This commit is contained in:
Bob Mottram 2018-04-07 14:00:25 +01:00
commit e9c901fdac
9 changed files with 118 additions and 32 deletions

View File

@ -237,6 +237,7 @@ fi
# add user menu on ssh login # add user menu on ssh login
if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then
echo 'export PS1="\W \$"' >> "/home/$ADD_USERNAME/.bashrc"
echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc" echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc"
fi fi

View File

@ -38,7 +38,7 @@ PLEROMA_CODE=
PLEROMA_PORT=4000 PLEROMA_PORT=4000
PLEROMA_ONION_PORT=8011 PLEROMA_ONION_PORT=8011
PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git" PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
PLEROMA_COMMIT='7130e9ddb16286efd7d01088e816f05e82cfa2a1' PLEROMA_COMMIT='303289d7daac3a51f991bb8603f36628a5d944c1'
PLEROMA_ADMIN_PASSWORD= PLEROMA_ADMIN_PASSWORD=
PLEROMA_DIR=/etc/pleroma PLEROMA_DIR=/etc/pleroma
PLEROMA_SECRET_KEY="" PLEROMA_SECRET_KEY=""

View File

@ -225,6 +225,7 @@ function email_create_template {
} }
function create_email_onion_address { function create_email_onion_address {
email_hostname='/var/lib/tor/hidden_service_email/hostname'
if ! grep -q "hidden_service_email" /etc/tor/torrc; then if ! grep -q "hidden_service_email" /etc/tor/torrc; then
{ echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/'; { echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/';
echo 'HiddenServiceVersion 3'; echo 'HiddenServiceVersion 3';
@ -238,18 +239,21 @@ function create_email_onion_address {
function_check wait_for_onion_service function_check wait_for_onion_service
wait_for_onion_service email wait_for_onion_service email
if [ ! -f /var/lib/tor/hidden_service_email/hostname ]; then if [ ! -f $email_hostname ]; then
echo $"email onion site hostname not found" echo $"email onion site hostname not found"
systemctl restart tor systemctl restart tor
exit 782352 exit 782352
fi fi
onion_address=$(cat /var/lib/tor/hidden_service_email/hostname) onion_address=$(cat $email_hostname)
set_completion_param "email onion domain" "${onion_address}" set_completion_param "email onion domain" "${onion_address}"
add_email_hostname "$onion_address" add_email_hostname "$onion_address"
else else
onion_address=$(cat /var/lib/tor/hidden_service_email/hostname) onion_address=$(cat $email_hostname)
fi fi
cp $email_hostname /etc/skel/.email_onion_domain
cp $email_hostname "/home/$MY_USERNAME/.email_onion_domain"
chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.email_onion_domain"
} }
function configure_email_onion { function configure_email_onion {
@ -262,17 +266,17 @@ function configure_email_onion {
create_email_onion_address create_email_onion_address
#apt-get -yq install tinycdb perl apt-get -yq install perl
# MX record should be: # MX record should be:
# _onion-mx._tcp # _onion-mx._tcp
# 20:$onion_address # 20:$onion_address
# 3600 IN SRV 0 5 25 $onion_address # 3600 IN SRV 0 5 25 $onion_address
# Test with: exim -d -bt username@$onion_address # To test the system, on receiving server:
# exim -bd -d -oX 25
#echo "$DEFAULT_DOMAIN_NAME $onion_address" > /etc/exim4/onionrelay.txt # On the sensing server:
#cdb -m -c -t ~/onionrelay.tmp /etc/exim4/onionrelay.cdb /etc/exim4/onionrelay.txt # exim -d -oX 25 -bt username@$onion_address
{ echo "perl_startup = do '/etc/exim4/perl-routines.pl'"; { echo "perl_startup = do '/etc/exim4/perl-routines.pl'";
echo "perl_at_start"; } > /etc/exim4/conf.d/main/00_exim4-config_perl echo "perl_at_start"; } > /etc/exim4/conf.d/main/00_exim4-config_perl
@ -290,26 +294,32 @@ function configure_email_onion {
echo " return 'no_such_host';"; echo " return 'no_such_host';";
echo "}"; } > /etc/exim4/perl-routines.pl echo "}"; } > /etc/exim4/perl-routines.pl
#{ echo "ONION_RELAYDB=/etc/exim4/onionrelay.cdb";
# echo "domainlist onion_relays = cdb;ONION_RELAYDB"; } > /etc/exim4/conf.d/main/48_exim4-config_onion_relays
{ echo "riseup:"; { echo "riseup:";
echo " driver = manualroute"; echo " driver = manualroute";
echo " domains = riseup.net"; echo " domains = riseup.net";
echo " transport = onion_relay"; echo " transport = onion_relay";
echo " headers_remove = Received:Message-ID:X-Mailer:User-Agent";
echo " headers_add = Message-ID: <\${lc:\${sha1:\$message_id}}@\$sender_address_domain>";
echo " route_data = \${perl{onionLookup}{$RISEUP_EMAIL_ONION}}" echo " route_data = \${perl{onionLookup}{$RISEUP_EMAIL_ONION}}"
echo " no_more"; } > /etc/exim4/conf.d/router/049_exim4-config-riseup echo " no_more"; } > /etc/exim4/conf.d/router/905_exim4-config-riseup
if ! grep -q "*.onion" /etc/exim4/conf.d/router/200_exim4-config_primary; then
sed -i 's|domains = ! +local_domains|domains = ! +local_domains : ! *.onion : ! riseup.net|g' /etc/exim4/conf.d/router/200_exim4-config_primary
fi
{ echo "onionrelays:"; { echo "onionrelays:";
echo " driver = manualroute"; echo " driver = manualroute";
echo " domains = *.onion"; echo " domains = *.onion";
echo " transport = onion_relay"; echo " transport = onion_relay";
#echo " route_data = \${lookup dnsdb{a=\$domain}}"; echo " headers_remove = Received:Message-ID:X-Mailer:User-Agent";
echo " headers_add = Message-ID: <\${lc:\${sha1:\$message_id}}@\$sender_address_domain>";
echo " route_data = \${perl{onionLookup}{\$domain}}" echo " route_data = \${perl{onionLookup}{\$domain}}"
echo " no_more"; } > /etc/exim4/conf.d/router/050_exim4-config-onionrelays echo " no_more"; } > /etc/exim4/conf.d/router/910_exim4-config-onionrelays
{ echo "onion_relay:"; { echo "onion_relay:";
echo " driver = smtp"; echo " driver = smtp";
echo " helo_data = \"\$address_data \$original_domain\"";
echo " hosts_avoid_tls = *";
echo " socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/050_exim4-config_onion_relay echo " socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/050_exim4-config_onion_relay
if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
@ -366,7 +376,7 @@ function check_email_address_exists {
if [[ $ONION_ONLY != 'no' ]]; then if [[ $ONION_ONLY != 'no' ]]; then
my_email=$onion_address my_email=$onion_address
MY_EMAIL_ADDRESS=$onion_address MY_EMAIL_ADDRESS="${MY_USERNAME}@$onion_address"
write_config_param "MY_EMAIL_ADDRESS" "$MY_EMAIL_ADDRESS" write_config_param "MY_EMAIL_ADDRESS" "$MY_EMAIL_ADDRESS"
fi fi
} }
@ -650,6 +660,14 @@ function email_client {
echo '# Optional relay of SMTP via ISP'; echo '# Optional relay of SMTP via ISP';
echo '#set smtp_url="smtps://username:password@isp_mail_domain:465/"'; } > /etc/Muttrc echo '#set smtp_url="smtps://username:password@isp_mail_domain:465/"'; } > /etc/Muttrc
if [[ "$ONION_ONLY" != 'no' ]]; then
# On onion only systems email is onion router anyway, with its
# own encryption system, so we don't need the additional pgp layer
# except perhaps for some additional confidence
sed -i 's|set pgp_autoencrypt|unset pgp_autoencrypt|g' /etc/Muttrc
sed -i 's|set pgp_autosign|unset pgp_autosign|g' /etc/Muttrc
fi
# For viewing long URLs # For viewing long URLs
echo 'REGEXP (((http|https|ftp|gopher)|mailto)[.:][^ >"\t]*|www\.[-a-z0-9.]+)[^ .,;\t>">\):]' > "/home/$MY_USERNAME/.urlview" echo 'REGEXP (((http|https|ftp|gopher)|mailto)[.:][^ >"\t]*|www\.[-a-z0-9.]+)[^ .,;\t>">\):]' > "/home/$MY_USERNAME/.urlview"
echo 'COMMAND lynx -dump -width=78 -nolist %s' >> "/home/$MY_USERNAME/.urlview" echo 'COMMAND lynx -dump -width=78 -nolist %s' >> "/home/$MY_USERNAME/.urlview"
@ -1094,7 +1112,8 @@ function spam_filtering {
# This configuration is based on https://wiki.debian.org/DebianSpamAssassin # This configuration is based on https://wiki.debian.org/DebianSpamAssassin
sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
sed -i "s/accept/accept condition = \${if eq{\$acl_m0}{rfcnames} {1}{0}}/g" /etc/exim4/conf.d/acl/40_exim4-config_check_data # This prevents .onion domains from being accepted
#sed -i "s/accept/accept condition = \${if eq{\$acl_m0}{rfcnames} {1}{0}}/g" /etc/exim4/conf.d/acl/40_exim4-config_check_data
{ echo "warn message = X-Spam-Score: \$spam_score (\$spam_bar)"; { echo "warn message = X-Spam-Score: \$spam_score (\$spam_bar)";
echo ' spam = nobody:true'; echo ' spam = nobody:true';

View File

@ -852,23 +852,45 @@ function menu_run_client_app {
function show_your_email_address { function show_your_email_address {
GPG_FINGERPRINT=$(gpg --fingerprint "$GPG_ID" | sed -n '2p' | sed 's/^[ \t]*//') GPG_FINGERPRINT=$(gpg --fingerprint "$GPG_ID" | sed -n '2p' | sed 's/^[ \t]*//')
GPG_DATE=$(gpg --fingerprint "$GPG_ID" | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}') GPG_DATE=$(gpg --fingerprint "$GPG_ID" | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
if [ ! -f ~/.mutt/bdsmail ]; then onion_domain=
dialog --title $"Show your Email Address" \ if [ -f "$HOME/.email_onion_domain" ]; then
--backtitle $"Freedombone User Control Panel" \ onion_domain=$(cat "$HOME/.email_onion_domain")
--msgbox $"Email Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE" 12 70 fi
else dialog_height=14
onionemailstr=
if [[ "$HOSTNAME" != *'.onion' && "$onion_domain" ]]; then
onionemailstr="\\n\\nOnion Email: ${USER}@${onion_domain}"
dialog_height=$((dialog_height+3))
fi
msgstrbase=$"\\nYou can press SHIFT and then drag the mouse and right click to copy.\\n\\nEmail Address: ${MY_EMAIL_ADDRESS}${onionemailstr}\\n\\nKey ID: ${GPG_ID}\\n\\nFingerprint: ${GPG_FINGERPRINT}\\n\\nCreated: ${GPG_DATE}"
bdsmail_address=
bdsmailstr=
if [ -f ~/.mutt/bdsmail ]; then
bdsmail_address=$(grep 'set from=' ~/.mutt/bdsmail | awk -F '=' '{print $2}') bdsmail_address=$(grep 'set from=' ~/.mutt/bdsmail | awk -F '=' '{print $2}')
dialog --title $"Show your Email Address" \ bdsmailstr="\\n\\nI2P Address: ${bdsmail_address}"
--backtitle $"Freedombone User Control Panel" \ dialog_height=$((dialog_height+3))
--msgbox $"\\nYou can press SHIFT and then drag the mouse and right click to copy.\\n\\nEmail Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE\\n\\nI2P Address: ${bdsmail_address}" 17 90 fi
dialog --title $"Show your Email Address" \
--backtitle $"Freedombone User Control Panel" \
--msgbox "${msgstrbase}${bdsmailstr}" $dialog_height 100
if [ "$onion_domain" ]; then
clear clear
echo '' echo ''
echo $'Your bdsmail address as a QR code' echo $'Your onion email address:'
echo ''
echo -n "${USER}@${onion_domain}" | qrencode -t UTF8
echo ''
any_key
fi
if [ "${bdsmail_address}" ]; then
clear
echo ''
echo $'Your bdsmail address:'
echo '' echo ''
echo -n "${bdsmail_address}" | qrencode -t UTF8 echo -n "${bdsmail_address}" | qrencode -t UTF8
echo '' echo ''
echo "${bdsmail_address}"
echo ''
any_key any_key
fi fi
} }
@ -912,4 +934,7 @@ menu_top_level
clear clear
# shellcheck disable=SC1090 # shellcheck disable=SC1090
. ~/.bashrc . ~/.bashrc
cat /etc/motd
echo -e $'Type "sudo su" for root access, or "control" to restart\nthe control panel.'
echo ''
exit 0 exit 0

View File

@ -1627,7 +1627,7 @@ EOF
if [[ "$VARIANT" == "usb" ]]; then if [[ "$VARIANT" == "usb" ]]; then
# tor # tor
chroot "$rootdir" apt-get -yq install tor chroot "$rootdir" apt-get -yq -t stretch-backports install tor
# xmpp client # xmpp client
chroot "$rootdir" echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list chroot "$rootdir" echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list
@ -1760,7 +1760,8 @@ image_setup_utils() {
chroot "$rootdir" apt-get -yq install vim-common python3 unattended-upgrades chroot "$rootdir" apt-get -yq install vim-common python3 unattended-upgrades
# Tor and ssh over tor # Tor and ssh over tor
chroot "$rootdir" apt-get -yq install tor connect-proxy chroot "$rootdir" apt-get -yq -t stretch-backports install tor
chroot "$rootdir" apt-get -yq install connect-proxy
chroot "$rootdir" connect-proxy chroot "$rootdir" connect-proxy
sed -i 's|#Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc" sed -i 's|#Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc"
sed -i 's|Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc" sed -i 's|Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc"

View File

@ -102,6 +102,7 @@ if [ -d "$PROJECT_DIR" ]; then
email_install_tls email_install_tls
email_disable_chunking email_disable_chunking
rm /etc/exim4/exim4.conf.template.bak* rm /etc/exim4/exim4.conf.template.bak*
email_update_onion_domain
#defrag_filesystem #defrag_filesystem
# reinstall tor from backports # reinstall tor from backports

View File

@ -64,6 +64,7 @@ $(get_ssh_server_key)
# add user menu on ssh login # add user menu on ssh login
if ! grep -q 'controluser' "/home/$MY_USERNAME/.bashrc"; then if ! grep -q 'controluser' "/home/$MY_USERNAME/.bashrc"; then
echo 'export PS1="\W \$"' >> "/home/$MY_USERNAME/.bashrc"
echo 'controluser' >> "/home/$MY_USERNAME/.bashrc" echo 'controluser' >> "/home/$MY_USERNAME/.bashrc"
fi fi
if [ ! -f "$IMAGE_PASSWORD_FILE" ]; then if [ ! -f "$IMAGE_PASSWORD_FILE" ]; then
@ -124,6 +125,25 @@ function create_default_user_removal_daemon {
systemctl enable firststart systemctl enable firststart
} }
function final_set_onion_hostname {
if [[ "$ONION_ONLY" == 'no' ]]; then
return
fi
if [ ! -f /var/lib/tor/hidden_service_email/hostname ]; then
echo $'No onion domain for email was found'
exit 368365
fi
onion_domain=$(cat /var/lib/tor/hidden_service_email/hostname)
echo "$onion_domain" > /etc/hostname
hostname "$onion_domain"
echo "127.0.1.1 $onion_domain" >> /etc/hosts
echo "$onion_domain" > /etc/mailname
}
function setup_final { function setup_final {
function_check update_installed_apps_list function_check update_installed_apps_list
update_installed_apps_list update_installed_apps_list
@ -131,6 +151,9 @@ function setup_final {
function_check create_default_user_removal_daemon function_check create_default_user_removal_daemon
create_default_user_removal_daemon create_default_user_removal_daemon
function_check final_set_onion_hostname
final_set_onion_hostname
function_check install_tripwire function_check install_tripwire
install_tripwire install_tripwire

View File

@ -224,7 +224,8 @@ function enable_ssh_via_onion {
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
apt-get -yq install tor connect-proxy echo 'N' | apt-get -yq -t stretch-backports install tor
apt-get -yq install connect-proxy
if ! grep -q 'Host *.onion' "/home/$MY_USERNAME/.ssh/config"; then if ! grep -q 'Host *.onion' "/home/$MY_USERNAME/.ssh/config"; then
if [ ! -d "/home/$MY_USERNAME/.ssh" ]; then if [ ! -d "/home/$MY_USERNAME/.ssh" ]; then
mkdir "/home/$MY_USERNAME/.ssh" mkdir "/home/$MY_USERNAME/.ssh"
@ -339,7 +340,8 @@ function route_outgoing_traffic_through_tor {
if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
return return
fi fi
apt-get -yq install tor tor-arm echo 'N' | apt-get -yq -t stretch-backports install tor
echo 'N' | apt-get -yq -t stretch-backports install tor-arm
### set variables ### set variables
# Destinations you don't want routed through Tor # Destinations you don't want routed through Tor

View File

@ -1006,6 +1006,20 @@ function email_disable_chunking {
systemctl restart exim4 systemctl restart exim4
} }
function email_update_onion_domain {
email_hostname='/var/lib/tor/hidden_service_email/hostname'
cp $email_hostname /etc/skel/.email_onion_domain
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
cp $email_hostname "/home/$USERNAME/.email_onion_domain"
chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.email_onion_domain"
fi
done
}
function email_install_tls { function email_install_tls {
tls_config_file=/etc/exim4/conf.d/main/03_exim4-config_tlsoptions tls_config_file=/etc/exim4/conf.d/main/03_exim4-config_tlsoptions
tls_auth_config_file=/etc/exim4/conf.d/auth/30_exim4-config_examples tls_auth_config_file=/etc/exim4/conf.d/auth/30_exim4-config_examples