f /etc/ssl/certs/mumble.crt ]; then + echo $'VoIP server certificate not created' + exit 57892 + fi + if [ ! -f /etc/ssl/private/mumble.key ]; then + echo $'VoIP server key not created' + exit 57893 + fi + if [ ! -d /var/lib/mumble-server ]; then + mkdir /var/lib/mumble-server + fi + cp /etc/ssl/certs/mumble.* /var/lib/mumble-server + cp /etc/ssl/private/mumble.key /var/lib/mumble-server + chown -R mumble-server:mumble-server /var/lib/mumble-server + + sed -i "s|welcometext=.*|welcometext=\"
Welcome to $DEFAULT_DOMAIN_NAME VoIP.
Chat freely!
\"|g" /etc/mumble-server.ini + + if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then + sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini + fi + + sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini + sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini + sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini + sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini + sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini + if ! grep -q "allowping" /etc/mumble-server.ini; then + echo 'allowping=False' >> /etc/mumble-server.ini + fi + sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini + sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini + sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini + sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini + sed -i 's|users=100|users=10|g' /etc/mumble-server.ini + sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini + sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini + sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini + sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini + sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini + sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini + sed -i "s|port=.*|port=${VOIP_PORT}|g" /etc/mumble-server.ini + + VOIP_ONION_HOSTNAME=$(add_onion_service voip ${VOIP_PORT} ${VOIP_PORT}) + if ! grep -q $"VoIP onion domain" $COMPLETION_FILE; then + echo "VoIP onion domain:$VOIP_ONION_HOSTNAME" >> $COMPLETION_FILE + fi + + systemctl restart mumble-server + + if ! grep -q $"Mumble Server" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Mumble Server' >> /home/$MY_USERNAME/README + echo '=============' >> /home/$MY_USERNAME/README + echo $"Mumble onion domain:$VOIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README + echo $'Mumble server username: mumble-server' >> /home/$MY_USERNAME/README + if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then + echo $"Mumble server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README + fi + echo '' >> /home/$MY_USERNAME/README + echo $'To connect to the Mumble server use your username and the server password shown above.' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + + function_check configure_firewall_for_voip + configure_firewall_for_voip + echo 'install_mumble' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-searx b/src/freedombone-app-searx index 20f73841..875309d9 100755 --- a/src/freedombone-app-searx +++ b/src/freedombone-app-searx @@ -39,258 +39,258 @@ SEARX_LOGIN_TEXT=$"Search engine login" SEARX_PASSWORD= function reconfigure_searx { - echo -n '' + echo -n '' } function upgrade_searx { - if ! grep -Fxq "install_searx" $COMPLETION_FILE; then - return - fi + if ! grep -Fxq "install_searx" $COMPLETION_FILE; then + return + fi - set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO - if grep "Search engine key" $COMPLETION_FILE; then - if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then - # note: this might change to a --tor option in a later version - if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then + set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO + if grep "Search engine key" $COMPLETION_FILE; then + if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then + # note: this might change to a --tor option in a later version + if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then + echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml + echo ' proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml + echo ' http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml + echo ' https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml + fi + SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}') + sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml + if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then + SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname) + sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml + fi + fi + fi +} + +function backup_local_searx { + echo -n '' +} + +function restore_local_searx { + echo -n '' +} + +function backup_remote_searx { + echo -n '' +} + +function restore_remote_searx { + echo -n '' +} + +function remove_searx { + if ! grep -Fxq "install_searx" $COMPLETION_FILE; then + return + fi + systemctl stop searx + systemctl disable searx + rm /etc/systemd/system/searx.service + function_check remove_onion_service + remove_onion_service searx ${SEARX_ONION_PORT} + userdel -r searx + nginx_dissite searx + if [ -f /etc/nginx/sites-available/searx ]; then + rm /etc/nginx/sites-available/searx + fi + if [ -d ${SEARX_PATH}/searx ]; then + rm -rf ${SEARX_PATH}/searx + fi + sed -i '/install_searx/d' $COMPLETION_FILE + sed -i '/Search engine /d' $COMPLETION_FILE +} + +function install_searx { + # Note: currently socks5 outgoing proxies to other search engines does not work + if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if [ ! -d /etc/nginx ]; then + echo $'Webserver is not installed' + exit 62429 + fi + + if grep -Fxq "install_searx" $COMPLETION_FILE; then + return + fi + + apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils + apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi + + pip install --upgrade pip + + pip install certifi + if [ ! "$?" = "0" ]; then + echo $'Failed to install certifi' + exit 737692 + fi + + pip install pyyaml + if [ ! "$?" = "0" ]; then + echo $'Failed to install pyyaml' + exit 469242 + fi + + pip install flask --upgrade + if [ ! "$?" = "0" ]; then + echo $'Failed to install flask' + exit 888575 + fi + + pip install flask_restless --upgrade + if [ ! "$?" = "0" ]; then + echo $'Failed to install flask_restless' + exit 54835 + fi + + pip install flask_babel --upgrade + if [ ! "$?" = "0" ]; then + echo $'Failed to install flask_babel' + exit 63738 + fi + + if [ ! -d $SEARX_PATH ]; then + mkdir -p $SEARX_PATH + fi + + # clone the repo + cd $SEARX_PATH + function_check git_clone + git_clone $SEARX_REPO searx + git checkout $SEARX_COMMIT -b $SEARX_COMMIT + if ! grep -q "Search engine commit" $COMPLETION_FILE; then + echo "Search engine commit:$SEARX_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/Search engine commit.*/Search engine commit:$SEARX_COMMIT/g" $COMPLETION_FILE + fi + + # create an onion service + SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT}) + if ! grep "Search engine onion domain" $COMPLETION_FILE; then + echo "Search engine onion domain:${SEARX_ONION_HOSTNAME}" >> $COMPLETION_FILE + else + sed -i "s|Search engine onion domain.*|Search engine onion domain:${SEARX_ONION_HOSTNAME}|g" $COMPLETION_FILE + fi + + # an unprivileged user to run as + useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx + adduser searx debian-tor + + # daemon + echo '[Unit]' > /etc/systemd/system/searx.service + echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service + echo 'After=syslog.target' >> /etc/systemd/system/searx.service + echo 'After=network.target' >> /etc/systemd/system/searx.service + echo '' >> /etc/systemd/system/searx.service + echo '[Service]' >> /etc/systemd/system/searx.service + echo 'Type=simple' >> /etc/systemd/system/searx.service + echo 'User=searx' >> /etc/systemd/system/searx.service + echo 'Group=searx' >> /etc/systemd/system/searx.service + echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service + echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service + echo 'Restart=always' >> /etc/systemd/system/searx.service + echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service + echo '' >> /etc/systemd/system/searx.service + echo '[Install]' >> /etc/systemd/system/searx.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service + + # create a webserver file + echo 'server {' > /etc/nginx/sites-available/searx + echo " listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx + echo " root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx + echo " server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx + echo ' access_log off;' >> /etc/nginx/sites-available/searx + echo " error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx + echo '' >> /etc/nginx/sites-available/searx + function_check nginx_limits + nginx_limits searx '1M' + function_check nginx_disable_sniffing + nginx_disable_sniffing searx + echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx + echo '' >> /etc/nginx/sites-available/searx + echo ' location / {' >> /etc/nginx/sites-available/searx + echo ' proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx + echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx + echo ' proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx + echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx + echo ' proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx + echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx + echo ' proxy_redirect off;' >> /etc/nginx/sites-available/searx + + echo " auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx + echo ' auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx + echo ' }' >> /etc/nginx/sites-available/searx + echo '' >> /etc/nginx/sites-available/searx + echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx + echo '' >> /etc/nginx/sites-available/searx + echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx + echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx + echo '' >> /etc/nginx/sites-available/searx + echo ' location = /robots.txt {' >> /etc/nginx/sites-available/searx + echo ' allow all;' >> /etc/nginx/sites-available/searx + echo ' log_not_found off;' >> /etc/nginx/sites-available/searx + echo ' access_log off;' >> /etc/nginx/sites-available/searx + echo ' }' >> /etc/nginx/sites-available/searx + echo '}' >> /etc/nginx/sites-available/searx + + # replace the secret key + if ! grep "Search engine key" $COMPLETION_FILE; then + SEARX_SECRET_KEY="$(create_password 30)" + echo "Search engine key:${SEARX_SECRET_KEY}" >> $COMPLETION_FILE + else + SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}') + fi + sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml + sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml + sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml + sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml + + # note: this might change to a --tor option in a later version + if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml echo ' proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml echo ' http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml echo ' https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml - fi - SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}') - sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml - if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then - SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname) - sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml - fi fi - fi -} -function backup_local_searx { - echo -n '' -} + chown -R searx:searx ${SEARX_PATH}/searx -function restore_local_searx { - echo -n '' -} + # enable the site + nginx_ensite searx -function backup_remote_searx { - echo -n '' -} + # restart the web server + systemctl restart php5-fpm + systemctl restart nginx -function restore_remote_searx { - echo -n '' -} + # start the daemon + systemctl enable searx.service + systemctl daemon-reload + systemctl start searx.service -function remove_searx { - if ! grep -Fxq "install_searx" $COMPLETION_FILE; then - return - fi - systemctl stop searx - systemctl disable searx - rm /etc/systemd/system/searx.service - function_check remove_onion_service - remove_onion_service searx ${SEARX_ONION_PORT} - userdel -r searx - nginx_dissite searx - if [ -f /etc/nginx/sites-available/searx ]; then - rm /etc/nginx/sites-available/searx - fi - if [ -d ${SEARX_PATH}/searx ]; then - rm -rf ${SEARX_PATH}/searx - fi - sed -i '/install_searx/d' $COMPLETION_FILE - sed -i '/Search engine /d' $COMPLETION_FILE -} - -function install_searx { - # Note: currently socks5 outgoing proxies to other search engines does not work - if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if [ ! -d /etc/nginx ]; then - echo $'Webserver is not installed' - exit 62429 - fi - - if grep -Fxq "install_searx" $COMPLETION_FILE; then - return - fi - - apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils - apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi - - pip install --upgrade pip - - pip install certifi - if [ ! "$?" = "0" ]; then - echo $'Failed to install certifi' - exit 737692 - fi - - pip install pyyaml - if [ ! "$?" = "0" ]; then - echo $'Failed to install pyyaml' - exit 469242 - fi - - pip install flask --upgrade - if [ ! "$?" = "0" ]; then - echo $'Failed to install flask' - exit 888575 - fi - - pip install flask_restless --upgrade - if [ ! "$?" = "0" ]; then - echo $'Failed to install flask_restless' - exit 54835 - fi - - pip install flask_babel --upgrade - if [ ! "$?" = "0" ]; then - echo $'Failed to install flask_babel' - exit 63738 - fi - - if [ ! -d $SEARX_PATH ]; then - mkdir -p $SEARX_PATH - fi - - # clone the repo - cd $SEARX_PATH - function_check git_clone - git_clone $SEARX_REPO searx - git checkout $SEARX_COMMIT -b $SEARX_COMMIT - if ! grep -q "Search engine commit" $COMPLETION_FILE; then - echo "Search engine commit:$SEARX_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/Search engine commit.*/Search engine commit:$SEARX_COMMIT/g" $COMPLETION_FILE - fi - - # create an onion service - SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT}) - if ! grep "Search engine onion domain" $COMPLETION_FILE; then - echo "Search engine onion domain:${SEARX_ONION_HOSTNAME}" >> $COMPLETION_FILE - else - sed -i "s|Search engine onion domain.*|Search engine onion domain:${SEARX_ONION_HOSTNAME}|g" $COMPLETION_FILE - fi - - # an unprivileged user to run as - useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx - adduser searx debian-tor - - # daemon - echo '[Unit]' > /etc/systemd/system/searx.service - echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service - echo 'After=syslog.target' >> /etc/systemd/system/searx.service - echo 'After=network.target' >> /etc/systemd/system/searx.service - echo '' >> /etc/systemd/system/searx.service - echo '[Service]' >> /etc/systemd/system/searx.service - echo 'Type=simple' >> /etc/systemd/system/searx.service - echo 'User=searx' >> /etc/systemd/system/searx.service - echo 'Group=searx' >> /etc/systemd/system/searx.service - echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service - echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service - echo 'Restart=always' >> /etc/systemd/system/searx.service - echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service - echo '' >> /etc/systemd/system/searx.service - echo '[Install]' >> /etc/systemd/system/searx.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service - - # create a webserver file - echo 'server {' > /etc/nginx/sites-available/searx - echo " listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx - echo " root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx - echo " server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx - echo ' access_log off;' >> /etc/nginx/sites-available/searx - echo " error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx - echo '' >> /etc/nginx/sites-available/searx - function_check nginx_limits - nginx_limits searx '1M' - function_check nginx_disable_sniffing - nginx_disable_sniffing searx - echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx - echo '' >> /etc/nginx/sites-available/searx - echo ' location / {' >> /etc/nginx/sites-available/searx - echo ' proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx - echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx - echo ' proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx - echo ' proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx - echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx - echo ' proxy_redirect off;' >> /etc/nginx/sites-available/searx - - echo " auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx - echo ' auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx - echo ' }' >> /etc/nginx/sites-available/searx - echo '' >> /etc/nginx/sites-available/searx - echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx - echo '' >> /etc/nginx/sites-available/searx - echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx - echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx - echo '' >> /etc/nginx/sites-available/searx - echo ' location = /robots.txt {' >> /etc/nginx/sites-available/searx - echo ' allow all;' >> /etc/nginx/sites-available/searx - echo ' log_not_found off;' >> /etc/nginx/sites-available/searx - echo ' access_log off;' >> /etc/nginx/sites-available/searx - echo ' }' >> /etc/nginx/sites-available/searx - echo '}' >> /etc/nginx/sites-available/searx - - # replace the secret key - if ! grep "Search engine key" $COMPLETION_FILE; then - SEARX_SECRET_KEY="$(create_password 30)" - echo "Search engine key:${SEARX_SECRET_KEY}" >> $COMPLETION_FILE - else - SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}') - fi - sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml - sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml - sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml - sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml - - # note: this might change to a --tor option in a later version - if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then - echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml - echo ' proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml - echo ' http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml - echo ' https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml - fi - - chown -R searx:searx ${SEARX_PATH}/searx - - # enable the site - nginx_ensite searx - - # restart the web server - systemctl restart php5-fpm - systemctl restart nginx - - # start the daemon - systemctl enable searx.service - systemctl daemon-reload - systemctl start searx.service - - if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then - if [ ${#SEARX_PASSWORD} -lt 8 ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - fi + if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then + if [ ${#SEARX_PASSWORD} -lt 8 ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + fi + echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Search Engine' >> /home/$MY_USERNAME/README + echo '=============' >> /home/$MY_USERNAME/README + echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README + echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README fi - echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Search Engine' >> /home/$MY_USERNAME/README - echo '=============' >> /home/$MY_USERNAME/README - echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README - echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - echo 'install_searx' >> $COMPLETION_FILE + echo 'install_searx' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-sip b/src/freedombone-app-sip index 07a4a9de..5d5b24ac 100755 --- a/src/freedombone-app-sip +++ b/src/freedombone-app-sip @@ -38,415 +38,415 @@ VOIP_TURN_TLS_PORT=5349 VOIP_TURN_NONCE= function reconfigure_sip { - echo -n '' + echo -n '' } function upgrade_sip { - # remove the original sipwitch daemon if it exists - if [ -f /etc/init.d/sipwitch ]; then - rm -f /etc/init.d/sipwitch - fi + # remove the original sipwitch daemon if it exists + if [ -f /etc/init.d/sipwitch ]; then + rm -f /etc/init.d/sipwitch + fi } function backup_local_sip { - if [ -f /etc/sipwitch.conf ]; then - echo $"Backing up SIP settings" - temp_backup_dir=/root/tempsipbackup - if [ ! -d $temp_backup_dir ]; then - mkdir -p $temp_backup_dir + if [ -f /etc/sipwitch.conf ]; then + echo $"Backing up SIP settings" + temp_backup_dir=/root/tempsipbackup + if [ ! -d $temp_backup_dir ]; then + mkdir -p $temp_backup_dir + fi + cp -f /etc/sipwitch.conf $temp_backup_dir + backup_directory_to_usb $temp_backup_dir sip + echo $"SIP settings backup complete" fi - cp -f /etc/sipwitch.conf $temp_backup_dir - backup_directory_to_usb $temp_backup_dir sip - echo $"SIP settings backup complete" - fi } function restore_local_sip { - if [ -d $USB_MOUNT/backup/sip ]; then - echo $"Restoring SIP settings" - temp_restore_dir=/root/tempsip - function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir sip - cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf - if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - function_check set_user_permissions - set_user_permissions - backup_unmount_drive - exit 3679 + if [ -d $USB_MOUNT/backup/sip ]; then + echo $"Restoring SIP settings" + temp_restore_dir=/root/tempsip + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir sip + cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + function_check set_user_permissions + set_user_permissions + backup_unmount_drive + exit 3679 + fi + rm -rf $temp_restore_dir + service sipwitch restart + echo $"Restore of SIP settings complete" fi - rm -rf $temp_restore_dir - service sipwitch restart - echo $"Restore of SIP settings complete" - fi } function backup_remote_sip { - if [ -f /etc/sipwitch.conf ]; then - echo $"Backing up SIP settings" - temp_backup_dir=/root/tempsipbackup - if [ ! -d $temp_backup_dir ]; then - mkdir -p $temp_backup_dir + if [ -f /etc/sipwitch.conf ]; then + echo $"Backing up SIP settings" + temp_backup_dir=/root/tempsipbackup + if [ ! -d $temp_backup_dir ]; then + mkdir -p $temp_backup_dir + fi + cp -f /etc/sipwitch.conf $temp_backup_dir + backup_directory_to_friend $temp_backup_dir sip + echo $"Backup SIP settings complete" fi - cp -f /etc/sipwitch.conf $temp_backup_dir - backup_directory_to_friend $temp_backup_dir sip - echo $"Backup SIP settings complete" - fi } function restore_remote_sip { - echo -n '' + echo -n '' } function remove_sip { - if ! grep -Fxq "install_sip" $COMPLETION_FILE; then - return - fi - iptables -D INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT - iptables -D INPUT -p udp --dport $SIP_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $SIP_PORT -j ACCEPT - iptables -D INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if ! grep -Fxq "install_sip" $COMPLETION_FILE; then + return + fi + iptables -D INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT + iptables -D INPUT -p udp --dport $SIP_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport $SIP_PORT -j ACCEPT + iptables -D INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - function_check remove_onion_service - remove_onion_service sip ${SIP_PORT} + function_check remove_onion_service + remove_onion_service sip ${SIP_PORT} - apt-get -y remove --purge sipwitch - apt-get -y remove --purge turnserver - if [ -f /etc/sipwitch.conf ]; then - rm /etc/sipwitch.conf - fi - if [ -d /etc/turnserver ]; then - rm -rf /etc/turnserver - fi - sed -i '/install_sip/d' $COMPLETION_FILE - sed -i '/configure_firewall_for_voip_turn/d' $COMPLETION_FILE - sed -i '/configure_firewall_for_sip4/d' $COMPLETION_FILE + apt-get -y remove --purge sipwitch + apt-get -y remove --purge turnserver + if [ -f /etc/sipwitch.conf ]; then + rm /etc/sipwitch.conf + fi + if [ -d /etc/turnserver ]; then + rm -rf /etc/turnserver + fi + sed -i '/install_sip/d' $COMPLETION_FILE + sed -i '/configure_firewall_for_voip_turn/d' $COMPLETION_FILE + sed -i '/configure_firewall_for_sip4/d' $COMPLETION_FILE } function configure_firewall_for_voip_turn { - if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT + iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT + iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("TURN $VOIP_TURN_PORT") - OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT") - echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE + OPEN_PORTS+=("TURN $VOIP_TURN_PORT") + OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT") + echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE } function configure_firewall_for_sip4 { - if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT - iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT + iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT + iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT + iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("SIP $SIP_PORT") - OPEN_PORTS+=("SIP TLS $SIP_TLS_PORT") - echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE + OPEN_PORTS+=("SIP $SIP_PORT") + OPEN_PORTS+=("SIP TLS $SIP_TLS_PORT") + echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE } function get_sip_server_password { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "SIP server password" /home/$MY_USERNAME/README; then - if [ ! $SIP_SERVER_PASSWORD ]; then - SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "SIP server password" /home/$MY_USERNAME/README; then + if [ ! $SIP_SERVER_PASSWORD ]; then + SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi fi - fi } function update_sipwitch_daemon { - if [ ! -f /etc/init.d/sipwitch ]; then - return - fi - service sipwitch stop + if [ ! -f /etc/init.d/sipwitch ]; then + return + fi + service sipwitch stop - # remove the original sipwitch daemon if it exists - if [ -f /etc/init.d/sipwitch ]; then - rm -f /etc/init.d/sipwitch - fi + # remove the original sipwitch daemon if it exists + if [ -f /etc/init.d/sipwitch ]; then + rm -f /etc/init.d/sipwitch + fi - # daemon - echo '[Unit]' > /etc/systemd/system/sipwitch.service - echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service - echo 'After=network.target' >> /etc/systemd/system/sipwitch.service - echo '' >> /etc/systemd/system/sipwitch.service - echo '[Service]' >> /etc/systemd/system/sipwitch.service - echo 'Type=simple' >> /etc/systemd/system/sipwitch.service - echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service - echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service - echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service - echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service - echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service - echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service - echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service - echo 'Restart=always' >> /etc/systemd/system/sipwitch.service - echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service - echo '' >> /etc/systemd/system/sipwitch.service - echo '[Install]' >> /etc/systemd/system/sipwitch.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service + # daemon + echo '[Unit]' > /etc/systemd/system/sipwitch.service + echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service + echo 'After=network.target' >> /etc/systemd/system/sipwitch.service + echo '' >> /etc/systemd/system/sipwitch.service + echo '[Service]' >> /etc/systemd/system/sipwitch.service + echo 'Type=simple' >> /etc/systemd/system/sipwitch.service + echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service + echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service + echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service + echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service + echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service + echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service + echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service + echo 'Restart=always' >> /etc/systemd/system/sipwitch.service + echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service + echo '' >> /etc/systemd/system/sipwitch.service + echo '[Install]' >> /etc/systemd/system/sipwitch.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service - systemctl enable sipwitch - systemctl daemon-reload - systemctl start sipwitch + systemctl enable sipwitch + systemctl daemon-reload + systemctl start sipwitch } function install_sip_main { - if grep -Fxq "install_sip_main" $COMPLETION_FILE; then - return - fi - - apt-get -y install sipwitch - - function_check get_sip_server_password - get_sip_server_password - if [ ! $SIP_SERVER_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if grep -Fxq "install_sip_main" $COMPLETION_FILE; then + return fi - fi - echo '' > /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf + apt-get -y install sipwitch - echo "" >> /etc/sipwitch.conf - echo '201' >> /etc/sipwitch.conf - echo "$SIP_SERVER_PASSWORD" >> /etc/sipwitch.conf - echo "$MY_USERNAME 201" >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf + function_check get_sip_server_password + get_sip_server_password + if [ ! $SIP_SERVER_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + fi - echo '' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo " $DEFAULT_DOMAIN_NAME" >> /etc/sipwitch.conf - echo ' 200' >> /etc/sipwitch.conf - echo ' 2' >> /etc/sipwitch.conf - echo ' *' >> /etc/sipwitch.conf - echo ' false' >> /etc/sipwitch.conf - echo ' system' >> /etc/sipwitch.conf - echo ' anonymous' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo ' ' >> /etc/sipwitch.conf - echo ' 4' >> /etc/sipwitch.conf - echo ' ' >> /etc/sipwitch.conf - echo ' 4' >> /etc/sipwitch.conf - echo ' ' >> /etc/sipwitch.conf - echo ' 6' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo ' 200' >> /etc/sipwitch.conf - echo ' 100' >> /etc/sipwitch.conf - echo ' 77' >> /etc/sipwitch.conf - echo ' 200' >> /etc/sipwitch.conf - echo ' ' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf - echo '' >> /etc/sipwitch.conf + echo '' > /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf - sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch - sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch - groupadd sipwitch - usermod -aG sipwitch $MY_USERNAME + echo "" >> /etc/sipwitch.conf + echo '201' >> /etc/sipwitch.conf + echo "$SIP_SERVER_PASSWORD" >> /etc/sipwitch.conf + echo "$MY_USERNAME 201" >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf - SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT}) - if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then - echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE - fi + echo '' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo " $DEFAULT_DOMAIN_NAME" >> /etc/sipwitch.conf + echo ' 200' >> /etc/sipwitch.conf + echo ' 2' >> /etc/sipwitch.conf + echo ' *' >> /etc/sipwitch.conf + echo ' false' >> /etc/sipwitch.conf + echo ' system' >> /etc/sipwitch.conf + echo ' anonymous' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo ' ' >> /etc/sipwitch.conf + echo ' 4' >> /etc/sipwitch.conf + echo ' ' >> /etc/sipwitch.conf + echo ' 4' >> /etc/sipwitch.conf + echo ' ' >> /etc/sipwitch.conf + echo ' 6' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo ' 200' >> /etc/sipwitch.conf + echo ' 100' >> /etc/sipwitch.conf + echo ' 77' >> /etc/sipwitch.conf + echo ' 200' >> /etc/sipwitch.conf + echo ' ' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf + echo '' >> /etc/sipwitch.conf - if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'SIP Server' >> /home/$MY_USERNAME/README - echo '==========' >> /home/$MY_USERNAME/README - echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README - echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README - echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README - echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch + sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch + groupadd sipwitch + usermod -aG sipwitch $MY_USERNAME - function_check configure_firewall_for_sip4 - configure_firewall_for_sip4 - echo 'install_sip_main' >> $COMPLETION_FILE + SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT}) + if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then + echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE + fi + + if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'SIP Server' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README + echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README + echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README + echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + + function_check configure_firewall_for_sip4 + configure_firewall_for_sip4 + echo 'install_sip_main' >> $COMPLETION_FILE } function install_sip_turn { - if grep -Fxq "install_sip_turn" $COMPLETION_FILE; then - return - fi - - apt-get -y install turnserver - - # create a nonce if needed - if [ ! $VOIP_TURN_NONCE ]; then - VOIP_TURN_NONCE="$(create_password 30)" - fi - - function_check create_site_certificate - create_site_certificate $DEFAULT_DOMAIN_NAME - - echo '##' > /etc/turnserver/turnserver.conf - echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf - echo '#' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf - echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf - echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf - echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf - echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf - echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf - echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf - echo "udp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf - echo "tcp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf - echo "tls_port = $VOIP_TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## TLS support.' >> /etc/turnserver/turnserver.conf - echo 'tls = true' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf - echo '## standard.' >> /etc/turnserver/turnserver.conf - echo 'dtls = false' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf - echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf - echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf - echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf - echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf - echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf - echo 'daemon = true' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf - echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf - echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf - echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Realm value.' >> /etc/turnserver/turnserver.conf - echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Nonce key.' >> /etc/turnserver/turnserver.conf - echo "nonce_key = \"$VOIP_TURN_NONCE\"" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf - echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf - echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf - echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf - echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf - echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf - echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf - echo 'denied_address {' >> /etc/turnserver/turnserver.conf - echo ' address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf - echo ' mask = "8"' >> /etc/turnserver/turnserver.conf - echo ' port = 0' >> /etc/turnserver/turnserver.conf - echo '}' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf - echo 'denied_address {' >> /etc/turnserver/turnserver.conf - echo ' address = "::1"' >> /etc/turnserver/turnserver.conf - echo ' mask = "128"' >> /etc/turnserver/turnserver.conf - echo ' port = 0' >> /etc/turnserver/turnserver.conf - echo '}' >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf - echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf - if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then - echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf - else - if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then - echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf + if grep -Fxq "install_sip_turn" $COMPLETION_FILE; then + return fi - fi - echo '' >> /etc/turnserver/turnserver.conf - echo '## Private key file.' >> /etc/turnserver/turnserver.conf - echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Account method.' >> /etc/turnserver/turnserver.conf - echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf - echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf - echo '' >> /etc/turnserver/turnserver.conf - echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf - echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf - echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt + apt-get -y install turnserver - systemctl restart turnserver + # create a nonce if needed + if [ ! $VOIP_TURN_NONCE ]; then + VOIP_TURN_NONCE="$(create_password 30)" + fi - function_check configure_firewall_for_voip_turn - configure_firewall_for_voip_turn - echo 'install_sip_turn' >> $COMPLETION_FILE + function_check create_site_certificate + create_site_certificate $DEFAULT_DOMAIN_NAME + + echo '##' > /etc/turnserver/turnserver.conf + echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf + echo '#' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf + echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf + echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf + echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf + echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf + echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf + echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf + echo "udp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf + echo "tcp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf + echo "tls_port = $VOIP_TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## TLS support.' >> /etc/turnserver/turnserver.conf + echo 'tls = true' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf + echo '## standard.' >> /etc/turnserver/turnserver.conf + echo 'dtls = false' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf + echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf + echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf + echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf + echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf + echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf + echo 'daemon = true' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf + echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf + echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf + echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Realm value.' >> /etc/turnserver/turnserver.conf + echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Nonce key.' >> /etc/turnserver/turnserver.conf + echo "nonce_key = \"$VOIP_TURN_NONCE\"" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf + echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf + echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf + echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf + echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf + echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf + echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf + echo 'denied_address {' >> /etc/turnserver/turnserver.conf + echo ' address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf + echo ' mask = "8"' >> /etc/turnserver/turnserver.conf + echo ' port = 0' >> /etc/turnserver/turnserver.conf + echo '}' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf + echo 'denied_address {' >> /etc/turnserver/turnserver.conf + echo ' address = "::1"' >> /etc/turnserver/turnserver.conf + echo ' mask = "128"' >> /etc/turnserver/turnserver.conf + echo ' port = 0' >> /etc/turnserver/turnserver.conf + echo '}' >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf + echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf + if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then + echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf + else + if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then + echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf + fi + fi + echo '' >> /etc/turnserver/turnserver.conf + echo '## Private key file.' >> /etc/turnserver/turnserver.conf + echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Account method.' >> /etc/turnserver/turnserver.conf + echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf + echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf + echo '' >> /etc/turnserver/turnserver.conf + echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf + echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf + + echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt + + systemctl restart turnserver + + function_check configure_firewall_for_voip_turn + configure_firewall_for_voip_turn + echo 'install_sip_turn' >> $COMPLETION_FILE } function install_sip { - if grep -Fxq "install_sip" $COMPLETION_FILE; then - return - fi - install_sip_main - update_sipwitch_daemon - echo 'install_sip' >> $COMPLETION_FILE + if grep -Fxq "install_sip" $COMPLETION_FILE; then + return + fi + install_sip_main + update_sipwitch_daemon + echo 'install_sip' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-syncthing b/src/freedombone-app-syncthing index 20c0d86c..c93c50dd 100755 --- a/src/freedombone-app-syncthing +++ b/src/freedombone-app-syncthing @@ -40,300 +40,300 @@ SYNCTHING_SHARED_DATA=/var/lib/syncthing/SyncShared SYNCTHING_USER_IDS_FILE='.syncthingids' function reconfigure_syncthing { - echo -n '' + echo -n '' } function upgrade_syncthing { - echo -n '' + echo -n '' } function backup_local_syncthing { - if [ -d /var/lib/syncthing/SyncShared ]; then - echo $"Backing up syncthing" + if [ -d /var/lib/syncthing/SyncShared ]; then + echo $"Backing up syncthing" - function_check backup_directory_to_usb - backup_directory_to_usb /var/lib/syncthing/SyncShared syncthingshared - backup_directory_to_usb /root/.config/syncthing syncthingconfig + function_check backup_directory_to_usb + backup_directory_to_usb /var/lib/syncthing/SyncShared syncthingshared + backup_directory_to_usb /root/.config/syncthing syncthingconfig - echo $"Backup to syncthing complete" - fi + echo $"Backup to syncthing complete" + fi } function restore_local_syncthing { - if [ -f /etc/systemd/system/syncthing.service ]; then - systemctl stop syncthing - systemctl stop cron - fi - - temp_restore_dir=/root/tempsyncthing - if [ -d $USB_MOUNT/backup/syncthingconfig ]; then - echo $"Restoring syncthing configuration" - function_check restore_directory_from_usb - restore_directory_from_usb ${temp_restore_dir}config syncthingconfig - cp -r ${temp_restore_dir}config/* / - if [ ! "$?" = "0" ]; then - set_user_permissions - backup_unmount_drive - systemctl start syncthing - systemctl start cron - exit 6833 + if [ -f /etc/systemd/system/syncthing.service ]; then + systemctl stop syncthing + systemctl stop cron fi - rm -rf ${temp_restore_dir}config - fi - if [ -d $USB_MOUNT/backup/syncthingshared ]; then - echo $"Restoring syncthing shared files" - restore_directory_from_usb ${temp_restore_dir}shared syncthingshared - cp -r ${temp_restore_dir}shared/* / - if [ ! "$?" = "0" ]; then - set_user_permissions - backup_unmount_drive - systemctl start syncthing - systemctl start cron - exit 37904 - fi - rm -rf ${temp_restore_dir}shared - fi - - if [ -d $USB_MOUNT/backup/syncthing ]; then - for d in $USB_MOUNT/backup/syncthing/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ ! -d /home/$USERNAME ]; then - ${PROJECT_NAME}-adduser $USERNAME - fi - echo $"Restoring syncthing files for $USERNAME" - restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME - cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/ + temp_restore_dir=/root/tempsyncthing + if [ -d $USB_MOUNT/backup/syncthingconfig ]; then + echo $"Restoring syncthing configuration" + function_check restore_directory_from_usb + restore_directory_from_usb ${temp_restore_dir}config syncthingconfig + cp -r ${temp_restore_dir}config/* / if [ ! "$?" = "0" ]; then - rm -rf ${temp_restore_dir} - set_user_permissions - backup_unmount_drive - systemctl start syncthing - systemctl start cron - exit 68438 + set_user_permissions + backup_unmount_drive + systemctl start syncthing + systemctl start cron + exit 6833 fi - rm -rf ${temp_restore_dir} + rm -rf ${temp_restore_dir}config + fi - # restore device IDs from config settings - if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then - cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id - chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id + if [ -d $USB_MOUNT/backup/syncthingshared ]; then + echo $"Restoring syncthing shared files" + restore_directory_from_usb ${temp_restore_dir}shared syncthingshared + cp -r ${temp_restore_dir}shared/* / + if [ ! "$?" = "0" ]; then + set_user_permissions + backup_unmount_drive + systemctl start syncthing + systemctl start cron + exit 37904 fi - if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then - cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids - chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids - fi - fi - done - fi + rm -rf ${temp_restore_dir}shared + fi - if [ -f /etc/systemd/system/syncthing.service ]; then - systemctl start syncthing - systemctl start cron - fi + if [ -d $USB_MOUNT/backup/syncthing ]; then + for d in $USB_MOUNT/backup/syncthing/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $6}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [ ! -d /home/$USERNAME ]; then + ${PROJECT_NAME}-adduser $USERNAME + fi + echo $"Restoring syncthing files for $USERNAME" + restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME + cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/ + if [ ! "$?" = "0" ]; then + rm -rf ${temp_restore_dir} + set_user_permissions + backup_unmount_drive + systemctl start syncthing + systemctl start cron + exit 68438 + fi + rm -rf ${temp_restore_dir} + + # restore device IDs from config settings + if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then + cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id + chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id + fi + if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then + cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids + chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids + fi + fi + done + fi + + if [ -f /etc/systemd/system/syncthing.service ]; then + systemctl start syncthing + systemctl start cron + fi } function backup_remote_syncthing { - if [ -d /root/.config/syncthing ]; then - echo $"Backing up syncthing configuration" - function_check backup_directory_to_friend - backup_directory_to_friend /root/.config/syncthing syncthingconfig - echo $"Backup of syncthing configuration complete" - fi - if [ -d /var/lib/syncthing/SyncShared ]; then - echo $"Backing up syncthing shared files" - function_check backup_directory_to_friend - backup_directory_to_friend /var/lib/syncthing/SyncShared syncthingshared - echo $"Backup of syncthing shared files complete" - fi + if [ -d /root/.config/syncthing ]; then + echo $"Backing up syncthing configuration" + function_check backup_directory_to_friend + backup_directory_to_friend /root/.config/syncthing syncthingconfig + echo $"Backup of syncthing configuration complete" + fi + if [ -d /var/lib/syncthing/SyncShared ]; then + echo $"Backing up syncthing shared files" + function_check backup_directory_to_friend + backup_directory_to_friend /var/lib/syncthing/SyncShared syncthingshared + echo $"Backup of syncthing shared files complete" + fi } function restore_remote_syncthing { - if [ -f /etc/systemd/system/syncthing.service ]; then - systemctl stop syncthing - systemctl stop cron - fi - - if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then - echo $"Restoring syncthing configuration" - temp_restore_dir=/root/tempsyncthingconfig - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir syncthingconfig - cp -r $temp_restore_dir/* / - if [ ! "$?" = "0" ]; then - systemctl start syncthing - systemctl start cron - exit 6833 + if [ -f /etc/systemd/system/syncthing.service ]; then + systemctl stop syncthing + systemctl stop cron fi - rm -rf $temp_restore_dir - fi - if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then - echo $"Restoring syncthing shared files" - temp_restore_dir=/root/tempsyncthingshared - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir syncthingshared - cp -r $temp_restore_dir/* / - if [ ! "$?" = "0" ]; then - systemctl start syncthing - systemctl start cron - exit 37904 - fi - rm -rf $temp_restore_dir - fi - - if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then - for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $6}') - if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then - if [ ! -d /home/$USERNAME ]; then - ${PROJECT_NAME}-adduser $USERNAME - fi - echo $"Restoring syncthing files for $USERNAME" - temp_restore_dir=/root/tempsyncthing + if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then + echo $"Restoring syncthing configuration" + temp_restore_dir=/root/tempsyncthingconfig function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME - cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/ + restore_directory_from_friend $temp_restore_dir syncthingconfig + cp -r $temp_restore_dir/* / if [ ! "$?" = "0" ]; then - rm -rf $temp_restore_dir - systemctl start syncthing - systemctl start cron - exit 68438 + systemctl start syncthing + systemctl start cron + exit 6833 fi rm -rf $temp_restore_dir + fi - # restore device IDs from config settings - if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then - cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id - chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id + if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then + echo $"Restoring syncthing shared files" + temp_restore_dir=/root/tempsyncthingshared + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir syncthingshared + cp -r $temp_restore_dir/* / + if [ ! "$?" = "0" ]; then + systemctl start syncthing + systemctl start cron + exit 37904 fi - if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then - cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids - chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids - fi - echo $"Restore of syncthing files for $USERNAME complete" - fi - done - fi + rm -rf $temp_restore_dir + fi - if [ -f /etc/systemd/system/syncthing.service ]; then - systemctl start syncthing - systemctl start cron - fi + if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then + for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $6}') + if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then + if [ ! -d /home/$USERNAME ]; then + ${PROJECT_NAME}-adduser $USERNAME + fi + echo $"Restoring syncthing files for $USERNAME" + temp_restore_dir=/root/tempsyncthing + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME + cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/ + if [ ! "$?" = "0" ]; then + rm -rf $temp_restore_dir + systemctl start syncthing + systemctl start cron + exit 68438 + fi + rm -rf $temp_restore_dir + + # restore device IDs from config settings + if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then + cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id + chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id + fi + if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then + cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids + chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids + fi + echo $"Restore of syncthing files for $USERNAME complete" + fi + done + fi + + if [ -f /etc/systemd/system/syncthing.service ]; then + systemctl start syncthing + systemctl start cron + fi } function remove_syncthing { - if ! grep -Fxq "install_syncthing" $COMPLETION_FILE; then - return - fi - iptables -D INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT - iptables -D INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if ! grep -Fxq "install_syncthing" $COMPLETION_FILE; then + return + fi + iptables -D INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT + iptables -D INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - systemctl stop syncthing - systemctl disable syncthing - apt-get -y remove --purge syncthing - rm /etc/systemd/system/syncthing.service - sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab - sed -i '/install_syncthing/d' $COMPLETION_FILE - sed -i '/configure_firewall_for_syncthing/d' $COMPLETION_FILE - systemctl restart cron + systemctl stop syncthing + systemctl disable syncthing + apt-get -y remove --purge syncthing + rm /etc/systemd/system/syncthing.service + sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab + sed -i '/install_syncthing/d' $COMPLETION_FILE + sed -i '/configure_firewall_for_syncthing/d' $COMPLETION_FILE + systemctl restart cron } function configure_firewall_for_syncthing { - if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then - return - fi - iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT - iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then + return + fi + iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT + iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("Syncthing $SYNCTHING_PORT") - echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE + OPEN_PORTS+=("Syncthing $SYNCTHING_PORT") + echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE } function mesh_install_syncthing { - chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add - + chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add - - echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list - chroot "$rootdir" apt-get update - chroot "$rootdir" apt-get -y --force-yes install syncthing + echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list + chroot "$rootdir" apt-get update + chroot "$rootdir" apt-get -y --force-yes install syncthing - # This probably does need to run as root so that it can access the Sync directories - # in each user's home directory - echo '[Unit]' > $rootdir/etc/systemd/system/syncthing.service - echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> $rootdir/etc/systemd/system/syncthing.service - echo 'Documentation=man:syncthing(1)' >> $rootdir/etc/systemd/system/syncthing.service - echo 'After=network.target' >> $rootdir/etc/systemd/system/syncthing.service - echo 'Wants=syncthing-inotify@.service' >> $rootdir/etc/systemd/system/syncthing.service - echo '' >> $rootdir/etc/systemd/system/syncthing.service - echo '[Service]' >> $rootdir/etc/systemd/system/syncthing.service - echo 'User=root' >> $rootdir/etc/systemd/system/syncthing.service - echo "Environment='all_proxy=socks5://localhost:9050'" >> $rootdir/etc/systemd/system/syncthing.service - echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> $rootdir/etc/systemd/system/syncthing.service - echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/syncthing.service - echo 'SuccessExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service - echo 'RestartForceExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service - echo '' >> $rootdir/etc/systemd/system/syncthing.service - echo '[Install]' >> $rootdir/etc/systemd/system/syncthing.service - echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/syncthing.service - chroot "$rootdir" systemctl enable syncthing + # This probably does need to run as root so that it can access the Sync directories + # in each user's home directory + echo '[Unit]' > $rootdir/etc/systemd/system/syncthing.service + echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> $rootdir/etc/systemd/system/syncthing.service + echo 'Documentation=man:syncthing(1)' >> $rootdir/etc/systemd/system/syncthing.service + echo 'After=network.target' >> $rootdir/etc/systemd/system/syncthing.service + echo 'Wants=syncthing-inotify@.service' >> $rootdir/etc/systemd/system/syncthing.service + echo '' >> $rootdir/etc/systemd/system/syncthing.service + echo '[Service]' >> $rootdir/etc/systemd/system/syncthing.service + echo 'User=root' >> $rootdir/etc/systemd/system/syncthing.service + echo "Environment='all_proxy=socks5://localhost:9050'" >> $rootdir/etc/systemd/system/syncthing.service + echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> $rootdir/etc/systemd/system/syncthing.service + echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/syncthing.service + echo 'SuccessExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service + echo 'RestartForceExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service + echo '' >> $rootdir/etc/systemd/system/syncthing.service + echo '[Install]' >> $rootdir/etc/systemd/system/syncthing.service + echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/syncthing.service + chroot "$rootdir" systemctl enable syncthing - if ! grep -q "syncthing" $rootdir/etc/crontab; then - echo "*/1 * * * * root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> $rootdir/etc/crontab - fi + if ! grep -q "syncthing" $rootdir/etc/crontab; then + echo "*/1 * * * * root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> $rootdir/etc/crontab + fi - echo 'mesh_install_syncthing' + echo 'mesh_install_syncthing' } function install_syncthing { - if [ $INSTALLING_MESH ]; then - mesh_install_syncthing - return - fi + if [ $INSTALLING_MESH ]; then + mesh_install_syncthing + return + fi - if grep -Fxq "install_syncthing" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_syncthing" $COMPLETION_FILE; then + return + fi - apt-get -y install curl + apt-get -y install curl - curl -s https://syncthing.net/release-key.txt | apt-key add - - echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list - apt-get update - apt-get -y install syncthing + curl -s https://syncthing.net/release-key.txt | apt-key add - + echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list + apt-get update + apt-get -y install syncthing - # This probably does need to run as root so that it can access the Sync directories - # in each user's home directory - echo '[Unit]' > /etc/systemd/system/syncthing.service - echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service - echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service - echo 'After=network.target' >> /etc/systemd/system/syncthing.service - echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service - echo '' >> /etc/systemd/system/syncthing.service - echo '[Service]' >> /etc/systemd/system/syncthing.service - echo 'User=root' >> /etc/systemd/system/syncthing.service - echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service - echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service - echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service - echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service - echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service - echo '' >> /etc/systemd/system/syncthing.service - echo '[Install]' >> /etc/systemd/system/syncthing.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service - systemctl enable syncthing - systemctl daemon-reload - systemctl start syncthing + # This probably does need to run as root so that it can access the Sync directories + # in each user's home directory + echo '[Unit]' > /etc/systemd/system/syncthing.service + echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service + echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service + echo 'After=network.target' >> /etc/systemd/system/syncthing.service + echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service + echo '' >> /etc/systemd/system/syncthing.service + echo '[Service]' >> /etc/systemd/system/syncthing.service + echo 'User=root' >> /etc/systemd/system/syncthing.service + echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service + echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service + echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service + echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service + echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service + echo '' >> /etc/systemd/system/syncthing.service + echo '[Install]' >> /etc/systemd/system/syncthing.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service + systemctl enable syncthing + systemctl daemon-reload + systemctl start syncthing - function_check cron_add_mins - cron_add_mins 1 "/usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" + function_check cron_add_mins + cron_add_mins 1 "/usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" - function_check configure_firewall_for_syncthing - configure_firewall_for_syncthing - echo 'install_syncthing' >> $COMPLETION_FILE + function_check configure_firewall_for_syncthing + configure_firewall_for_syncthing + echo 'install_syncthing' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-tox b/src/freedombone-app-tox index ad0070a3..c9f94a8f 100755 --- a/src/freedombone-app-tox +++ b/src/freedombone-app-tox @@ -47,344 +47,344 @@ TOXIC_COMMIT='cf16849b374e484a33a4dffa3dfb937b59d537f2' TOXIC_FILE=/usr/local/bin/toxic function reconfigure_tox { - echo -n '' + echo -n '' } function upgrade_tox { - if ! grep -Fxq "install_tox" $COMPLETION_FILE; then - return - fi - function_check set_repo_commit - set_repo_commit $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO + if ! grep -Fxq "install_tox" $COMPLETION_FILE; then + return + fi + function_check set_repo_commit + set_repo_commit $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO - function_check set_repo_commit - set_repo_commit $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO + function_check set_repo_commit + set_repo_commit $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO } function backup_local_tox { - if [ -d /var/lib/tox-bootstrapd ]; then - echo $"Backing up Tox" - if [ -d /var/lib/tox-bootstrapd ]; then - cp /etc/tox-bootstrapd.conf /var/lib/tox-bootstrapd - if [ -d /var/lib/tox-bootstrapd/Maildir ]; then - rm -rf /var/lib/tox-bootstrapd/Maildir - fi + echo $"Backing up Tox" + + if [ -d /var/lib/tox-bootstrapd ]; then + cp /etc/tox-bootstrapd.conf /var/lib/tox-bootstrapd + if [ -d /var/lib/tox-bootstrapd/Maildir ]; then + rm -rf /var/lib/tox-bootstrapd/Maildir + fi + fi + + function_check backup_directory_to_usb + backup_directory_to_usb /var/lib/tox-bootstrapd tox + + echo $"Backup of Tox complete" fi - - function_check backup_directory_to_usb - backup_directory_to_usb /var/lib/tox-bootstrapd tox - - echo $"Backup of Tox complete" - fi } function restore_local_tox { - if [ -d $USB_MOUNT/backup/tox ]; then - echo $"Restoring Tox node settings" - function_check restore_directory_from_usb - restore_directory_from_usb / tox - if [ ! "$?" = "0" ]; then - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 6393 + if [ -d $USB_MOUNT/backup/tox ]; then + echo $"Restoring Tox node settings" + function_check restore_directory_from_usb + restore_directory_from_usb / tox + if [ ! "$?" = "0" ]; then + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 6393 + fi + cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf + systemctl restart tox-bootstrapd.service + if [ ! "$?" = "0" ]; then + systemctl status tox-bootstrapd.service + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 59369 + fi fi - cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf - systemctl restart tox-bootstrapd.service - if [ ! "$?" = "0" ]; then - systemctl status tox-bootstrapd.service - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 59369 - fi - fi } function backup_remote_tox { - if [ -d /var/lib/tox-bootstrapd ]; then - echo "Backing up Tox node settings" - if [ -d /var/lib/tox-bootstrapd/Maildir ]; then - rm -rf /var/lib/tox-bootstrapd/Maildir + if [ -d /var/lib/tox-bootstrapd ]; then + echo "Backing up Tox node settings" + if [ -d /var/lib/tox-bootstrapd/Maildir ]; then + rm -rf /var/lib/tox-bootstrapd/Maildir + fi + cp /etc/tox-bootstrapd.conf /var/lib/tox-bootstrapd + backup_directory_to_friend /var/lib/tox-bootstrapd tox + echo "Backup of Tox node settings complete" fi - cp /etc/tox-bootstrapd.conf /var/lib/tox-bootstrapd - backup_directory_to_friend /var/lib/tox-bootstrapd tox - echo "Backup of Tox node settings complete" - fi } function restore_remote_tox { - if [ -d $SERVER_DIRECTORY/backup/tox ]; then - echo $"Restoring Tox node settings" - function_check restore_directory_from_friend - restore_directory_from_friend / tox - if [ ! "$?" = "0" ]; then - exit 93653 + if [ -d $SERVER_DIRECTORY/backup/tox ]; then + echo $"Restoring Tox node settings" + function_check restore_directory_from_friend + restore_directory_from_friend / tox + if [ ! "$?" = "0" ]; then + exit 93653 + fi + cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf + systemctl restart tox-bootstrapd.service + if [ ! "$?" = "0" ]; then + systemctl status tox-bootstrapd.service + exit 59369 + fi + echo $"Restore of Tox node complete" fi - cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf - systemctl restart tox-bootstrapd.service - if [ ! "$?" = "0" ]; then - systemctl status tox-bootstrapd.service - exit 59369 - fi - echo $"Restore of Tox node complete" - fi } function remove_tox_node { - if ! grep -Fxq "install_tox_node" $COMPLETION_FILE; then - return - fi + if ! grep -Fxq "install_tox_node" $COMPLETION_FILE; then + return + fi - iptables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + iptables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - function_check remove_onion_service - remove_onion_service tox ${TOX_PORT} + function_check remove_onion_service + remove_onion_service tox ${TOX_PORT} - ${PROJECT_NAME}-mesh-install -f tox_node --remove yes - if [ ! "$?" = "0" ]; then - echo $'Failed to remove tox node' - exit 763836 - fi - sed -i '/install_tox_node/d' $COMPLETION_FILE - sed -i '/configure_firewall_for_tox/d' $COMPLETION_FILE + ${PROJECT_NAME}-mesh-install -f tox_node --remove yes + if [ ! "$?" = "0" ]; then + echo $'Failed to remove tox node' + exit 763836 + fi + sed -i '/install_tox_node/d' $COMPLETION_FILE + sed -i '/configure_firewall_for_tox/d' $COMPLETION_FILE } function remove_tox_avahi { - if ! grep -Fxq "tox_avahi" $COMPLETION_FILE; then - return - fi - cd $INSTALL_DIR/toxid - make uninstall - rm -rf $INSTALL_DIR/toxid - sed -i '/toxavahi/d' /etc/crontab - systemctl restart cron - sed -i '/tox_avahi/d' $COMPLETION_FILE + if ! grep -Fxq "tox_avahi" $COMPLETION_FILE; then + return + fi + cd $INSTALL_DIR/toxid + make uninstall + rm -rf $INSTALL_DIR/toxid + sed -i '/toxavahi/d' /etc/crontab + systemctl restart cron + sed -i '/tox_avahi/d' $COMPLETION_FILE } function remove_tox_client { - if ! grep -Fxq "install_tox_client" $COMPLETION_FILE; then - return - fi + if ! grep -Fxq "install_tox_client" $COMPLETION_FILE; then + return + fi - ${PROJECT_NAME}-mesh-install -f tox_client --remove yes - if [ ! "$?" = "0" ]; then - echo $'Could not remove Tox client' - exit 737253 - fi - sed -i '/install_tox_client/d' $COMPLETION_FILE - sed -i '/Tox /d' $COMPLETION_FILE - sed -i '/Toxic /d' $COMPLETION_FILE + ${PROJECT_NAME}-mesh-install -f tox_client --remove yes + if [ ! "$?" = "0" ]; then + echo $'Could not remove Tox client' + exit 737253 + fi + sed -i '/install_tox_client/d' $COMPLETION_FILE + sed -i '/Tox /d' $COMPLETION_FILE + sed -i '/Toxic /d' $COMPLETION_FILE } function remove_tox { - remove_tox_client - remove_tox_avahi - remove_tox_node + remove_tox_client + remove_tox_avahi + remove_tox_node } function configure_firewall_for_tox { - if [ ! $INSTALLING_MESH ]; then - if [ -f $COMPLETION_FILE ]; then - if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then - return - fi + if [ ! $INSTALLING_MESH ]; then + if [ -f $COMPLETION_FILE ]; then + if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then + return + fi + fi fi - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi - TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}') - if [ ${#TOX_PORT_MAIN} -gt 2 ]; then - TOX_PORT=$TOX_PORT_MAIN - fi - if [ ! $TOX_PORT ]; then - echo $'No Tox port was specified' - exit 32856 - fi + TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}') + if [ ${#TOX_PORT_MAIN} -gt 2 ]; then + TOX_PORT=$TOX_PORT_MAIN + fi + if [ ! $TOX_PORT ]; then + echo $'No Tox port was specified' + exit 32856 + fi - iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("Tox $TOX_PORT") - if [ -f $COMPLETION_FILE ]; then - echo 'configure_firewall_for_tox' >> $COMPLETION_FILE - fi + OPEN_PORTS+=("Tox $TOX_PORT") + if [ -f $COMPLETION_FILE ]; then + echo 'configure_firewall_for_tox' >> $COMPLETION_FILE + fi } function tox_avahi { - if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "tox_avahi" $COMPLETION_FILE; then - return - fi + if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "tox_avahi" $COMPLETION_FILE; then + return + fi - if [ ! -d /etc/avahi ]; then - echo $'tox_avahi: avahi is not installed' - exit 87359 - fi + if [ ! -d /etc/avahi ]; then + echo $'tox_avahi: avahi is not installed' + exit 87359 + fi - # install a command to obtain the Tox ID - cd $INSTALL_DIR - function_check git_clone - git_clone $TOXID_REPO $INSTALL_DIR/toxid - if [ ! -d $INSTALL_DIR/toxid ]; then - exit 63921 - fi - cd $INSTALL_DIR/toxid - make - if [ ! "$?" = "0" ]; then - exit 58432 - fi - make install + # install a command to obtain the Tox ID + cd $INSTALL_DIR + function_check git_clone + git_clone $TOXID_REPO $INSTALL_DIR/toxid + if [ ! -d $INSTALL_DIR/toxid ]; then + exit 63921 + fi + cd $INSTALL_DIR/toxid + make + if [ ! "$?" = "0" ]; then + exit 58432 + fi + make install - toxavahi + toxavahi - # publish regularly - function_check cron_add_mins - cron_add_mins 1 'toxavahi > /dev/null' + # publish regularly + function_check cron_add_mins + cron_add_mins 1 'toxavahi > /dev/null' - systemctl restart avahi-daemon + systemctl restart avahi-daemon - echo 'tox_avahi' >> $COMPLETION_FILE + echo 'tox_avahi' >> $COMPLETION_FILE } function install_tox_node { - if grep -Fxq "install_tox_node" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_tox_node" $COMPLETION_FILE; then + return + fi - mesh_tox_node + mesh_tox_node - TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT}) + TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT}) - if ! grep -q "tox onion domain" $COMPLETION_FILE; then - echo "tox onion domain:${TOX_ONION_HOSTNAME}" >> $COMPLETION_FILE - else - sed -i "s|tox onion domain.*|tox onion domain:${TOX_ONION_HOSTNAME}|g" $COMPLETION_FILE - fi + if ! grep -q "tox onion domain" $COMPLETION_FILE; then + echo "tox onion domain:${TOX_ONION_HOSTNAME}" >> $COMPLETION_FILE + else + sed -i "s|tox onion domain.*|tox onion domain:${TOX_ONION_HOSTNAME}|g" $COMPLETION_FILE + fi - systemctl restart tox-bootstrapd.service + systemctl restart tox-bootstrapd.service - TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1) - if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then - echo $'Could not obtain the tox node public key' - exit 6529 - fi + TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1) + if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then + echo $'Could not obtain the tox node public key' + exit 6529 + fi - # save the public key for later reference - echo "$TOX_PUBLIC_KEY" > $TOX_BOOTSTRAP_ID_FILE + # save the public key for later reference + echo "$TOX_PUBLIC_KEY" > $TOX_BOOTSTRAP_ID_FILE - function_check configure_firewall_for_tox - configure_firewall_for_tox + function_check configure_firewall_for_tox + configure_firewall_for_tox - if ! grep -q $"Your Tox node public key is" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo 'Tox' >> /home/$MY_USERNAME/README - echo '===' >> /home/$MY_USERNAME/README - echo $"tox onion domain: ${TOX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README - echo $"Your Tox node public key is: $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README - echo $'In the Toxic client you can connect to it with:' >> /home/$MY_USERNAME/README - echo " /connect $DEFAULT_DOMAIN_NAME.local $TOX_PORT $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + if ! grep -q $"Your Tox node public key is" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo 'Tox' >> /home/$MY_USERNAME/README + echo '===' >> /home/$MY_USERNAME/README + echo $"tox onion domain: ${TOX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README + echo $"Your Tox node public key is: $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README + echo $'In the Toxic client you can connect to it with:' >> /home/$MY_USERNAME/README + echo " /connect $DEFAULT_DOMAIN_NAME.local $TOX_PORT $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi - function_check configure_firewall_for_tox - configure_firewall_for_tox - echo 'install_tox_node' >> $COMPLETION_FILE + function_check configure_firewall_for_tox + configure_firewall_for_tox + echo 'install_tox_node' >> $COMPLETION_FILE } function install_tox_client { - if grep -Fxq "install_tox_client" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_tox_client" $COMPLETION_FILE; then + return + fi - mesh_tox_client + mesh_tox_client - echo 'install_tox_client' >> $COMPLETION_FILE + echo 'install_tox_client' >> $COMPLETION_FILE } function mesh_tox_node { - # obtain commits from the main file - TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then - TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN - fi - if [ ! $TOXCORE_COMMIT ]; then - echo $'No Tox commit was specified' - exit 76325 - fi + # obtain commits from the main file + TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then + TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN + fi + if [ ! $TOXCORE_COMMIT ]; then + echo $'No Tox commit was specified' + exit 76325 + fi - TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}') - if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then - TOXID_REPO=$TOXID_REPO_MAIN - fi - if [ ! $TOXID_REPO ]; then - echo $'No ToxID repo was specified' - exit 78252 - fi + TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}') + if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then + TOXID_REPO=$TOXID_REPO_MAIN + fi + if [ ! $TOXID_REPO ]; then + echo $'No ToxID repo was specified' + exit 78252 + fi - TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}') - if [ ${#TOX_PORT_MAIN} -gt 2 ]; then - TOX_PORT=$TOX_PORT_MAIN - fi - if [ ! $TOX_PORT ]; then - echo $'No Tox port was specified' - exit 32856 - fi + TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}') + if [ ${#TOX_PORT_MAIN} -gt 2 ]; then + TOX_PORT=$TOX_PORT_MAIN + fi + if [ ! $TOX_PORT ]; then + echo $'No Tox port was specified' + exit 32856 + fi - TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}') - if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then - TOXCORE_REPO=$TOXCORE_REPO_MAIN - fi - if [ ! $TOXCORE_REPO ]; then - echo $'No Tox repo was specified' - exit 16865 - fi + TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}') + if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then + TOXCORE_REPO=$TOXCORE_REPO_MAIN + fi + if [ ! $TOXCORE_REPO ]; then + echo $'No Tox repo was specified' + exit 16865 + fi - if [ ! $TOXCORE_COMMIT ]; then - echo $'No Tox commit was specified' - exit 76325 - fi + if [ ! $TOXCORE_COMMIT ]; then + echo $'No Tox commit was specified' + exit 76325 + fi - if [ ! $TOXCORE_REPO ]; then - echo $'No Tox repo was specified' - exit 16865 - fi + if [ ! $TOXCORE_REPO ]; then + echo $'No Tox repo was specified' + exit 16865 + fi - mesh_tox_node_prefix='' - if [ $rootdir ]; then - mesh_tox_node_prefix="chroot \"$rootdir\"" - fi - $mesh_tox_node_prefix apt-get -y install build-essential libtool autotools-dev - $mesh_tox_node_prefix apt-get -y install automake checkinstall check git yasm - $mesh_tox_node_prefix apt-get -y install libsodium13 libsodium-dev libcap2-bin - $mesh_tox_node_prefix apt-get -y install libconfig9 libconfig-dev autoconf + mesh_tox_node_prefix='' + if [ $rootdir ]; then + mesh_tox_node_prefix="chroot \"$rootdir\"" + fi + $mesh_tox_node_prefix apt-get -y install build-essential libtool autotools-dev + $mesh_tox_node_prefix apt-get -y install automake checkinstall check git yasm + $mesh_tox_node_prefix apt-get -y install libsodium13 libsodium-dev libcap2-bin + $mesh_tox_node_prefix apt-get -y install libconfig9 libconfig-dev autoconf - mkdir -p ${rootdir}${INSTALL_DIR} - git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore - if [ ! "$?" = "0" ]; then - exit 429252 - fi - cd ${rootdir}$INSTALL_DIR/toxcore - git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT + mkdir -p ${rootdir}${INSTALL_DIR} + git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore + if [ ! "$?" = "0" ]; then + exit 429252 + fi + cd ${rootdir}$INSTALL_DIR/toxcore + git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT - $mesh_tox_node_prefix /bin/bash -x < $TOX_BOOTSTRAP_CONFIG - echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG - echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG - echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG - echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG - echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG - echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG - echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG - echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG - echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG + # create configuration file + TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf + echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG + echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG + echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG + echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG + echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG + echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG + echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG + echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG + echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG + echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG - if [ $TOX_NODES ]; then - echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG - toxcount=0 - while [ "x${TOX_NODES[toxcount]}" != "x" ] - do - toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}') - toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}') - toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}') - toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}') - toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}') - echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG - if [[ $toxval_ipv6 != 'NONE' ]]; then - echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG - else - echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG - fi - echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG - echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG - toxcount=$(( $toxcount + 1 )) - if [ "x${TOX_NODES[toxcount]}" != "x" ]; then - echo "}," >> $TOX_BOOTSTRAP_CONFIG - else - echo "}" >> $TOX_BOOTSTRAP_CONFIG - fi - done - echo ')' >> $TOX_BOOTSTRAP_CONFIG - fi + if [ $TOX_NODES ]; then + echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG + toxcount=0 + while [ "x${TOX_NODES[toxcount]}" != "x" ] + do + toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}') + toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}') + toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}') + toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}') + toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}') + echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG + if [[ $toxval_ipv6 != 'NONE' ]]; then + echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG + else + echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG + fi + echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG + echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG + toxcount=$(( $toxcount + 1 )) + if [ "x${TOX_NODES[toxcount]}" != "x" ]; then + echo "}," >> $TOX_BOOTSTRAP_CONFIG + else + echo "}" >> $TOX_BOOTSTRAP_CONFIG + fi + done + echo ')' >> $TOX_BOOTSTRAP_CONFIG + fi } function mesh_tox_avahi { - mesh_tox_avahi_prefix='' - if [ $rootdir ]; then - mesh_tox_avahi_prefix="chroot \"$rootdir\"" - fi + mesh_tox_avahi_prefix='' + if [ $rootdir ]; then + mesh_tox_avahi_prefix="chroot \"$rootdir\"" + fi - if [ ! -d $rootdir/etc/avahi ]; then - echo $'tox_avahi: avahi is not installed' - exit 87359 - fi + if [ ! -d $rootdir/etc/avahi ]; then + echo $'tox_avahi: avahi is not installed' + exit 87359 + fi - if [ ! $TOXID_REPO ]; then - echo $'No ToxID repo was specified' - exit 78252 - fi + if [ ! $TOXID_REPO ]; then + echo $'No ToxID repo was specified' + exit 78252 + fi - if [ ! -d ${rootdir}${INSTALL_DIR} ]; then - mkdir -p ${rootdir}${INSTALL_DIR} - fi + if [ ! -d ${rootdir}${INSTALL_DIR} ]; then + mkdir -p ${rootdir}${INSTALL_DIR} + fi - git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid - if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then - echo $'Unable to clone toxid repo' - exit 768352 - fi + git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid + if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then + echo $'Unable to clone toxid repo' + exit 768352 + fi - $mesh_tox_avahi_prefix /bin/bash -x < /dev/null" >> $rootdir/etc/crontab + if [ ! -f $rootdir/usr/local/bin/toxid ]; then + echo $'toxid not found' + exit 74370 + fi + if [ ! -f $rootdir/usr/local/bin/toxavahi ]; then + exit 3621729 + fi + echo "*/1 * * * * root /usr/local/bin/toxavahi > /dev/null" >> $rootdir/etc/crontab } function mesh_tox_client { - mesh_tox_client_prefix='' - if [ $rootdir ]; then - mesh_tox_client_prefix="chroot \"$rootdir\"" - fi + mesh_tox_client_prefix='' + if [ $rootdir ]; then + mesh_tox_client_prefix="chroot \"$rootdir\"" + fi - TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') + TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') - # obtain commits from the main file - TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then - TOXIC_COMMIT=$TOXIC_COMMIT_MAIN - fi + # obtain commits from the main file + TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then + TOXIC_COMMIT=$TOXIC_COMMIT_MAIN + fi - TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}') - if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then - TOXIC_REPO=$TOXIC_REPO_MAIN - fi + TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}') + if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then + TOXIC_REPO=$TOXIC_REPO_MAIN + fi - $mesh_tox_client_prefix apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev - $mesh_tox_client_prefix apt-get -y install libcurl4-openssl-dev libvpx-dev libopenal-dev + $mesh_tox_client_prefix apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev + $mesh_tox_client_prefix apt-get -y install libcurl4-openssl-dev libvpx-dev libopenal-dev - TEMP_SCRIPT_NAME=fbtmp728353.sh - TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME - echo '#!/bin/bash' > $TEMP_SCRIPT - echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT - echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT - echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT - echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT - echo 'make' >> $TEMP_SCRIPT - echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT - echo ' exit 1' >> $TEMP_SCRIPT - echo 'fi' >> $TEMP_SCRIPT - echo 'make install' >> $TEMP_SCRIPT - echo 'exit 0' >> $TEMP_SCRIPT - chmod +x $TEMP_SCRIPT - cp $TEMP_SCRIPT $rootdir/root/ + TEMP_SCRIPT_NAME=fbtmp728353.sh + TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME + echo '#!/bin/bash' > $TEMP_SCRIPT + echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT + echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT + echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT + echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT + echo 'make' >> $TEMP_SCRIPT + echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT + echo ' exit 1' >> $TEMP_SCRIPT + echo 'fi' >> $TEMP_SCRIPT + echo 'make install' >> $TEMP_SCRIPT + echo 'exit 0' >> $TEMP_SCRIPT + chmod +x $TEMP_SCRIPT + cp $TEMP_SCRIPT $rootdir/root/ - TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') + TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') - SECONDS=0 - $mesh_tox_client_prefix /root/$TEMP_SCRIPT_NAME - if [ ! "$?" = "0" ]; then - duration=$SECONDS - echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." - echo $'Unable to make tox client' + SECONDS=0 + $mesh_tox_client_prefix /root/$TEMP_SCRIPT_NAME + if [ ! "$?" = "0" ]; then + duration=$SECONDS + echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." + echo $'Unable to make tox client' + rm $TEMP_SCRIPT + exit 74872 + fi rm $TEMP_SCRIPT - exit 74872 - fi - rm $TEMP_SCRIPT - if [ ! -f $rootdir$TOXIC_FILE ]; then - echo $"Tox client was not installed to $TOXIC_FILE" - exit 63278 - fi - duration=$SECONDS - echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." + if [ ! -f $rootdir$TOXIC_FILE ]; then + echo $"Tox client was not installed to $TOXIC_FILE" + exit 63278 + fi + duration=$SECONDS + echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." } function enable_tox_repo { - echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list + echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list - chroot "$rootdir" wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- | apt-key add - - chroot "$rootdir" apt-get update - echo "Tox Repository Installed." + chroot "$rootdir" wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- | apt-key add - + chroot "$rootdir" apt-get update + echo "Tox Repository Installed." } function install_tox { - if [ ! $INSTALLING_MESH ]; then - if grep -Fxq "install_tox" $COMPLETION_FILE; then - return + if [ ! $INSTALLING_MESH ]; then + if grep -Fxq "install_tox" $COMPLETION_FILE; then + return + fi fi - fi - configure_firewall_for_tox + configure_firewall_for_tox - if [ $INSTALLING_MESH ]; then - mesh_tox_node - mesh_tox_avahi - mesh_tox_client - else - install_tox_node - tox_avahi - install_tox_client - fi + if [ $INSTALLING_MESH ]; then + mesh_tox_node + mesh_tox_avahi + mesh_tox_client + else + install_tox_node + tox_avahi + install_tox_client + fi - echo 'install_tox' >> $COMPLETION_FILE + echo 'install_tox' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn index f62b49eb..2c139c9b 100755 --- a/src/freedombone-app-vpn +++ b/src/freedombone-app-vpn @@ -31,52 +31,52 @@ VARIANTS='' function reconfigure_vpn { - echo -n '' + echo -n '' } function upgrade_vpn { - echo -n '' + echo -n '' } function backup_local_vpn { - echo -n '' + echo -n '' } function restore_local_vpn { - echo -n '' + echo -n '' } function backup_remote_vpn { - echo -n '' + echo -n '' } function restore_remote_vpn { - echo -n '' + echo -n '' } function remove_vpn { - apt-get -y remove --purge fastd - sed -i '/install_vpn/d' $COMPLETION_FILE + apt-get -y remove --purge fastd + sed -i '/install_vpn/d' $COMPLETION_FILE } function install_vpn { - if grep -Fxq "install_vpn" $COMPLETION_FILE; then - return - fi - if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then - echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list - gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C - if [ ! "$?" = "0" ]; then - exit 76272 + if grep -Fxq "install_vpn" $COMPLETION_FILE; then + return fi - gpg -a --export 16EF3F64CB201D9C | sudo apt-key add - - apt-get update - apt-get -y install fastd - if [ ! "$?" = "0" ]; then - exit 52026 + if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then + echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list + gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C + if [ ! "$?" = "0" ]; then + exit 76272 + fi + gpg -a --export 16EF3F64CB201D9C | sudo apt-key add - + apt-get update + apt-get -y install fastd + if [ ! "$?" = "0" ]; then + exit 52026 + fi fi - fi - echo 'install_vpn' >> $COMPLETION_FILE + echo 'install_vpn' >> $COMPLETION_FILE } # NOTE: deliberately there is no "exit 0" diff --git a/src/freedombone-app-wiki b/src/freedombone-app-wiki index f37759cf..6db1c580 100755 --- a/src/freedombone-app-wiki +++ b/src/freedombone-app-wiki @@ -37,302 +37,391 @@ WIKI_CODE= WIKI_ONION_PORT=8089 function reconfigure_wiki { - echo -n '' + echo -n '' } function upgrade_wiki { - echo -n '' + echo -n '' } function backup_local_wiki { - source_directory=/var/lib/dokuwiki - if [ -d $source_directory ]; then - dest_directory=wiki - echo $"Backing up $source_directory to $dest_directory" + source_directory=/var/lib/dokuwiki + if [ -d $source_directory ]; then + dest_directory=wiki + echo $"Backing up $source_directory to $dest_directory" - function_check backup_directory_to_usb - backup_directory_to_usb $source_directory $dest_directory - backup_directory_to_usb /etc/dokuwiki wiki2 + function_check backup_directory_to_usb + backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb /etc/dokuwiki wiki2 - echo $"Backup to $dest_directory complete" - fi + echo $"Backup to $dest_directory complete" + fi } function restore_local_wiki { - if [ -d /var/lib/dokuwiki ]; then - echo $"Restoring Wiki installation" - WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}') - temp_restore_dir=/root/tempwiki - function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir wiki - cp -r $temp_restore_dir/var/lib/dokuwiki/* /var/lib/dokuwiki/ - if [ ! "$?" = "0" ]; then - function_check restore_directory_from_usb - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 868 + if [ -d /var/lib/dokuwiki ]; then + echo $"Restoring Wiki installation" + WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}') + temp_restore_dir=/root/tempwiki + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir wiki + cp -r $temp_restore_dir/var/lib/dokuwiki/* /var/lib/dokuwiki/ + if [ ! "$?" = "0" ]; then + function_check restore_directory_from_usb + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 868 + fi + restore_directory_from_usb ${temp_restore_dir}2 wiki2 + cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/ + if [ ! "$?" = "0" ]; then + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 869 + fi + rm -rf $temp_restore_dir + rm -rf ${temp_restore_dir}2 + chown -R www-data:www-data /var/lib/dokuwiki/* + # Ensure that the bundled SSL cert is being used + if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then + sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME} + fi + if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then + ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key + ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem + fi + echo $"Restore of Wiki complete" fi - restore_directory_from_usb ${temp_restore_dir}2 wiki2 - cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/ - if [ ! "$?" = "0" ]; then - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 869 - fi - rm -rf $temp_restore_dir - rm -rf ${temp_restore_dir}2 - chown -R www-data:www-data /var/lib/dokuwiki/* - # Ensure that the bundled SSL cert is being used - if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then - sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME} - fi - if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then - ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key - ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem - fi - echo $"Restore of Wiki complete" - fi } function backup_remote_wiki { - if [ -d /etc/dokuwiki ]; then - echo $"Backing up wiki" - backup_directory_to_friend /var/lib/dokuwiki wiki - backup_directory_to_friend /etc/dokuwiki wiki2 - fi + if [ -d /etc/dokuwiki ]; then + echo $"Backing up wiki" + backup_directory_to_friend /var/lib/dokuwiki wiki + backup_directory_to_friend /etc/dokuwiki wiki2 + fi } function restore_remote_wiki { - if [ -d $SERVER_DIRECTORY/backup/wiki ]; then - WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}') - echo $"Restoring Wiki installation $WIKI_DOMAIN_NAME" - function_check restore_directory_from_friend - restore_directory_from_friend /root/tempwiki wiki - cp -r /root/tempwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/ - if [ ! "$?" = "0" ]; then - exit 868 + if [ -d $SERVER_DIRECTORY/backup/wiki ]; then + WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}') + echo $"Restoring Wiki installation $WIKI_DOMAIN_NAME" + function_check restore_directory_from_friend + restore_directory_from_friend /root/tempwiki wiki + cp -r /root/tempwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/ + if [ ! "$?" = "0" ]; then + exit 868 + fi + restore_directory_from_friend /root/tempwiki2 wiki2 + cp -r /root/tempwiki2/etc/dokuwiki/* /etc/dokuwiki/ + if [ ! "$?" = "0" ]; then + exit 869 + fi + rm -rf /root/tempwiki + rm -rf /root/tempwiki2 + chown -R www-data:www-data /var/lib/dokuwiki/* + # Ensure that the bundled SSL cert is being used + if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then + sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME} + fi + if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then + ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key + ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem + fi + echo $"Restore of Wiki complete" fi - restore_directory_from_friend /root/tempwiki2 wiki2 - cp -r /root/tempwiki2/etc/dokuwiki/* /etc/dokuwiki/ - if [ ! "$?" = "0" ]; then - exit 869 - fi - rm -rf /root/tempwiki - rm -rf /root/tempwiki2 - chown -R www-data:www-data /var/lib/dokuwiki/* - # Ensure that the bundled SSL cert is being used - if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then - sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME} - fi - if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then - ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key - ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem - fi - echo $"Restore of Wiki complete" - fi } function remove_wiki { - if ! grep -Fxq "install_wiki" $COMPLETION_FILE; then - return - fi - function_check remove_onion_service - remove_onion_service wiki ${WIKI_ONION_PORT} - nginx_dissite $WIKI_DOMAIN_NAME - if [ -f /etc/nginx/sites-available/$WIKI_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - fi - apt-get -y remove --purge dokuwiki - if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then - rm -rf /var/www/$WIKI_DOMAIN_NAME - fi - if [ -d /var/lib/dokuwiki ]; then - rm -rf /var/lib/dokuwiki - fi - if [ -d /etc/dokuwiki ]; then - rm -rf /etc/dokuwiki - fi - if [ -d /usr/share/dokuwiki ]; then - rm -rf /usr/share/dokuwiki - fi - sed -i '/install_wiki/d' $COMPLETION_FILE + if ! grep -Fxq "install_wiki" $COMPLETION_FILE; then + return + fi + function_check remove_onion_service + remove_onion_service wiki ${WIKI_ONION_PORT} + nginx_dissite $WIKI_DOMAIN_NAME + if [ -f /etc/nginx/sites-available/$WIKI_DOMAIN_NAME ]; then + rm /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + fi + apt-get -y remove --purge dokuwiki + if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then + rm -rf /var/www/$WIKI_DOMAIN_NAME + fi + if [ -d /var/lib/dokuwiki ]; then + rm -rf /var/lib/dokuwiki + fi + if [ -d /etc/dokuwiki ]; then + rm -rf /etc/dokuwiki + fi + if [ -d /usr/share/dokuwiki ]; then + rm -rf /usr/share/dokuwiki + fi + sed -i '/install_wiki/d' $COMPLETION_FILE } function get_wiki_admin_password { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "Wiki password" /home/$MY_USERNAME/README; then - WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//') + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "Wiki password" /home/$MY_USERNAME/README; then + WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi fi - fi } function install_wiki { - if grep -Fxq "install_wiki" $COMPLETION_FILE; then - return - fi - if [ ! $WIKI_DOMAIN_NAME ]; then - return - fi - apt-get -y install dokuwiki - apt-get -y remove --purge apache* - if [ -d /etc/apache2 ]; then - rm -rf /etc/apache2 - echo $'Removed Apache installation after Dokuwiki install' - fi - - if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then - mkdir /var/www/$WIKI_DOMAIN_NAME - fi - if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then - rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs - fi - - ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs - - mkdir /var/lib/dokuwiki/custom - cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php - ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php - - chown www-data /var/lib/dokuwiki/custom - chown www-data /var/lib/dokuwiki/custom/local.php - chown -R www-data /etc/dokuwiki - chown -R www-data /usr/share/dokuwiki/lib/ - chmod 600 /var/lib/dokuwiki/custom/local.php - chmod -R 755 /usr/share/dokuwiki/lib - - sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php - sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php - - sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php - - # set the admin user - sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php - - # disallow registration of new users - if ! grep -q "disableactions" /etc/dokuwiki/local.php; then - echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php - fi - if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then - echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php - fi - - if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then - echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php - fi - if ! grep -q "authtype" /etc/dokuwiki/local.php; then - echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php - fi - - function_check get_wiki_admin_password - get_wiki_admin_password - if [ ! $WIKI_ADMIN_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - WIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if grep -Fxq "install_wiki" $COMPLETION_FILE; then + return + fi + if [ ! $WIKI_DOMAIN_NAME ]; then + return + fi + apt-get -y install dokuwiki + apt-get -y remove --purge apache* + if [ -d /etc/apache2 ]; then + rm -rf /etc/apache2 + echo $'Removed Apache installation after Dokuwiki install' fi - fi - HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') - echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php - chmod 640 /var/lib/dokuwiki/acl/users.auth.php - if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then - echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf - fi - if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then - echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf - fi - if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then - echo 'webm video/webm' >> /etc/dokuwiki/mime.conf - fi + if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then + mkdir /var/www/$WIKI_DOMAIN_NAME + fi + if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then + rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs + fi - WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT}) + ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs - if [[ $ONION_ONLY == "no" ]]; then - echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - function_check nginx_disable_sniffing - nginx_disable_sniffing $WIKI_DOMAIN_NAME - function_check nginx_limits - nginx_limits $WIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + mkdir /var/lib/dokuwiki/custom + cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php + ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php + + chown www-data /var/lib/dokuwiki/custom + chown www-data /var/lib/dokuwiki/custom/local.php + chown -R www-data /etc/dokuwiki + chown -R www-data /usr/share/dokuwiki/lib/ + chmod 600 /var/lib/dokuwiki/custom/local.php + chmod -R 755 /usr/share/dokuwiki/lib + + sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php + sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php + + sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php + + # set the admin user + sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php + + # disallow registration of new users + if ! grep -q "disableactions" /etc/dokuwiki/local.php; then + echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php + fi + if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then + echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php + fi + + if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then + echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php + fi + if ! grep -q "authtype" /etc/dokuwiki/local.php; then + echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php + fi + + function_check get_wiki_admin_password + get_wiki_admin_password + if [ ! $WIKI_ADMIN_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + WIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + fi + HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') + echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php + chmod 640 /var/lib/dokuwiki/acl/users.auth.php + + if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then + echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf + fi + if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then + echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf + fi + if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then + echo 'webm video/webm' >> /etc/dokuwiki/mime.conf + fi + + WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT}) + + if [[ $ONION_ONLY == "no" ]]; then + echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + function_check nginx_disable_sniffing + nginx_disable_sniffing $WIKI_DOMAIN_NAME + function_check nginx_limits + nginx_limits $WIKI_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + function_check nginx_limits + nginx_limits $WIKI_DOMAIN_NAME + function_check nginx_ssl + nginx_ssl $WIKI_DOMAIN_NAME + function_check nginx_disable_sniffing + nginx_disable_sniffing $WIKI_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # webmail' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location /webmail {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + else + echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + fi echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME @@ -340,18 +429,10 @@ function install_wiki { echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME function_check nginx_limits nginx_limits $WIKI_DOMAIN_NAME - function_check nginx_ssl - nginx_ssl $WIKI_DOMAIN_NAME function_check nginx_disable_sniffing nginx_disable_sniffing $WIKI_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # webmail' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location /webmail {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME @@ -414,124 +495,43 @@ function install_wiki { echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - else - echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - fi - echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - function_check nginx_limits - nginx_limits $WIKI_DOMAIN_NAME - function_check nginx_disable_sniffing - nginx_disable_sniffing $WIKI_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - function_check create_site_certificate - create_site_certificate $WIKI_DOMAIN_NAME + function_check create_site_certificate + create_site_certificate $WIKI_DOMAIN_NAME - function_check configure_php - configure_php + function_check configure_php + configure_php - nginx_ensite $WIKI_DOMAIN_NAME + nginx_ensite $WIKI_DOMAIN_NAME - systemctl restart php5-fpm - systemctl restart nginx + systemctl restart php5-fpm + systemctl restart nginx - echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE + echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE - function_check add_ddns_domain - add_ddns_domain $WIKI_DOMAIN_NAME + function_check add_ddns_domain + add_ddns_domain $WIKI_DOMAIN_NAME - # add some post-install instructions - if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Wiki' >> /home/$MY_USERNAME/README - echo '====' >> /home/$MY_USERNAME/README - echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README - echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README - echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + # add some post-install instructions + if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Wiki' >> /home/$MY_USERNAME/README + echo '====' >> /home/$MY_USERNAME/README + echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README + echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README + echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi - echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE - echo 'install_wiki' >> $COMPLETION_FILE + echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE + echo 'install_wiki' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp index 560c09c3..f32df760 100755 --- a/src/freedombone-app-xmpp +++ b/src/freedombone-app-xmpp @@ -38,444 +38,444 @@ XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+ XMPP_ECC_CURVE='"secp384r1"' function reconfigure_xmpp { - echo -n '' + echo -n '' } function update_prosody_modules { - if [ ! -d $INSTALL_DIR/prosody-modules ]; then - return - fi - if [ ! -d /usr/lib/prosody ]; then - return - fi + if [ ! -d $INSTALL_DIR/prosody-modules ]; then + return + fi + if [ ! -d /usr/lib/prosody ]; then + return + fi - cd $INSTALL_DIR/prosody-modules - hg pull - hg update + cd $INSTALL_DIR/prosody-modules + hg pull + hg update - # support onion addresses - if [ -f $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua ]; then - cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua - fi + # support onion addresses + if [ -f $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua ]; then + cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua + fi - # XEP-0313 message archive management - # https://modules.prosody.im/mod_mam.html - # Allows you to download your previous messages onto a new client - # This only applies if you are not using forward secret crypto - # such as OTR or OMEMO (eg. OpenPGP) - if [ -d $INSTALL_DIR/prosody-modules/mod_mam ]; then - cp $INSTALL_DIR/prosody-modules/mod_mam/*.lua /usr/lib/prosody/modules - fi + # XEP-0313 message archive management + # https://modules.prosody.im/mod_mam.html + # Allows you to download your previous messages onto a new client + # This only applies if you are not using forward secret crypto + # such as OTR or OMEMO (eg. OpenPGP) + if [ -d $INSTALL_DIR/prosody-modules/mod_mam ]; then + cp $INSTALL_DIR/prosody-modules/mod_mam/*.lua /usr/lib/prosody/modules + fi - # XEP-0352 Client State Indication - # Notifies the server if the app is in the background or not - if [ -d $INSTALL_DIR/prosody-modules/mod_csi ]; then - cp $INSTALL_DIR/prosody-modules/mod_csi/*.lua /usr/lib/prosody/modules - fi + # XEP-0352 Client State Indication + # Notifies the server if the app is in the background or not + if [ -d $INSTALL_DIR/prosody-modules/mod_csi ]; then + cp $INSTALL_DIR/prosody-modules/mod_csi/*.lua /usr/lib/prosody/modules + fi - # XEP-0280 Message Carbons - # Ensures all messages get delivered to all clients (if you have a mobile and desktop client) - if [ -d $INSTALL_DIR/prosody-modules/mod_carbons ]; then - cp $INSTALL_DIR/prosody-modules/mod_carbons/*.lua /usr/lib/prosody/modules - fi + # XEP-0280 Message Carbons + # Ensures all messages get delivered to all clients (if you have a mobile and desktop client) + if [ -d $INSTALL_DIR/prosody-modules/mod_carbons ]; then + cp $INSTALL_DIR/prosody-modules/mod_carbons/*.lua /usr/lib/prosody/modules + fi - # XEP-0198 Stream management - # Helps mobile apps recover when a device switches networks. - if [ -d $INSTALL_DIR/prosody-modules/mod_smacks ]; then - cp $INSTALL_DIR/prosody-modules/mod_smacks/*.lua /usr/lib/prosody/modules - fi - if [ -d $INSTALL_DIR/prosody-modules/mod_smacks_offline ]; then - cp $INSTALL_DIR/prosody-modules/mod_smacks_offline/*.lua /usr/lib/prosody/modules - fi + # XEP-0198 Stream management + # Helps mobile apps recover when a device switches networks. + if [ -d $INSTALL_DIR/prosody-modules/mod_smacks ]; then + cp $INSTALL_DIR/prosody-modules/mod_smacks/*.lua /usr/lib/prosody/modules + fi + if [ -d $INSTALL_DIR/prosody-modules/mod_smacks_offline ]; then + cp $INSTALL_DIR/prosody-modules/mod_smacks_offline/*.lua /usr/lib/prosody/modules + fi - # XEP-0191: blocking - if [ -d $INSTALL_DIR/prosody-modules/mod_blocking ]; then - cp $INSTALL_DIR/prosody-modules/mod_blocking/*.lua /usr/lib/prosody/modules - fi + # XEP-0191: blocking + if [ -d $INSTALL_DIR/prosody-modules/mod_blocking ]; then + cp $INSTALL_DIR/prosody-modules/mod_blocking/*.lua /usr/lib/prosody/modules + fi - # XEP-0016 Privacy lists - if [ -d $INSTALL_DIR/prosody-modules/mod_privacy_lists ]; then - cp $INSTALL_DIR/prosody-modules/mod_privacy_lists/*.lua /usr/lib/prosody/modules - fi + # XEP-0016 Privacy lists + if [ -d $INSTALL_DIR/prosody-modules/mod_privacy_lists ]; then + cp $INSTALL_DIR/prosody-modules/mod_privacy_lists/*.lua /usr/lib/prosody/modules + fi } function upgrade_xmpp { - if ! grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then - return - fi - function_check update_prosody_modules - update_prosody_modules + if ! grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then + return + fi + function_check update_prosody_modules + update_prosody_modules } function backup_local_xmpp { - source_directory=/var/lib/prosody xmpp - if [ -d $source_directory ]; then - dest_directory=xmpp - echo $"Backing up $source_directory to $dest_directory" + source_directory=/var/lib/prosody xmpp + if [ -d $source_directory ]; then + dest_directory=xmpp + echo $"Backing up $source_directory to $dest_directory" - function_check backup_directory_to_usb - backup_directory_to_usb $source_directory $dest_directory + function_check backup_directory_to_usb + backup_directory_to_usb $source_directory $dest_directory - echo $"Backup to $dest_directory complete" - fi + echo $"Backup to $dest_directory complete" + fi } function restore_local_xmpp { - if [ -d /var/lib/prosody ]; then - echo $"Restoring XMPP settings" - temp_restore_dir=/root/tempxmpp - function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir xmpp - cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody - if [ ! "$?" = "0" ]; then - function_check set_user_permissions - set_user_permissions - function_check backup_unmount_drive - backup_unmount_drive - exit 725 + if [ -d /var/lib/prosody ]; then + echo $"Restoring XMPP settings" + temp_restore_dir=/root/tempxmpp + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir xmpp + cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody + if [ ! "$?" = "0" ]; then + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 725 + fi + rm -rf $temp_restore_dir + service prosody restart + chown -R prosody:prosody /var/lib/prosody/* + echo $"Restore of XMPP settings complete" fi - rm -rf $temp_restore_dir - service prosody restart - chown -R prosody:prosody /var/lib/prosody/* - echo $"Restore of XMPP settings complete" - fi } function backup_remote_xmpp { - if [ -d /var/lib/prosody ]; then - echo $"Backing up the XMPP settings" - backup_directory_to_friend /var/lib/prosody xmpp - echo $"Backup of XMPP settings complete" - fi + if [ -d /var/lib/prosody ]; then + echo $"Backing up the XMPP settings" + backup_directory_to_friend /var/lib/prosody xmpp + echo $"Backup of XMPP settings complete" + fi } function restore_remote_xmpp { - if [ -d /var/lib/prosody ]; then - echo $"Restoring XMPP settings" - temp_restore_dir=/root/tempxmpp - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir xmpp - cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody - if [ ! "$?" = "0" ]; then - exit 725 + if [ -d /var/lib/prosody ]; then + echo $"Restoring XMPP settings" + temp_restore_dir=/root/tempxmpp + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir xmpp + cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody + if [ ! "$?" = "0" ]; then + exit 725 + fi + rm -rf $temp_restore_dir + service prosody restart + chown -R prosody:prosody /var/lib/prosody/* + echo $"Restore of XMPP settings complete" fi - rm -rf $temp_restore_dir - service prosody restart - chown -R prosody:prosody /var/lib/prosody/* - echo $"Restore of XMPP settings complete" - fi } function configure_firewall_for_xmpp { - if [ ! -d /etc/prosody ]; then - return - fi - if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT - iptables -A INPUT -p tcp --dport 5269 -j ACCEPT - iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if [ ! -d /etc/prosody ]; then + return + fi + if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT + iptables -A INPUT -p tcp --dport 5269 -j ACCEPT + iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=('XMPP 5222-5223') - OPEN_PORTS+=('XMPP 5269') - OPEN_PORTS+=('XMPP 5280-5281') - echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE + OPEN_PORTS+=('XMPP 5222-5223') + OPEN_PORTS+=('XMPP 5269') + OPEN_PORTS+=('XMPP 5280-5281') + echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE } function remove_xmpp_client { - if ! grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then - return - fi - apt-get -y remove --purge profanity - sed '/install_xmpp_client/d' $COMPLETION_FILE + if ! grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then + return + fi + apt-get -y remove --purge profanity + sed '/install_xmpp_client/d' $COMPLETION_FILE } function remove_xmpp { - remove_xmpp_client - if ! grep -Fxq "install_xmpp" $COMPLETION_FILE; then - return - fi - iptables -D INPUT -p tcp --dport 5222:5223 -j ACCEPT - iptables -D INPUT -p tcp --dport 5269 -j ACCEPT - iptables -D INPUT -p tcp --dport 5280:5281 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + remove_xmpp_client + if ! grep -Fxq "install_xmpp" $COMPLETION_FILE; then + return + fi + iptables -D INPUT -p tcp --dport 5222:5223 -j ACCEPT + iptables -D INPUT -p tcp --dport 5269 -j ACCEPT + iptables -D INPUT -p tcp --dport 5280:5281 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - function_check remove_onion_service - remove_onion_service xmpp 5222 5223 5269 + function_check remove_onion_service + remove_onion_service xmpp 5222 5223 5269 - apt-get -y remove --purge prosody prosody-modules - if [ -d $INSTALL_DIR/prosody-modules ]; then - rm -rf $INSTALL_DIR/prosody-modules - fi - if [ -d /etc/prosody ]; then - rm -rf /etc/prosody - fi + apt-get -y remove --purge prosody prosody-modules + if [ -d $INSTALL_DIR/prosody-modules ]; then + rm -rf $INSTALL_DIR/prosody-modules + fi + if [ -d /etc/prosody ]; then + rm -rf /etc/prosody + fi - sed '/install_xmpp/d' $COMPLETION_FILE - sed '/XMPP /d' $COMPLETION_FILE + sed '/install_xmpp/d' $COMPLETION_FILE + sed '/XMPP /d' $COMPLETION_FILE } function install_xmpp_main { - update_prosody_modules + update_prosody_modules - if grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then - return - fi - apt-get -y install lua-sec lua-bitop - apt-get -y install prosody prosody-modules mercurial - - if [ ! -d /etc/prosody ]; then - echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE" - exit 52 - fi - - # obtain the prosody modules - cd $INSTALL_DIR - hg clone https://hg.prosody.im/prosody-modules/ prosody-modules - if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then - echo $'mod_onions prosody module could not be found' - exit 73254 - fi - - # install the onions module - update_prosody_modules - if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then - echo $'mod_onions.lua could not be copied to the prosody modules directory' - exit 63952 - fi - - # create a certificate - if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then - ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH - check_certificates xmpp - fi - chown prosody:prosody /etc/ssl/private/xmpp.key - chown prosody:prosody /etc/ssl/certs/xmpp.* - cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua - - sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua - sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua - if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then - sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua - fi - if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then - sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua - fi - if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then - sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua - fi - if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then - sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua - fi - if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then - sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua - fi - - sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua - sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua - - if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then - echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua - fi - ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua - - sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua - sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua - if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then - sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua - fi - if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then - sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua - fi - if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then - sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua - fi - if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then - sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua - fi - if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then - sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua - fi - sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua - if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then - sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua - fi - if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then - echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua - fi - sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua - sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua - sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua - sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua - sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua - sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua - - systemctl restart prosody - touch /home/$MY_USERNAME/README - - if [ ! -d /var/lib/tor ]; then - echo $'No Tor installation found. XMPP onion site cannot be configured.' - exit 877367 - fi - if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then - echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc - echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc - echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc - echo $'Added onion site for XMPP chat' - fi - - systemctl restart tor - wait_for_onion_service 'xmpp' - - if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then - echo $'XMPP onion site hostname not found' - exit 65349 - fi - XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname) - if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then - echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua - fi - if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then - echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE - else - sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE - fi - - if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then - if [ ${#XMPP_PASSWORD} -lt 8 ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - fi + if grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then + return fi - prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'XMPP' >> /home/$MY_USERNAME/README - echo '====' >> /home/$MY_USERNAME/README - echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README - echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README - echo $'You can change it with: ' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + apt-get -y install lua-sec lua-bitop + apt-get -y install prosody prosody-modules mercurial - function_check configure_firewall_for_xmpp - configure_firewall_for_xmpp + if [ ! -d /etc/prosody ]; then + echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE" + exit 52 + fi - echo 'install_xmpp_main' >> $COMPLETION_FILE + # obtain the prosody modules + cd $INSTALL_DIR + hg clone https://hg.prosody.im/prosody-modules/ prosody-modules + if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then + echo $'mod_onions prosody module could not be found' + exit 73254 + fi + + # install the onions module + update_prosody_modules + if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then + echo $'mod_onions.lua could not be copied to the prosody modules directory' + exit 63952 + fi + + # create a certificate + if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then + ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH + check_certificates xmpp + fi + chown prosody:prosody /etc/ssl/private/xmpp.key + chown prosody:prosody /etc/ssl/certs/xmpp.* + cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua + + sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua + sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua + if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then + sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then + sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then + sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then + sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then + sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua + fi + + sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua + sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua + + if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then + echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua + fi + ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua + + sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua + sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua + if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then + sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua + fi + if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then + sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua + fi + if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then + sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua + fi + if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then + sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua + fi + if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then + sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua + fi + sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua + if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then + sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua + fi + if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then + echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua + fi + sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua + sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua + sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua + sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua + sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua + sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua + + systemctl restart prosody + touch /home/$MY_USERNAME/README + + if [ ! -d /var/lib/tor ]; then + echo $'No Tor installation found. XMPP onion site cannot be configured.' + exit 877367 + fi + if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then + echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc + echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc + echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc + echo $'Added onion site for XMPP chat' + fi + + systemctl restart tor + wait_for_onion_service 'xmpp' + + if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then + echo $'XMPP onion site hostname not found' + exit 65349 + fi + XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname) + if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then + echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua + echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then + echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE + else + sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE + fi + + if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then + if [ ${#XMPP_PASSWORD} -lt 8 ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + fi + prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'XMPP' >> /home/$MY_USERNAME/README + echo '====' >> /home/$MY_USERNAME/README + echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README + echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README + echo $'You can change it with: ' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + + function_check configure_firewall_for_xmpp + configure_firewall_for_xmpp + + echo 'install_xmpp_main' >> $COMPLETION_FILE } function install_xmpp_client { - if grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then - return - fi - apt-get -y install profanity - - XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity - XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts - if [ ! -d $XMPP_CLIENT_DIR ]; then - mkdir -p $XMPP_CLIENT_DIR - fi - - if [[ $ONION_ONLY == 'no' ]]; then - echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS - echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS - echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS - echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS - echo "muc.service=conference.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS - echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS - echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS - echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS - if [ ${#XMPP_PASSWORD} -gt 2 ]; then - echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS + if grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then + return + fi + apt-get -y install profanity + + XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity + XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts + if [ ! -d $XMPP_CLIENT_DIR ]; then + mkdir -p $XMPP_CLIENT_DIR fi - fi - if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then - XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname) - echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS if [[ $ONION_ONLY == 'no' ]]; then - echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS - else - echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS + echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS + echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS + echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS + echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS + echo "muc.service=conference.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS + echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS + echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS + echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS + echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS + echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS + echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS + echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS + echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS + if [ ${#XMPP_PASSWORD} -gt 2 ]; then + echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS + fi fi - echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS - echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS - echo "muc.service=conference.${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS - echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS - echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS - echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS - echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS - if [ ${#XMPP_PASSWORD} -gt 2 ]; then - echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS + + if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then + XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname) + echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS + if [[ $ONION_ONLY == 'no' ]]; then + echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS + else + echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS + fi + echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS + echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS + echo "muc.service=conference.${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS + echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS + echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS + echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS + echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS + echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS + echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS + echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS + echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS + if [ ${#XMPP_PASSWORD} -gt 2 ]; then + echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS + fi fi - fi - if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then - mkdir /home/$MY_USERNAME/.config/profanity - fi - echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc - echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc + if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then + mkdir /home/$MY_USERNAME/.config/profanity + fi + echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc + echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config - echo 'install_xmpp_client' >> $COMPLETION_FILE + echo 'install_xmpp_client' >> $COMPLETION_FILE } function install_xmpp { - if grep -Fxq "install_xmpp" $COMPLETION_FILE; then - return - fi - install_xmpp_main - install_xmpp_client - echo 'install_xmpp' >> $COMPLETION_FILE + if grep -Fxq "install_xmpp" $COMPLETION_FILE; then + return + fi + install_xmpp_main + install_xmpp_client + echo 'install_xmpp' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-zeronet b/src/freedombone-app-zeronet index e491476f..92d49a0a 100755 --- a/src/freedombone-app-zeronet +++ b/src/freedombone-app-zeronet @@ -50,621 +50,621 @@ ZERONET_ID_REPO="https://github.com/HelloZeroNet/ZeroID" ZERONET_ID_COMMIT='ccf14fdc96fa9cdb2ddd8a7ab283a8e17a4f234b' function reconfigure_zeronet { - echo -n '' + echo -n '' } function upgrade_zeronet { - if ! grep -Fxq "install_zeronet" $COMPLETION_FILE; then - return - fi - function_check set_repo_commit - set_repo_commit $MESH_INSTALL_DIR/zeronet "ZeroNet commit" "$ZERONET_COMMIT" $ZERONET_REPO - set_repo_commit $MESH_INSTALL_DIR/zeronet/ZeroBlog "ZeroNet Blog commit" "$ZERONET_BLOG_COMMIT" $ZERONET_BLOG_REPO - set_repo_commit $MESH_INSTALL_DIR/zeronet/ZeroMail "ZeroNet Mail commit" "$ZERONET_MAIL_COMMIT" $ZERONET_MAIL_REPO - set_repo_commit $MESH_INSTALL_DIR/zeronet/ZeroTalk "ZeroNet Forum commit" "$ZERONET_FORUM_COMMIT" $ZERONET_FORUM_REPO + if ! grep -Fxq "install_zeronet" $COMPLETION_FILE; then + return + fi + function_check set_repo_commit + set_repo_commit $MESH_INSTALL_DIR/zeronet "ZeroNet commit" "$ZERONET_COMMIT" $ZERONET_REPO + set_repo_commit $MESH_INSTALL_DIR/zeronet/ZeroBlog "ZeroNet Blog commit" "$ZERONET_BLOG_COMMIT" $ZERONET_BLOG_REPO + set_repo_commit $MESH_INSTALL_DIR/zeronet/ZeroMail "ZeroNet Mail commit" "$ZERONET_MAIL_COMMIT" $ZERONET_MAIL_REPO + set_repo_commit $MESH_INSTALL_DIR/zeronet/ZeroTalk "ZeroNet Forum commit" "$ZERONET_FORUM_COMMIT" $ZERONET_FORUM_REPO } function backup_local_zeronet { - echo -n '' + echo -n '' } function restore_local_zeronet { - echo -n '' + echo -n '' } function backup_remote_zeronet { - echo -n '' + echo -n '' } function restore_remote_zeronet { - echo -n '' + echo -n '' } function remove_zeronet_blog { - if ! grep -Fxq "install_zeronet_blog" $COMPLETION_FILE; then - return - fi - if [ -d $MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then - rm -rf $MESH_INSTALL_DIR/zeronet/ZeroBlog - fi - sed -i '/install_zeronet_blog/d' $COMPLETION_FILE - sed -i '/ZeroNet Blog/d' $COMPLETION_FILE + if ! grep -Fxq "install_zeronet_blog" $COMPLETION_FILE; then + return + fi + if [ -d $MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then + rm -rf $MESH_INSTALL_DIR/zeronet/ZeroBlog + fi + sed -i '/install_zeronet_blog/d' $COMPLETION_FILE + sed -i '/ZeroNet Blog/d' $COMPLETION_FILE } function remove_zeronet_mail { - if ! grep -Fxq "install_zeronet_mail" $COMPLETION_FILE; then - return - fi - if [ -d $MESH_INSTALL_DIR/zeronet/ZeroMail ]; then - rm -rf $MESH_INSTALL_DIR/zeronet/ZeroMail - fi - sed -i '/install_zeronet_mail/d' $COMPLETION_FILE - sed -i '/ZeroNet Mail/d' $COMPLETION_FILE + if ! grep -Fxq "install_zeronet_mail" $COMPLETION_FILE; then + return + fi + if [ -d $MESH_INSTALL_DIR/zeronet/ZeroMail ]; then + rm -rf $MESH_INSTALL_DIR/zeronet/ZeroMail + fi + sed -i '/install_zeronet_mail/d' $COMPLETION_FILE + sed -i '/ZeroNet Mail/d' $COMPLETION_FILE } function remove_zeronet_forum { - if ! grep -Fxq "install_zeronet_forum" $COMPLETION_FILE; then - return - fi - if [ -d $MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then - rm -rf $MESH_INSTALL_DIR/zeronet/ZeroTalk - fi - sed -i '/install_zeronet_forum/d' $COMPLETION_FILE - sed -i '/ZeroNet Forum/d' $COMPLETION_FILE + if ! grep -Fxq "install_zeronet_forum" $COMPLETION_FILE; then + return + fi + if [ -d $MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then + rm -rf $MESH_INSTALL_DIR/zeronet/ZeroTalk + fi + sed -i '/install_zeronet_forum/d' $COMPLETION_FILE + sed -i '/ZeroNet Forum/d' $COMPLETION_FILE } function remove_zeronet { - remove_zeronet_blog - remove_zeronet_mail - remove_zeronet_forum - if ! grep -Fxq "install_zeronet" $COMPLETION_FILE; then - return - fi - iptables -D INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT - iptables -D INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT - iptables -D INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT - iptables -D INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT - iptables -D INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - ${PROJECT_NAME}-mesh-install -f zeronet --remove yes - sed -i '/install_zeronet/d' $COMPLETION_FILE - sed -i '/ZeroNet /d' $COMPLETION_FILE - sed -i '/configure_firewall_for_zeronet/d' $COMPLETION_FILE + remove_zeronet_blog + remove_zeronet_mail + remove_zeronet_forum + if ! grep -Fxq "install_zeronet" $COMPLETION_FILE; then + return + fi + iptables -D INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT + iptables -D INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT + iptables -D INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT + iptables -D INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT + iptables -D INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings + ${PROJECT_NAME}-mesh-install -f zeronet --remove yes + sed -i '/install_zeronet/d' $COMPLETION_FILE + sed -i '/ZeroNet /d' $COMPLETION_FILE + sed -i '/configure_firewall_for_zeronet/d' $COMPLETION_FILE } function configure_firewall_for_zeronet { - if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then - return - fi - iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT - iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT - iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT - iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT - iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then + return + fi + iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT + iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT + iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT + iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT + iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("ZeroNet $ZERONET_PORT") - OPEN_PORTS+=("Tracker $TRACKER_PORT") - echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE + OPEN_PORTS+=("ZeroNet $ZERONET_PORT") + OPEN_PORTS+=("Tracker $TRACKER_PORT") + echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE } function install_zeronet_blog { - if grep -Fxq "install_zeronet_blog" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_zeronet_blog" $COMPLETION_FILE; then + return + fi - if [ ! -f /home/$MY_USERNAME/README ]; then - touch /home/$MY_USERNAME/README - fi + if [ ! -f /home/$MY_USERNAME/README ]; then + touch /home/$MY_USERNAME/README + fi - if grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then - return - fi + if grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then + return + fi - if [ ! -d /etc/avahi ]; then - echo $'Avahi is not installed' - exit 736 - fi + if [ ! -d /etc/avahi ]; then + echo $'Avahi is not installed' + exit 736 + fi - ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog" + ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog" - cd $MESH_INSTALL_DIR/zeronet - python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/blog.txt - if [ ! -f $MESH_INSTALL_DIR/zeronet/blog.txt ]; then - echo $'Unable to create blog' - exit 479 - fi - blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}') - blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}') - ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/} - ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/} + cd $MESH_INSTALL_DIR/zeronet + python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/blog.txt + if [ ! -f $MESH_INSTALL_DIR/zeronet/blog.txt ]; then + echo $'Unable to create blog' + exit 479 + fi + blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}') + blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}') + ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/} + ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/} - if [ ${#ZERONET_BLOG_ADDRESS} -lt 20 ]; then - echo $"Address: $ZERONET_BLOG_ADDRESS" - echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY" - echo $'Unable to create zeronet blog address' - exit 7358 - fi + if [ ${#ZERONET_BLOG_ADDRESS} -lt 20 ]; then + echo $"Address: $ZERONET_BLOG_ADDRESS" + echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY" + echo $'Unable to create zeronet blog address' + exit 7358 + fi - if [ ${#ZERONET_BLOG_PRIVATE_KEY} -lt 20 ]; then - echo $"Address: $ZERONET_BLOG_ADDRESS" - echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY" - echo $'Unable to create zeronet blog private key' - exit 1639 - fi + if [ ${#ZERONET_BLOG_PRIVATE_KEY} -lt 20 ]; then + echo $"Address: $ZERONET_BLOG_ADDRESS" + echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY" + echo $'Unable to create zeronet blog private key' + exit 1639 + fi - if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS" ]; then - echo $"Unable to find site directory: $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS" - exit 7638 - fi + if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS" ]; then + echo $"Unable to find site directory: $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS" + exit 7638 + fi - function_check git_clone - git_clone $ZERONET_BLOG_REPO ZeroBlog - if [ ! -d $MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then - echo $'ZeroBlog repo could not be cloned' - exit 6739 - fi - cd $MESH_INSTALL_DIR/zeronet/ZeroBlog - git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT - if ! grep -q "ZeroNet Blog commit" $COMPLETION_FILE; then - echo "ZeroNet Blog commit:$ZERONET_BLOG_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/ZeroNet Blog commit.*/ZeroNet Blog commit:$ZERONET_BLOG_COMMIT/g" $COMPLETION_FILE - fi + function_check git_clone + git_clone $ZERONET_BLOG_REPO ZeroBlog + if [ ! -d $MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then + echo $'ZeroBlog repo could not be cloned' + exit 6739 + fi + cd $MESH_INSTALL_DIR/zeronet/ZeroBlog + git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT + if ! grep -q "ZeroNet Blog commit" $COMPLETION_FILE; then + echo "ZeroNet Blog commit:$ZERONET_BLOG_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/ZeroNet Blog commit.*/ZeroNet Blog commit:$ZERONET_BLOG_COMMIT/g" $COMPLETION_FILE + fi - echo $"ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" - echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" - cp -r $MESH_INSTALL_DIR/zeronet/ZeroBlog/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS + echo $"ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" + echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" + cp -r $MESH_INSTALL_DIR/zeronet/ZeroBlog/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS - if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then - mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data - fi - cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data - sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json - sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json - sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html - sed -i "s|

.*|

$ZERONET_DEFAULT_BLOG_TAGLINE

|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html - sed -i "s/Blogging platform Demo/Blogging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json - python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY + if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then + mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data + fi + cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data + sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json + sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json + sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html + sed -i "s|

.*|

$ZERONET_DEFAULT_BLOG_TAGLINE

|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html + sed -i "s/Blogging platform Demo/Blogging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json + python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY - # Add an avahi service - function_check create_avahi_service - create_avahi_service zeronet-blog "zeronet-blog" udp $ZERONET_PORT "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" - cp /tmp/zeronet-blog.service /etc/avahi/services/zeronet-blog.service + # Add an avahi service + function_check create_avahi_service + create_avahi_service zeronet-blog "zeronet-blog" udp $ZERONET_PORT "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" + cp /tmp/zeronet-blog.service /etc/avahi/services/zeronet-blog.service - chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet + chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet - if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then - mkdir -p /home/$MY_USERNAME/.config/zeronet - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config - fi - echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myblog + if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then + mkdir -p /home/$MY_USERNAME/.config/zeronet + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config + fi + echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myblog - if ! grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo "ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" >> /home/$MY_USERNAME/README - echo "ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" >> /home/$MY_USERNAME/README - fi + if ! grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo "ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" >> /home/$MY_USERNAME/README + echo "ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" >> /home/$MY_USERNAME/README + fi - echo 'install_zeronet_blog' >> $COMPLETION_FILE + echo 'install_zeronet_blog' >> $COMPLETION_FILE } function install_zeronet_mail { - if grep -Fxq "install_zeronet_mail" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_zeronet_mail" $COMPLETION_FILE; then + return + fi - if [ ! -f /home/$MY_USERNAME/README ]; then - touch /home/$MY_USERNAME/README - fi + if [ ! -f /home/$MY_USERNAME/README ]; then + touch /home/$MY_USERNAME/README + fi - if grep -q "ZeroNet Mail address" /home/$MY_USERNAME/README; then - return - fi + if grep -q "ZeroNet Mail address" /home/$MY_USERNAME/README; then + return + fi - if [ ! -d /etc/avahi ]; then - echo 'Avahi is not installed' - exit 736 - fi + if [ ! -d /etc/avahi ]; then + echo 'Avahi is not installed' + exit 736 + fi - ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail" + ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail" - cd $MESH_INSTALL_DIR/zeronet - python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/mail.txt - if [ ! -f $MESH_INSTALL_DIR/zeronet/mail.txt ]; then - echo $'Unable to create mail' - exit 479 - fi - mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}') - mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}') - ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/} - ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/} + cd $MESH_INSTALL_DIR/zeronet + python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/mail.txt + if [ ! -f $MESH_INSTALL_DIR/zeronet/mail.txt ]; then + echo $'Unable to create mail' + exit 479 + fi + mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}') + mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}') + ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/} + ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/} - if [ ${#ZERONET_MAIL_ADDRESS} -lt 20 ]; then - echo $"Address: $ZERONET_MAIL_ADDRESS" - echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY" - echo $'Unable to create zeronet mail address' - exit 7358 - fi + if [ ${#ZERONET_MAIL_ADDRESS} -lt 20 ]; then + echo $"Address: $ZERONET_MAIL_ADDRESS" + echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY" + echo $'Unable to create zeronet mail address' + exit 7358 + fi - if [ ${#ZERONET_MAIL_PRIVATE_KEY} -lt 20 ]; then - echo $"Address: $ZERONET_MAIL_ADDRESS" - echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY" - echo $'Unable to create zeronet mail private key' - exit 1639 - fi + if [ ${#ZERONET_MAIL_PRIVATE_KEY} -lt 20 ]; then + echo $"Address: $ZERONET_MAIL_ADDRESS" + echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY" + echo $'Unable to create zeronet mail private key' + exit 1639 + fi - if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS" ]; then - echo $"Unable to find site directory: $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS" - exit 7638 - fi + if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS" ]; then + echo $"Unable to find site directory: $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS" + exit 7638 + fi - function_check git_clone - git_clone $ZERONET_MAIL_REPO ZeroMail - if [ ! -d $MESH_INSTALL_DIR/zeronet/ZeroMail ]; then - echo $'ZeroMail repo could not be cloned' - exit 6739 - fi - cd $MESH_INSTALL_DIR/zeronet/ZeroMail - git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT - if ! grep -q "ZeroNet Mail commit" $COMPLETION_FILE; then - echo "ZeroNet Mail commit:$ZERONET_MAIL_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/ZeroNet Mail commit.*/ZeroNet Mail commit:$ZERONET_MAIL_COMMIT/g" $COMPLETION_FILE - fi + function_check git_clone + git_clone $ZERONET_MAIL_REPO ZeroMail + if [ ! -d $MESH_INSTALL_DIR/zeronet/ZeroMail ]; then + echo $'ZeroMail repo could not be cloned' + exit 6739 + fi + cd $MESH_INSTALL_DIR/zeronet/ZeroMail + git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT + if ! grep -q "ZeroNet Mail commit" $COMPLETION_FILE; then + echo "ZeroNet Mail commit:$ZERONET_MAIL_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/ZeroNet Mail commit.*/ZeroNet Mail commit:$ZERONET_MAIL_COMMIT/g" $COMPLETION_FILE + fi - echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS" - echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY" - cp -r $MESH_INSTALL_DIR/zeronet/ZeroMail/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS + echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS" + echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY" + cp -r $MESH_INSTALL_DIR/zeronet/ZeroMail/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS - if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then - mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data - fi - cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data - sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json - sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json - sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html - sed -i "s|

.*|

$ZERONET_DEFAULT_MAIL_TAGLINE

|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html - sed -i "s/Mailging platform Demo/Mailging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json - python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY + if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then + mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data + fi + cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data + sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json + sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json + sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html + sed -i "s|

.*|

$ZERONET_DEFAULT_MAIL_TAGLINE

|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html + sed -i "s/Mailging platform Demo/Mailging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json + python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY - # Add an avahi service - function_check create_avahi_service - create_avahi_service zeronet-mail "zeronet-mail" udp $ZERONET_PORT "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" - cp /tmp/zeronet-mail.service /etc/avahi/services/zeronet-mail.service + # Add an avahi service + function_check create_avahi_service + create_avahi_service zeronet-mail "zeronet-mail" udp $ZERONET_PORT "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" + cp /tmp/zeronet-mail.service /etc/avahi/services/zeronet-mail.service - chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet + chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet - if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then - mkdir -p /home/$MY_USERNAME/.config/zeronet - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config - fi - echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/mymail + if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then + mkdir -p /home/$MY_USERNAME/.config/zeronet + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config + fi + echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/mymail - if ! grep -q $"ZeroNet Mail address" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS" >> /home/$MY_USERNAME/README - echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY" >> /home/$MY_USERNAME/README - fi + if ! grep -q $"ZeroNet Mail address" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS" >> /home/$MY_USERNAME/README + echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY" >> /home/$MY_USERNAME/README + fi - echo 'install_zeronet_mail' >> $COMPLETION_FILE + echo 'install_zeronet_mail' >> $COMPLETION_FILE } function install_zeronet_forum { - if grep -Fxq "install_zeronet_forum" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_zeronet_forum" $COMPLETION_FILE; then + return + fi - if [ ! -f /home/$MY_USERNAME/README ]; then - touch /home/$MY_USERNAME/README - fi + if [ ! -f /home/$MY_USERNAME/README ]; then + touch /home/$MY_USERNAME/README + fi - if grep -q "ZeroNet Forum address" /home/$MY_USERNAME/README; then - return - fi + if grep -q "ZeroNet Forum address" /home/$MY_USERNAME/README; then + return + fi - if [ ! -d /etc/avahi ]; then - echo $'Avahi is not installed' - exit 736 - fi + if [ ! -d /etc/avahi ]; then + echo $'Avahi is not installed' + exit 736 + fi - ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum" + ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum" - cd $MESH_INSTALL_DIR/zeronet - python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/forum.txt - if [ ! -f $MESH_INSTALL_DIR/zeronet/forum.txt ]; then - echo $'Unable to create forum' - exit 479 - fi - forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}') - forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}') - ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/} - ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/} + cd $MESH_INSTALL_DIR/zeronet + python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/forum.txt + if [ ! -f $MESH_INSTALL_DIR/zeronet/forum.txt ]; then + echo $'Unable to create forum' + exit 479 + fi + forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}') + forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}') + ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/} + ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/} - if [ ${#ZERONET_FORUM_ADDRESS} -lt 20 ]; then - echo $"Address: $ZERONET_FORUM_ADDRESS" - echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY" - echo $'Unable to create zeronet forum address' - exit 76352 - fi + if [ ${#ZERONET_FORUM_ADDRESS} -lt 20 ]; then + echo $"Address: $ZERONET_FORUM_ADDRESS" + echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY" + echo $'Unable to create zeronet forum address' + exit 76352 + fi - if [ ${#ZERONET_FORUM_PRIVATE_KEY} -lt 20 ]; then - echo $"Address: $ZERONET_FORUM_ADDRESS" - echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY" - echo $'Unable to create zeronet forum private key' - exit 87356 - fi + if [ ${#ZERONET_FORUM_PRIVATE_KEY} -lt 20 ]; then + echo $"Address: $ZERONET_FORUM_ADDRESS" + echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY" + echo $'Unable to create zeronet forum private key' + exit 87356 + fi - if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS" ]; then - echo $"Unable to find site directory: $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS" - exit 7638 - fi + if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS" ]; then + echo $"Unable to find site directory: $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS" + exit 7638 + fi - function_check git_clone - git_clone $ZERONET_FORUM_REPO ZeroTalk - if [ ! -d $MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then - echo $'ZeroTalk repo could not be cloned' - exit 6739 - fi - git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT - if ! grep -q "ZeroNet Forum commit" $COMPLETION_FILE; then - echo "ZeroNet Forum commit:$ZERONET_FORUM_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/ZeroNet Forum commit.*/ZeroNet Forum commit:$ZERONET_FORUM_COMMIT/g" $COMPLETION_FILE - fi + function_check git_clone + git_clone $ZERONET_FORUM_REPO ZeroTalk + if [ ! -d $MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then + echo $'ZeroTalk repo could not be cloned' + exit 6739 + fi + git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT + if ! grep -q "ZeroNet Forum commit" $COMPLETION_FILE; then + echo "ZeroNet Forum commit:$ZERONET_FORUM_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/ZeroNet Forum commit.*/ZeroNet Forum commit:$ZERONET_FORUM_COMMIT/g" $COMPLETION_FILE + fi - echo $"Forum address: $ZERONET_FORUM_ADDRESS" - echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY" - cp -r $MESH_INSTALL_DIR/zeronet/ZeroTalk/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS - sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html - sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html - sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html - sed -i 's/Messaging Board Demo/Messaging Board/g' $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json - sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json - python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json + echo $"Forum address: $ZERONET_FORUM_ADDRESS" + echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY" + cp -r $MESH_INSTALL_DIR/zeronet/ZeroTalk/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS + sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html + sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html + sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html + sed -i 's/Messaging Board Demo/Messaging Board/g' $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json + sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json + python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json - # Add an avahi service - function_check create_avahi_service - create_avahi_service zeronet-forum "zeronet-forum" udp $ZERONET_PORT "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" - sudo cp /tmp/zeronet-forum.service /etc/avahi/services/zeronet-forum.service + # Add an avahi service + function_check create_avahi_service + create_avahi_service zeronet-forum "zeronet-forum" udp $ZERONET_PORT "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" + sudo cp /tmp/zeronet-forum.service /etc/avahi/services/zeronet-forum.service - chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet + chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet - if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then - mkdir -p /home/$MY_USERNAME/.config/zeronet - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config - fi - echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myforum + if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then + mkdir -p /home/$MY_USERNAME/.config/zeronet + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config + fi + echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myforum - if ! grep -q $"ZeroNet Forum address" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo $"ZeroNet Forum address: $ZERONET_FORUM_ADDRESS" >> /home/$MY_USERNAME/README - echo $"ZeroNet Forum private key: $ZERONET_FORUM_PRIVATE_KEY" >> /home/$MY_USERNAME/README - fi + if ! grep -q $"ZeroNet Forum address" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo $"ZeroNet Forum address: $ZERONET_FORUM_ADDRESS" >> /home/$MY_USERNAME/README + echo $"ZeroNet Forum private key: $ZERONET_FORUM_PRIVATE_KEY" >> /home/$MY_USERNAME/README + fi - echo 'install_zeronet_forum' >> $COMPLETION_FILE + echo 'install_zeronet_forum' >> $COMPLETION_FILE } function install_zeronet_main { - if grep -Fxq "install_zeronet_main" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_zeronet_main" $COMPLETION_FILE; then + return + fi - ${PROJECT_NAME}-mesh-install -f zeronet - systemctl daemon-reload - systemctl start tracker.service - systemctl start zeronet.service + ${PROJECT_NAME}-mesh-install -f zeronet + systemctl daemon-reload + systemctl start tracker.service + systemctl start zeronet.service - function_check configure_firewall_for_zeronet - configure_firewall_for_zeronet - echo 'install_zeronet_main' >> $COMPLETION_FILE + function_check configure_firewall_for_zeronet + configure_firewall_for_zeronet + echo 'install_zeronet_main' >> $COMPLETION_FILE } function mesh_zeronet { - ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}') - if [ ${#ZERONET_REPO_MAIN} -gt 4 ]; then - ZERONET_REPO=$ZERONET_REPO_MAIN - fi - if [ ! $ZERONET_REPO ]; then - echo $'No ZeroNet repo was specified' - exit 723539 - fi + ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}') + if [ ${#ZERONET_REPO_MAIN} -gt 4 ]; then + ZERONET_REPO=$ZERONET_REPO_MAIN + fi + if [ ! $ZERONET_REPO ]; then + echo $'No ZeroNet repo was specified' + exit 723539 + fi - ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#ZERONET_COMMIT_MAIN} -gt 4 ]; then - ZERONET_COMMIT=$ZERONET_COMMIT_MAIN - fi - if [ ! $ZERONET_COMMIT ]; then - echo $'No ZeroNet commit was specified' - exit 490439 - fi + ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#ZERONET_COMMIT_MAIN} -gt 4 ]; then + ZERONET_COMMIT=$ZERONET_COMMIT_MAIN + fi + if [ ! $ZERONET_COMMIT ]; then + echo $'No ZeroNet commit was specified' + exit 490439 + fi - MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then - MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN - fi - if [ ! $MESH_INSTALL_DIR ]; then - echo $'No mesh install dir was specified' - exit 432052 - fi + MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then + MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN + fi + if [ ! $MESH_INSTALL_DIR ]; then + echo $'No mesh install dir was specified' + exit 432052 + fi - chroot "$rootdir" apt-get -y install python python-msgpack python-gevent - chroot "$rootdir" apt-get -y install python-pip bittornado - chroot "$rootdir" pip install msgpack-python --upgrade + chroot "$rootdir" apt-get -y install python python-msgpack python-gevent + chroot "$rootdir" apt-get -y install python-pip bittornado + chroot "$rootdir" pip install msgpack-python --upgrade - chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet - git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet - if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then - echo 'WARNING: Unable to clone zeronet' - return - fi - cd $rootdir$MESH_INSTALL_DIR/zeronet - git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT - if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then - echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE - else - sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE - fi - chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet + chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet + git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet + if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then + echo 'WARNING: Unable to clone zeronet' + return + fi + cd $rootdir$MESH_INSTALL_DIR/zeronet + git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT + if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then + echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE + else + sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE + fi + chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet - # Hack to ensure that the file access port is opened - # This is because zeronet normally relies on an internet site - # to do this, but on a purely local mesh the internet isn't available - sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py + # Hack to ensure that the file access port is opened + # This is because zeronet normally relies on an internet site + # to do this, but on a purely local mesh the internet isn't available + sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py - ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service - echo '[Unit]' > $ZERONET_DAEMON - echo 'Description=Zeronet Server' >> $ZERONET_DAEMON - echo 'After=syslog.target' >> $ZERONET_DAEMON - echo 'After=network.target' >> $ZERONET_DAEMON - echo '[Service]' >> $ZERONET_DAEMON - echo 'Type=simple' >> $ZERONET_DAEMON - echo 'User=zeronet' >> $ZERONET_DAEMON - echo 'Group=zeronet' >> $ZERONET_DAEMON - echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON - echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON - echo '' >> $ZERONET_DAEMON - echo 'TimeoutSec=300' >> $ZERONET_DAEMON - echo '' >> $ZERONET_DAEMON - echo '[Install]' >> $ZERONET_DAEMON - echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON + ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service + echo '[Unit]' > $ZERONET_DAEMON + echo 'Description=Zeronet Server' >> $ZERONET_DAEMON + echo 'After=syslog.target' >> $ZERONET_DAEMON + echo 'After=network.target' >> $ZERONET_DAEMON + echo '[Service]' >> $ZERONET_DAEMON + echo 'Type=simple' >> $ZERONET_DAEMON + echo 'User=zeronet' >> $ZERONET_DAEMON + echo 'Group=zeronet' >> $ZERONET_DAEMON + echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON + echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON + echo '' >> $ZERONET_DAEMON + echo 'TimeoutSec=300' >> $ZERONET_DAEMON + echo '' >> $ZERONET_DAEMON + echo '[Install]' >> $ZERONET_DAEMON + echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON - TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service - echo '[Unit]' > $TRACKER_DAEMON - echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON - echo 'After=syslog.target' >> $TRACKER_DAEMON - echo 'After=network.target' >> $TRACKER_DAEMON - echo '[Service]' >> $TRACKER_DAEMON - echo 'Type=simple' >> $TRACKER_DAEMON - echo 'User=tracker' >> $TRACKER_DAEMON - echo 'Group=tracker' >> $TRACKER_DAEMON - echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON - echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON - echo '' >> $TRACKER_DAEMON - echo 'TimeoutSec=300' >> $TRACKER_DAEMON - echo '' >> $TRACKER_DAEMON - echo '[Install]' >> $TRACKER_DAEMON - echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON + TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service + echo '[Unit]' > $TRACKER_DAEMON + echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON + echo 'After=syslog.target' >> $TRACKER_DAEMON + echo 'After=network.target' >> $TRACKER_DAEMON + echo '[Service]' >> $TRACKER_DAEMON + echo 'Type=simple' >> $TRACKER_DAEMON + echo 'User=tracker' >> $TRACKER_DAEMON + echo 'Group=tracker' >> $TRACKER_DAEMON + echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON + echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON + echo '' >> $TRACKER_DAEMON + echo 'TimeoutSec=300' >> $TRACKER_DAEMON + echo '' >> $TRACKER_DAEMON + echo '[Install]' >> $TRACKER_DAEMON + echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON - chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker - if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then - mkdir $rootdir$MESH_INSTALL_DIR/tracker - fi - chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker + chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker + if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then + mkdir $rootdir$MESH_INSTALL_DIR/tracker + fi + chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker - # publish regularly - echo "*/1 * * * * root /usr/local/bin/zeronetavahi > /dev/null" >> $rootdir/etc/crontab + # publish regularly + echo "*/1 * * * * root /usr/local/bin/zeronetavahi > /dev/null" >> $rootdir/etc/crontab - chroot "$rootdir" systemctl enable tracker.service - chroot "$rootdir" systemctl enable zeronet.service + chroot "$rootdir" systemctl enable tracker.service + chroot "$rootdir" systemctl enable zeronet.service } function mesh_zeronet_blog { - ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}') - ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then - MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN - fi - if [ ! $MESH_INSTALL_DIR ]; then - echo $'No mesh install dir was specified' - exit 432052 - fi + ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}') + ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then + MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN + fi + if [ ! $MESH_INSTALL_DIR ]; then + echo $'No mesh install dir was specified' + exit 432052 + fi - git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog - if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then - echo $'ZeroBlog repo could not be cloned' - exit 6739 - fi - cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog - git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT - chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet + git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog + if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then + echo $'ZeroBlog repo could not be cloned' + exit 6739 + fi + cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog + git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT + chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet } function mesh_zeronet_mail { - ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}') - ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then - MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN - fi - if [ ! $MESH_INSTALL_DIR ]; then - echo $'No mesh install dir was specified' - exit 432052 - fi + ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}') + ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then + MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN + fi + if [ ! $MESH_INSTALL_DIR ]; then + echo $'No mesh install dir was specified' + exit 432052 + fi - git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail - if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then - echo $'ZeroMail repo could not be cloned' - exit 78493 - fi - cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail - git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT - chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet + git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail + if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then + echo $'ZeroMail repo could not be cloned' + exit 78493 + fi + cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail + git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT + chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet } function mesh_zeronet_forum { - ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}') - ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then - MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN - fi - if [ ! $MESH_INSTALL_DIR ]; then - echo $'No mesh install dir was specified' - exit 432052 - fi + ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}') + ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then + MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN + fi + if [ ! $MESH_INSTALL_DIR ]; then + echo $'No mesh install dir was specified' + exit 432052 + fi - git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk - if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then - echo $'ZeroTalk repo could not be cloned' - exit 78252 - fi - cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk - git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT - chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet + git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk + if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then + echo $'ZeroTalk repo could not be cloned' + exit 78252 + fi + cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk + git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT + chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet } function mesh_zeronet_id { - ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}') - ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then - MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN - fi - if [ ! $MESH_INSTALL_DIR ]; then - echo $'No mesh install dir was specified' - exit 432052 - fi + ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}') + ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then + MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN + fi + if [ ! $MESH_INSTALL_DIR ]; then + echo $'No mesh install dir was specified' + exit 432052 + fi - git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID - if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then - echo $'ZeroID repo could not be cloned' - exit 37936 - fi - cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID - git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT - chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet + git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID + if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then + echo $'ZeroID repo could not be cloned' + exit 37936 + fi + cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID + git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT + chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet } function install_zeronet { - if [ $INSTALLING_MESH ]; then - mesh_zeronet - mesh_zeronet_blog - mesh_zeronet_mail - mesh_zeronet_forum - return - fi - if grep -Fxq "install_zeronet" $COMPLETION_FILE; then - return - fi - install_zeronet_main - install_zeronet_blog - install_zeronet_mail - install_zeronet_forum - echo 'install_zeronet' >> $COMPLETION_FILE + if [ $INSTALLING_MESH ]; then + mesh_zeronet + mesh_zeronet_blog + mesh_zeronet_mail + mesh_zeronet_forum + return + fi + if grep -Fxq "install_zeronet" $COMPLETION_FILE; then + return + fi + install_zeronet_main + install_zeronet_blog + install_zeronet_mail + install_zeronet_forum + echo 'install_zeronet' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0