free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial idea for deploying an image

This commit is contained in:
Bob Mottram 2015-11-20 11:54:39 +00:00
parent f6358543fb
commit d81e4ee6b0
1 changed files with 160 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
src/freedombone-deploy Executable file
View File

@ -0,0 +1,160 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# An initialisation script which can be run after installing
# a disk image
#
# License
# =======
#
# Copyright (C) 2015 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Default username for disk images
DEFAULT_IMAGE_USERNAME='freedom'
MY_NAME='fbn'
MY_USERNAME=$MY_NAME
MY_EMAIL_ADDRESS=$MY_USERNAME@$(hostname)
# various passwords
CJDNS_PASSWORD=
MARIADB_PASSWORD=
MICROBLOG_ADMIN_PASSWORD=
GIT_ADMIN_PASSWORD=
HUBZILLA_ADMIN_PASSWORD=
OWNCLOUD_ADMIN_PASSWORD=
WIKI_ADMIN_PASSWORD=
FULLBLOG_ADMIN_PASSWORD=
VOIP_SERVER_PASSWORD=
SIP_SERVER_PASSWORD=
function create_backup_gpg_key {
echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME)
if [ ! "$?" = "0" ]; then
echo 'Backup key could not be created'
exit 43382
fi
MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
echo "Backup key: $MY_BACKUP_KEY_ID"
MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
su -c "gpg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
su -c "gpg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
echo 'Public backup key could not be exported'
exit 36829
fi
if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then
echo 'Private backup key could not be exported'
exit 29235
fi
# import backup key to root user
gpg --import --import ${MY_BACKUP_KEY}_public.asc
gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
shred -zu ${MY_BACKUP_KEY}_public.asc
shred -zu ${MY_BACKUP_KEY}_private.asc
echo 'New backup gpg key created'
}
function regenerate_ssh_host_keys {
rm -f /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
echo 'ssh host keys regenerated'
# remove small moduli
awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
mv ~/moduli /etc/ssh/moduli
echo 'ssh small moduli removed'
systemctl restart ssh
}
function get_passwords_from_readme {
readme_file=$1
if [ ! -f $readme_file ]; then
return
fi
if grep -q "cjdns password" $readme_file; then
if [ ! $CJDNS_PASSWORD ]; then
CJDNS_PASSWORD=$(cat $readme_file | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
if grep -q "MariaDB password" $readme_file; then
if [ -f $DATABASE_PASSWORD_FILE ]; then
MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE)
else
MARIADB_PASSWORD=$(cat $readme_file | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
chmod 600 $DATABASE_PASSWORD_FILE
fi
fi
if grep -q "MariaDB gnusocial admin password" $readme_file; then
MICROBLOG_ADMIN_PASSWORD=$(cat $readme_file | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
if grep -q "Gogs admin user password" $readme_file; then
GIT_ADMIN_PASSWORD=$(cat $readme_file | grep "Gogs admin user password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
if grep -q "MariaDB Hubzilla admin password" $readme_file; then
HUBZILLA_ADMIN_PASSWORD=$(cat $readme_file | grep "MariaDB Hubzilla admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
if grep -q "Owncloud database password" $readme_file; then
OWNCLOUD_ADMIN_PASSWORD=$(cat $readme_file | grep "Owncloud database password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
if grep -q "Wiki password" $readme_file; then
WIKI_ADMIN_PASSWORD=$(cat $readme_file | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
}
function set_admin_user {
sed -i "s|Admin user:.*|Admin user:$MY_USERNAME|g" $COMPLETION_FILE
}
if [ ! -d /home/$DEFAULT_IMAGE_USERNAME ]; then
echo "User $DEFAULT_IMAGE_USERNAME not found"
exit 52372
fi
if [ -d /home/$MY_USERNAME ]; then
echo "User $MY_USERNAME already exists"
exit 73538
fi
get_passwords_from_readme /home/$DEFAULT_IMAGE_USERNAME/README
#freedombone-adduser $MY_USERNAME > ~/setup.txt
#set_admin_user
#create_backup_gpg_key
#regenerate_ssh_host_keys
exit 0