#!/bin/bash # _____ _ _ # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ # | __| _| -_| -_| . | . | | . | . | | -_| # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # # Freedom in the Cloud # # Restore from local storage - typically a USB drive # # License # ======= # # Copyright (C) 2015-2018 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . PROJECT_NAME='freedombone' COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt MONGODB_APPS_FILE=$HOME/.mongodbapps CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg" BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv # whether to restore everything or just a specific application RESTORE_APP='all' export TEXTDOMAIN=${PROJECT_NAME}-restore-local export TEXTDOMAINDIR="/usr/share/locale" PROJECT_INSTALL_DIR=/usr/local/bin if [ -f /usr/bin/${PROJECT_NAME} ]; then PROJECT_INSTALL_DIR=/usr/bin fi # MariaDB password DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) function please_wait { local str width height length width=$(tput cols) height=$(tput lines) str="Standby to restore from USB" length=${#str} clear tput cup $((height / 2)) $(((width / 2) - (length / 2))) echo "$str" tput cup $((height * 3 / 5)) $(((width / 2))) echo -n '' } please_wait source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars # include utils which allow function_check, go and drive mount UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" for f in $UTILS_FILES do source "$f" done clear USB_DRIVE=/dev/sdb1 USB_MOUNT=/mnt/usb ADMIN_USERNAME='' ADMIN_NAME= read_config_param USB_DRIVE if [ -f "$COMPLETION_FILE" ]; then ADMIN_USERNAME=$(get_completion_param "Admin user") fi function check_backup_exists { if [ ! -d $USB_MOUNT/backup ]; then echo $"No backup directory found on the USB drive." set_user_permissions backup_unmount_drive exit 2 fi } function check_admin_user { echo $"Checking that admin user exists" if [ ! -d "/home/$ADMIN_USERNAME" ]; then echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username." set_user_permissions backup_unmount_drive exit 295 fi } function copy_gpg_keys { echo $"Copying GPG keys from admin user to root" cp -r "/home/$ADMIN_USERNAME/.gnupg" /root gpg_set_permissions root } function restore_blocklist { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'blocklist' ]]; then return fi fi if [ -d $USB_MOUNT/backup/blocklist ]; then echo $"Restoring blocklist" temp_restore_dir=/root/tempblocklist restore_directory_from_usb $temp_restore_dir blocklist if [ -d $temp_restore_dir/root/tempbackupblocklist ]; then cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg else cp -f $temp_restore_dir/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg fi rm -rf $temp_restore_dir firewall_refresh_blocklist fi } function restore_configfiles { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'configfiles' ]]; then return fi fi # this restores *.cfg and COMPLETION_FILE if [ -d $USB_MOUNT/backup/configfiles ]; then echo $"Restoring configuration files" temp_restore_dir=/root/tempconfigfiles restore_directory_from_usb $temp_restore_dir configfiles if [ -d $temp_restore_dir/root ]; then if [ -f $temp_restore_dir/root/.nostore ]; then if [ ! -f /root/.nostore ]; then touch /root/.nostore fi else if [ -f /root/.nostore ]; then rm /root/.nostore fi fi else if [ -f $temp_restore_dir/.nostore ]; then if [ ! -f /root/.nostore ]; then touch /root/.nostore fi else if [ -f /root/.nostore ]; then rm /root/.nostore fi fi fi #if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then # cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE #fi #if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then # cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE # if [ ! "$?" = "0" ]; then # set_user_permissions # backup_unmount_drive # rm -rf $temp_restore_dir # exit 5294 # fi #fi if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then set_user_permissions backup_unmount_drive rm -rf "$temp_restore_dir" exit 859034853 fi fi #if [ -f $CONFIGURATION_FILE ]; then # # install according to the config file # freedombone -c $CONFIGURATION_FILE #fi #if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then # cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE # if [ ! "$?" = "0" ]; then # set_user_permissions # backup_unmount_drive # rm -rf $temp_restore_dir # exit 6382 # fi #fi if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then set_user_permissions backup_unmount_drive rm -rf "$temp_restore_dir" exit 62121 fi fi # restore nginx password hashes if [ -d $temp_restore_dir/root ]; then if [ -f $temp_restore_dir/root/htpasswd ]; then cp -f $temp_restore_dir/root/htpasswd /etc/nginx/.htpasswd fi else if [ -f $temp_restore_dir/htpasswd ]; then cp -f $temp_restore_dir/htpasswd /etc/nginx/.htpasswd fi fi rm -rf $temp_restore_dir fi } function same_admin_user { PREV_ADMIN_USERNAME=$(get_completion_param "Admin user") if [[ "$PREV_ADMIN_USERNAME" != "$ADMIN_USERNAME" ]]; then echo $"The admin username has changed from $PREV_ADMIN_USERNAME to $ADMIN_USERNAME. To restore you will first need to install a new ${PROJECT_NAME} system with an initial admin user named $PREV_ADMIN_USERNAME" set_user_permissions backup_unmount_drive exit 73265 fi } function restore_mariadb { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'mariadb' ]]; then return fi fi if [[ $(is_completed install_mariadb) == "0" ]]; then function_check install_mariadb install_mariadb fi if [ -d $USB_MOUNT/backup/mariadb ]; then echo $"Restoring mysql settings" keep_database_running temp_restore_dir=/root/tempmariadb restore_directory_from_usb $temp_restore_dir mariadb store_original_mariadb_password echo $'Obtaining original MariaDB password' db_pass=$(cat /root/.mariadboriginal) if [ ${#db_pass} -gt 0 ]; then echo $"Restore the MariaDB user table" if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql) else mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql) fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then echo $"Try again using the password obtained from backup" db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb) if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql) else mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql) fi fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then echo "$mysqlsuccess" set_user_permissions backup_unmount_drive exit 962 fi echo $"Restarting database" systemctl restart mariadb echo $"Ensure MariaDB handles authentication" MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) mariadb_fix_authentication DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) fi rm -rf $temp_restore_dir fi } function restore_postgresql { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'postgresql' ]]; then return fi fi if [[ $(is_completed install_postgresql) == "0" ]]; then function_check install_postgresql install_postgresql fi if [ -d $USB_MOUNT/backup/postgresql ]; then echo $"Restoring postgresql settings" temp_restore_dir=/root/temppostgresql restore_directory_from_usb $temp_restore_dir postgresql store_original_postgresql_password echo $'Obtaining original postgresql password' db_pass=$(cat /root/.postgresqloriginal) if [ ${#db_pass} -gt 0 ]; then echo $"Restore the postgresql user table" if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql) else mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql) fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then echo $"Try again using the password obtained from backup" db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql) if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql) else mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql) fi fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then echo "$mysqlsuccess" set_user_permissions backup_unmount_drive exit 73825 fi echo $"Restarting database" systemctl restart postgresql echo $"Ensure postgresql handles authentication" POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql) DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql) fi rm -rf $temp_restore_dir fi } function restore_letsencrypt { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'letsencrypt' ]]; then return fi fi if [ -d $USB_MOUNT/backup/letsencrypt ]; then echo $"Restoring Lets Encrypt settings" #restore_directory_from_usb / letsencrypt restore_directory_from_usb /etc/letsencrypt letsencrypt chgrp -R ssl-cert /etc/letsencrypt chmod -R g=rX /etc/letsencrypt fi } function restore_passwordstore { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'passwords' ]]; then return fi fi if [ -d $USB_MOUNT/backup/passwordstore ]; then store_original_mariadb_password echo $"Restoring password store" #restore_directory_from_usb / passwordstore restore_directory_from_usb /root/.passwords passwordstore fi } function restore_tor { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'tor' ]]; then return fi fi if [ -d $USB_MOUNT/backup/tor ]; then echo $"Restoring Tor settings" #restore_directory_from_usb / tor restore_directory_from_usb /var/lib/tor tor fi } function restore_mutt_settings { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'mutt' ]]; then return fi fi if [ -d $USB_MOUNT/backup/mutt ]; then for d in $USB_MOUNT/backup/mutt/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') # skip over configurations if [[ "$USERNAME" == *'configs' ]]; then continue fi if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ ! -d "/home/$USERNAME" ]; then "${PROJECT_NAME}-adduser" "$USERNAME" fi echo $"Restoring Mutt configurations for $USERNAME" restore_directory_from_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs" echo $"Restoring Mutt settings for $USERNAME" temp_restore_dir=/root/tempmutt restore_directory_from_usb "$temp_restore_dir" "mutt/$USERNAME" if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" ]; then cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc" sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc" sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc" fi if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" ]; then cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc sed -i '/set sidebar_delim/d' /etc/Muttrc sed -i '/set sidebar_sort/d' /etc/Muttrc fi else if [ -f $temp_restore_dir/.muttrc ]; then cp -f "$temp_restore_dir/.muttrc" "/home/$USERNAME/.muttrc" sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc" sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc" fi if [ -f $temp_restore_dir/Muttrc ]; then cp -f $temp_restore_dir/Muttrc /etc/Muttrc sed -i '/set sidebar_delim/d' /etc/Muttrc sed -i '/set sidebar_sort/d' /etc/Muttrc fi fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir set_user_permissions backup_unmount_drive exit 276 fi rm -rf $temp_restore_dir fi done fi } function restore_gpg { if [[ $RESTORE_APP != 'gpg' ]]; then return fi if [ -d $USB_MOUNT/backup/gnupg ]; then for d in $USB_MOUNT/backup/gnupg/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ ! -d "/home/$USERNAME" ]; then "${PROJECT_NAME}-adduser" "$USERNAME" fi echo $"Restoring gnupg settings for $USERNAME" temp_restore_dir=/root/tempgnupg restore_directory_from_usb $temp_restore_dir "gnupg/$USERNAME" if [ -d "$temp_restore_dir/home/$USERNAME/.gnupg" ]; then cp -r "$temp_restore_dir/home/$USERNAME/.gnupg" "/home/$USERNAME/" else if [ ! -d "/home/$USERNAME/.gnupg" ]; then mkdir "/home/$USERNAME/.gnupg" fi cp -r $temp_restore_dir/* "/home/$USERNAME/.gnupg/" fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir set_user_permissions backup_unmount_drive exit 276 fi rm -rf $temp_restore_dir gpg_set_permissions "$USERNAME" if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then if ! cp -r "/home/$USERNAME/.gnupg" /root; then set_user_permissions backup_unmount_drive exit 283 fi gpg_set_permissions root fi fi done fi } function restore_procmail { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'procmail' ]]; then return fi fi if [ -d $USB_MOUNT/backup/procmail ]; then for d in $USB_MOUNT/backup/procmail/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ ! -d "/home/$USERNAME" ]; then ${PROJECT_NAME}-adduser "$USERNAME" fi echo $"Restoring procmail settings for $USERNAME" temp_restore_dir=/root/tempprocmail restore_directory_from_usb $temp_restore_dir "procmail/$USERNAME" if [ -d $temp_restore_dir ]; then if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/" else cp -f "$temp_restore_dir/.procmailrc" "/home/$USERNAME/.procmailrc" fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir set_user_permissions backup_unmount_drive exit 276 fi rm -rf $temp_restore_dir fi fi done fi } function restore_spamassassin { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'spamassassin' ]]; then return fi fi if [ -d $USB_MOUNT/backup/spamassassin ]; then for d in $USB_MOUNT/backup/spamassassin/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ -d "$USB_MOUNT/backup/spamassassin/$USERNAME" ]; then if [ ! -d "/home/$USERNAME" ]; then ${PROJECT_NAME}-adduser "$USERNAME" fi echo $"Restoring spamassassin settings for $USERNAME" temp_restore_dir=/root/tempspamassassin restore_directory_from_usb $temp_restore_dir "spamassassin/$USERNAME" if [ -d "$temp_restore_dir/home/$USERNAME" ]; then cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/" else if [ ! -d "/home/$USERNAME/.spamassassin" ]; then mkdir "/home/$USERNAME/.spamassassin" fi cp -rf "$temp_restore_dir/"* "/home/$USERNAME/.spamassassin/" fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir set_user_permissions backup_unmount_drive exit 276 fi rm -rf $temp_restore_dir fi fi done fi } function restore_admin_readme { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'readme' ]]; then return fi fi if [ -d $USB_MOUNT/backup/readme ]; then echo $"Restoring admin user README" # Make a backup of the original README file # incase old passwords need to be used if [ -f "/home/$ADMIN_USERNAME/README" ]; then if [ ! -f "/home/$ADMIN_USERNAME/README_original" ]; then cp "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/README_original" fi fi temp_restore_dir=/root/tempreadme restore_directory_from_usb $temp_restore_dir readme if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/" else cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README" fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir set_user_permissions backup_unmount_drive exit 276 fi rm -rf $temp_restore_dir fi } function restore_user_ssh_keys { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'ssh' ]]; then return fi fi if [ -d $USB_MOUNT/backup/ssh ]; then for d in $USB_MOUNT/backup/ssh/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ ! -d "/home/$USERNAME" ]; then ${PROJECT_NAME}-adduser "$USERNAME" fi echo $"Restoring ssh keys for $USERNAME" temp_restore_dir=/root/tempssh restore_directory_from_usb $temp_restore_dir "ssh/$USERNAME" if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/" else if [ ! -d "/home/$USERNAME/.ssh" ]; then mkdir "/home/$USERNAME/.ssh" fi cp -r "$temp_restore_dir/"* "/home/$USERNAME/.ssh/" fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir set_user_permissions backup_unmount_drive exit 664 fi rm -rf $temp_restore_dir fi done fi } function restore_user_config { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'userconfig' ]]; then return fi fi if [ -d $USB_MOUNT/backup/config ]; then for d in $USB_MOUNT/backup/config/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ ! -d "/home/$USERNAME" ]; then ${PROJECT_NAME}-adduser "$USERNAME" fi echo $"Restoring config files for $USERNAME" temp_restore_dir=/root/tempconfig restore_directory_from_usb $temp_restore_dir "config/$USERNAME" if [ -d "$temp_restore_dir/home/$USERNAME/.config" ]; then cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/" else if [ ! -d "/home/$USERNAME/.config" ]; then mkdir "/home/$USERNAME/.config" fi cp -r $temp_restore_dir/* "/home/$USERNAME/.config/" fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir set_user_permissions backup_unmount_drive exit 664 fi rm -rf $temp_restore_dir fi done fi } function restore_user_monkeysphere { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'usermonkeysphere' ]]; then return fi fi if [ -d $USB_MOUNT/backup/monkeysphere ]; then for d in $USB_MOUNT/backup/monkeysphere/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ ! -d "/home/$USERNAME" ]; then ${PROJECT_NAME}-adduser "$USERNAME" fi echo $"Restoring monkeysphere ids for $USERNAME" temp_restore_dir=/root/tempmonkeysphere restore_directory_from_usb $temp_restore_dir "monkeysphere/$USERNAME" if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/" else if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then mkdir "/home/$USERNAME/.monkeysphere" fi cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere" fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir set_user_permissions backup_unmount_drive exit 664 fi rm -rf $temp_restore_dir fi done # The admin user is the identity certifier MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}" read_config_param MY_EMAIL_ADDRESS MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS") fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}') monkeysphere-authentication add-identity-certifier "$fpr" monkeysphere-authentication update-users fi } function restore_user_fin { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'userfin' ]]; then return fi fi if [ -d $USB_MOUNT/backup/fin ]; then for d in $USB_MOUNT/backup/fin/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ ! -d "/home/$USERNAME" ]; then ${PROJECT_NAME}-adduser "$USERNAME" fi echo $"Restoring fin files for $USERNAME" temp_restore_dir=/root/tempfin restore_directory_from_usb $temp_restore_dir "fin/$USERNAME" if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/" else if [ ! -d "/home/$USERNAME/.fin" ]; then mkdir "/home/$USERNAME/.fin" fi cp -r "$temp_restore_dir/"* "/home/$USERNAME/.fin/" fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir set_user_permissions backup_unmount_drive exit 664 fi rm -rf $temp_restore_dir fi done fi } function restore_user_local { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'userlocal' ]]; then return fi fi if [ -d $USB_MOUNT/backup/local ]; then for d in $USB_MOUNT/backup/local/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ ! -d "/home/$USERNAME" ]; then ${PROJECT_NAME}-adduser "$USERNAME" fi echo $"Restoring local files for $USERNAME" temp_restore_dir=/root/templocal restore_directory_from_usb $temp_restore_dir "local/$USERNAME" if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/" else if [ ! -d "/home/$USERNAME/.local" ]; then mkdir "/home/$USERNAME/.local" fi cp -r $temp_restore_dir/* "/home/$USERNAME/.local/" fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir set_user_permissions backup_unmount_drive exit 664 fi rm -rf $temp_restore_dir fi done fi } function restore_certs { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'certs' ]]; then return fi fi if [ -d $USB_MOUNT/backup/ssl ]; then echo $"Restoring certificates" mkdir /root/tempssl restore_directory_from_usb /root/tempssl ssl if [ -d /root/tempssl/etc/ssl ]; then cp -r /root/tempssl/etc/ssl/* /etc/ssl else cp -r /root/tempssl/* /etc/ssl/ fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then set_user_permissions backup_unmount_drive exit 276 fi rm -rf /root/tempssl update-ca-certificates # restore ownership if [ -f /etc/ssl/private/xmpp.key ]; then chown prosody:prosody /etc/ssl/private/xmpp.key chown prosody:prosody /etc/ssl/certs/xmpp.* fi if [ -d /etc/dovecot ]; then chown root:dovecot /etc/ssl/private/dovecot.* chown root:dovecot /etc/ssl/certs/dovecot.* fi if [ -f /etc/ssl/private/exim.key ]; then cp /etc/ssl/private/exim.key /etc/exim4 cp /etc/ssl/certs/exim.crt /etc/exim4 cp /etc/ssl/certs/exim.dhparam /etc/exim4 chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam fi if [ -f /etc/ssl/private/mumble.key ]; then if [ -d /var/lib/mumble-server ]; then cp /etc/ssl/certs/mumble.* /var/lib/mumble-server cp /etc/ssl/private/mumble.key /var/lib/mumble-server chown -R mumble-server:mumble-server /var/lib/mumble-server fi fi fi } function restore_personal_settings { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'personal' ]]; then return fi fi if [ -d $USB_MOUNT/backup/personal ]; then for d in $USB_MOUNT/backup/personal/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ -d "$USB_MOUNT/backup/personal/$USERNAME" ]; then if [ ! -d "/home/$USERNAME" ]; then ${PROJECT_NAME}-adduser "$USERNAME" fi echo $"Restoring personal settings for $USERNAME" temp_restore_dir=/root/temppersonal restore_directory_from_usb $temp_restore_dir "personal/$USERNAME" if [ -d "/home/$USERNAME/personal" ]; then rm -rf "/home/$USERNAME/personal" fi if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then # shellcheck disable=SC2086 mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME else if [ ! -d "/home/$USERNAME/personal" ]; then mkdir "/home/$USERNAME/personal" fi cp -r $temp_restore_dir/* "/home/$USERNAME/personal/" fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then set_user_permissions backup_unmount_drive exit 184 fi rm -rf $temp_restore_dir fi fi done fi } function restore_mailing_list { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'mailinglist' ]]; then return fi fi if [ -d /var/spool/mlmmj ]; then echo $"Restoring public mailing list" temp_restore_dir=/root/tempmailinglist restore_directory_from_usb $temp_restore_dir mailinglist if [ -d $temp_restore_dir/root/spool/mlmmj ]; then cp -r $temp_restore_dir/root/spool/mlmmj/* /var/spool/mlmmj else cp -r $temp_restore_dir/* /var/spool/mlmmj/ fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then set_user_permissions backup_unmount_drive exit 526 fi rm -rf $temp_restore_dir fi } function restore_email { if [[ $RESTORE_APP != 'all' ]]; then if [[ $RESTORE_APP != 'email' ]]; then return fi fi if [ -d $USB_MOUNT/backup/mail ]; then for d in $USB_MOUNT/backup/mail/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ ! -d "/home/$USERNAME" ]; then ${PROJECT_NAME}-adduser "$USERNAME" fi echo $"Restoring emails for $USERNAME" temp_restore_dir=/root/tempmail restore_directory_from_usb $temp_restore_dir "mail/$USERNAME" if [ ! -d "/home/$USERNAME/Maildir" ]; then mkdir "/home/$USERNAME/Maildir" fi if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C / else tar -xzvf $temp_restore_dir/maildir.tar.gz -C / fi # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then set_user_permissions backup_unmount_drive exit 9276382 fi rm -rf $temp_restore_dir fi done fi } function get_restore_app { if [ "${1}" ]; then if [ ! -d "/home/${1}" ]; then RESTORE_APP="${1}" echo $"Restore $RESTORE_APP" fi fi } get_restore_app "${2}" backup_mount_drive "${1}" "${ADMIN_USERNAME}" "${2}" check_backup_exists check_admin_user copy_gpg_keys gpg_agent_setup root restore_blocklist restore_configfiles same_admin_user restore_passwordstore restore_mariadb restore_postgresql restore_letsencrypt restore_tor restore_mutt_settings restore_gpg restore_procmail restore_spamassassin restore_admin_readme restore_user_ssh_keys restore_user_config restore_user_monkeysphere restore_user_fin restore_user_local restore_certs restore_personal_settings restore_mailing_list restore_email restore_apps local "$RESTORE_APP" set_user_permissions update_default_domain backup_unmount_drive # ensure that all TLS certificates are pinned #${PROJECT_NAME}-pin-cert all echo $"Restore from USB drive is complete. You can now unplug it." exit 0