free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backup to friends servers

This commit is contained in:
Bob Mottram 2014-10-01 23:49:10 +01:00
parent de82f2e6d9
commit f942eda9e0
1 changed files with 83 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
install-freedombone.sh
View File

@ -199,6 +199,9 @@ MAX_PHP_MEMORY=32
# default MariaDB password # default MariaDB password
MARIADB_PASSWORD= MARIADB_PASSWORD=
# file containing a list of remote locations to backup to
FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
#list of encryption protocols #list of encryption protocols
SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2" SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2"
@ -1442,6 +1445,41 @@ function encrypt_incoming_email {
echo 'encrypt_incoming_email' >> $COMPLETION_FILE echo 'encrypt_incoming_email' >> $COMPLETION_FILE
} }
function encrypt_outgoing_email {
# encrypts outgoing mail using your GPG public key
# so even if an attacker gains access to the data at rest they still need
# to know your GPG key password to be able to read sent mail
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then
return
fi
if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
return
fi
echo 'sent_items_router:' > /etc/exim4/conf.d/router/170_exim4-config_encryptsent
echo ' driver = accept' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
echo ' transport = sent_items_transport' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
echo ' condition = ${if !eq{$authenticated_id}{}}' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
echo ' unseen' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
echo ' no_verify' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
# TODO
echo 'sent_items_transport:'
echo ' driver = pipe'
echo ' user = $authenticated_id'
echo ' group = Debian-exim'
echo ' temp_errors = *'
echo ' transport_filter = /usr/bin/gpgit.pl $sender_address'
echo ' command = /usr/bin/pipe2imap.pl --ssl --user master --authas $authenticated_id --passfile /etc/exim4/master_imap_password.txt --folder "Sent Items" --flags "\\seen"'
echo ' log_defer_output = true'
service exim4 restart
echo 'encrypt_outgoing_email' >> $COMPLETION_FILE
}
function email_client { function email_client {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
@ -3576,6 +3614,49 @@ IPT_NAME
echo 'create_restore_script' >> $COMPLETION_FILE echo 'create_restore_script' >> $COMPLETION_FILE
} }
function backup_to_friends_servers {
if grep -Fxq "backup_to_friends_servers" $COMPLETION_FILE; then
return
fi
if [ ! $FRIENDS_SERVERS_LIST ]; then
return
fi
apt-get -y --force-yes install duplicity
# script to do backups
echo '#!/bin/bash' > /usr/bin/backup2friends
echo 'GPG_KEY=$1' >> /usr/bin/backup2friends
echo '' >> /usr/bin/backup2friends
echo 'if [ ! $GPG_KEY ]; then' >> /usr/bin/backup2friends
echo ' echo "No GPG key specified"' >> /usr/bin/backup2friends
echo ' exit 1' >> /usr/bin/backup2friends
echo 'fi' >> /usr/bin/backup2friends
echo '' >> /usr/bin/backup2friends
echo "if [ ! -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backup2friends
echo ' exit 2' >> /usr/bin/backup2friends
echo 'fi' >> /usr/bin/backup2friends
echo '' >> /usr/bin/backup2friends
echo 'while read remote_server' >> /usr/bin/backup2friends
echo 'do' >> /usr/bin/backup2friends
echo ' SERVER="${* %%remote_server}"' >> /usr/bin/backup2friends
echo ' FTP_PASSWORD="${remote_server%% *}"' >> /usr/bin/backup2friends
echo " duplicity incr --ssh-askpass --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems /home/$MY_USERNAME $SERVER" >> /usr/bin/backup2friends
echo ' duplicity --ssh-askpass --force cleanup $SERVER' >> /usr/bin/backup2friends
echo ' duplicity --ssh-askpass --force remove-all-but-n-full 2 $SERVER' >> /usr/bin/backup2friends
echo "done < $FRIENDS_SERVERS_LIST" >> /usr/bin/backup2friends
echo 'exit 0' >> /usr/bin/backup2friends
chmod +x /usr/bin/backup2friends
# update crontab
echo '#!/bin/bash' > /etc/cron.daily/backuptofriends
echo 'GPG_KEY=' >> /etc/cron.daily/backuptofriends
echo '/usr/bin/backup2friends $GPG_KEY' >> /etc/cron.daily/backuptofriends
chmod +x /etc/cron.daily/backuptofriends
echo 'backup_to_friends_servers' >> $COMPLETION_FILE
}
function install_final { function install_final {
if grep -Fxq "install_final" $COMPLETION_FILE; then if grep -Fxq "install_final" $COMPLETION_FILE; then
return return
@ -3622,6 +3703,7 @@ time_synchronisation
configure_internet_protocol configure_internet_protocol
configure_ssh configure_ssh
check_hwrng check_hwrng
backup_to_friends_servers
search_for_attached_usb_drive search_for_attached_usb_drive
regenerate_ssh_keys regenerate_ssh_keys
script_to_make_self_signed_certificates script_to_make_self_signed_certificates
@ -3631,6 +3713,7 @@ create_procmail
configure_imap configure_imap
configure_gpg configure_gpg
encrypt_incoming_email encrypt_incoming_email
#encrypt_outgoing_email
email_client email_client
configure_firewall_for_email configure_firewall_for_email
folders_for_mailing_lists folders_for_mailing_lists