#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # This install script is intended for use with Debian Jessie # # License # ======= # # Copyright (C) 2014-2015 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . NO_OF_ARGS=$# # Web site FREEDOMBONE_WEBSITE="http://freedombone.uk.to" # Contact details FREEDOMBONE_BITMESSAGE="BM-2cWuhmBvVdfrHhLoZTdspCkKeiTorUesSL" # Are we installing on a Beaglebone Black (BBB) or some other system? INSTALLING_ON_BBB="no" # Version number of this script VERSION="1.01" # Different system variants which may be specified within # the SYSTEM_TYPE option VARIANT_FULL="full" VARIANT_WRITER="writer" VARIANT_CLOUD="cloud" VARIANT_CHAT="chat" VARIANT_MAILBOX="mailbox" VARIANT_NONMAILBOX="nonmailbox" VARIANT_SOCIAL="social" VARIANT_MEDIA="media" VARIANT_DEVELOPER="developer" VARIANT_MESH="mesh" DEFAULT_DOMAIN_NAME= DEFAULT_DOMAIN_CODE= MY_USERNAME= SYSTEM_TYPE=$VARIANT_FULL # whether the system is being installed from a pre-created configuration file INSTALLING_FROM_CONFIGURATION_FILE="no" # An optional configuration file which overrides some of these variables CONFIGURATION_FILE="freedombone.cfg" SSH_PORT=2222 IRC_PORT=6697 # parameters used when adding a new domain DDNS_PROVIDER="default@freedns.afraid.org" DDNS_USERNAME= DDNS_PASSWORD= CURRENT_DDNS_DOMAIN= # Minimum number of characters in a password MINIMUM_PASSWORD_LENGTH=10 # number of CPU cores CPU_CORES=1 # If the system is on an IPv6 network IPV6_NETWORK='2001:470:26:307' # The static IP address of the system within the local network LOCAL_NETWORK_STATIC_IP_ADDRESS="192.168.1.60" # IP address of the router (gateway) ROUTER_IP_ADDRESS="192.168.1.254" # DNS NAMESERVER1='213.73.91.35' NAMESERVER2='85.214.20.141' # whether to route outgoing traffic through Tor ROUTE_THROUGH_TOR="no" # Why use Google as a time source? # The thinking here is that it's likely to be reliable and fast. # The ping doesn't reveal any information other than that the server # is running, and if anyone maliciously alters the time on Google's # servers then that would certainly be newsworthy and they'd be # likely to do something about it quickly. # If you have better time sources then change them here. TLS_TIME_SOURCE1="google.com" TLS_TIME_SOURCE2="www.ptb.de" # The type of hardware random number generator being used # This can be empty, "beaglebone" or "onerng" HWRNG_TYPE= # Download location for OneRNG driver ONERNG_PACKAGE="onerng_3.4-1_all.deb" ONERNG_PACKAGE_DOWNLOAD="https://github.com/OneRNG/onerng.github.io/blob/master/sw/$ONERNG_PACKAGE?raw=true" # Hash for OneRNG driver ONERNG_PACKAGE_HASH='78f1c2f52ae573e3b398a695ece7ab9f41868252657ea269f0d5cf0bd4f2eb59' # device name for OneRNG ONERNG_DEVICE='ttyACM0' # Whether this system is being installed within a docker container INSTALLED_WITHIN_DOCKER="no" # If you want to run a public mailing list specify its name here. # There should be no spaces in the name PUBLIC_MAILING_LIST= # Optional different domain name for the public mailing list PUBLIC_MAILING_LIST_DOMAIN_NAME= # Directory where the public mailing list data is stored PUBLIC_MAILING_LIST_DIRECTORY="/var/spool/mlmmj" # If you want to run an encrypted mailing list specify its name here. # There should be no spaces in the name PRIVATE_MAILING_LIST= # Domain name for mediagoblin installation MEDIAGOBLIN_DOMAIN_NAME= MEDIAGOBLIN_CODE= MEDIAGOBLIN_REPO="https://gitorious.org/mediagoblin/mediagoblin.git" MEDIAGOBLIN_ADMIN_PASSWORD= # Domain name for microblog installation MICROBLOG_DOMAIN_NAME= MICROBLOG_CODE= MICROBLOG_REPO="git://gitorious.org/social/mainline.git" MICROBLOG_ADMIN_PASSWORD= # Domain name for hubzilla installation HUBZILLA_DOMAIN_NAME= HUBZILLA_CODE= HUBZILLA_REPO="https://github.com/redmatrix/hubzilla.git" HUBZILLA_ADDONS_REPO="https://github.com/redmatrix/hubzilla-addons.git" HUBZILLA_ADMIN_PASSWORD= # Domain name for git hosting installation GIT_DOMAIN_NAME= GIT_CODE= GIT_DOMAIN_REPO="https://github.com/gogits/gogs.git" GIT_ADMIN_PASSWORD= # Domain name for Owncloud installation OWNCLOUD_DOMAIN_NAME= OWNCLOUD_CODE= OWNCLOUD_ADMIN_PASSWORD= # Domain name for your wiki WIKI_DOMAIN_NAME= WIKI_ADMIN_PASSWORD= WIKI_TITLE="Freedombone Wiki" WIKI_CODE= # Domain name for your blog FULLBLOG_DOMAIN_NAME= FULLBLOG_CODE= MY_BLOG_TITLE="My Blog" MY_BLOG_SUBTITLE="Another Freedombone Blog" GPG_KEYSERVER="hkp://keys.gnupg.net" # whether to encrypt all incoming email with your public key GPG_ENCRYPT_STORED_EMAIL="yes" # gets set to yes if gpg keys are imported from usb GPG_KEYS_IMPORTED="no" # optionally you can provide your exported GPG key pair here # Note that the private key file will be deleted after use # If these are unspecified then a new GPG key will be created MY_GPG_PUBLIC_KEY= MY_GPG_PRIVATE_KEY= # optionally specify your public key ID MY_GPG_PUBLIC_KEY_ID= # If you have existing mail within a Maildir # you can specify the directory here and the files # will be imported IMPORT_MAILDIR= # The Debian package repository to use. DEBIAN_REPO="ftp.us.debian.org" DEBIAN_VERSION="jessie" # Directory where source code is downloaded and compiled INSTALL_DIR=$HOME/build # device name for an attached usb drive USB_DRIVE=/dev/sda1 # Location where the USB drive is mounted to USB_MOUNT=/mnt/usb # name of a script used to upgrade the system UPGRADE_SCRIPT_NAME="freedombone-upgrade" # name of a script which keeps running processes going even if they crash WATCHDOG_SCRIPT_NAME="keepon" # the type of backup system used, rsync or obnam BACKUP_TYPE='obnam' # Name of a script used to create a backup of the system on usb drive BACKUP_SCRIPT_NAME="backup" # Name of a script used to restore the system from usb drive RESTORE_SCRIPT_NAME="restore" # name of a script used to backup to friends servers BACKUP_TO_FRIENDS_SCRIPT_NAME="backup2friends" # name of a script used to restore backed up data from a friend RESTORE_FROM_FRIEND_SCRIPT_NAME="restorefromfriend" # Location of the certificate used to encrypt backups BACKUP_CERTIFICATE=/etc/ssl/private/backup.key # memory limit for php in MB MAX_PHP_MEMORY=64 # default MariaDB password MARIADB_PASSWORD= # Directory where XMPP settings are stored XMPP_DIRECTORY="/var/lib/prosody" # file containing a list of remote locations to backup to # Format: [username@friendsdomain//home/username] [ssh_password] # With the only space character being between the server and the password FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list # list of encryption protocols SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2" # list of ciphers to use. See bettercrypto.org recommendations SSL_CIPHERS="EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA" # ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html) SSH_CIPHERS="chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr" SSH_MACS="hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com" SSH_KEX="curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256" SSH_HOST_KEY_ALGORITHMS="ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-ed25519,ssh-rsa" # xmpp ciphers and curve XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"' XMPP_ECC_CURVE='"secp384r1"' # the default email address MY_EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME # optionally specify your name to appear on the blog MY_NAME=$DEFAULT_DOMAIN_NAME export DEBIAN_FRONTEND=noninteractive # logging level for Nginx WEBSERVER_LOG_LEVEL='crit' # used to limit CPU usage CPULIMIT='/usr/bin/cpulimit -l 20 -e' # command to create a git repository CREATE_GIT_PROJECT_COMMAND='create-project' # File which keeps track of what has already been installed COMPLETION_FILE=$HOME/freedombone-completed.txt if [ ! -f $COMPLETION_FILE ]; then touch $COMPLETION_FILE fi # Your github username GITHUB_USERNAME= # Directory where github projects will be backed up GITHUB_BACKUP_DIRECTORY=/var/backups/github # Used to indicate whether the backup contains MariaDB databases or not BACKUP_INCLUDES_DATABASES="no" # contains the mysql root password which # is used for backups and repair DATABASE_PASSWORD_FILE=/root/dbpass # log file where details of remote backups are stored REMOTE_BACKUPS_LOG=/var/log/remotebackups.log # message if something fails to install CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list." # web site used to obtain the external IP address of the system GET_IP_ADDRESS_URL="checkip.two-dns.de" # Password used for VoIP server VOIP_SERVER_PASSWORD= # Port on which VoIP server listens VOIP_PORT=64738 # Location of VoIP database and configuration VOIP_DATABASE="mumble-server.sqlite" VOIP_CONFIG_FILE="mumble-server.ini" # other possible services to obtain the external IP address EXTERNAL_IP_SERVICES=( \ 'https://check.torproject.org/' \ 'https://www.whatsmydns.net/whats-my-ip-address.html' \ 'https://www.privateinternetaccess.com/pages/whats-my-ip/' \ 'http://checkip.two-dns.de' \ 'http://ip.dnsexit.com' \ 'http://ifconfig.me/ip' \ 'http://ipecho.net/plain' \ 'http://checkip.dyndns.org/plain' \ 'http://ipogre.com/linux.php' \ 'http://whatismyipaddress.com/' \ 'http://ip.my-proxy.com/' \ 'http://websiteipaddress.com/WhatIsMyIp' \ 'http://getmyipaddress.org/' \ 'http://www.my-ip-address.net/' \ 'http://myexternalip.com/raw' \ 'http://www.canyouseeme.org/' \ 'http://www.trackip.net/' \ 'http://icanhazip.com/' \ 'http://www.iplocation.net/' \ 'http://www.howtofindmyipaddress.com/' \ 'http://www.ipchicken.com/' \ 'http://whatsmyip.net/' \ 'http://www.ip-adress.com/' \ 'http://checkmyip.com/' \ 'http://www.tracemyip.org/' \ 'http://checkmyip.net/' \ 'http://www.lawrencegoetz.com/programs/ipinfo/' \ 'http://www.findmyip.co/' \ 'http://ip-lookup.net/' \ 'http://www.dslreports.com/whois' \ 'http://www.mon-ip.com/en/my-ip/' \ 'http://www.myip.ru' \ 'http://ipgoat.com/' \ 'http://www.myipnumber.com/my-ip-address.asp' \ 'http://www.whatsmyipaddress.net/' \ 'http://formyip.com/' \ 'http://www.displaymyip.com/' \ 'http://www.bobborst.com/tools/whatsmyip/' \ 'http://www.geoiptool.com/' \ 'http://checkip.dyndns.com/' \ 'http://myexternalip.com/' \ 'http://www.ip-adress.eu/' \ 'http://www.infosniper.net/' \ 'http://wtfismyip.com/' \ 'http://ipinfo.io/' \ 'http://httpbin.org/ip') WIFI_CHANNEL=2 WIFI_INTERFACE=wlan0 # cjdns settings ENABLE_CJDNS="no" CJDNS_PRIVATE_KEY= CJDNS_PUBLIC_KEY= CJDNS_IPV6= CJDNS_PASSWORD= CJDNS_PORT= # B.A.T.M.A.N settings ENABLE_BATMAN="no" BATMAN_CELLID='any' ESSID='mesh' # Babel mesh ENABLE_BABEL="no" BABEL_PORT=6696 # social key management ENABLE_SOCIAL_KEY_MANAGEMENT="no" TOX_PORT=33445 TOX_REPO='git://github.com/irungentoo/toxcore.git' TOX_BOOTSTRAP_ID_FILE=/var/lib/tox-bootstrapd/pubkey.txt # These are some default nodes, but you can replace them with trusted nodes # as you prefer. See https://wiki.tox.im/Nodes TOX_NODE= #TOX_NODES=( # '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US' # '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE' #) #ZERONET_REPO='https://github.com/HelloZeroNet/ZeroNet.git' ZERONET_REPO='https://github.com/HelloZeroNet/ZeroNet.git' ZERONET_BLOG_REPO='https://github.com/HelloZeroNet/ZeroBlog' ZERONET_FORUM_REPO='https://github.com/HelloZeroNet/ZeroTalk' ZERONET_URL=http://127.0.0.1:43110 ZERONET_PORT=15441 TRACKER_PORT=6969 ZERONET_DEFAULT_BLOG_TAGLINE="Blogging on the Mesh" ZERONET_DEFAULT_FORUM_TAGLINE="A decentralized discussion group" IPFS_PORT=4001 # Default diffie-hellman key length in bits DH_KEYLENGTH=1024 # repo for atheros AR9271 wifi driver ATHEROS_WIFI_REPO='https://github.com/qca/open-ath9k-htc-firmware.git' function show_help { echo '' echo 'freedombone -c [configuration file]' echo '' echo ' -h --help Show help' echo ' menuconfig Easy interactive installation' echo ' -c --config Installing from a configuration file' echo ' --bbb Installing on Beaglebone Black' echo ' -u --user User to install the system as' echo ' -d --domain Default domain name' echo ' -s --system System type' echo ' --ip Static LAN IP address of the system' echo ' --iprouter LAN IP address of the internet router' echo ' --ddns Dynamic DNS provider domain' echo ' --ddnsuser Dynamic DNS provider username' echo ' --ddnspass Dynamic DNS provider password' echo '' echo ' --microblogdomain Microblog domain name' echo ' --wikidomain Wiki domain name' echo ' --blogdomain Blog domain name' echo ' --ownclouddomain Owncloud domain name' echo ' --hubzilladomain Hubzilla domain name' echo ' --gitdomain Git hosting domain name' echo ' -t --time Domain used as a TLS time source' echo ' --ssh ssh port number' echo ' --list Public mailing list name' echo ' --cores Number of CPU cores' echo ' --name Your name' echo ' --email Your email address' echo ' --usb Path for the USB drive (eg. /dev/sdb1)' echo ' --cjdns Enable CJDNS' echo ' --vpass VoIP server password' echo ' --vport VoIP server port' echo ' --ns1 First DNS nameserver' echo ' --ns2 Second DNS nameserver' echo ' --repo Debian repository' echo '' echo 'system types' echo '------------' echo 'This can either be blank if you wish to install the full system,' echo "or for more specialised variants you can specify '$VARIANT_MAILBOX', '$VARIANT_CLOUD'," echo "'$VARIANT_CHAT', '$VARIANT_SOCIAL', '$VARIANT_MEDIA', '$VARIANT_WRITER', '$VARIANT_DEVELOPER'" echo "or '$VARIANT_MESH'." echo '' echo "If you wish to install everything except email then use the '$VARIANT_NONMAILBOX' variaint." echo '' exit 0 } function interactive_configuration_remote_backups { if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if [ ! -f /usr/local/bin/freedombone-remote ]; then if [ ! -f /usr/bin/freedombone-remote ]; then echo 'The command freedombone-remote was not found' exit 87354 fi fi freedombone-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes if [ ! "$?" = "0" ]; then echo 'Command failed:' echo '' echo " freedombone-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes" echo '' exit 65892 fi } # test a domain name to see if it's valid function validate_domain_name { # count the number of dots in the domain name dots=${TEST_DOMAIN_NAME//[^.]} no_of_dots=${#dots} if (( $no_of_dots > 3 )); then TEST_DOMAIN_NAME="The domain $TEST_DOMAIN_NAME has too many subdomains. It should be of the type w.x.y.z, x.y.z or y.z" fi if (( $no_of_dots == 0 )); then TEST_DOMAIN_NAME="The domain $TEST_DOMAIN_NAME has no top level domain. It should be of the type w.x.y.z, x.y.z or y.z" fi } function interactive_configuration { if [ ! -f /usr/local/bin/freedombone-config ]; then if [ ! -f /usr/bin/freedombone-config ]; then echo 'The command freedombone-config was not found' exit 63935 fi fi if [ -f /tmp/meshuserdevice ]; then rm -f /tmp/meshuserdevice fi freedombone-config \ -f $CONFIGURATION_FILE \ -w $FREEDOMBONE_WEBSITE \ -b $FREEDOMBONE_BITMESSAGE \ -m $MINIMUM_PASSWORD_LENGTH if [ -f /tmp/meshuserdevice ]; then # mesh network user device installation rm -f /tmp/meshuserdevice exit 0 fi if [ ! "$?" = "0" ]; then echo 'Command failed:' echo '' echo " freedombone-config -u $MY_USERNAME -f $CONFIGURATION_FILE -w $FREEDOMBONE_WEBSITE -b $FREEDOMBONE_BITMESSAGE -m $MINIMUM_PASSWORD_LENGTH" echo '' exit 73594 fi if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list dialog --title "Encrypted backup to other servers" \ --backtitle "Freedombone Configuration" \ --defaultno \ --yesno "\nDo you wish to configure some remote backup locations?" 7 60 sel=$? case $sel in 0) interactive_configuration_remote_backups;; esac fi } if [[ $1 == "menuconfig" ]]; then interactive_configuration else while [[ $# > 1 ]] do key="$1" case $key in -h|--help) show_help ;; # load a configuration file -c|--config) shift CONFIGURATION_FILE="$1" INSTALLING_FROM_CONFIGURATION_FILE="yes" break ;; # username within /home -u|--user) shift MY_USERNAME="$1" ;; # microblog domain name --microblogdomain) shift MICROBLOG_DOMAIN_NAME="$1" ;; # wiki domain name --wikidomain) shift WIKI_DOMAIN_NAME="$1" ;; # blog domain name --blogdomain) shift FULLBLOG_DOMAIN_NAME="$1" ;; # owncloud domain name --ownclouddomain) shift OWNCLOUD_DOMAIN_NAME="$1" ;; # hubzilla domain name --hubzilladomain) shift HUBZILLA_DOMAIN_NAME="$1" ;; # git hosting domain name --gitdomain) shift GIT_DOMAIN_NAME="$1" ;; # default domain name -d|--domain) shift DEFAULT_DOMAIN_NAME="$1" ;; # The type of system -s|--system) shift SYSTEM_TYPE="$1" ;; # The dynamic DNS provider --ddns) shift DDNS_PROVIDER="$1" ;; # Username for the synamic DNS provider --ddnsuser) shift DDNS_USERNAME="$1" ;; # Password for the synamic DNS provider --ddnspass) shift DDNS_PASSWORD="$1" ;; # Whether this installation is on a Beaglebone Black --bbb) INSTALLING_ON_BBB="yes" ;; # Domain name to use as a TLS time source -t|--time) shift TLS_TIME_SOURCE1="$1" ;; # Static IP address for the system --ip) shift LOCAL_NETWORK_STATIC_IP_ADDRESS=$1 ;; # IP address for the internet router --iprouter) shift ROUTER_IP_ADDRESS=$1 ;; # ssh port --ssh) shift SSH_PORT=$1 ;; # public mailing list name --list) shift PUBLIC_MAILING_LIST="$1" ;; # Number of CPU cores --cores) shift CPU_CORES=$1 ;; # my name --name) shift MY_NAME="$1" ;; # my email address --email) shift MY_EMAIL_ADDRESS="$1" ;; # USB drive --usb) shift USB_DRIVE=$1 ;; # Enable CJDNS --cjdns) shift ENABLE_CJDNS="yes" ;; # Enable B.A.T.M.A.N --batman) shift ENABLE_BATMAN="yes" ;; # Enable Babel --babel) shift ENABLE_BABEL="yes" ;; # VoIP server password --vpass) shift VOIP_SERVER_PASSWORD=$1 ;; # VoIP server port --vport) shift VOIP_PORT=$1 ;; # DNS Nameserver 1 --ns1) shift NAMESERVER1=$1 ;; # DNS Nameserver 2 --ns2) shift NAMESERVER2=$1 ;; # Debian repository --repo) shift DEBIAN_REPO=$1 ;; *) # unknown option ;; esac shift done fi function parse_args { if [[ $NO_OF_ARGS == 0 ]]; then echo 'no_of_args = 0' show_help exit 0 fi if [ ! -d /home/$MY_USERNAME ]; then echo "There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user." exit 1 fi if [ ! "$DEFAULT_DOMAIN_NAME" ]; then if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then echo 'No default domain specified' show_help exit 2 fi fi if [ ! $MY_USERNAME ]; then echo 'No username specified' show_help exit 3 fi if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then if [ ! $DDNS_USERNAME ]; then echo 'Please provide the username for your dynamic DNS provider with the --ddnsuser option' exit 7823 fi if [ ! $DDNS_PASSWORD ]; then echo 'Please provide the password for your dynamic DNS provider with the --ddnspass option' exit 6382 fi fi if [ ! $SYSTEM_TYPE ]; then SYSTEM_TYPE=$VARIANT_FULL fi if [[ $SYSTEM_TYPE != $VARIANT_WRITER && $SYSTEM_TYPE != $VARIANT_CLOUD && $SYSTEM_TYPE != $VARIANT_CHAT && $SYSTEM_TYPE != $VARIANT_MAILBOX && $SYSTEM_TYPE != $VARIANT_NONMAILBOX && $SYSTEM_TYPE != $VARIANT_SOCIAL && $SYSTEM_TYPE != $VARIANT_MEDIA && $SYSTEM_TYPE != $VARIANT_DEVELOPER && $SYSTEM_TYPE != $VARIANT_MESH && $SYSTEM_TYPE != $VARIANT_FULL ]]; then echo "'$SYSTEM_TYPE' is an unrecognised Freedombone variant." exit 30 fi } function read_configuration { # if not installing on a Beaglebone then use sdb as the USB drive by default if [ ! $INSTALLING_ON_BBB ]; then if [[ $USB_DRIVE == /dev/sda1 ]]; then USB_DRIVE=/dev/sdb1 fi fi if [[ $INSTALLING_FROM_CONFIGURATION_FILE == "yes" ]]; then if [ ! -f $CONFIGURATION_FILE ]; then echo "The configuration file $CONFIGURATION_FILE was not found" exit 8935 fi fi if [ -f $CONFIGURATION_FILE ]; then if grep -q "IPFS_PORT" $CONFIGURATION_FILE; then IPFS_PORT=$(grep "IPFS_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "BACKUP_TYPE" $CONFIGURATION_FILE; then BACKUP_TYPE=$(grep "BACKUP_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "TRACKER_PORT" $CONFIGURATION_FILE; then TRACKER_PORT=$(grep "TRACKER_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "ZERONET_PORT" $CONFIGURATION_FILE; then ZERONET_PORT=$(grep "ZERONET_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "DH_KEYLENGTH" $CONFIGURATION_FILE; then DH_KEYLENGTH=$(grep "DH_KEYLENGTH" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "WIFI_INTERFACE" $CONFIGURATION_FILE; then WIFI_INTERFACE=$(grep "WIFI_INTERFACE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "IRC_PORT" $CONFIGURATION_FILE; then IRC_PORT=$(grep "IRC_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "WIFI_CHANNEL" $CONFIGURATION_FILE; then WIFI_CHANNEL=$(grep "WIFI_CHANNEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "BATMAN_CELLID" $CONFIGURATION_FILE; then BATMAN_CELLID=$(grep "BATMAN_CELLID" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "ESSID" $CONFIGURATION_FILE; then ESSID=$(grep "ESSID" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "TOX_PORT" $CONFIGURATION_FILE; then TOX_PORT=$(grep "TOX_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "TOX_NODES" $CONFIGURATION_FILE; then TOX_NODES=$(grep "TOX_NODES" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "TOX_REPO" $CONFIGURATION_FILE; then TOX_REPO=$(grep "TOX_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "ENABLE_SOCIAL_KEY_MANAGEMENT" $CONFIGURATION_FILE; then ENABLE_SOCIAL_KEY_MANAGEMENT=$(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "IPV6_NETWORK" $CONFIGURATION_FILE; then IPV6_NETWORK=$(grep "IPV6_NETWORK" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "HWRNG_TYPE" $CONFIGURATION_FILE; then HWRNG_TYPE=$(grep "HWRNG_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MEDIAGOBLIN_DOMAIN_NAME" $CONFIGURATION_FILE; then MEDIAGOBLIN_DOMAIN_NAME=$(grep "MEDIAGOBLIN_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MEDIAGOBLIN_CODE" $CONFIGURATION_FILE; then MEDIAGOBLIN_CODE=$(grep "MEDIAGOBLIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "GIT_ADMIN_PASSWORD" $CONFIGURATION_FILE; then GIT_ADMIN_PASSWORD=$(grep "GIT_ADMIN_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "GIT_DOMAIN_NAME" $CONFIGURATION_FILE; then GIT_DOMAIN_NAME=$(grep "GIT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "GIT_CODE" $CONFIGURATION_FILE; then GIT_CODE=$(grep "GIT_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "SYSTEM_TYPE" $CONFIGURATION_FILE; then SYSTEM_TYPE=$(grep "SYSTEM_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "SSL_PROTOCOLS" $CONFIGURATION_FILE; then SSL_PROTOCOLS=$(grep "SSL_PROTOCOLS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "SSL_CIPHERS" $CONFIGURATION_FILE; then SSL_CIPHERS=$(grep "SSL_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "SSH_CIPHERS" $CONFIGURATION_FILE; then SSH_CIPHERS=$(grep "SSH_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "SSH_MACS" $CONFIGURATION_FILE; then SSH_MACS=$(grep "SSH_MACS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "SSH_KEX" $CONFIGURATION_FILE; then SSH_KEX=$(grep "SSH_KEX" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE; then SSH_HOST_KEY_ALGORITHMS=$(grep "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "SSH_PASSWORDS" $CONFIGURATION_FILE; then SSH_PASSWORDS=$(grep "SSH_PASSWORDS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "XMPP_CIPHERS" $CONFIGURATION_FILE; then XMPP_CIPHERS=$(grep "XMPP_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "XMPP_ECC_CURVE" $CONFIGURATION_FILE; then XMPP_ECC_CURVE=$(grep "XMPP_ECC_CURVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "DOMAIN_NAME" $CONFIGURATION_FILE; then # for backwards compatability DEFAULT_DOMAIN_NAME=$(grep "DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then DEFAULT_DOMAIN_NAME=$(grep "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE; then DEFAULT_DOMAIN_CODE=$(grep "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "NAMESERVER1" $CONFIGURATION_FILE; then NAMESERVER1=$(grep "NAMESERVER1" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "NAMESERVER2" $CONFIGURATION_FILE; then NAMESERVER2=$(grep "NAMESERVER2" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "DEBIAN_REPO" $CONFIGURATION_FILE; then DEBIAN_REPO=$(grep "DEBIAN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}') CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list." fi if grep -q "VOIP_PORT" $CONFIGURATION_FILE; then VOIP_PORT=$(grep "VOIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then VOIP_SERVER_PASSWORD=$(grep "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE; then GET_IP_ADDRESS_URL=$(grep "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "DDNS_PROVIDER" $CONFIGURATION_FILE; then DDNS_PROVIDER=$(grep "DDNS_PROVIDER" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "DDNS_USERNAME" $CONFIGURATION_FILE; then DDNS_USERNAME=$(grep "DDNS_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "DDNS_PASSWORD" $CONFIGURATION_FILE; then DDNS_PASSWORD=$(grep "DDNS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE; then LOCAL_NETWORK_STATIC_IP_ADDRESS=$(grep "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "ENABLE_BABEL" $CONFIGURATION_FILE; then ENABLE_BABEL=$(grep "ENABLE_BABEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "ENABLE_BATMAN" $CONFIGURATION_FILE; then ENABLE_BATMAN=$(grep "ENABLE_BATMAN" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "ENABLE_CJDNS" $CONFIGURATION_FILE; then ENABLE_CJDNS=$(grep "ENABLE_CJDNS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "CJDNS_IPV6" $CONFIGURATION_FILE; then CJDNS_IPV6=$(grep "CJDNS_IPV6" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE; then CJDNS_PUBLIC_KEY=$(grep "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE; then CJDNS_PRIVATE_KEY=$(grep "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "BACKUP_CERTIFICATE" $CONFIGURATION_FILE; then BACKUP_CERTIFICATE=$(grep "BACKUP_CERTIFICATE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE; then ROUTER_IP_ADDRESS=$(grep "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "GITHUB_USERNAME" $CONFIGURATION_FILE; then GITHUB_USERNAME=$(grep "GITHUB_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "GITHUB_BACKUP_DIRECTORY" $CONFIGURATION_FILE; then GITHUB_BACKUP_DIRECTORY=$(grep "GITHUB_BACKUP_DIRECTORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "CPU_CORES" $CONFIGURATION_FILE; then CPU_CORES=$(grep "CPU_CORES" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE; then WEBSERVER_LOG_LEVEL=$(grep "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE; then ROUTE_THROUGH_TOR=$(grep "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "WIKI_TITLE" $CONFIGURATION_FILE; then WIKI_TITLE=$(grep "WIKI_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_NAME" $CONFIGURATION_FILE; then MY_NAME=$(grep "MY_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE; then MY_EMAIL_ADDRESS=$(grep "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "INSTALLING_ON_BBB" $CONFIGURATION_FILE; then INSTALLING_ON_BBB=$(grep "INSTALLING_ON_BBB" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "SSH_PORT" $CONFIGURATION_FILE; then SSH_PORT=$(grep "SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE; then INSTALLED_WITHIN_DOCKER=$(grep "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE; then PUBLIC_MAILING_LIST=$(grep "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then MICROBLOG_DOMAIN_NAME=$(grep "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MICROBLOG_CODE" $CONFIGURATION_FILE; then MICROBLOG_CODE=$(grep "MICROBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "HUBZILLA_DOMAIN_NAME" $CONFIGURATION_FILE; then HUBZILLA_DOMAIN_NAME=$(grep "HUBZILLA_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "HUBZILLA_CODE" $CONFIGURATION_FILE; then HUBZILLA_CODE=$(grep "HUBZILLA_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE; then OWNCLOUD_DOMAIN_NAME=$(grep "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "OWNCLOUD_CODE" $CONFIGURATION_FILE; then OWNCLOUD_CODE=$(grep "OWNCLOUD_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE; then WIKI_DOMAIN_NAME=$(grep "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "WIKI_CODE" $CONFIGURATION_FILE; then WIKI_CODE=$(grep "WIKI_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then FULLBLOG_DOMAIN_NAME=$(grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "FULLBLOG_CODE" $CONFIGURATION_FILE; then FULLBLOG_CODE=$(grep "FULLBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_BLOG_TITLE" $CONFIGURATION_FILE; then MY_BLOG_TITLE=$(grep "MY_BLOG_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE; then MY_BLOG_SUBTITLE=$(grep "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE; then GPG_ENCRYPT_STORED_EMAIL=$(grep "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE; then MY_GPG_PUBLIC_KEY=$(grep "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE; then MY_GPG_PRIVATE_KEY=$(grep "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE; then MY_GPG_PUBLIC_KEY_ID=$(grep "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "USB_DRIVE" $CONFIGURATION_FILE; then USB_DRIVE=$(grep "USB_DRIVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MAX_PHP_MEMORY" $CONFIGURATION_FILE; then MAX_PHP_MEMORY=$(grep "MAX_PHP_MEMORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "TLS_TIME_SOURCE1" $CONFIGURATION_FILE; then TLS_TIME_SOURCE1=$(grep "TLS_TIME_SOURCE1" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "TLS_TIME_SOURCE2" $CONFIGURATION_FILE; then TLS_TIME_SOURCE2=$(grep "TLS_TIME_SOURCE2" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi fi } # check an individual domain name function test_domain_name { if [ $1 ]; then TEST_DOMAIN_NAME=$1 validate_domain_name if [[ $TEST_DOMAIN_NAME != $1 ]]; then echo $TEST_DOMAIN_NAME exit 8528 fi fi } # check that domain names are sensible function check_domains { if [ $WIKI_DOMAIN_NAME ]; then test_domain_name "$WIKI_DOMAIN_NAME" if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then echo 'Wiki domain name is the same as Owncloud domain name. They must be different' exit 73863 fi if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then echo 'Wiki domain name is the same as blog domain name. They must be different' exit 97326 fi if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then echo 'Wiki domain name is the same as microblog domain name. They must be different' exit 36827 fi if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then echo 'Wiki domain name is the same as hubzilla domain name. They must be different' exit 65848 fi fi if [ $OWNCLOUD_DOMAIN_NAME ]; then test_domain_name "$OWNCLOUD_DOMAIN_NAME" if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then echo 'Owncloud domain name is the same as wiki domain name. They must be different' exit 37994 fi if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then echo 'Owncloud domain name is the same as blog domain name. They must be different' exit 37936 fi if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then echo 'Owncloud domain name is the same as microblog domain name. They must be different' exit 36896 fi if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then echo 'Owncloud domain name is the same as hubzilla domain name. They must be different' exit 68365 fi fi if [ $FULLBLOG_DOMAIN_NAME ]; then test_domain_name "$FULLBLOG_DOMAIN_NAME" if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then echo 'Blog domain name is the same as wiki domain name. They must be different' exit 62348 fi if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then echo 'Blog domain name is the same as Owncloud domain name. They must be different' exit 84682 fi if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then echo 'Blog domain name is the same as microblog domain name. They must be different' exit 38236 fi if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then echo 'Blog domain name is the same as hubzilla domain name. They must be different' exit 35483 fi fi if [ $MICROBLOG_DOMAIN_NAME ]; then test_domain_name "$MICROBLOG_DOMAIN_NAME" if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then echo 'Microblog domain name is the same as wiki domain name. They must be different' exit 73924 fi if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then echo 'Microblog domain name is the same as Owncloud domain name. They must be different' exit 73683 fi if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then echo 'Microblog domain name is the same as blog domain name. They must be different' exit 26832 fi if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then echo 'Microblog domain name is the same as hubzilla domain name. They must be different' exit 678382 fi fi if [ $HUBZILLA_DOMAIN_NAME ]; then test_domain_name "$HUBZILLA_DOMAIN_NAME" if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then echo 'Hubzilla domain name is the same as wiki domain name. They must be different' exit 83682 fi if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then echo 'Hubzilla domain name is the same as Owncloud domain name. They must be different' exit 65192 fi if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then echo 'Hubzilla domain name is the same as blog domain name. They must be different' exit 74817 fi if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then echo 'Hubzilla domain name is the same as microblog domain name. They must be different' exit 83683 fi fi } # Checks whether certificates were generated for the given hostname function check_certificates { if [ ! $1 ]; then return fi if [ ! -f /etc/ssl/private/$1.key ]; then echo "Private certificate for $CHECK_HOSTNAME was not created" exit 63959 fi if [ ! -f /etc/ssl/certs/$1.crt ]; then echo "Public certificate for $CHECK_HOSTNAME was not created" exit 7679 fi if [ ! -f /etc/ssl/certs/$1.dhparam ]; then echo "Diffie–Hellman parameters for $CHECK_HOSTNAME were not created" exit 5989 fi } function install_not_on_BBB { if grep -Fxq "install_not_on_BBB" $COMPLETION_FILE; then return fi if [[ INSTALLING_ON_BBB == "yes" ]]; then return fi echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces echo '' >> /etc/network/interfaces echo '# The loopback network interface' >> /etc/network/interfaces echo 'auto lo' >> /etc/network/interfaces echo 'iface lo inet loopback' >> /etc/network/interfaces echo '' >> /etc/network/interfaces echo '# The primary network interface' >> /etc/network/interfaces echo 'auto eth0' >> /etc/network/interfaces echo 'iface eth0 inet static' >> /etc/network/interfaces echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces echo ' netmask 255.255.255.0' >> /etc/network/interfaces echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces echo " dns-nameservers $NAMESERVER1 $NAMESERVER2" >> /etc/network/interfaces echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces echo '' >> /etc/network/interfaces echo '# The secondary network interface' >> /etc/network/interfaces echo '#auto eth1' >> /etc/network/interfaces echo '#iface eth1 inet dhcp' >> /etc/network/interfaces echo '' >> /etc/network/interfaces echo '# WiFi Example' >> /etc/network/interfaces echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces echo '# wpa-ssid "essid"' >> /etc/network/interfaces echo '# wpa-psk "password"' >> /etc/network/interfaces echo '' >> /etc/network/interfaces echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces echo '#iface usb0 inet static' >> /etc/network/interfaces echo '# address 192.168.7.2' >> /etc/network/interfaces echo '# netmask 255.255.255.0' >> /etc/network/interfaces echo '# network 192.168.7.0' >> /etc/network/interfaces echo '# gateway 192.168.7.1' >> /etc/network/interfaces echo 'install_not_on_BBB' >> $COMPLETION_FILE } function randomize_cron { # The predictable default timing of Debian cron jobs might # be exploitable knowledge. Avoid too much predictability # by randomizing the times when cron jobs run if grep -Fxq "randomize_cron" $COMPLETION_FILE; then return fi # randomize the day on which the weekly cron job runs randdow=$(($RANDOM%6+1)) sed -i "s|\* \* 7|* * $randdow|g" /etc/crontab # randomize the time when the weekly cron job runs randmin=$(($RANDOM%60)) randhr=$(($RANDOM%3+1)) sed -i "s|47 6|$randmin $randhr|g" /etc/crontab # randomize the time when the daily cron job runs randmin=$(($RANDOM%60)) randhr=$(($RANDOM%3+4)) sed -i "s|25 6\t\* \* \*|$randmin $randhr\t* * *|g" /etc/crontab # randomize the time when the hourly cron job runs randmin=$(($RANDOM%60)) sed -i "s|17 \*\t|$randmin *\t|g" /etc/crontab # randomize monthly cron job time and day randmin=$(($RANDOM%60)) randhr=$(($RANDOM%22+1)) randdom=$(($RANDOM%27+1)) sed -i "s|52 6\t|$randmin $randhr\t|g" /etc/crontab sed -i "s|\t1 \* \*|\t$randdom * *|g" /etc/crontab service cron restart echo 'randomize_cron' >> $COMPLETION_FILE } function get_cjdns_public_key { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "cjdns public key" /home/$MY_USERNAME/README; then if [ ! $CJDNS_PUBLIC_KEY ]; then CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi fi } function get_cjdns_private_key { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "cjdns private key" /home/$MY_USERNAME/README; then if [ ! $CJDNS_PRIVATE_KEY ]; then CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi fi } function get_cjdns_ipv6_address { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then if [ ! $CJDNS_IPV6 ]; then CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi fi } function get_cjdns_port { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "cjdns port" /home/$MY_USERNAME/README; then if [ ! $CJDNS_PORT ]; then CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi fi } function get_cjdns_password { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "cjdns password" /home/$MY_USERNAME/README; then if [ ! $CJDNS_PASSWORD ]; then CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi fi } function save_firewall_settings { iptables-save > /etc/firewall.conf ip6tables-save > /etc/firewall6.conf printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables chmod +x /etc/network/if-up.d/iptables } function enable_ipv6 { # endure that ipv6 is enabled and can route sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf #sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf #sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf echo 1 > /proc/sys/net/ipv6/conf/all/forwarding } function mesh_cjdns { if grep -Fxq "mesh_cjdns" $COMPLETION_FILE; then return fi if [[ $ENABLE_CJDNS != "yes" ]]; then return fi apt-get -y install nodejs git build-essential nmap # if a README exists then obtain the cjdns parameters get_cjdns_ipv6_address get_cjdns_public_key get_cjdns_private_key get_cjdns_port get_cjdns_password # special compile settings for running ./do on the Beaglebone Black if [[ $INSTALLING_ON_BBB == "yes" ]]; then CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized" export LDFLAGS="$CFLAGS" fi if [ ! -d /etc/cjdns ]; then git clone https://github.com/cjdelisle/cjdns.git /etc/cjdns cd /etc/cjdns ./do if [ ! "$?" = "0" ]; then exit 7439 fi # create a configuration if [ ! -f /etc/cjdns/cjdroute.conf ]; then ./cjdroute --genconf > /etc/cjdns/cjdroute.conf if [ ! "$?" = "0" ]; then exit 5922 fi fi # create a user to run as useradd cjdns else cd /etc/cjdns git pull ./do if [ ! "$?" = "0" ]; then exit 9926 fi fi # set permissions chown -R cjdns:cjdns /etc/cjdns chmod 600 /etc/cjdns/cjdroute.conf /sbin/ip tuntap add mode tun user cjdns dev cjdroute0 # insert values into the configuration file if [ $CJDNS_PRIVATE_KEY ]; then sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf else CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p) fi if [ $CJDNS_PUBLIC_KEY ]; then sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf else CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p) fi if [ $CJDNS_IPV6 ]; then sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf else CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p) fi if [ $CJDNS_PASSWORD ]; then sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf else CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p) fi if [ $CJDNS_PORT ]; then sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf else CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p) fi enable_ipv6 echo '#!/bin/sh -e' > /etc/init.d/cjdns echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns echo '# Provides: cjdroute' >> /etc/init.d/cjdns echo '# Required-Start: $remote_fs $network' >> /etc/init.d/cjdns echo '# Required-Stop: $remote_fs $network' >> /etc/init.d/cjdns echo '# Default-Start: 2 3 4 5' >> /etc/init.d/cjdns echo '# Default-Stop: 0 1 6' >> /etc/init.d/cjdns echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns echo '# Description: A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns echo '# cjdns git repo: https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns echo '### END INIT INFO' >> /etc/init.d/cjdns echo '' >> /etc/init.d/cjdns echo 'PROG="cjdroute"' >> /etc/init.d/cjdns echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns echo '' >> /etc/init.d/cjdns echo 'start() {' >> /etc/init.d/cjdns echo ' # Start it up with the user cjdns' >> /etc/init.d/cjdns echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns echo ' then' >> /etc/init.d/cjdns echo ' echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns echo ' else' >> /etc/init.d/cjdns echo ' echo " * Starting cjdroute"' >> /etc/init.d/cjdns echo ' su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns echo ' /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns echo ' /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns echo ' /sbin/ip link set tun0 up' >> /etc/init.d/cjdns echo ' /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns echo ' fi' >> /etc/init.d/cjdns echo '}' >> /etc/init.d/cjdns echo '' >> /etc/init.d/cjdns echo 'stop() {' >> /etc/init.d/cjdns echo '' >> /etc/init.d/cjdns echo ' if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns echo ' then' >> /etc/init.d/cjdns echo ' echo "cjdns isnt running."' >> /etc/init.d/cjdns echo ' else' >> /etc/init.d/cjdns echo ' echo "Killing cjdroute"' >> /etc/init.d/cjdns echo ' killall cjdroute' >> /etc/init.d/cjdns echo ' fi' >> /etc/init.d/cjdns echo '}' >> /etc/init.d/cjdns echo '' >> /etc/init.d/cjdns echo 'status() {' >> /etc/init.d/cjdns echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns echo ' then' >> /etc/init.d/cjdns echo ' echo "Cjdns is running"' >> /etc/init.d/cjdns echo ' else' >> /etc/init.d/cjdns echo ' echo "Cjdns is not running"' >> /etc/init.d/cjdns echo ' fi' >> /etc/init.d/cjdns echo '}' >> /etc/init.d/cjdns echo '' >> /etc/init.d/cjdns echo ' update() {' >> /etc/init.d/cjdns echo ' cd $GIT_PATH' >> /etc/init.d/cjdns echo ' echo "Updating..."' >> /etc/init.d/cjdns echo ' git pull' >> /etc/init.d/cjdns echo ' ./do' >> /etc/init.d/cjdns echo '}' >> /etc/init.d/cjdns echo '' >> /etc/init.d/cjdns echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns echo ' echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns echo ' exit 1' >> /etc/init.d/cjdns echo 'fi' >> /etc/init.d/cjdns echo '' >> /etc/init.d/cjdns echo 'case $1 in' >> /etc/init.d/cjdns echo ' start)' >> /etc/init.d/cjdns echo ' start' >> /etc/init.d/cjdns echo ' exit 0' >> /etc/init.d/cjdns echo ' ;;' >> /etc/init.d/cjdns echo ' stop)' >> /etc/init.d/cjdns echo ' stop' >> /etc/init.d/cjdns echo ' exit 0' >> /etc/init.d/cjdns echo ' ;;' >> /etc/init.d/cjdns echo ' reload|restart|force-reload)' >> /etc/init.d/cjdns echo ' stop' >> /etc/init.d/cjdns echo ' sleep 1' >> /etc/init.d/cjdns echo ' start' >> /etc/init.d/cjdns echo ' exit 0' >> /etc/init.d/cjdns echo ' ;;' >> /etc/init.d/cjdns echo ' status)' >> /etc/init.d/cjdns echo ' status' >> /etc/init.d/cjdns echo ' exit 0' >> /etc/init.d/cjdns echo ' ;;' >> /etc/init.d/cjdns echo ' update|upgrade)' >> /etc/init.d/cjdns echo ' update' >> /etc/init.d/cjdns echo ' stop' >> /etc/init.d/cjdns echo ' sleep 2' >> /etc/init.d/cjdns echo ' start' >> /etc/init.d/cjdns echo ' exit 0' >> /etc/init.d/cjdns echo ' ;;' >> /etc/init.d/cjdns echo ' **)' >> /etc/init.d/cjdns echo ' echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns echo ' exit 1' >> /etc/init.d/cjdns echo ' ;;' >> /etc/init.d/cjdns echo 'esac' >> /etc/init.d/cjdns chmod +x /etc/init.d/cjdns update-rc.d cjdns defaults service cjdns start if [ ! "$?" = "0" ]; then systemctl status cjdns.service exit 8260 fi apt-get -y install radvd echo 'interface eth0' > /etc/radvd.conf echo '{' >> /etc/radvd.conf echo ' AdvSendAdvert on;' >> /etc/radvd.conf echo ' prefix fdfc::1/64' >> /etc/radvd.conf echo ' {' >> /etc/radvd.conf echo ' AdvRouterAddr on;' >> /etc/radvd.conf echo ' };' >> /etc/radvd.conf echo '};' >> /etc/radvd.conf service radvd restart if [ ! "$?" = "0" ]; then systemctl status radvd.service exit 4395 fi if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then echo '' >> /etc/network/interfaces echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces echo 'iface eth0 inet6 static' >> /etc/network/interfaces echo ' pre-up modprobe ipv6' >> /etc/network/interfaces echo ' address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces echo ' netmask 64' >> /etc/network/interfaces service network-manager restart if [ ! "$?" = "0" ]; then systemctl status networking.service exit 6949 fi fi ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT save_firewall_settings if ! grep -q "Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}') echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README echo '=======================' >> /home/$MY_USERNAME/README echo "cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README echo "cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README echo "cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README echo "cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README echo "cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo "Forward port $CJDNS_PORT from your internet router to the Freedombone" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README echo 'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README echo 'to you using your default password' >> /home/$MY_USERNAME/README echo 'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README echo 'so that leaks can be isolated.' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README echo 'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README echo 'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README echo 'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README echo 'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README echo 'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README echo 'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README echo 'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README echo 'each password is for.' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README echo ' http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README echo ' http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'mesh_cjdns' >> $COMPLETION_FILE } function mesh_cjdns_tools { if grep -Fxq "mesh_cjdns_tools" $COMPLETION_FILE; then return fi if [[ $ENABLE_CJDNS != "yes" ]]; then return fi if [ ! -d /etc/cjdns ]; then mesh_cjdns fi apt-get -y install golang mercurial if [ ! -f ~/.bashrc ]; then touch ~/.bashrc fi if ! grep -q "export GOPATH=" ~/.bashrc; then echo 'export GOPATH=$HOME/projects/go' >> ~/.bashrc fi if ! grep -q "export PATH=$PATH:$HOME/projects/go/bin" ~/.bashrc; then echo 'export PATH=$PATH:$HOME/projects/go/bin' >> ~/.bashrc fi . ~/.bashrc export GOPATH=$HOME/projects/go export PATH=$PATH:$HOME/projects/go/bin go get github.com/inhies/cjdcmd if [ ! -f $HOME/projects/go/bin/cjdcmd ]; then echo 'cjdcmd was not compiled. Check your golang installation' exit 7439 fi cp $HOME/projects/go/bin/cjdcmd /usr/bin # initialise from the cjdns config /usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf echo 'mesh_cjdns_tools' >> $COMPLETION_FILE } function install_zeronet_blog { if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then return fi if grep -Fxq "install_zeronet_blog" $COMPLETION_FILE; then return fi if [ ! -f /home/$MY_USERNAME/README ]; then touch /home/$MY_USERNAME/README fi if grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then return fi if [ ! -d /etc/avahi ]; then echo 'Avahi is not installed' exit 736 fi ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog" cd /opt/zeronet python zeronet.py --batch siteCreate 2> /opt/zeronet/blog.txt if [ ! -f /opt/zeronet/blog.txt ]; then echo 'Unable to create blog' exit 479 fi blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}') blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}') ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/} ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/} if [ ${#ZERONET_BLOG_ADDRESS} -lt 20 ]; then echo "Address: $ZERONET_BLOG_ADDRESS" echo "Public key: $ZERONET_BLOG_PRIVATE_KEY" echo 'Unable to create zeronet blog address' exit 7358 fi if [ ${#ZERONET_BLOG_PRIVATE_KEY} -lt 20 ]; then echo "Address: $ZERONET_BLOG_ADDRESS" echo "Public key: $ZERONET_BLOG_PRIVATE_KEY" echo 'Unable to create zeronet blog private key' exit 1639 fi if [ ! -d "/opt/zeronet/data/$ZERONET_BLOG_ADDRESS" ]; then echo "Unable to find site directory: /opt/zeronet/data/$ZERONET_BLOG_ADDRESS" exit 7638 fi git clone $ZERONET_BLOG_REPO ZeroBlog if [ ! -d /opt/zeronet/ZeroBlog ]; then echo 'ZeroBlog repo could not be cloned' exit 6739 fi echo "ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" echo "ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" cp -r /opt/zeronet/ZeroBlog/* /opt/zeronet/data/$ZERONET_BLOG_ADDRESS if [ ! -d /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then mkdir /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data fi cp /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html sed -i "s|

.*|

$ZERONET_DEFAULT_BLOG_TAGLINE

|g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html sed -i "s/Blogging platform Demo/Blogging platform/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY # Add an avahi service echo '' > /tmp/zeronet-blog.service echo '' >> /tmp/zeronet-blog.service echo '' >> /tmp/zeronet-blog.service echo ' %h ZeroNet Blog' >> /tmp/zeronet-blog.service echo ' ' >> /tmp/zeronet-blog.service echo ' _zeronet._udp' >> /tmp/zeronet-blog.service echo " $ZERONET_PORT" >> /tmp/zeronet-blog.service echo " $ZERONET_URL/$ZERONET_BLOG_ADDRESS" >> /tmp/zeronet-blog.service echo ' ' >> /tmp/zeronet-blog.service echo '' >> /tmp/zeronet-blog.service cp /tmp/zeronet-blog.service /etc/avahi/services/zeronet-blog.service if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then mkdir -p /home/$MY_USERNAME/.config/zeronet chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config fi echo "$ZERONET_URL/$ZERONET_BLOG_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/myblog if ! grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo "ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" >> /home/$MY_USERNAME/README echo "ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" >> /home/$MY_USERNAME/README fi echo 'install_zeronet_blog' >> $COMPLETION_FILE } function install_zeronet_forum { if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then return fi if grep -Fxq "install_zeronet_forum" $COMPLETION_FILE; then return fi if [ ! -f /home/$MY_USERNAME/README ]; then touch /home/$MY_USERNAME/README fi if grep -q "ZeroNet Forum address" /home/$MY_USERNAME/README; then return fi if [ ! -d /etc/avahi ]; then echo 'Avahi is not installed' exit 736 fi ZERONET_DEFAULT_FORUM_TITLE="${MY_USERNAME}'s Forum" cd /opt/zeronet python zeronet.py --batch siteCreate 2> /opt/zeronet/forum.txt if [ ! -f /opt/zeronet/forum.txt ]; then echo 'Unable to create forum' exit 479 fi forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}') forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}') ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/} ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/} if [ ${#ZERONET_FORUM_ADDRESS} -lt 20 ]; then echo "Address: $ZERONET_FORUM_ADDRESS" echo "Public key: $ZERONET_FORUM_PRIVATE_KEY" echo 'Unable to create zeronet forum address' exit 76352 fi if [ ${#ZERONET_FORUM_PRIVATE_KEY} -lt 20 ]; then echo "Address: $ZERONET_FORUM_ADDRESS" echo "Public key: $ZERONET_FORUM_PRIVATE_KEY" echo 'Unable to create zeronet forum private key' exit 87356 fi if [ ! -d "/opt/zeronet/data/$ZERONET_FORUM_ADDRESS" ]; then echo "Unable to find site directory: /opt/zeronet/data/$ZERONET_FORUM_ADDRESS" exit 7638 fi git clone $ZERONET_FORUM_REPO ZeroTalk if [ ! -d /opt/zeronet/ZeroTalk ]; then echo 'ZeroTalk repo could not be cloned' exit 6739 fi echo "Forum address: $ZERONET_FORUM_ADDRESS" echo "Forum private key: $ZERONET_FORUM_PRIVATE_KEY" cp -r /opt/zeronet/ZeroTalk/* /opt/zeronet/data/$ZERONET_FORUM_ADDRESS sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html sed -i 's/Messaging Board Demo/Messaging Board/g' /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json # Add an avahi service echo '' > /tmp/zeronet-forum.service echo '' >> /tmp/zeronet-forum.service echo '' >> /tmp/zeronet-forum.service echo ' %h ZeroNet Forum' >> /tmp/zeronet-forum.service echo ' ' >> /tmp/zeronet-forum.service echo ' _zeronet._udp' >> /tmp/zeronet-forum.service echo " $ZERONET_PORT" >> /tmp/zeronet-forum.service echo " $ZERONET_URL/$ZERONET_FORUM_ADDRESS" >> /tmp/zeronet-forum.service echo ' ' >> /tmp/zeronet-forum.service echo '' >> /tmp/zeronet-forum.service sudo cp /tmp/zeronet-forum.service /etc/avahi/services/zeronet-forum.service if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then mkdir -p /home/$MY_USERNAME/.config/zeronet chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config fi echo "$ZERONET_URL/$ZERONET_FORUM_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/myforum if ! grep -q "ZeroNet Forum address" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo "ZeroNet Forum address: $ZERONET_FORUM_ADDRESS" >> /home/$MY_USERNAME/README echo "ZeroNet Forum private key: $ZERONET_FORUM_PRIVATE_KEY" >> /home/$MY_USERNAME/README fi echo 'install_zeronet_forum' >> $COMPLETION_FILE } function install_zeronet { if grep -Fxq "install_zeronet" $COMPLETION_FILE; then return fi if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then return fi apt-get -y install python python-msgpack python-gevent apt-get -y install python-pip bittornado pip install msgpack-python --upgrade useradd -d /opt/zeronet/ -s /bin/false zeronet git clone $ZERONET_REPO /opt/zeronet if [ ! -d /opt/zeronet ]; then exit 56823 fi sudo chown -R zeronet:zeronet /opt/zeronet #cd /opt/zeronet #git checkout bashrc/bootstrap-file # Hack to ensure that the file access port is opened # This is because zeronet normally relies on an internet site # to do this, but on a purely local mesh the internet isn't available sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' /opt/zeronet/src/Site/Site.py echo '[Unit]' > /etc/systemd/system/zeronet.service echo 'Description=Zeronet Server' >> /etc/systemd/system/zeronet.service echo 'After=syslog.target' >> /etc/systemd/system/zeronet.service echo 'After=network.target' >> /etc/systemd/system/zeronet.service echo '[Service]' >> /etc/systemd/system/zeronet.service echo 'Type=simple' >> /etc/systemd/system/zeronet.service echo 'User=zeronet' >> /etc/systemd/system/zeronet.service echo 'Group=zeronet' >> /etc/systemd/system/zeronet.service echo 'WorkingDirectory=/opt/zeronet' >> /etc/systemd/system/zeronet.service echo "ExecStart=/usr/bin/python zeronet.py --ip_external ${DEFAULT_DOMAIN_NAME}.local --trackers_file /opt/zeronet/bootstrap" >> /etc/systemd/system/zeronet.service echo '' >> /etc/systemd/system/zeronet.service echo 'TimeoutSec=300' >> /etc/systemd/system/zeronet.service echo '' >> /etc/systemd/system/zeronet.service echo '[Install]' >> /etc/systemd/system/zeronet.service echo 'WantedBy=multi-user.target' >> /etc/systemd/system/zeronet.service echo '[Unit]' > /etc/systemd/system/tracker.service echo 'Description=Torrent Tracker' >> /etc/systemd/system/tracker.service echo 'After=syslog.target' >> /etc/systemd/system/tracker.service echo 'After=network.target' >> /etc/systemd/system/tracker.service echo '[Service]' >> /etc/systemd/system/tracker.service echo 'Type=simple' >> /etc/systemd/system/tracker.service echo 'User=tracker' >> /etc/systemd/system/tracker.service echo 'Group=tracker' >> /etc/systemd/system/tracker.service echo 'WorkingDirectory=/opt/tracker' >> /etc/systemd/system/tracker.service echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /opt/tracker/dstate --logfile /opt/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> /etc/systemd/system/tracker.service echo '' >> /etc/systemd/system/tracker.service echo 'TimeoutSec=300' >> /etc/systemd/system/tracker.service echo '' >> /etc/systemd/system/tracker.service echo '[Install]' >> /etc/systemd/system/tracker.service echo 'WantedBy=multi-user.target' >> /etc/systemd/system/tracker.service useradd -d /opt/tracker/ -s /bin/false tracker if [ ! -d /opt/tracker ]; then mkdir /opt/tracker fi chown -R tracker:tracker /opt/tracker # publish regularly if ! grep -q "zeronetavahi" /etc/crontab; then echo "* * * * * root zeronetavahi > /dev/null" >> /etc/crontab fi systemctl enable tracker.service systemctl enable zeronet.service systemctl daemon-reload systemctl start tracker.service systemctl start zeronet.service echo 'mesh_zeronet' >> $COMPLETION_FILE } function install_vpn_tunnel { if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C if [ ! "$?" = "0" ]; then exit 76272 fi gpg -a --export 16EF3F64CB201D9C | sudo apt-key add - apt-get update apt-get -y install fastd if [ ! "$?" = "0" ]; then exit 52026 fi fi } # ath9k_htc driver function install_atheros_wifi { if grep -Fxq "install_atheros_wifi" $COMPLETION_FILE; then return fi if [ $INSTALLING_ON_BBB != "yes" ]; then return fi if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then return fi if [ -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then return fi # have drivers already been installed ? if [ -f /lib/firmware/htc_9271.fw ]; then return fi apt-get -y install build-essential cmake git m4 texinfo if [ ! -d $INSTALL_DIR ]; then mkdir -p $INSTALL_DIR fi cd $INSTALL_DIR if [ ! -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then git clone $ATHEROS_WIFI_REPO if [ ! "$?" = "0" ]; then rm -rf $INSTALL_DIR/open-ath9k-htc-firmware exit 74283 fi fi cd $INSTALL_DIR/open-ath9k-htc-firmware git checkout 1.4.0 make toolchain if [ ! "$?" = "0" ]; then rm -rf $INSTALL_DIR/open-ath9k-htc-firmware exit 24820 fi make firmware if [ ! "$?" = "0" ]; then rm -rf $INSTALL_DIR/open-ath9k-htc-firmware exit 63412 fi cp target_firmware/*.fw /lib/firmware/ if [ ! "$?" = "0" ]; then exit 74681 fi echo 'install_atheros_wifi' >> $COMPLETION_FILE } function configure_avahi { if grep -Fxq "configure_avahi" $COMPLETION_FILE; then return fi # only enable avahi if we're doing mesh networking if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then return fi apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd if [ $DEFAULT_DOMAIN_NAME ]; then sed -i "s|#host-name=.*|host-name=$DEFAULT_DOMAIN_NAME|g" /etc/avahi/avahi-daemon.conf else decarray=( 1 2 3 4 5 6 7 8 9 0 ) PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]} sed -i "s|#host-name=.*|host-name=mesh-$PEER_ID|g" /etc/avahi/avahi-daemon.conf fi if [ ! -d /etc/avahi/services ]; then mkdir -p /etc/avahi/services fi # remove an avahi service which isn't used if [ -f /etc/avahi/services/udisks.service ]; then rm /etc/avahi/services/udisks.service fi # Add an ssh service echo '' > /etc/avahi/services/ssh.service echo '' >> /etc/avahi/services/ssh.service echo '' >> /etc/avahi/services/ssh.service echo ' %h SSH' >> /etc/avahi/services/ssh.service echo ' ' >> /etc/avahi/services/ssh.service echo ' _ssh._tcp' >> /etc/avahi/services/ssh.service echo " $SSH_PORT" >> /etc/avahi/services/ssh.service echo ' ' >> /etc/avahi/services/ssh.service echo '' >> /etc/avahi/services/ssh.service # keep the daemon running echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo '# keep avahi daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'if [ ! $AVAHI_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo ' systemctl start avahi-daemon' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME systemctl restart avahi-daemon echo 'configure_avahi' >> $COMPLETION_FILE } function mesh_babel { if grep -Fxq "mesh_babel" $COMPLETION_FILE; then return fi if [[ $ENABLE_BABEL != "yes" ]]; then return fi apt-get -y install babeld babel_script=/var/lib/babel echo '#!/bin/bash' > $babel_script echo '' >> $babel_script echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script echo ' avahi-browse -atl' >> $babel_script echo ' exit 0' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo 'if [[ $1 == "start" ]]; then' >> $babel_script echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $babel_script echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $babel_script echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $babel_script echo ' systemctl restart avahi-daemon' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo "IFACE=$WIFI_INTERFACE" >> $babel_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script echo ' if grep -q "wlan1" /proc/net/dev; then' >> $babel_script echo ' IFACE=wlan1' >> $babel_script echo ' fi' >> $babel_script echo 'fi' >> $babel_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script echo ' if grep -q "wlan2" /proc/net/dev; then' >> $babel_script echo ' IFACE=wlan2' >> $babel_script echo ' fi' >> $babel_script echo 'fi' >> $babel_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script echo ' if grep -q "wlan3" /proc/net/dev; then' >> $babel_script echo ' IFACE=wlan3' >> $babel_script echo ' fi' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script echo ' if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script echo ' echo "Interface $IFACE was not found"' >> $babel_script echo ' else' >> $babel_script echo ' echo "Stopping"' >> $babel_script echo ' fi' >> $babel_script echo ' ifconfig $IFACE down' >> $babel_script echo ' pkill babeld' >> $babel_script echo ' systemctl restart network-manager' >> $babel_script echo ' exit 1' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo 'systemctl stop network-manager' >> $babel_script echo 'ifconfig $IFACE down' >> $babel_script echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script echo "$WIFI_CHANNEL essid \"$ESSID\"" >> $babel_script echo 'ifconfig $IFACE up' >> $babel_script echo -n 'ifconfig $IFACE:avahi ' >> $babel_script echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script echo -n "$BABEL_PORT -d 5 " >> $babel_script echo '$IFACE' >> $babel_script echo 'exit 0' >> $babel_script chmod +x $babel_script echo '[Unit]' > /etc/systemd/system/babel.service echo 'Description=Babel Mesh' >> /etc/systemd/system/babel.service echo '' >> /etc/systemd/system/babel.service echo '[Service]' >> /etc/systemd/system/babel.service echo 'Type=oneshot' >> /etc/systemd/system/babel.service echo "ExecStart=$babel_script start" >> /etc/systemd/system/babel.service echo "ExecStop=$babel_script stop" >> /etc/systemd/system/babel.service echo 'RemainAfterExit=yes' >> /etc/systemd/system/babel.service echo '' >> /etc/systemd/system/babel.service echo '# Allow time for the server to start/stop' >> /etc/systemd/system/babel.service echo 'TimeoutSec=300' >> /etc/systemd/system/babel.service echo '' >> /etc/systemd/system/babel.service echo '[Install]' >> /etc/systemd/system/babel.service echo 'WantedBy=multi-user.target' >> /etc/systemd/system/babel.service systemctl enable babel echo 'mesh_babel' >> $COMPLETION_FILE } function mesh_batman_bridge { # https://sudoroom.org/wiki/Mesh/Relay_setup # also see http://www.netlore.co.uk/airmesh/ # https://www.youtube.com/watch?v=CLKHWfQlFqQ # http://pastebin.com/4U9vdFFm # http://pastebin.com/eeTmL5XL if grep -Fxq "mesh_batman_bridge" $COMPLETION_FILE; then return fi if [[ $ENABLE_BATMAN != "yes" ]]; then return fi apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl apt-get -y install python-dev libevent-dev ebtables python-pip git apt-get -y install wireless-tools rfkill #install_vpn_tunnel modprobe batman-adv [ $? -ne 0 ] && echo "B.A.T.M.A.N module not available" && exit 76482 if ! grep -q "batman_adv" /etc/modules; then echo 'batman_adv' >> /etc/modules fi batman_script=/var/lib/batman echo '#!/bin/bash' > $batman_script echo '' >> $batman_script echo 'if [[ $1 == "start" ]]; then' >> $batman_script echo ' # install avahi' >> $batman_script echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $batman_script echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $batman_script echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $batman_script echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $batman_script echo ' sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" /etc/avahi/avahi-daemon.conf' >> $batman_script echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $batman_script echo 'fi' >> $batman_script echo '' >> $batman_script echo '# Mesh definition' >> $batman_script echo "ESSID=$ESSID" >> $batman_script echo "CELLID=$BATMAN_CELLID" >> $batman_script echo "CHANNEL=$WIFI_CHANNEL" >> $batman_script echo '' >> $batman_script echo '# Ethernet bridge definition (bridged to bat0)' >> $batman_script echo 'BRIDGE=br-mesh' >> $batman_script echo "IFACE=$WIFI_INTERFACE" >> $batman_script echo 'EIFACE=eth0' >> $batman_script echo '' >> $batman_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script echo ' if grep -q "wlan1" /proc/net/dev; then' >> $batman_script echo ' IFACE=wlan1' >> $batman_script echo ' fi' >> $batman_script echo 'fi' >> $batman_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script echo ' if grep -q "wlan2" /proc/net/dev; then' >> $batman_script echo ' IFACE=wlan2' >> $batman_script echo ' fi' >> $batman_script echo 'fi' >> $batman_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script echo ' if grep -q "wlan3" /proc/net/dev; then' >> $batman_script echo ' IFACE=wlan3' >> $batman_script echo ' fi' >> $batman_script echo 'fi' >> $batman_script echo '' >> $batman_script echo 'if [ -e /etc/default/batctl ]; then' >> $batman_script echo ' . /etc/default/batctl' >> $batman_script echo 'fi' >> $batman_script echo '' >> $batman_script echo 'start() {' >> $batman_script echo ' if [ -z "$IFACE" ] ; then' >> $batman_script echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $batman_script echo ' return' >> $batman_script echo ' fi' >> $batman_script echo ' echo "info: enabling batman-adv mesh network $ESSID on $IFACE"' >> $batman_script echo ' systemctl stop network-manager' >> $batman_script echo ' sleep 5' >> $batman_script echo '' >> $batman_script echo " # remove an avahi service which isn't used" >> $batman_script echo ' if [ -f /etc/avahi/services/udisks.service ]; then' >> $batman_script echo ' sudo rm /etc/avahi/services/udisks.service' >> $batman_script echo ' fi' >> $batman_script echo '' >> $batman_script echo ' # Might have to re-enable wifi' >> $batman_script echo ' rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true' >> $batman_script echo '' >> $batman_script echo ' ifconfig $IFACE down' >> $batman_script echo ' ifconfig $IFACE mtu 1532' >> $batman_script echo ' iwconfig $IFACE enc off' >> $batman_script echo ' iwconfig $IFACE mode ad-hoc essid $ESSID channel $CHANNEL' >> $batman_script echo ' sleep 1' >> $batman_script echo ' iwconfig $IFACE ap $CELLID' >> $batman_script echo '' >> $batman_script echo ' modprobe batman-adv' >> $batman_script echo ' batctl if add $IFACE' >> $batman_script echo ' ifconfig $IFACE up' >> $batman_script echo ' avahi-autoipd --force-bind --daemonize --wait $BRIDGE' >> $batman_script echo ' avahi-autoipd --force-bind --daemonize --wait $IFACE' >> $batman_script echo ' ifconfig bat0 up promisc' >> $batman_script echo '' >> $batman_script echo ' #Use persistent HWAddr' >> $batman_script echo ' ether_new=$(ifconfig eth0 | grep HWaddr | sed -e "s/.*HWaddr //")' >> $batman_script echo ' if [ ! -f /var/lib/mesh-node/bat0 ]; then' >> $batman_script echo ' mkdir /var/lib/mesh-node' >> $batman_script echo ' echo "${ether_new}" > /var/lib/mesh-node/bat0' >> $batman_script echo ' else' >> $batman_script echo ' ether=$(cat /var/lib/mesh-node/bat0)' >> $batman_script echo ' ifconfig bat0 hw ether ${ether}' >> $batman_script echo ' fi' >> $batman_script echo '' >> $batman_script echo ' if [ "$EIFACE" ] ; then' >> $batman_script echo ' brctl addbr $BRIDGE' >> $batman_script echo ' brctl addif $BRIDGE bat0' >> $batman_script echo ' brctl addif $BRIDGE $EIFACE' >> $batman_script echo ' ifconfig bat0 0.0.0.0' >> $batman_script echo ' ifconfig $EIFACE 0.0.0.0' >> $batman_script echo ' ifconfig $EIFACE up promisc' >> $batman_script echo ' ifconfig $BRIDGE up' >> $batman_script echo ' fi' >> $batman_script echo '' >> $batman_script echo ' iptables -A INPUT -p tcp --dport 548 -j ACCEPT' >> $batman_script echo ' iptables -A INPUT -p udp --dport 548 -j ACCEPT' >> $batman_script echo ' iptables -A INPUT -p tcp --dport 5353 -j ACCEPT' >> $batman_script echo ' iptables -A INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script echo ' iptables -A INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script echo ' iptables -A INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script echo " iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script echo " iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script echo " iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $batman_script echo '' >> $batman_script echo ' systemctl restart avahi-daemon' >> $batman_script echo '}' >> $batman_script echo '' >> $batman_script echo 'stop() {' >> $batman_script echo ' if [ -z "$IFACE" ]; then' >> $batman_script echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $batman_script echo ' return' >> $batman_script echo ' fi' >> $batman_script echo ' if [ "$EIFACE" ]; then' >> $batman_script echo ' brctl delif $BRIDGE bat0' >> $batman_script echo ' brctl delif $BRIDGE $EIFACE' >> $batman_script echo ' ifconfig $BRIDGE down || true' >> $batman_script echo ' brctl delbr $BRIDGE' >> $batman_script echo ' ifconfig $EIFACE down -promisc' >> $batman_script echo ' fi' >> $batman_script echo '' >> $batman_script echo ' avahi-autoipd -k $BRIDGE' >> $batman_script echo ' avahi-autoipd -k $IFACE' >> $batman_script echo ' ifconfig bat0 down -promisc' >> $batman_script echo '' >> $batman_script echo ' batctl if del $IFACE' >> $batman_script echo ' rmmod batman-adv' >> $batman_script echo ' ifconfig $IFACE mtu 1500' >> $batman_script echo ' ifconfig $IFACE down' >> $batman_script echo ' iwconfig $IFACE mode managed' >> $batman_script echo '' >> $batman_script echo ' iptables -D INPUT -p tcp --dport 548 -j ACCEPT' >> $batman_script echo ' iptables -D INPUT -p udp --dport 548 -j ACCEPT' >> $batman_script echo ' iptables -D INPUT -p tcp --dport 5353 -j ACCEPT' >> $batman_script echo ' iptables -D INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script echo ' iptables -D INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script echo ' iptables -D INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script echo " iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script echo " iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script echo " iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $batman_script echo '' >> $batman_script echo ' systemctl restart network-manager' >> $batman_script echo '}' >> $batman_script echo '' >> $batman_script echo 'if ! grep -q "$IFACE" /proc/net/dev; then' >> $batman_script echo ' echo "Interface $IFACE was not found"' >> $batman_script echo ' stop' >> $batman_script echo ' exit 1' >> $batman_script echo 'fi' >> $batman_script echo '' >> $batman_script echo 'case "$1" in' >> $batman_script echo ' start|stop)' >> $batman_script echo ' $1' >> $batman_script echo ' ;;' >> $batman_script echo ' restart)' >> $batman_script echo ' stop' >> $batman_script echo ' sleep 10' >> $batman_script echo ' start' >> $batman_script echo ' ;;' >> $batman_script echo ' status)' >> $batman_script echo ' batctl o' >> $batman_script echo ' ;;' >> $batman_script echo ' ping)' >> $batman_script echo ' batctl ping $2' >> $batman_script echo ' ;;' >> $batman_script echo ' ls|list)' >> $batman_script echo ' avahi-browse -atl' >> $batman_script echo ' ;;' >> $batman_script echo ' *)' >> $batman_script echo ' echo "error: invalid parameter $1"' >> $batman_script echo ' echo "usage: $0 {start|stop|restart|status|ping|ls|list}"' >> $batman_script echo ' exit 2' >> $batman_script echo ' ;;' >> $batman_script echo 'esac' >> $batman_script echo 'exit 0' >> $batman_script chmod +x $batman_script echo '[Unit]' > /etc/systemd/system/batman.service echo 'Description=B.A.T.M.A.N. Advanced' >> /etc/systemd/system/batman.service echo '' >> /etc/systemd/system/batman.service echo '[Service]' >> /etc/systemd/system/batman.service echo 'Type=oneshot' >> /etc/systemd/system/batman.service echo "ExecStart=$batman_script start" >> /etc/systemd/system/batman.service echo "ExecStop=$batman_script stop" >> /etc/systemd/system/batman.service echo 'RemainAfterExit=yes' >> /etc/systemd/system/batman.service echo '' >> /etc/systemd/system/batman.service echo '# Allow time for the server to start/stop' >> /etc/systemd/system/batman.service echo 'TimeoutSec=300' >> /etc/systemd/system/batman.service echo '' >> /etc/systemd/system/batman.service echo '[Install]' >> /etc/systemd/system/batman.service echo 'WantedBy=multi-user.target' >> /etc/systemd/system/batman.service systemctl enable batman if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README echo '=============================' >> /home/$MY_USERNAME/README echo "Mesh ESSID: $ESSID" >> /home/$MY_USERNAME/README echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'mesh_batman_bridge' >> $COMPLETION_FILE } function remove_instructions_from_motd { sed -i '/## /d' /etc/motd } function check_hwrng { if [[ $HWRNG_TYPE == "beaglebone" ]]; then # If hardware random number generation was enabled then make sure that the device exists. # if /dev/hwrng is not found then any subsequent cryptographic key generation would # suffer from low entropy and might be insecure if [ ! -e /dev/hwrng ]; then ls /dev/hw* echo 'The hardware random number generator is enabled but could not be detected on' echo '/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.' exit 75 fi fi # If a OneRNG device was installed then verify its firmware #check_onerng_verification } function get_mariadb_password { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "MariaDB password" /home/$MY_USERNAME/README; then if [ -f $DATABASE_PASSWORD_FILE ]; then MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE) else MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//') echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE chmod 600 $DATABASE_PASSWORD_FILE fi fi fi } function get_mariadb_gnusocial_admin_password { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "MariaDB gnusocial admin password" /home/$MY_USERNAME/README; then MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi } function get_mariadb_git_admin_password { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "Gogs admin user password" /home/$MY_USERNAME/README; then GIT_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Gogs admin user password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi } function get_mariadb_hubzilla_admin_password { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "MariaDB Hubzilla admin password" /home/$MY_USERNAME/README; then HUBZILLA_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB Hubzilla admin password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi } function get_mariadb_owncloud_admin_password { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "Owncloud database password" /home/$MY_USERNAME/README; then OWNCLOUD_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Owncloud database password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi } function backup_directory_to_usb { echo 'function backup_directory_to_usb {' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d ${1} ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "WARNING: directory does not exist: ${1}"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' else' >> /usr/bin/$BACKUP_SCRIPT_NAME if [[ $BACKUP_TYPE == 'obnam' ]]; then echo ' BACKUP_KEY_EXISTS=$(gpg --list-keys "$MY_NAME (backup key)")' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backup key could not be found"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' exit 43382' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n ' MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" ' >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n "| grep 'pub ' | awk -F ' ' '{print " >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n '$2' >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n "}' | awk -F '/' '{print " >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n '$2' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "}')" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' obnam backup -r $USB_MOUNT/backup/${2} --encrypt-with $MY_BACKUP_KEY_ID ${1}' >> /usr/bin/$BACKUP_SCRIPT_NAME else # For rsyncrypto usage see http://archive09.linux.com/feature/125322 echo " BACKUP_CERTIFICATE=$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rsyncrypto -v -r ${1} $USB_MOUNT/backup/${2} $USB_MOUNT/backup/${2}.keys $BACKUP_CERTIFICATE' >> /usr/bin/$BACKUP_SCRIPT_NAME fi echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' shred -zu ${1}/*' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf ${1}' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' exit 853' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' shred -zu ${1}/*' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf ${1}' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '}' >> /usr/bin/$BACKUP_SCRIPT_NAME } function backup_database { echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'function backup_database {' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/${1} ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/${1}' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/${1}data ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/${1}data' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d /root/temp${1}data ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p /root/temp${1}data' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Obtaining ${1} database backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n ' mysqldump --password=$DATABASE_PASSWORD ' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '${1} > /root/temp${1}data/${1}.sql' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -s /root/temp${1}data/${1}.sql ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "${1} database could not be saved"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "No MariaDB password was given"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' shred -zu /root/temp${1}data/*' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf /root/temp${1}data' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' exit 296' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '}' >> /usr/bin/$BACKUP_SCRIPT_NAME } function create_backup_script { if grep -Fxq "create_backup_script" $COMPLETION_FILE; then return fi apt-get -y install rsyncrypto cryptsetup libgfshare-bin obnam get_mariadb_password get_mariadb_gnusocial_admin_password get_mariadb_hubzilla_admin_password get_mariadb_owncloud_admin_password get_mariadb_git_admin_password echo '#!/bin/bash' > /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "USB_DRIVE=$USB_DRIVE" >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ $1 ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' USB_DRIVE=/dev/${1}1' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "USB_MOUNT=$USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "ADMIN_USERNAME=$MY_USERNAME" >> /usr/bin/$BACKUP_SCRIPT_NAME echo "MY_USERNAME=$MY_USERNAME" >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ $2 ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' MY_USERNAME=$2' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'MY_NAME=$(getent passwd $MY_USERNAME | cut -d: -f5 | cut -d, -f1)' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ ! -b $USB_DRIVE ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Please attach a USB drive"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' exit 1' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'umount -f $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ ! -d $USB_MOUNT ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -f /dev/mapper/encrypted_usb ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf /dev/mapper/encrypted_usb' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'cryptsetup luksClose encrypted_usb' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'cryptsetup luksOpen $USB_DRIVE encrypted_usb' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' USB_DRIVE=/dev/mapper/encrypted_usb' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n 'mount $USB_DRIVE ' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '$USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "There was a problem mounting the USB drive to $USB_MOUNT"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' exit 6392' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ ! -d $USB_MOUNT/backup ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir $USB_MOUNT/backup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ ! -d $USB_MOUNT/backup ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "There was a problem making the directory $USB_MOUNT/backup."' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' exit 27' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# MariaDB password' >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME backup_database echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME backup_directory_to_usb echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME if [[ $BACKUP_TYPE != 'obnam' ]]; then echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Creating backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo " freedombone-addcert -h backup --dhkey $DH_KEYLENGTH" >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "if [ ! -f $BACKUP_CERTIFICATE.gpg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "GPG encrypt the backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo " gpg -c $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n "cp $BACKUP_CERTIFICATE.gpg " >> /usr/bin/$BACKUP_SCRIPT_NAME echo '$USB_MOUNT/backup/key.gpg' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME fi if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then BACKUP_INCLUDES_DATABASES="yes" echo 'backup_database gnusocial' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /root/tempgnusocialdata gnusocialdata' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "Backing up GNU social installation"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "backup_directory_to_usb /var/www/$MICROBLOG_DOMAIN_NAME/htdocs gnusocial" >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME fi if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then BACKUP_INCLUDES_DATABASES="yes" echo 'backup_database hubzilla' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /root/temphubzilladata hubzilladata' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "Backing up Hubzilla installation"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "backup_directory_to_usb /var/www/$HUBZILLA_DOMAIN_NAME/htdocs hubzilla" >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME fi if grep -Fxq "install_owncloud" $COMPLETION_FILE; then BACKUP_INCLUDES_DATABASES="yes" echo 'if [ ! -d $USB_MOUNT/backup/owncloud2 ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/owncloud2' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_database owncloud' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /root/tempownclouddata ownclouddata' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "Obtaining Owncloud data backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /var/lib/owncloud owncloud' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /etc/owncloud owncloud2' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME fi if grep -Fxq "install_gogs" $COMPLETION_FILE; then BACKUP_INCLUDES_DATABASES="yes" echo 'if [ ! -d $USB_MOUNT/backup/gogsrepos ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/gogsrepos' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ ! -d $USB_MOUNT/backup/gogsssh ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/gogsssh' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_database gogs' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /root/tempgogsdata gogsdata' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "Obtaining Gogs settings backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /home/git/go/src/github.com/gogits/gogs/custom gogs' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "Obtaining Gogs repos backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'mv /home/git/gogs-repositories/*.git /home/git/gogs-repositories/$MY_USERNAME' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /home/git/gogs-repositories gogsrepos' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "Obtaining Gogs authorized_keys backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /home/git/.ssh gogsssh' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME fi if grep -Fxq "install_wiki" $COMPLETION_FILE; then echo 'if [ ! -d $USB_MOUNT/backup/wiki ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/wiki' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ ! -d $USB_MOUNT/backup/wiki2 ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/wiki2' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "Obtaining wiki data backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /var/lib/dokuwiki wiki' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /etc/dokuwiki wiki2' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME fi if grep -Fxq "install_blog" $COMPLETION_FILE; then echo 'if [ ! -d $USB_MOUNT/backup/blog ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/blog' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "Obtaining blog backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "backup_directory_to_usb /var/www/$FULLBLOG_DOMAIN_NAME/htdocs blog" >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME fi if grep -Fxq "mesh_cjdns" $COMPLETION_FILE; then echo 'if [ ! -d $USB_MOUNT/backup/cjdns ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/cjdns' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "Obtaining cjdns backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /etc/cjdns cjdns' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME fi echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup certificates' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "if [ -d /etc/ssl ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up certificates"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/ssl ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/ssl' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /etc/ssl ssl' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup projects' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/projects ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up projects"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/projects ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/projects' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /home/$MY_USERNAME/projects projects' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup personal settings' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/personal ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up personal settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/personal ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/personal' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /home/$MY_USERNAME/personal personal' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup the public mailing list' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up the public mailing list"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/mailinglist ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/mailinglist' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo " backup_directory_to_usb $PUBLIC_MAILING_LIST_DIRECTORY mailinglist" >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup xmpp settings' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up the XMPP settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/xmpp ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/xmpp' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo " backup_directory_to_usb $XMPP_DIRECTORY xmpp" >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup gpg keys' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/.gnupg ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up gpg keys"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/gnupg ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/gnupg' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /home/$MY_USERNAME/.gnupg gnupg' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup ssh keys' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/.ssh ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up ssh keys"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/ssh ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/ssh' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /home/$MY_USERNAME/.ssh ssh' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup web sites' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "if [ -d /etc/nginx ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up web settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/web ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/web' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /etc/nginx/sites-available web' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup README file' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -f /home/$MY_USERNAME/README ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up README"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/readme ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/readme' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d /home/$MY_USERNAME/tempbackup ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' cp -f /home/$MY_USERNAME/README /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /home/$MY_USERNAME/tempbackup readme' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup IPFS' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/.ipfs ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up IPFS"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/ipfs ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/ipfs' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /home/$MY_USERNAME/.ipfs ipfs' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup Mutt settings' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -f /home/$MY_USERNAME/.muttrc ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up Mutt settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d /home/$MY_USERNAME/tempbackup ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' cp /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ -f /etc/Muttrc ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' cp /etc/Muttrc /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/mutt ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/mutt' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /home/$MY_USERNAME/tempbackup mutt' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup procmail settings' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -f /home/$MY_USERNAME/.procmailrc ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up procmail settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d /home/$MY_USERNAME/tempbackup ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' cp /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/procmail ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/procmail' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /home/$MY_USERNAME/tempbackup procmail' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup spamassassin settings' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/.spamassassin ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up spamassassin settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/spamassassin ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/spamassassin' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /home/$MY_USERNAME/.spamassassin spamassassin' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup email' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/Maildir ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Creating an email archive"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d /root/tempbackupemail ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo " mkdir -p /root/tempbackupemail" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' tar -czvf /root/tempbackupemail/maildir.tar.gz /home/$MY_USERNAME/Maildir' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up emails"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/mail ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/mail' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /root/tempbackupemail mail' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup DLNA cache' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up DLNA cache"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/dlna ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/dlna' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /var/cache/minidlna dlna' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '# Backup VoIP settings' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "if [ -f /etc/$VOIP_CONFIG_FILE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up VoIP settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d /home/$MY_USERNAME/tempbackup ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n " cp -f /etc/$VOIP_CONFIG_FILE " >> /usr/bin/$BACKUP_SCRIPT_NAME echo '/home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo -n " cp -f /var/lib/mumble-server/$VOIP_DATABASE " >> /usr/bin/$BACKUP_SCRIPT_NAME echo '/home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/voip ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/voip' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /home/$MY_USERNAME/tempbackup voip' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then echo '# Mysql settings' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ ! -d $USB_MOUNT/backup/mariadb ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/mariadb' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ ! -d /root/tempmariadb ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir /root/tempmariadb' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'mysqldump --password=$DATABASE_PASSWORD mysql user > /root/tempmariadb/mysql.sql' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "if [ ! -s /root/tempmariadb/mysql.sql ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Unable to backup mysql settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf /root/tempmariadb' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' exit 653' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "$DATABASE_PASSWORD" > /root/tempmariadb/db' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'chmod 400 /root/tempmariadb/db' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'backup_directory_to_usb /root/tempmariadb mariadb' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME fi echo '# Backup Tox node settings' >> /usr/bin/$BACKUP_SCRIPT_NAME echo "if [ -d /var/lib/tox-bootstrapd ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Backing up Tox node settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' if [ ! -d $USB_MOUNT/backup/tox ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' mkdir -p $USB_MOUNT/backup/tox' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo " cp /etc/tox-bootstrapd.conf /var/lib/tox-bootstrapd" >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' backup_directory_to_usb /var/lib/tox-bootstrapd tox' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'sync' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'umount $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Unable to unmount the drive. This means that the backup did not work"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' exit 46994' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'rm -rf $USB_MOUNT' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [[ $USB_DRIVE == /dev/mapper/encrypted_usb ]]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' echo "Unmount encrypted USB"' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' cryptsetup luksClose encrypted_usb' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'if [ -f /dev/mapper/encrypted_usb ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME echo ' rm -rf /dev/mapper/encrypted_usb' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'echo "Backup to USB drive is complete. You can now unplug it."' >> /usr/bin/$BACKUP_SCRIPT_NAME echo 'exit 0' >> /usr/bin/$BACKUP_SCRIPT_NAME chmod 400 /usr/bin/$BACKUP_SCRIPT_NAME chmod +x /usr/bin/$BACKUP_SCRIPT_NAME echo 'create_backup_script' >> $COMPLETION_FILE } function restore_directory_from_usb { echo 'function restore_directory_from_usb {' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " BACKUP_CERTIFICATE=$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! -d ${1} ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' mkdir ${1}' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME if [[ $BACKUP_TYPE == 'obnam' ]]; then echo ' obnam restore -r $USB_MOUNT/backup/${2} --to ${1}' >> /usr/bin/$RESTORE_SCRIPT_NAME else echo ' rsyncrypto -v -d -r $USB_MOUNT/backup/${2} ${1} $USB_MOUNT/backup/${2}.keys $BACKUP_CERTIFICATE' >> /usr/bin/$RESTORE_SCRIPT_NAME fi echo '}' >> /usr/bin/$RESTORE_SCRIPT_NAME } function restore_database { echo 'function restore_database {' >> /usr/bin/$RESTORE_SCRIPT_NAME if [[ $BACKUP_TYPE == 'obnam' ]]; then echo ' RESTORE_SUBDIR="root"' >> /usr/bin/$RESTORE_SCRIPT_NAME else echo ' RESTORE_SUBDIR="usb/backup/${1}data"' >> /usr/bin/$RESTORE_SCRIPT_NAME fi echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ -d $USB_MOUNT/backup/${1} ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring ${1} database"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb "/root/temp${1}data" "${1}data"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! -f /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/${1}.sql ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Unable to restore ${1} database"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/temp${1}data' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 503' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD ' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '${1} -o < /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 964' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' shred -zu /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/*' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/temp${1}data' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring ${1} installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! -d /root/temp${1} ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' mkdir /root/temp${1}' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb "/root/temp${1}" "${1}"' >> /usr/bin/$RESTORE_SCRIPT_NAME if [[ $BACKUP_TYPE == 'obnam' ]]; then echo ' RESTORE_SUBDIR="var"' >> /usr/bin/$RESTORE_SCRIPT_NAME else echo ' RESTORE_SUBDIR="usb/backup/${1}"' >> /usr/bin/$RESTORE_SCRIPT_NAME fi echo ' if [ ${2} ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ -d /var/www/${2}/htdocs ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /var/www/${2}/htdocs' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' mv /root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs /var/www/${2}/' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 683' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' # Ensure that the bundled SSL cert is being used' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ -f /etc/ssl/certs/${2}.bundle.crt ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' sed -i "s|${2}.crt|${2}.bundle.crt|g" /etc/nginx/sites-available/${2}' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '}' >> /usr/bin/$RESTORE_SCRIPT_NAME } function create_restore_script { if grep -Fxq "create_restore_script" $COMPLETION_FILE; then return fi apt-get -y install rsyncrypto cryptsetup obnam get_mariadb_password get_mariadb_gnusocial_admin_password get_mariadb_hubzilla_admin_password get_mariadb_owncloud_admin_password get_mariadb_git_admin_password echo '#!/bin/bash' > /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "USB_DRIVE=$USB_DRIVE" >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ $1 ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' USB_DRIVE=/dev/${1}1' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "USB_MOUNT=$USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "ADMIN_USERNAME=$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME echo "MY_USERNAME=$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ $2 ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' MY_USERNAME=$2' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ ! -b $USB_DRIVE ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Please attach a USB drive"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 1' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ ! -d $USB_MOUNT ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' mkdir $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ -f /dev/mapper/encrypted_usb ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /dev/mapper/encrypted_usb' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' cryptsetup luksClose encrypted_usb' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' cryptsetup luksOpen $USB_DRIVE encrypted_usb' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' USB_DRIVE=/dev/mapper/encrypted_usb' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n ' mount $USB_DRIVE ' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ ! -d $USB_MOUNT/backup ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "No backup directory found on the USB drive."' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 2' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'echo "Checking that user exists"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ ! -d /home/$MY_USERNAME ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Username $MY_USERNAME not found. Reinstall Freedombone with this username."' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 295' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'echo "Copying GPG keys to root"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'cp -r /home/$MY_USERNAME/.gnupg /root' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '# MariaDB password' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME restore_directory_from_usb echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME restore_database echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME if [[ $BACKUP_TYPE != 'obnam' ]]; then echo 'if [ -f $USB_MOUNT/backup/key.gpg ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " if [ -f $BACKUP_CERTIFICATE.new ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " rm $BACKUP_CERTIFICATE.new" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' cp $USB_MOUNT/backup/key.gpg /root/tempbackupkey.gpg' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " if [ -f /root/tempbackupkey ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Backup key decrypted"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " cp /root/tempbackupkey $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " shred -zu /root/tempbackupkey" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " chmod 400 $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Backup certificate installed"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' else' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Unable to decrypt the backup key"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 735' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " echo 'No backup key was found. Copy your backup key to $BACKUP_CERTIFICATE'" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 563' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME fi echo '# Make a backup of the original README file' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '# incase old passwords need to be used' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ -f /home/$MY_USERNAME/README ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! -f /home/$MY_USERNAME/README_original ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' cp /home/$MY_USERNAME/README /home/$MY_USERNAME/README_original' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then RESTORE_SUBDIR='root/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/mariadb/' fi echo 'if [ -d $USB_MOUNT/backup/mariadb ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring mysql settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempmariadb mariadb' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Get the MariaDB password from the backup"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " if [ ! -f /root/tempmariadb/${RESTORE_SUBDIR}tempmariadb/db ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "MariaDB password file not found"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 495' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n ' BACKUP_MARIADB_PASSWORD=$(cat /root/tempmariadb/' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "${RESTORE_SUBDIR}tempmariadb/db)" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [[ $BACKUP_MARIADB_PASSWORD != $DATABASE_PASSWORD ]]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restore the MariaDB user table"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD mysql -o < ' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "/root/tempmariadb/${RESTORE_SUBDIR}tempmariadb/mysql.sql)" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Try again using the password obtained from backup"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n ' mysqlsuccess=$(mysql -u root --password=$BACKUP_MARIADB_PASSWORD mysql -o < ' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "/root/tempmariadb/${RESTORE_SUBDIR}tempmariadb/mysql.sql)" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 962' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restarting database"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' service mysql restart' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Change the MariaDB password to the backup version"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' DATABASE_PASSWORD=$BACKUP_MARIADB_PASSWORD' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " shred -zu /root/tempmariadb/${RESTORE_SUBDIR}tempmariadb/db" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempmariadb' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' # Change database password file' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n ' echo "$DATABASE_PASSWORD" > ' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "$DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " chmod 600 $DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME fi RESTORE_SUBDIR='home/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/mutt/' fi echo 'if [ -d $USB_MOUNT/backup/mutt ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring Mutt settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempmutt mutt' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " if [ -f /root/tempmutt/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/.muttrc ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " cp -f /root/tempmutt/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/.muttrc /home/$MY_USERNAME/.muttrc' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " if [ -f /root/tempmutt/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/Muttrc ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " cp -f /root/tempmutt/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/Muttrc /etc/Muttrc' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='home/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/gnupg/' fi echo 'if [ -d $USB_MOUNT/backup/gnupg ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring gnupg settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempgnupg gnupg' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " cp -r /root/tempgnupg/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/.gnupg /home/$MY_USERNAME/' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' cp -r /home/$MY_USERNAME/.gnupg /root' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 283' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='home/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/procmail/' fi echo 'if [ -d $USB_MOUNT/backup/procmail ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring procmail settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempprocmail procmail' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " cp -f /root/tempprocmail/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/.procmailrc /home/$MY_USERNAME/' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='home/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/spamassassin/' fi echo 'if [ -d $USB_MOUNT/backup/spamassassin ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring spamassassin settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'restore_directory_from_usb /root/tempspamassassin spamassassin' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " cp -rf /root/tempspamassassin/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/.spamassassin /home/$MY_USERNAME/' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempspamassassin' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempspamassassin' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='home/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/readme/' fi echo 'if [ -d $USB_MOUNT/backup/readme ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring README"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempreadme readme' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " cp -f /root/tempreadme/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/README /home/$MY_USERNAME/' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='home/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/ipfs/' fi echo 'if [ -d $USB_MOUNT/backup/ipfs ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring IPFS"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempipfs ipfs' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " cp -f /root/tempipfs/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/ipfs/* /home/$MY_USERNAME/.ipfs' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempipfs' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempipfs' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='home/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/ssh/' fi echo 'if [ -d $USB_MOUNT/backup/ssh ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring ssh keys"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempssh ssh' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " cp -r /root/tempssh/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/.ssh /home/$MY_USERNAME/' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 664' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='etc/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/ssl/' fi echo 'if [ -d $USB_MOUNT/backup/ssl ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring certificates"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' mkdir /root/tempssl' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempssl ssl' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " cp -r /root/tempssl/${RESTORE_SUBDIR}ssl/* /etc/ssl" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempssl' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='home/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/projects/' fi echo 'if [ -d $USB_MOUNT/backup/projects ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring projects"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempprojects projects' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ -d /home/$MY_USERNAME/projects ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /home/$MY_USERNAME/projects' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " mv /root/tempprojects/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/projects /home/$MY_USERNAME' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 166' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempprojects' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='home/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/personal/' fi echo 'if [ -d $USB_MOUNT/backup/personal ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring personal settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/temppersonal personal' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ -d /home/$MY_USERNAME/personal ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /home/$MY_USERNAME/personal' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " mv /root/temppersonal/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '$MY_USERNAME/personal /home/$MY_USERNAME' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 184' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/temppersonal' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='root/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/mailinglist/' fi echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring public mailing list"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempmailinglist mailinglist' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " cp -r /root/tempmailinglist/${RESTORE_SUBDIR}spool/mlmmj/* $PUBLIC_MAILING_LIST_DIRECTORY" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 526' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempmailinglist' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='var/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/xmpp/' fi echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring XMPP settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempxmpp xmpp' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " cp -r /root/tempxmpp/${RESTORE_SUBDIR}lib/prosody/* $XMPP_DIRECTORY" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 725' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempxmpp' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' service prosody restart' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' chown -R prosody:prosody /var/lib/prosody/*' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME BACKUP_INCLUDES_WEBSITES="no" if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then BACKUP_INCLUDES_WEBSITES="yes" echo "restore_database gnusocial $MICROBLOG_DOMAIN_NAME" >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ -d /root/tempgnusocial ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempgnusocial' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME fi if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then BACKUP_INCLUDES_WEBSITES="yes" echo "restore_database hubzilla $HUBZILLA_DOMAIN_NAME" >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ -d $USB_MOUNT/backup/hubzilla ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3 ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " mkdir -p /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " fi" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " chmod 777 /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/*" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ -d /root/temphubzilla ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/temphubzilla' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME fi if grep -Fxq "install_owncloud" $COMPLETION_FILE; then BACKUP_INCLUDES_WEBSITES="yes" echo "restore_database owncloud $OWNCLOUD_DOMAIN_NAME" >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ -d $USB_MOUNT/backup/owncloud2 ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'restore_directory_from_usb /root/tempowncloud2 owncloud2' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='etc/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/owncloud2/' fi echo " cp -r /root/tempowncloud2/${RESTORE_SUBDIR}owncloud/* /etc/owncloud/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 982' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempowncloud' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempowncloud2' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' chown -R www-data:www-data /var/lib/owncloud/data' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' chown -R www-data:www-data /var/lib/owncloud/backup' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' chown -R www-data:www-data /var/lib/owncloud/assets' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' occ files:scan $MY_USERNAME' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME fi if grep -Fxq "install_gogs" $COMPLETION_FILE; then BACKUP_INCLUDES_WEBSITES="yes" echo "restore_database gogs $GIT_DOMAIN_NAME" >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/gogs' fi echo 'if [ -d $USB_MOUNT/backup/gogs ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring Gogs settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! -d /home/git/go/src/github.com/gogits/gogs/custom ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' mkdir -p /home/git/go/src/github.com/gogits/gogs/custom' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " cp -r /root/tempgogs/${RESTORE_SUBDIR}/git/go/src/github.com/gogits/gogs/custom/* /home/git/go/src/github.com/gogits/gogs/custom" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 981' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring Gogs repos"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'restore_directory_from_usb /root/tempgogsrepos gogsrepos' >> /usr/bin/$RESTORE_SCRIPT_NAME if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/gogsrepos' fi echo " cp -r /root/tempgogsrepos/${RESTORE_SUBDIR}/git/gogs-repositories/* /home/git/gogs-repositories/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 67574' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring Gogs authorized_keys"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempgogsssh gogsssh' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! -d /home/git/.ssh ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' mkdir /home/git/.ssh' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/gogsssh' fi echo " cp -r /root/tempgogsssh/${RESTORE_SUBDIR}/git/.ssh/* /home/git/.ssh/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 8463' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempgogs' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempgogsrepos' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempgogsssh' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' chown -R git:git /home/git' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME fi RESTORE_SUBDIR='var' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/wiki' fi echo 'if [ -d $USB_MOUNT/backup/wiki ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring Wiki installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempwiki wiki' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " cp -r /root/tempwiki/${RESTORE_SUBDIR}/lib/dokuwiki/* /var/lib/dokuwiki/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 868' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempwiki2 wiki2' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='etc' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/wiki2' fi echo " cp -r /root/tempwiki2/${RESTORE_SUBDIR}/dokuwiki/* /etc/dokuwiki/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 869' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempwiki' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempwiki2' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' chown -R www-data:www-data /var/lib/dokuwiki/*' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' # Ensure that the bundled SSL cert is being used' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " if [ -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.bundle.crt ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " sed -i 's|$WIKI_DOMAIN_NAME.crt|$WIKI_DOMAIN_NAME.bundle.crt|g' /etc/nginx/sites-available/$WIKI_DOMAIN_NAME" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='var' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/blog' fi echo 'if [ -d $USB_MOUNT/backup/blog ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring blog installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempblog blog' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " rm -rf /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " cp -r /root/tempblog/${RESTORE_SUBDIR}/www/$FULLBLOG_DOMAIN_NAME/htdocs /var/www/$FULLBLOG_DOMAIN_NAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 593' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempblog' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "No content directory found after restoring blog"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 287' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' # Ensure that the bundled SSL cert is being used' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " if [ -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.bundle.crt ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " sed -i 's|$FULLBLOG_DOMAIN_NAME.crt|$FULLBLOG_DOMAIN_NAME.bundle.crt|g' /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " if [ -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '/$MY_USERNAME/blog/uncategorized/post ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " mv /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content" >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n '/$MY_USERNAME/blog/*.md ' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n "/var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content" >> /usr/bin/$RESTORE_SCRIPT_NAME echo '/$MY_USERNAME/blog/uncategorized/post ' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='etc' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/cjdns' fi echo 'if [ -d $USB_MOUNT/backup/cjdns ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring cjdns installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempcjdns cjdns' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " rm -rf /etc/cjdns" >> /usr/bin/$RESTORE_SCRIPT_NAME echo " cp -r /root/tempcjdns/${RESTORE_SUBDIR}/cjdns /etc/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 8472' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempcjdns' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='root' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/mail' fi echo 'if [ -d $USB_MOUNT/backup/mail ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring emails"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempmail mail' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! -d /home/$MY_USERNAME/Maildir ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' mkdir /home/$MY_USERNAME/Maildir' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " tar -xzvf /root/tempmail/${RESTORE_SUBDIR}/tempbackupemail/maildir.tar.gz -C /" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 927' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempmail' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='var' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/dlna' fi echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ -d $USB_MOUNT/backup/dlna ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring DLNA cache"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempdlna dlna' >> /usr/bin/$RESTORE_SCRIPT_NAME echo " cp -r /root/tempdlna/${RESTORE_SUBDIR}/cache/minidlna/* /var/cache/minidlna/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 982' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempdlna' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ -d $USB_MOUNT/backup/voip ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring VoIP settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /root/tempvoip voip' >> /usr/bin/$RESTORE_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='usb/backup/voip' fi echo -n " cp -f /root/tempvoip/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n '$MY_USERNAME/tempbackup/' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "$VOIP_CONFIG_FILE /etc/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 3679' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n " cp -f /root/tempvoip/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo -n '$MY_USERNAME/tempbackup/' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "$VOIP_DATABASE /var/lib/mumble-server/" >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' cp /etc/ssl/certs/mumble* /var/lib/mumble-server' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' cp /etc/ssl/private/mumble* /var/lib/mumble-server' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' chown -R mumble-server:mumble-server /var/lib/mumble-server' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ -d $USB_MOUNT/backup/tox ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Restoring Tox node settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' restore_directory_from_usb /var/lib/tox-bootstrapd tox' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 6393' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' systemctl restart tox-bootstrapd.service' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' systemctl status tox-bootstrapd.service' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' exit 59369' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'sync' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo "# Unmount the USB drive" >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'umount $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'rm -rf $USB_MOUNT' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME if [[ $BACKUP_INCLUDES_WEBSITES == "yes" ]]; then echo "# Restart the web server" >> /usr/bin/$RESTORE_SCRIPT_NAME echo "service nginx restart" >> /usr/bin/$RESTORE_SCRIPT_NAME echo "service php5-fpm restart" >> /usr/bin/$RESTORE_SCRIPT_NAME fi echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'echo "Setting permissions"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [[ $USB_DRIVE == /dev/mapper/encrypted_usb ]]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' echo "Unmount encrypted USB"' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' cryptsetup luksClose encrypted_usb' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'if [ -f /dev/mapper/encrypted_usb ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME echo ' rm -rf /dev/mapper/encrypted_usb' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'echo "Restore from USB drive is complete. You can now remove it."' >> /usr/bin/$RESTORE_SCRIPT_NAME echo 'exit 0' >> /usr/bin/$RESTORE_SCRIPT_NAME chmod 400 /usr/bin/$RESTORE_SCRIPT_NAME chmod +x /usr/bin/$RESTORE_SCRIPT_NAME echo 'create_restore_script' >> $COMPLETION_FILE } function create_freedns_updater { # currently inadyn doesn't work as expected with freeDNS, so this is a workaround if grep -Fxq "create_freedns_updater" $COMPLETION_FILE; then return fi if [[ $DDNS_PROVIDER != "default@freedns.afraid.org" ]]; then return fi if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi FREEDNS_WGET='wget -q --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?' echo '#!/bin/bash' > /usr/bin/dynamicdns echo 'cd /tmp' >> /usr/bin/dynamicdns if [ $DEFAULT_DOMAIN_CODE ]; then echo "# $DEFAULT_DOMAIN_NAME" >> /usr/bin/dynamicdns echo "$FREEDNS_WGET$DEFAULT_DOMAIN_CODE=" >> /usr/bin/dynamicdns fi if [ $WIKI_CODE ]; then if [[ $WIKI_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then echo "# $WIKI_DOMAIN_NAME" >> /usr/bin/dynamicdns echo "$FREEDNS_WGET$WIKI_CODE=" >> /usr/bin/dynamicdns fi fi if [ $FULLBLOG_CODE ]; then if [[ $FULLBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then echo "# $FULLBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns echo "$FREEDNS_WGET$FULLBLOG_CODE=" >> /usr/bin/dynamicdns fi fi if [ $HUBZILLA_CODE ]; then if [[ $HUBZILLA_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then echo "# $HUBZILLA_DOMAIN_NAME" >> /usr/bin/dynamicdns echo "$FREEDNS_WGET$HUBZILLA_CODE=" >> /usr/bin/dynamicdns fi fi if [ $OWNCLOUD_CODE ]; then if [[ $OWNCLOUD_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then echo "# $OWNCLOUD_DOMAIN_NAME" >> /usr/bin/dynamicdns echo "$FREEDNS_WGET$OWNCLOUD_CODE=" >> /usr/bin/dynamicdns fi fi if [ $MICROBLOG_CODE ]; then if [[ $MICROBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then echo "# $MICROBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns echo "$FREEDNS_WGET$MICROBLOG_CODE=" >> /usr/bin/dynamicdns fi fi if [ $GIT_CODE ]; then if [[ $GIT_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then echo "# $GIT_DOMAIN_NAME" >> /usr/bin/dynamicdns echo "$FREEDNS_WGET$GIT_CODE=" >> /usr/bin/dynamicdns fi fi if [ $MEDIAGOBLIN_CODE ]; then if [[ $MEDIAGOBLIN_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then echo "# $MEDIAGOBLIN_DOMAIN_NAME" >> /usr/bin/dynamicdns echo "$FREEDNS_WGET$MEDIAGOBLIN_CODE=" >> /usr/bin/dynamicdns fi fi echo 'exit 0' >> /usr/bin/dynamicdns chmod 600 /usr/bin/dynamicdns chmod +x /usr/bin/dynamicdns if ! grep -q "/usr/bin/dynamicdns" /etc/crontab; then echo '*/3 * * * * root /usr/bin/dynamicdns' >> /etc/crontab service cron restart fi echo 'create_freedns_updater' >> $COMPLETION_FILE } function backup_directory_to_friend { echo 'function backup_directory_to_friend {' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo " MY_NAME=$MY_NAME" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo " BACKUP_CERTIFICATE=$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo " MY_EMAIL_ADDRESS=$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME if [[ $BACKUP_TYPE == 'obnam' ]]; then echo ' BACKUP_KEY_EXISTS=$(gpg --list-keys "$MY_NAME (backup key)")' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backup key could not be found"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' exit 43382' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n "| grep 'pub ' | awk -F ' ' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '$2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n "}' | awk -F '/' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '$2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' obnam backup -r $SERVER_DIRECTORY/backup/ ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '--encrypt-with $MY_BACKUP_KEY_ID ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '${2} ${1}' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME else # For rsyncrypto usage see http://archive09.linux.com/feature/125322 echo -n ' rsyncrypto -v -r ${1} ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '$SERVER_DIRECTORY/backup/' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '${2} ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '$SERVER_DIRECTORY/backup/' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '${2}.keys $BACKUP_CERTIFICATE' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME fi echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' shred -zu /root/temp${2}/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' rm -rf /root/temp${2}' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' echo "Unable to backup ${2}" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '$MY_EMAIL_ADDRESS' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' exit 853' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' shred -zu /root/temp${2}/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' rm -rf /root/temp${2}' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '}' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME } function backup_database_to_friend { echo 'function backup_database_to_friend {' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo " DATABASE_PASSWORD=$DATABASE_PASSWORD" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo " MY_EMAIL_ADDRESS=$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/${1} ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/${1}' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/${1}data ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/${1}data' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d /root/temp${1}data ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p /root/temp${1}data' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Obtaining ${1} database backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' mysqldump --password=$DATABASE_PASSWORD ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '${1} > /root/temp${1}data/${1}.sql' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -s /root/temp${1}data/${1}.sql ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "${1} database could not be saved"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "No MariaDB password was given"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' shred -zu /root/temp${1}data/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' rm -rf /root/temp${1}data' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' echo "Unable to export ${1} database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '$MY_EMAIL_ADDRESS' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' exit 5738' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '}' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME } function backup_to_friends_servers { if grep -Fxq "backup_to_friends_servers" $COMPLETION_FILE; then return fi if [ ! $FRIENDS_SERVERS_LIST ]; then return fi apt-get -y install rsyncrypto sshpass obnam get_mariadb_password get_mariadb_gnusocial_admin_password get_mariadb_hubzilla_admin_password get_mariadb_owncloud_admin_password get_mariadb_git_admin_password if ! grep -q "backups on friends servers" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Backups' >> /home/$MY_USERNAME/README echo '=======' >> /home/$MY_USERNAME/README echo 'Key file: /root/backupkey' >> /home/$MY_USERNAME/README echo "To add friends servers create a file called $FRIENDS_SERVERS_LIST" >> /home/$MY_USERNAME/README echo 'and add entries like this:' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo "username1@domain1:$SSH_PORT//home/username1 ssh_password1" >> /home/$MY_USERNAME/README echo "username2@domain2:$SSH_PORT//home/username2 ssh_password2" >> /home/$MY_USERNAME/README echo '...' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'The system will try to backup to these remote locations once per day.' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo '#!/bin/bash' > /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Temporary location for data to be backed up to other servers' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'SERVER_DIRECTORY=/root/remotebackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "MY_USERNAME=$MY_USERNAME" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Creating backup key"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo " freedombone-addcert -h backup --dhkey $DH_KEYLENGTH" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "if [ ! -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' exit 1' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# MariaDB password' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# local directory where the backup will be made' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ ! -d $SERVER_DIRECTORY ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir $SERVER_DIRECTORY' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ ! -d $SERVER_DIRECTORY/backup ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME backup_directory_to_friend echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME backup_database_to_friend echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then BACKUP_INCLUDES_DATABASES="yes" echo 'backup_database_to_friend gnusocial' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /root/tempgnusocialdata gnusocialdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'echo "Backing up GNU social installation"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "backup_directory_to_friend /var/www/$MICROBLOG_DOMAIN_NAME/htdocs gnusocial" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME fi if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then BACKUP_INCLUDES_DATABASES="yes" echo 'backup_database_to_friend hubzilla' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /root/temphubzilladata hubzilladata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'echo "Backing up Hubzilla installation"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /var/www/$HUBZILLA_DOMAIN_NAME/htdocs hubzilla' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME fi if grep -Fxq "install_owncloud" $COMPLETION_FILE; then BACKUP_INCLUDES_DATABASES="yes" echo 'if [ ! -d $SERVER_DIRECTORY/backup/owncloud2 ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/owncloud2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_database_to_friend owncloud' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /root/tempownclouddata ownclouddata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'echo "Obtaining Owncloud data backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /var/lib/owncloud owncloud' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /etc/owncloud owncloud2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME fi if grep -Fxq "install_gogs" $COMPLETION_FILE; then BACKUP_INCLUDES_DATABASES="yes" echo 'if [ ! -d $SERVER_DIRECTORY/backup/gogsrepos ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/gogsrepos' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ ! -d $SERVER_DIRECTORY/backup/gogsssh ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/gogsssh' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_database_to_friend gogs' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /root/tempgogsdata gogsdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'echo "Obtaining Gogs settings backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /home/git/go/src/github.com/gogits/gogs/custom gogs' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'echo "Obtaining Gogs repos backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "mv /home/git/gogs-repositories/*.git /home/git/gogs-repositories/$MY_USERNAME" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /home/git/gogs-repositories gogsrepos' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'echo "Obtaining Gogs authorized_keys backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /home/git/.ssh gogsssh' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME fi if grep -Fxq "install_wiki" $COMPLETION_FILE; then echo 'if [ ! -d $SERVER_DIRECTORY/backup/wiki ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/wiki' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ ! -d $SERVER_DIRECTORY/backup/wiki2 ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/wiki2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'echo "Obtaining wiki data backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /var/lib/dokuwiki wiki' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /etc/dokuwiki wiki2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME fi if grep -Fxq "install_blog" $COMPLETION_FILE; then echo 'if [ ! -d $SERVER_DIRECTORY/backup/blog ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/blog' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'echo "Obtaining blog backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "backup_directory_to_friend /var/www/$FULLBLOG_DOMAIN_NAME/htdocs blog" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME fi if grep -Fxq "mesh_cjdns" $COMPLETION_FILE; then echo 'if [ ! -d $SERVER_DIRECTORY/backup/cjdns ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/cjdns' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'echo "Obtaining cjdns backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /etc/cjdns cjdns' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME fi echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup certificates' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "if [ -d /etc/ssl ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up certificates"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/ssl ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/ssl' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /etc/ssl ssl' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup projects' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/projects ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up projects"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/projects ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/projects' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /home/$MY_USERNAME/projects projects' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup personal settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/personal ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up personal settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/personal ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/personal' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /home/$MY_USERNAME/personal personal' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup the public mailing list' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up the public mailing list"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/mailinglist ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/mailinglist' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo " backup_directory_to_friend $PUBLIC_MAILING_LIST_DIRECTORY mailinglist" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup xmpp settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up the XMPP settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/xmpp ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/xmpp' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo " backup_directory_to_friend $XMPP_DIRECTORY xmpp" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup gpg keys' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/.gnupg ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up gpg keys"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/gnupg ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/gnupg' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /home/$MY_USERNAME/.gnupg gnupg' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup ssh keys' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/.ssh ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up ssh keys"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/ssh ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/ssh' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /home/$MY_USERNAME/.ssh ssh' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup web sites' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "if [ -d /etc/nginx ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up web settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/web ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/web' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /etc/nginx/sites-available web' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup README file' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ -f /home/$MY_USERNAME/README ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up README"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/readme ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/readme' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d /home/$MY_USERNAME/tempbackup ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' cp -f /home/$MY_USERNAME/README /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /home/$MY_USERNAME/tempbackup readme' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup IPFS' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/.ipfs ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up IPFS"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/ipfs ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/ipfs' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /home/$MY_USERNAME/.ipfs ipfs' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup Mutt settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ -f /home/$MY_USERNAME/.muttrc ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up Mutt settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d /home/$MY_USERNAME/tempbackup ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' cp /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ -f /etc/Muttrc ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' cp /etc/Muttrc /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/mutt ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/mutt' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /home/$MY_USERNAME/tempbackup mutt' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup procmail settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ -f /home/$MY_USERNAME/.procmailrc ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up procmail settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d /home/$MY_USERNAME/tempbackup ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' cp /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/procmail ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/procmail' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /home/$MY_USERNAME/tempbackup procmail' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup spamassassin settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/.spamassassin ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up spamassassin settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/spamassassin ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/spamassassin' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /home/$MY_USERNAME/.spamassassin spamassassin' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ -d /home/$MY_USERNAME/Maildir ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Creating an email archive"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d /root/backupemail ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo " mkdir -p /root/backupemail" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' tar -czvf /root/backupemail/maildir.tar.gz /home/$MY_USERNAME/Maildir' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up emails"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/mail ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/mail' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /root/backupemail mail' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup DLNA cache' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up DLNA cache"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/dlna ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/dlna' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /var/cache/minidlna dlna' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup VoIP settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "if [ -f /etc/$VOIP_CONFIG_FILE ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up VoIP settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d /home/$MY_USERNAME/tempbackup ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n " cp -f /etc/$VOIP_CONFIG_FILE " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '/home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n " cp -f /var/lib/mumble-server/$VOIP_DATABASE " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '/home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/voip ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/voip' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /home/$MY_USERNAME/tempbackup voip' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '# Backup Tox node settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "if [ -d /var/lib/tox-bootstrapd ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Backing up Tox node settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! -d $SERVER_DIRECTORY/backup/tox ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/tox' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' cp /etc/tox-bootstrapd.conf /var/lib/tox-bootstrapd' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' backup_directory_to_friend /var/lib/tox-bootstrapd tox' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then echo '# Mysql settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ ! -d $SERVER_DIRECTORY/backup/mariadb ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p $SERVER_DIRECTORY/backup/mariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'if [ ! -d /root/tempmariadb ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir /root/tempmariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'mysqldump --password=$DATABASE_PASSWORD mysql user > /root/tempmariadb/mysql.sql' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "if [ ! -s /root/tempmariadb/mysql.sql ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' echo "Unable to backup mysql settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' rm -rf /root/tempmariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' echo "Unable to export database settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' exit 653' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'echo "$DATABASE_PASSWORD" > /root/tempmariadb/db' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'chmod 400 /root/tempmariadb/db' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'backup_directory_to_friend /root/tempmariadb mariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME fi # Now that we have the server directory updated with the encrypted backup # we just need to rsync it to each friend echo '# For each remote server' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'while read remote_server' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'do' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # Get the server and its password' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # Format is:' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # username@domain:/home/username ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' REMOTE_SERVER=$(echo "${remote_server}" | ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n "awk -F ' ' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '$1' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ $REMOTE_SERVER ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' REMOTE_DOMAIN=$(echo "${remote_server}" | ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n "awk -F ':' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '$1' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n "}' | awk -F '@' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '$2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' REMOTE_SSH_PORT=$(echo "${remote_server}" | ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n "awk -F ' ' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '$2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' REMOTE_PASSWORD=$(echo "${remote_server}" | ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n "awk -F ' ' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '$3' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' NOW=$(date +"%Y-%m-%d %H:%M:%S")' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' echo "$NOW Starting backup to $REMOTE_SERVER" >> ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # Social key management' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ -d /home/$MY_USERNAME/.gnupg_fragments ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ $REMOTE_DOMAIN ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' cd /home/$MY_USERNAME/.gnupg_fragments' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' no_of_shares=$(ls -afq keyshare.asc.* | wc -l)' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if (( no_of_shares > 0 )); then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # Pick a share index based on the domain name' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # This ensures that the same share is always given to the same domain' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' sharenumstr=$(md5sum <<< "$REMOTE_DOMAIN")' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' share_index=$(echo $((0x${sharenumstr%% *} % ${no_of_shares})) | tr -d -)' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # get the share filename' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' share_files=(/home/$MY_USERNAME/.gnupg_fragments/keyshare.asc.*)' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' share_filename=${share_files[share_index]}' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # create a temp directory containing the share' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' mkdir -p /home/$MY_USERNAME/tempkey/.gnupg_fragments' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' cp $share_filename /home/$MY_USERNAME/tempkey/.gnupg_fragments/' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # copy the fragments directory to the remote server' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' /usr/bin/sshpass -p $REMOTE_PASSWORD ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n 'scp -r -P $REMOTE_SSH_PORT ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n '/home/$MY_USERNAME/tempkey/.gnupg_fragments ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '$REMOTE_SERVER' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' echo "Key share to $REMOTE_SERVER failed" | mail -s "Freedombone social key management" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # remove the temp file/directory' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' shred -zu /home/$MY_USERNAME/tempkey/.gnupg_fragments/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' rm -rf /home/$MY_USERNAME/tempkey' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # Send a confirmation email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' echo "Key shared to $REMOTE_SERVER" | mail -s "Freedombone social key management" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME fi echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '$SERVER_DIRECTORY/backup $REMOTE_SERVER' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' echo "$NOW Backup to $REMOTE_SERVER failed" >> ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' echo "Backup to $REMOTE_SERVER failed" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' else' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo -n ' echo "$NOW Backed up to $REMOTE_SERVER" >> ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME # End of the loop echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo "done < $FRIENDS_SERVERS_LIST" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME echo 'exit 0' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME chown root:root /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME chmod 400 /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME chmod +x /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME # update crontab echo '#!/bin/bash' > /etc/cron.daily/backuptofriends echo "/usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME" >> /etc/cron.daily/backuptofriends chmod +x /etc/cron.daily/backuptofriends echo 'backup_to_friends_servers' >> $COMPLETION_FILE } function restore_directory_from_friend { echo 'function restore_directory_from_friend {' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! -d ${1} ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' mkdir ${1}' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME if [[ $BACKUP_TYPE == 'obnam' ]]; then echo -n ' obnam restore -r $SERVER_DIRECTORY/backup/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '${2} --to ${1}' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME else echo " BACKUP_CERTIFICATE=$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n '${2} ${1} ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n '$SERVER_DIRECTORY/backup/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '${2}.keys $BACKUP_CERTIFICATE' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME fi echo '}' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME } function restore_database_from_friend { echo 'function restore_database_from_friend {' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " DATABASE_PASSWORD=$DATABASE_PASSWORD" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME if [[ $BACKUP_TYPE == 'obnam' ]]; then echo ' RESTORE_SUBDIR="root"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME else echo ' RESTORE_SUBDIR="remoterestore/backup/${1}data"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME fi echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ -d $SERVER_DIRECTORY/backup/${1} ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring ${1} database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/temp${1}data ${1}data' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! -f /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/${1}.sql ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Unable to restore ${1} database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/temp${1}data' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 503' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '${1} -o < /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 964' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' shred -zu /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/temp${1}data' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring ${1} installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/temp${1} ${1}' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME if [[ $BACKUP_TYPE == 'obnam' ]]; then echo ' RESTORE_SUBDIR="var"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME else echo ' RESTORE_SUBDIR="remoterestore/backup/${1}"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME fi echo ' if [ ${1} ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ -d /var/www/${2}/htdocs ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /var/www/${2}/htdocs' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' mv /root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs /var/www/${2}/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 683' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' # Ensure that the bundled SSL cert is being used' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ -f /etc/ssl/certs/${2}.bundle.crt ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' sed -i "s|${2}.crt|${2}.bundle.crt|g" /etc/nginx/sites-available/${2}' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '}' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME } function restore_from_friend { if grep -Fxq "restore_from_friend" $COMPLETION_FILE; then return fi apt-get -y install rsyncrypto sshpass obnam get_mariadb_password get_mariadb_gnusocial_admin_password get_mariadb_hubzilla_admin_password get_mariadb_owncloud_admin_password get_mariadb_git_admin_password if ! grep -q "restore from a friend's server" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Restoring from backups to friends servers' >> /home/$MY_USERNAME/README echo '=========================================' >> /home/$MY_USERNAME/README echo "To restore from a friend's server use the command:" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo " $RESTORE_FROM_FRIEND_SCRIPT_NAME [server]" >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo '#!/bin/bash' > /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'SERVER_NAME=$1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "MY_USERNAME=$MY_USERNAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '# Temporary location for data to be backed up to other servers' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'SERVER_DIRECTORY=/root/remoterestore' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'if [ ! $SERVER_NAME ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " echo '$RESTORE_FROM_FRIEND_SCRIPT_NAME [server]'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "if [ ! -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " echo 'No friends list found at $FRIENDS_SERVERS_LIST'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n 'if ! grep -q "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "$FRIENDS_SERVERS_LIST; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Server not found within the friends list"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 3' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n 'REMOTE_SERVER=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n "$FRIENDS_SERVERS_LIST | awk -F ' ' '{print " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n '$1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "}')" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n 'REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n "$FRIENDS_SERVERS_LIST | awk -F ' ' '{print " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n '$2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "}')" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n 'REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n "$FRIENDS_SERVERS_LIST | awk -F ' ' '{print " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n '$3' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "}')" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '# Check that a backup key exists' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " echo 'No backup key was found in $BACKUP_CERTIFICATE'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 84' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME # Rsync from the remote server back to this server echo 'NOW=$(date +"%Y-%m-%d %H:%M:%S")' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n 'echo "$NOW Starting restore from $REMOTE_SERVER" >> ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n 'rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$REMOTE_SERVER/backup $SERVER_DIRECTORY' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n ' echo "$NOW Restore from $REMOTE_SERVER failed" >> ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' # Send a warning email' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n ' echo "Restore from $REMOTE_SERVER failed" | mail -s "Freedombone restore from friend" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 790' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'else' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n ' echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '# MariaDB password' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME restore_directory_from_friend echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME restore_database_from_friend echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'if [ -d $SERVER_DIRECTORY/backup/mariadb ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='root/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/mariadb/' fi echo ' echo "Restoring mysql settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempmariadb mariadb' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Get the MariaDB password from the backup"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " if [ ! -f /root/tempmariadb/${RESTORE_SUBDIR}tempmariadb/db ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "MariaDB password file not found"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 495' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n ' BACKUP_MARIADB_PASSWORD=$(cat /root/tempmariadb/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "${RESTORE_SUBDIR}tempmariadb/db)" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [[ $BACKUP_MARIADB_PASSWORD != $DATABASE_PASSWORD ]]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restore the MariaDB user table"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD mysql -o < ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "/root/tempmariadb/${RESTORE_SUBDIR}tempmariadb/mysql.sql)" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Try again using the password obtained from backup"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n ' mysqlsuccess=$(mysql -u root --password=$BACKUP_MARIADB_PASSWORD mysql -o < ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "/root/tempmariadb/${RESTORE_SUBDIR}tempmariadb/mysql.sql)" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 962' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restarting database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' service mysql restart' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Change the MariaDB password to the backup version"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' DATABASE_PASSWORD=$BACKUP_MARIADB_PASSWORD' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " shred -zu /root/tempmariadb/${RESTORE_SUBDIR}tempmariadb/db" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempmariadb' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' # Change database password file' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n ' echo "$DATABASE_PASSWORD" > ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "$DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " chmod 600 $DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home/' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/mutt/' fi echo 'if [ -d $SERVER_DIRECTORY/backup/mutt ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring Mutt settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempmutt mutt' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " if [ -f /root/tempmutt/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/.muttrc ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -f /root/tempmutt/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/.muttrc /home/$MY_USERNAME/.muttrc' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " if [ -f /root/tempmutt/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/Muttrc ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -f /root/tempmutt/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/Muttrc /etc/Muttrc' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/gnupg' fi echo 'if [ -d $SERVER_DIRECTORY/backup/gnupg ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring gnupg settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempgnupg gnupg' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -r /root/tempgnupg/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/.gnupg /home/$MY_USERNAME/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' cp -r /home/$MY_USERNAME/.gnupg /root' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 283' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/procmail' fi echo 'if [ -d $SERVER_DIRECTORY/backup/procmail ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring procmail settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempprocmail procmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -f /root/tempprocmail/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '/$MY_USERNAME/tempbackup/.procmailrc /home/$MY_USERNAME/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/spamassassin' fi echo 'if [ -d $SERVER_DIRECTORY/backup/spamassassin ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring spamassassin settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempspamassassin spamassassin' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -rf /root/tempspamassassin/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/.spamassassin /home/$MY_USERNAME/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempspamassassin' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempspamassassin' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/readme' fi echo 'if [ -d $SERVER_DIRECTORY/backup/readme ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring README"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempreadme readme' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -f /root/tempreadme/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/README /home/$MY_USERNAME/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/ipfs' fi echo 'if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring IPFS"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempipfs ipfs' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -f /root/tempipfs/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/tempbackup/ipfs/* /home/$MY_USERNAME/.ipfs' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempipfs' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempipfs' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/ssh' fi echo 'if [ -d $SERVER_DIRECTORY/backup/ssh ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring ssh keys"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempssh ssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -r /root/tempssh/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/.ssh /home/$MY_USERNAME/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 664' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='etc' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/ssl' fi echo 'if [ -d $SERVER_DIRECTORY/backup/ssl ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring certificates"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempssl ssl' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -r /root/tempssl/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'ssl/* /etc/ssl' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempssl' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/projects' fi echo 'if [ -d $SERVER_DIRECTORY/backup/projects ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring projects"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempprojects projects' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ -d /home/$MY_USERNAME/projects ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /home/$MY_USERNAME/projects' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " mv /root/tempprojects/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/projects /home/$MY_USERNAME' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 166' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempprojects' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/personal' fi echo 'if [ -d $SERVER_DIRECTORY/backup/personal ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring personal settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/temppersonal personal' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ -d /home/$MY_USERNAME/personal ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /home/$MY_USERNAME/personal' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " mv /root/temppersonal/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '$MY_USERNAME/personal /home/$MY_USERNAME' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 184' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/temppersonal' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='root' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/mailinglist' fi echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring public mailing list"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempmailinglist mailinglist' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " cp -r /root/tempmailinglist/${RESTORE_SUBDIR}/spool/mlmmj/* $PUBLIC_MAILING_LIST_DIRECTORY" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 526' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempmailinglist' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='var' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/xmpp' fi echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring XMPP settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempxmpp xmpp' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " cp -r /root/tempxmpp/${RESTORE_SUBDIR}/lib/prosody/* $XMPP_DIRECTORY" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 725' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempxmpp' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' service prosody restart' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' chown -R prosody:prosody /var/lib/prosody/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME BACKUP_INCLUDES_WEBSITES="no" if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then BACKUP_INCLUDES_WEBSITES="yes" echo "restore_database_from_friend gnusocial $MICROBLOG_DOMAIN_NAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "if [ -d /root/tempgnusocial ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " rm -rf /root/tempgnusocial" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "fi" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME fi if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then BACKUP_INCLUDES_WEBSITES="yes" echo "restore_database_from_friend hubzilla $HUBZILLA_DOMAIN_NAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'if [ -d $SERVER_DIRECTORY/backup/hubzilla ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3 ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " mkdir -p /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " chmod 777 /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/*" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "if [ -d /root/temphubzilla ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " rm -rf /root/temphubzilla" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "fi" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME fi if grep -Fxq "install_owncloud" $COMPLETION_FILE; then BACKUP_INCLUDES_WEBSITES="yes" echo "restore_database_from_friend owncloud $OWNCLOUD_DOMAIN_NAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='var' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/owncloud' fi echo 'if [ -d $SERVER_DIRECTORY/backup/owncloud ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring Owncloud installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " cp -r /root/tempowncloud/${RESTORE_SUBDIR}/lib/owncloud/* /var/lib/owncloud/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 981' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'restore_directory_from_friend /root/tempowncloud2 owncloud2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='etc' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/owncloud2' fi echo " cp -r /root/tempowncloud2/${RESTORE_SUBDIR}/owncloud/* /etc/owncloud/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 982' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempowncloud' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempowncloud2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' chown -R www-data:www-data /var/lib/owncloud/data' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' chown -R www-data:www-data /var/lib/owncloud/backup' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' chown -R www-data:www-data /var/lib/owncloud/assets' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' occ files:scan $MY_USERNAME' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME fi if grep -Fxq "install_gogs" $COMPLETION_FILE; then BACKUP_INCLUDES_WEBSITES="yes" echo "restore_database_from_friend gogs $GIT_DOMAIN_NAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/gogs' fi echo 'if [ -d $SERVER_DIRECTORY/backup/gogs ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! -d /home/git/go/src/github.com/gogits/gogs/custom ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' mkdir -p /home/git/go/src/github.com/gogits/gogs/custom' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " cp -r /root/tempgogs/${RESTORE_SUBDIR}/git/go/src/github.com/gogits/gogs/custom/* /home/git/go/src/github.com/gogits/gogs/custom/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 5885' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring Gogs repos"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempgogsrepos gogsrepos' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/gogsrepos' fi echo " cp -r /root/tempgogsrepos/${RESTORE_SUBDIR}/git/gogs-repositories/* /home/git/gogs-repositories/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 7649' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring Gogs authorized_keys"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempgogsssh gogsssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! -d /home/git/.ssh ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' mkdir /home/git/.ssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/gogsssh' fi echo " cp -r /root/tempgogsssh/${RESTORE_SUBDIR}/git/.ssh/* /home/git/.ssh/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 74239' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempgogs' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempgogsrepos' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempgogsssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' chown -R git:git /home/git' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME fi RESTORE_SUBDIR='var' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/wiki' fi echo 'if [ -d $SERVER_DIRECTORY/backup/wiki ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring Wiki installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempwiki wiki' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " cp -r /root/tempwiki/${RESTORE_SUBDIR}/lib/dokuwiki/* /var/lib/dokuwiki/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 868' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempwiki2 wiki2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='etc' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/wiki2' fi echo " cp -r /root/tempwiki2/${RESTORE_SUBDIR}/dokuwiki/* /etc/dokuwiki/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 869' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempwiki' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempwiki2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' chown -R www-data:www-data /var/lib/dokuwiki/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' # Ensure that the bundled SSL cert is being used' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " if [ -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.bundle.crt ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " sed -i 's|$WIKI_DOMAIN_NAME.crt|$WIKI_DOMAIN_NAME.bundle.crt|g' /etc/nginx/sites-available/$WIKI_DOMAIN_NAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='var' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/blog' fi echo 'if [ -d $SERVER_DIRECTORY/backup/blog ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring blog installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' mkdir /root/tempblog' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempblog blog' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " rm -rf /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " cp -r /root/tempblog/${RESTORE_SUBDIR}/www/$FULLBLOG_DOMAIN_NAME/htdocs /var/www/$FULLBLOG_DOMAIN_NAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 593' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempblog' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "No content directory found after restoring blog"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 287' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' # Ensure that the bundled SSL cert is being used' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " if [ -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.bundle.crt ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " sed -i 's|$FULLBLOG_DOMAIN_NAME.crt|$FULLBLOG_DOMAIN_NAME.bundle.crt|g' /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " if [ -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '/$MY_USERNAME/blog/uncategorized/post ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " mv /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n '/$MY_USERNAME/blog/*.md ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n "/var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '/$MY_USERNAME/blog/uncategorized/post ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='etc' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/cjdns' fi echo 'if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring cjdns installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempcjdns cjdns' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " rm -rf /etc/cjdns" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " cp -r /root/tempcjdns/${RESTORE_SUBDIR}/cjdns /etc/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 7438' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempcjdns' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='home' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/voip' fi echo 'if [ -d $SERVER_DIRECTORY/backup/voip ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring VoIP settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempvoip voip' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -f /root/tempvoip/${RESTORE_SUBDIR}" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n '/$MY_USERNAME/tempbackup/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "$VOIP_CONFIG_FILE /etc/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 7823' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n " cp -f /root/tempvoip/${RESTORE_SUBDIR}/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo -n '$MY_USERNAME/tempbackup/' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo "$VOIP_DATABASE /var/lib/mumble-server/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' cp /etc/ssl/certs/mumble* /var/lib/mumble-server' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' cp /etc/ssl/private/mumble* /var/lib/mumble-server' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' chown -R mumble-server:mumble-server /var/lib/mumble-server' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'if [ -d $SERVER_DIRECTORY/backup/tox ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring Tox node settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /var/lib/tox-bootstrapd tox' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 93653' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' systemctl restart tox-bootstrapd.service' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' systemctl status tox-bootstrapd.service' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 59369' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='root' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/mail' fi echo 'if [ -d $SERVER_DIRECTORY/backup/mail ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring emails"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempmail mail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! -d /home/$MY_USERNAME/Maildir ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' mkdir /home/$MY_USERNAME/Maildir' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " tar -xzvf /root/tempmail/${RESTORE_SUBDIR}/tempbackupemail/maildir.tar.gz -C /" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 927' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME RESTORE_SUBDIR='var' if [[ $BACKUP_TYPE != 'obnam' ]]; then RESTORE_SUBDIR='remoterestore/backup/dlna' fi echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ -d $SERVER_DIRECTORY/backup/dlna ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' echo "Restoring DLNA cache"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' restore_directory_from_friend /root/tempdlna dlna' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo " cp -r /root/tempdlna/${RESTORE_SUBDIR}/cache/minidlna/* /var/cache/minidlna/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' exit 982' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' rm -rf /root/tempdlna' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then echo '' >> /usr/bin/$RESTORE_FROM_FRIENDS_SCRIPT_NAME echo '# Retrieve key fragments' >> /usr/bin/$RESTORE_FROM_FRIENDS_SCRIPT_NAME echo -n '/usr/bin/sshpass -p $REMOTE_PASSWORD ' >> /usr/bin/$RESTORE_FROM_FRIENDS_SCRIPT_NAME echo -n "scp -r -P $REMOTE_SSH_PORT $REMOTE_SERVER/.gnupg_fragments " >> /usr/bin/$RESTORE_FROM_FRIENDS_SCRIPT_NAME echo '/home/$MY_USERNAME/' >> /usr/bin/$RESTORE_FROM_FRIENDS_SCRIPT_NAME fi echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'echo "*** Remote restore was successful ***"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'exit 0' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME chmod 400 /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME chmod +x /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME echo 'restore_from_friend' >> $COMPLETION_FILE } function remove_default_user { # make sure you don't use the default user account if [[ $MY_USERNAME == "debian" ]]; then echo 'Do not use the default debian user account. Create a different user with: adduser [username]' exit 68 fi # remove the default debian user to prevent it from becoming an attack vector if [ -d /home/debian ]; then userdel -r debian echo 'Default debian user account removed' fi } function enforce_good_passwords { # because humans are generally bad at choosing passwords if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then return fi apt-get -y install libpam-cracklib sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password echo 'enforce_good_passwords' >> $COMPLETION_FILE } function change_login_message { if grep -Fxq "change_login_message" $COMPLETION_FILE; then return fi # remove automatic motd creator if it exists if [ -f /etc/init.d/motd ]; then rm -f /etc/init.d/motd fi echo '' > /etc/motd echo ".---. . . " >> /etc/motd echo "| | | " >> /etc/motd echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then echo ' M A I L B O X E D I T I O N' >> /etc/motd fi if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then echo ' S O C I A L E D I T I O N' >> /etc/motd fi if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then echo ' C H A T E D I T I O N' >> /etc/motd fi if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then echo ' C L O U D E D I T I O N' >> /etc/motd fi if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then echo ' W R I T E R E D I T I O N ' >> /etc/motd fi if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then echo ' M E D I A E D I T I O N' >> /etc/motd fi if [[ $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then echo ' D E V E L O P E R E D I T I O N' >> /etc/motd fi echo '' >> /etc/motd if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then echo ' Freedom in the Cloud' >> /etc/motd else echo ' Freedom in the Mesh' >> /etc/motd fi echo '' >> /etc/motd echo 'change_login_message' >> $COMPLETION_FILE } function search_for_attached_usb_drive { # If a USB drive is attached then search for email, # gpg, ssh keys and emacs configuration if grep -Fxq "search_for_attached_usb_drive" $COMPLETION_FILE; then return fi if [ -b $USB_DRIVE ]; then if [ ! -d $USB_MOUNT ]; then echo 'Mounting USB drive' mkdir $USB_MOUNT mount $USB_DRIVE $USB_MOUNT fi if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then if [ -d $USB_MOUNT/Maildir ]; then echo 'Maildir found on USB drive' IMPORT_MAILDIR=$USB_MOUNT/Maildir fi if [ -d $USB_MOUNT/.gnupg ]; then echo 'Importing GPG keyring' cp -r $USB_MOUNT/.gnupg /home/$MY_USERNAME chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg GPG_KEYS_IMPORTED="yes" if [ ! -f /home/$MY_USERNAME/.gnupg/secring.gpg ]; then echo 'GPG files did not copy' exit 73529 fi fi if [ -f $USB_MOUNT/.procmailrc ]; then echo 'Importing procmail settings' cp $USB_MOUNT/.procmailrc /home/$MY_USERNAME chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc fi if [ -f $USB_MOUNT/private_key.gpg ]; then echo 'GPG private key found on USB drive' MY_GPG_PRIVATE_KEY=$USB_MOUNT/private_key.gpg fi if [ -f $USB_MOUNT/public_key.gpg ]; then echo 'GPG public key found on USB drive' MY_GPG_PUBLIC_KEY=$USB_MOUNT/public_key.gpg fi fi if [ -d $USB_MOUNT/prosody ]; then if [ ! -d $XMPP_DIRECTORY ]; then mkdir $XMPP_DIRECTORY fi cp -r $USB_MOUNT/prosody/* $XMPP_DIRECTORY chown -R prosody:prosody $XMPP_DIRECTORY fi if [ -d $USB_MOUNT/.ssh ]; then echo 'Importing ssh keys' cp -r $USB_MOUNT/.ssh /home/$MY_USERNAME chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh # for security delete the ssh keys from the usb drive if [ ! -f /home/$MY_USERNAME/.ssh/id_rsa ]; then echo 'ssh files did not copy' exit 8 fi fi if [ -f $USB_MOUNT/.emacs ]; then echo 'Importing .emacs file' cp -f $USB_MOUNT/.emacs /home/$MY_USERNAME/.emacs chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs fi if [ -d $USB_MOUNT/.emacs.d ]; then echo 'Importing .emacs.d directory' cp -r $USB_MOUNT/.emacs.d /home/$MY_USERNAME chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs.d fi if [ -d $USB_MOUNT/ssl ]; then echo 'Importing SSL certificates' cp -r $USB_MOUNT/ssl/* /etc/ssl chmod 640 /etc/ssl/certs/* chmod 400 /etc/ssl/private/* # change ownership of some certificates if [ -d /etc/prosody ]; then chown prosody:prosody /etc/ssl/private/xmpp.* chown prosody:prosody /etc/ssl/certs/xmpp.* fi if [ -d /etc/dovecot ]; then chown root:dovecot /etc/ssl/certs/dovecot.* chown root:dovecot /etc/ssl/private/dovecot.* fi if [ -f /etc/ssl/private/exim.key ]; then chown root:Debian-exim /etc/ssl/private/exim.key /etc/ssl/certs/exim.crt /etc/ssl/certs/exim.dhparam fi fi if [ -d $USB_MOUNT/personal ]; then echo 'Importing personal directory' cp -r $USB_MOUNT/personal /home/$MY_USERNAME chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/personal fi else if [ -d $USB_MOUNT ]; then umount $USB_MOUNT rm -rf $USB_MOUNT fi echo 'No USB drive attached' fi echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE } function remove_proprietary_repos { if grep -Fxq "remove_proprietary_repos" $COMPLETION_FILE; then return fi sed -i 's/ non-free//g' /etc/apt/sources.list echo 'remove_proprietary_repos' >> $COMPLETION_FILE } function change_debian_repos { if grep -Fxq "change_debian_repos" $COMPLETION_FILE; then return fi rm -rf /var/lib/apt/lists/* apt-get clean sed -i "s/ftp.us.debian.org/$DEBIAN_REPO/g" /etc/apt/sources.list # ensure that there is a security repo if ! grep -q "security" /etc/apt/sources.list; then echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib" >> /etc/apt/sources.list echo "#deb-src http://security.debian.org/ $DEBIAN_VERSION/updates main contrib" >> /etc/apt/sources.list fi apt-get update apt-get -y install apt-transport-https echo 'change_debian_repos' >> $COMPLETION_FILE } function initial_setup { if grep -Fxq "initial_setup" $COMPLETION_FILE; then return fi apt-get -y remove --purge apache* apt-get -y dist-upgrade apt-get -y install ca-certificates emacs24 cpulimit echo 'initial_setup' >> $COMPLETION_FILE } function install_editor { if grep -Fxq "install_editor" $COMPLETION_FILE; then return fi update-alternatives --set editor /usr/bin/emacs24 # A minimal emacs configuration #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs #echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs echo "'goto-line)" >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo ';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs echo '' >> /home/$MY_USERNAME/.emacs echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs cp /home/$MY_USERNAME/.emacs /root/.emacs chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs echo 'install_editor' >> $COMPLETION_FILE } function enable_backports { if grep -Fxq "enable_backports" $COMPLETION_FILE; then return fi if ! grep -Fxq "deb http://$DEBIAN_REPO/debian $DEBIAN_VERSION-backports main" /etc/apt/sources.list; then echo "deb http://$DEBIAN_REPO/debian $DEBIAN_VERSION-backports main" >> /etc/apt/sources.list fi echo 'enable_backports' >> $COMPLETION_FILE } function enable_zram { if grep -Fxq "enable_zram" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then return fi if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf fi echo '#!/bin/bash' > /etc/init.d/zram echo '### BEGIN INIT INFO' >> /etc/init.d/zram echo '# Provides: zram' >> /etc/init.d/zram echo '# Required-Start:' >> /etc/init.d/zram echo '# Required-Stop:' >> /etc/init.d/zram echo '# Default-Start: 2 3 4 5' >> /etc/init.d/zram echo '# Default-Stop: 0 1 6' >> /etc/init.d/zram echo '# Short-Description: Increased Performance In Linux With zRam (Virtual Swap Compressed in RAM)' >> /etc/init.d/zram echo '# Description: Adapted from systemd scripts at https://github.com/mystilleef/FedoraZram' >> /etc/init.d/zram echo '### END INIT INFO' >> /etc/init.d/zram echo 'start() {' >> /etc/init.d/zram echo ' # get the number of CPUs' >> /etc/init.d/zram echo ' num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram echo ' # if something goes wrong, assume we have 1' >> /etc/init.d/zram echo ' [ "$num_cpus" != 0 ] || num_cpus=1' >> /etc/init.d/zram echo ' # set decremented number of CPUs' >> /etc/init.d/zram echo ' decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram echo ' # get the amount of memory in the machine' >> /etc/init.d/zram echo ' mem_total_kb=$(grep MemTotal /proc/meminfo | grep -E --only-matching "[[:digit:]]+")' >> /etc/init.d/zram echo ' mem_total=$((mem_total_kb * 1024))' >> /etc/init.d/zram echo ' # load dependency modules' >> /etc/init.d/zram echo ' modprobe zram num_devices=$num_cpus' >> /etc/init.d/zram echo ' # initialize the devices' >> /etc/init.d/zram echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram echo ' echo $((mem_total / num_cpus)) > /sys/block/zram$i/disksize' >> /etc/init.d/zram echo ' done' >> /etc/init.d/zram echo ' # Creating swap filesystems' >> /etc/init.d/zram echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram echo ' mkswap /dev/zram$i' >> /etc/init.d/zram echo ' done' >> /etc/init.d/zram echo ' # Switch the swaps on' >> /etc/init.d/zram echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram echo ' swapon -p 100 /dev/zram$i' >> /etc/init.d/zram echo ' done' >> /etc/init.d/zram echo '}' >> /etc/init.d/zram echo 'stop() {' >> /etc/init.d/zram echo ' # get the number of CPUs' >> /etc/init.d/zram echo ' num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram echo ' # set decremented number of CPUs' >> /etc/init.d/zram echo ' decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram echo ' # Switching off swap' >> /etc/init.d/zram echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram echo ' if [ "$(grep /dev/zram$i /proc/swaps)" != "" ]; then' >> /etc/init.d/zram echo ' swapoff /dev/zram$i' >> /etc/init.d/zram echo ' sleep 1' >> /etc/init.d/zram echo ' fi' >> /etc/init.d/zram echo ' done' >> /etc/init.d/zram echo ' sleep 1' >> /etc/init.d/zram echo ' rmmod zram' >> /etc/init.d/zram echo '}' >> /etc/init.d/zram echo 'case "$1" in' >> /etc/init.d/zram echo ' start)' >> /etc/init.d/zram echo ' start' >> /etc/init.d/zram echo ' ;;' >> /etc/init.d/zram echo ' stop)' >> /etc/init.d/zram echo ' stop' >> /etc/init.d/zram echo ' ;;' >> /etc/init.d/zram echo ' restart)' >> /etc/init.d/zram echo ' stop' >> /etc/init.d/zram echo ' sleep 3' >> /etc/init.d/zram echo ' start' >> /etc/init.d/zram echo ' ;;' >> /etc/init.d/zram echo ' *)' >> /etc/init.d/zram echo ' echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/zram echo ' RETVAL=1' >> /etc/init.d/zram echo 'esac' >> /etc/init.d/zram echo 'exit $RETVAL' >> /etc/init.d/zram chmod +x /etc/init.d/zram update-rc.d zram defaults echo 'enable_zram' >> $COMPLETION_FILE } function check_onerng_verification { if grep -Fxq "check_onerng_verification" $COMPLETION_FILE; then return fi if [[ $HWRNG_TYPE != "onerng" ]]; then return fi echo 'Checking OneRNG firmware verification' last_onerng_validation=$(cat /var/log/syslog.1 | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}') if [[ $last_onerng_validation != *"passed OK"* ]]; then last_onerng_validation=$(cat /var/log/syslog | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}') if [[ $last_onerng_validation != *"passed OK"* ]]; then echo $last_onerng_validation echo 'OneRNG firmware verification failed' exit 735026 fi fi echo 'OneRNG firmware verification passed' # if haveged was previously installed then remove it apt-get -y remove haveged echo 'check_onerng_verification' >> $COMPLETION_FILE } function install_onerng { apt-get -y install rng-tools at python-gnupg # Move to the installation directory if [ ! -d $INSTALL_DIR ]; then mkdir $INSTALL_DIR fi cd $INSTALL_DIR # Download the package if [ ! -f $ONERNG_PACKAGE ]; then wget $ONERNG_PACKAGE_DOWNLOAD mv "$ONERNG_PACKAGE?raw=true" $ONERNG_PACKAGE fi if [ ! -f $ONERNG_PACKAGE ]; then echo "OneRNG package could not be downloaded" exit 59249 fi # Check the hash hash=$(sha256sum $ONERNG_PACKAGE | awk -F ' ' '{print $1}') if [[ $hash != $ONERNG_PACKAGE_HASH ]]; then echo "OneRNG package: $ONERNG_PACKAGE" echo "Hash does not match. This could indicate that the package has been tampered with." echo "OneRNG expected package hash: $ONERNG_PACKAGE_HASH" echo "OneRNG actual hash: $hash" exit 25934 fi # install the package dpkg -i $ONERNG_PACKAGE # Check that the install worked if [ ! -f /etc/onerng.conf ]; then echo 'OneRNG configuration file not found. The package may not have installed successfully.' exit 42904 fi dialog --title "OneRNG Device" \ --msgbox "Please plug in the OneRNG device" 6 40 # check rng-tools configuration if ! grep -q "/dev/$ONERNG_DEVICE" /etc/default/rng-tools; then echo "HRNGDEVICE=/dev/$ONERNG_DEVICE" >> /etc/default/rng-tools fi systemctl restart rng-tools } function random_number_generator { if grep -Fxq "random_number_generator" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # it is assumed that docker uses the random number # generator of the host system return fi case $HWRNG_TYPE in beaglebone) apt-get -y install rng-tools sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools ;; onerng) install_onerng ;; *) apt-get -y install haveged ;; esac echo 'random_number_generator' >> $COMPLETION_FILE } function configure_ssh { if grep -Fxq "configure_ssh" $COMPLETION_FILE; then return fi sed -i "s/Port .*/Port $SSH_PORT/g" /etc/ssh/sshd_config sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/X11Forwarding.*/X11Forwarding no/g' /etc/ssh/sshd_config sed -i 's/ServerKeyBits.*/ServerKeyBits 4096/g' /etc/ssh/sshd_config sed -i 's/TCPKeepAlive.*/TCPKeepAlive no/g' /etc/ssh/sshd_config sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config if grep -q 'ClientAliveInterval' /etc/ssh/sshd_config; then sed -i 's/ClientAliveInterval.*/ClientAliveInterval 60/g' /etc/ssh/sshd_config else echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config fi if grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config; then sed -i 's/ClientAliveCountMax.*/ClientAliveCountMax 3/g' /etc/ssh/sshd_config else echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config fi if grep -q 'Ciphers' /etc/ssh/sshd_config; then sed -i "s|Ciphers.*|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config else echo "Ciphers $SSH_CIPHERS" >> /etc/ssh/sshd_config fi if grep -q 'MACs' /etc/ssh/sshd_config; then sed -i "s|MACs.*|MACs $SSH_MACS|g" /etc/ssh/sshd_config else echo "MACs $SSH_MACS" >> /etc/ssh/sshd_config fi if grep -q 'KexAlgorithms' /etc/ssh/sshd_config; then sed -i "s|KexAlgorithms.*|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config else echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config fi apt-get -y install fail2ban echo 'configure_ssh' >> $COMPLETION_FILE # Don't reboot if installing within docker # random numbers will come from the host system if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then return fi echo '' echo '' echo ' *** Rebooting to initialise ssh settings and random number generator ***' echo '' echo " *** Reconnect via ssh on port $SSH_PORT, then run this script again ***" echo '' echo '## ' >> /etc/motd echo '## Type "su" and enter your administrator password, then use the command:' >> /etc/motd echo '## ' >> /etc/motd echo '## freedombone -c freedombone.cfg' >> /etc/motd echo '## ' >> /etc/motd echo '## to continue the installation.' >> /etc/motd reboot } # see https://stribika.github.io/2015/01/04/secure-secure-shell.html function ssh_remove_small_moduli { awk '$5 > 2000' /etc/ssh/moduli > ~/moduli mv ~/moduli /etc/ssh/moduli } function configure_ssh_client { if grep -Fxq "configure_ssh_client" $COMPLETION_FILE; then return fi #sed -i 's/# PasswordAuthentication.*/ PasswordAuthentication no/g' /etc/ssh/ssh_config #sed -i 's/# ChallengeResponseAuthentication.*/ ChallengeResponseAuthentication no/g' /etc/ssh/ssh_config sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> /etc/ssh/ssh_config fi sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config if ! grep -q "Ciphers " /etc/ssh/ssh_config; then echo " Ciphers $SSH_CIPHERS" >> /etc/ssh/ssh_config fi sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config if ! grep -q "MACs " /etc/ssh/ssh_config; then echo " MACs $SSH_MACS" >> /etc/ssh/ssh_config fi # Create ssh keys if [ ! -f ~/.ssh/id_ed25519 ]; then ssh-keygen -t ed25519 -o -a 100 fi if [ ! -f ~/.ssh/id_rsa ]; then ssh-keygen -t rsa -b 4096 -o -a 100 fi ssh_remove_small_moduli echo 'configure_ssh_client' >> $COMPLETION_FILE } function regenerate_ssh_keys { if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE; then return fi rm -f /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server ssh_remove_small_moduli service ssh restart echo 'regenerate_ssh_keys' >> $COMPLETION_FILE } function configure_dns { if grep -Fxq "configure_dns" $COMPLETION_FILE; then return fi echo 'domain localdomain' > /etc/resolv.conf echo 'search localdomain' >> /etc/resolv.conf echo "nameserver $NAMESERVER1" >> /etc/resolv.conf echo "nameserver $NAMESERVER2" >> /etc/resolv.conf echo 'configure_dns' >> $COMPLETION_FILE } function set_your_domain_name { if grep -Fxq "set_your_domain_name" $COMPLETION_FILE; then return fi echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname hostname $DEFAULT_DOMAIN_NAME if grep -q "127.0.1.1" /etc/hosts; then sed -i "s/127.0.1.1.*/127.0.1.1 $DEFAULT_DOMAIN_NAME/g" /etc/hosts else echo "127.0.1.1 $DEFAULT_DOMAIN_NAME" >> /etc/hosts fi echo 'set_your_domain_name' >> $COMPLETION_FILE } function time_synchronisation { if grep -Fxq "time_synchronisation" $COMPLETION_FILE; then return fi # mesh peers typically don't sync over the internet if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi #apt-get -y install tlsdate # building tlsdate from source is a workaround because of # this bug https://github.com/ioerror/tlsdate/issues/130 apt-get -y install build-essential automake git pkg-config autoconf libtool libssl-dev libevent-dev if [ ! -d $INSTALL_DIR ]; then mkdir $INSTALL_DIR fi cd $INSTALL_DIR git clone https://github.com/ioerror/tlsdate.git cd $INSTALL_DIR/tlsdate ./autogen.sh ./configure make make install cp /usr/local/bin/tlsdate* /usr/bin cp /usr/local/sbin/tlsdate* /usr/bin apt-get -y remove ntpdate echo '#!/bin/bash' > /usr/bin/updatedate echo "TIMESOURCE='TLS_TIME_SOURCE1'" >> /usr/bin/updatedate echo "TIMESOURCE2='TLS_TIME_SOURCE2'" >> /usr/bin/updatedate echo 'LOGFILE=/var/log/tlsdate.log' >> /usr/bin/updatedate echo 'TIMEOUT=5' >> /usr/bin/updatedate echo "EMAIL=$MY_EMAIL_ADDRESS" >> /usr/bin/updatedate echo '# File which contains the previous date as a number' >> /usr/bin/updatedate echo 'BEFORE_DATE_FILE=/var/log/tlsdateprevious.txt' >> /usr/bin/updatedate echo '# File which contains the previous date as a string' >> /usr/bin/updatedate echo 'BEFORE_FULLDATE_FILE=/var/log/tlsdate.txt' >> /usr/bin/updatedate echo 'DATE_BEFORE=$(date)' >> /usr/bin/updatedate echo 'BEFORE=$(date "+%s")' >> /usr/bin/updatedate echo 'BACKWARDS_BETWEEN=0' >> /usr/bin/updatedate echo 're="^[0-9]+$"' >> /usr/bin/updatedate echo '# If the date was previously set' >> /usr/bin/updatedate echo 'if [ -s "$BEFORE_DATE_FILE" ]; then' >> /usr/bin/updatedate echo ' filesize=$(wc -c "$BEFORE_DATE_FILE" | cut -f 1 -d " ")' >> /usr/bin/updatedate echo ' if [ $filesize -ge 5 ]; then' >> /usr/bin/updatedate echo ' BEFORE_FILE=$(cat $BEFORE_DATE_FILE)' >> /usr/bin/updatedate echo ' if [[ $BEFORE_FILE =~ $re ]]; then' >> /usr/bin/updatedate echo ' BEFORE_FULLDATE=$(cat $BEFORE_FULLDATE_FILE)' >> /usr/bin/updatedate echo ' # is the date going backwards?' >> /usr/bin/updatedate echo ' if (( $BEFORE_FILE > $BEFORE )); then' >> /usr/bin/updatedate echo ' echo -n "Date went backwards between tlsdate updates. " >> $LOGFILE' >> /usr/bin/updatedate echo ' echo -n "$BEFORE_FILE > $BEFORE, " >> $LOGFILE' >> /usr/bin/updatedate echo ' echo "$BEFORE_FULLDATE > $DATE_BEFORE" >> $LOGFILE' >> /usr/bin/updatedate echo ' # Send a warning email' >> /usr/bin/updatedate echo ' echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate echo ' # Try another time source' >> /usr/bin/updatedate echo ' TIMESOURCE=$TIMESOURCE2' >> /usr/bin/updatedate echo ' # try running without any parameters' >> /usr/bin/updatedate echo ' tlsdate >> $LOGFILE' >> /usr/bin/updatedate echo ' BACKWARDS_BETWEEN=1' >> /usr/bin/updatedate echo ' fi' >> /usr/bin/updatedate echo ' fi' >> /usr/bin/updatedate echo ' fi' >> /usr/bin/updatedate echo 'fi' >> /usr/bin/updatedate echo '# Set the date' >> /usr/bin/updatedate echo '/usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE -p 443 >> $LOGFILE' >> /usr/bin/updatedate echo 'DATE_AFTER=$(date)' >> /usr/bin/updatedate echo 'AFTER=$(date "+%s")' >> /usr/bin/updatedate echo '# After setting the date did it go backwards?' >> /usr/bin/updatedate echo 'if (( $AFTER < $BEFORE )); then' >> /usr/bin/updatedate echo ' echo "Incorrect date: $DATE_BEFORE -> $DATE_AFTER" >> $LOGFILE' >> /usr/bin/updatedate echo ' # Send a warning email' >> /usr/bin/updatedate echo ' echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate echo ' # Try resetting the date from another time source' >> /usr/bin/updatedate echo ' /usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE2 -p 443 >> $LOGFILE' >> /usr/bin/updatedate echo ' DATE_AFTER=$(date)' >> /usr/bin/updatedate echo ' AFTER=$(date "+%s")' >> /usr/bin/updatedate echo 'else' >> /usr/bin/updatedate echo ' echo -n $TIMESOURCE >> $LOGFILE' >> /usr/bin/updatedate echo ' if [ -s "$BEFORE_DATE_FILE" ]; then' >> /usr/bin/updatedate echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate echo ' echo -n $BEFORE_FILE >> $LOGFILE' >> /usr/bin/updatedate echo ' fi' >> /usr/bin/updatedate echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate echo ' echo -n $BEFORE >> $LOGFILE' >> /usr/bin/updatedate echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate echo ' echo -n $AFTER >> $LOGFILE' >> /usr/bin/updatedate echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate echo ' echo $DATE_AFTER >> $LOGFILE' >> /usr/bin/updatedate echo 'fi' >> /usr/bin/updatedate echo '# Log the last date' >> /usr/bin/updatedate echo 'if [[ $BACKWARDS_BETWEEN == 0 ]]; then' >> /usr/bin/updatedate echo ' echo "$AFTER" > $BEFORE_DATE_FILE' >> /usr/bin/updatedate echo ' echo "$DATE_AFTER" > $BEFORE_FULLDATE_FILE' >> /usr/bin/updatedate echo ' exit 0' >> /usr/bin/updatedate echo 'else' >> /usr/bin/updatedate echo ' exit 1' >> /usr/bin/updatedate echo 'fi' >> /usr/bin/updatedate chmod +x /usr/bin/updatedate echo '*/15 * * * * root /usr/bin/updatedate' >> /etc/crontab service cron restart echo '#!/bin/bash' > /etc/init.d/tlsdate echo '# /etc/init.d/tlsdate' >> /etc/init.d/tlsdate echo '### BEGIN INIT INFO' >> /etc/init.d/tlsdate echo '# Provides: tlsdate' >> /etc/init.d/tlsdate echo '# Required-Start: $remote_fs $syslog' >> /etc/init.d/tlsdate echo '# Required-Stop: $remote_fs $syslog' >> /etc/init.d/tlsdate echo '# Default-Start: 2 3 4 5' >> /etc/init.d/tlsdate echo '# Default-Stop: 0 1 6' >> /etc/init.d/tlsdate echo '# Short-Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate echo '# Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate echo '### END INIT INFO' >> /etc/init.d/tlsdate echo '# Author: Bob Mottram ' >> /etc/init.d/tlsdate echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin"' >> /etc/init.d/tlsdate echo 'LOGFILE="/var/log/tlsdate.log"' >> /etc/init.d/tlsdate echo 'TLSDATECOMMAND="tlsdate --timewarp -l -H www.ptb.de -p 443 >> $LOGFILE"' >> /etc/init.d/tlsdate echo '#Start-Stop here' >> /etc/init.d/tlsdate echo 'case "$1" in' >> /etc/init.d/tlsdate echo ' start)' >> /etc/init.d/tlsdate echo ' echo "tlsdate started"' >> /etc/init.d/tlsdate echo ' $TLSDATECOMMAND' >> /etc/init.d/tlsdate echo ' ;;' >> /etc/init.d/tlsdate echo ' stop)' >> /etc/init.d/tlsdate echo ' echo "tlsdate stopped"' >> /etc/init.d/tlsdate echo ' ;;' >> /etc/init.d/tlsdate echo ' restart)' >> /etc/init.d/tlsdate echo ' echo "tlsdate restarted"' >> /etc/init.d/tlsdate echo ' $TLSDATECOMMAND' >> /etc/init.d/tlsdate echo ' ;;' >> /etc/init.d/tlsdate echo ' *)' >> /etc/init.d/tlsdate echo ' echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/tlsdate echo ' exit 1' >> /etc/init.d/tlsdate echo ' ;;' >> /etc/init.d/tlsdate echo 'esac' >> /etc/init.d/tlsdate echo 'exit 0' >> /etc/init.d/tlsdate chmod +x /etc/init.d/tlsdate update-rc.d tlsdate defaults echo 'time_synchronisation' >> $COMPLETION_FILE } function configure_firewall { if grep -Fxq "configure_firewall" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -P INPUT ACCEPT ip6tables -P INPUT ACCEPT iptables -F ip6tables -F iptables -t nat -F ip6tables -t nat -F iptables -X ip6tables -X iptables -P INPUT DROP ip6tables -P INPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # Make sure incoming tcp connections are SYN packets iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Drop packets with incoming fragments iptables -A INPUT -f -j DROP # Drop bogons iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP # Incoming malformed NULL packets: iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP echo 'configure_firewall' >> $COMPLETION_FILE } function configure_firewall_ping { if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then return fi # Only allow ping for mesh installs if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then return fi iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT save_firewall_settings echo 'configure_firewall_ping' >> $COMPLETION_FILE } function configure_firewall_for_voip { if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then return fi if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then return fi iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT save_firewall_settings echo 'configure_firewall_for_voip' >> $COMPLETION_FILE } function configure_firewall_for_ipfs { if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then return fi if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then return fi iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT save_firewall_settings echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE } function configure_firewall_for_avahi { if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then return fi if [[ $ENABLE_CJDNS != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_BABEL != "yes" ]]; then return fi iptables -A INPUT -p tcp --dport 548 -j ACCEPT iptables -A INPUT -p udp --dport 548 -j ACCEPT iptables -A INPUT -p tcp --dport 5353 -j ACCEPT iptables -A INPUT -p udp --dport 5353 -j ACCEPT iptables -A INPUT -p tcp --dport 5354 -j ACCEPT iptables -A INPUT -p udp --dport 5354 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE } function configure_firewall_for_cjdns { if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then return fi if [[ $ENABLE_CJDNS != "yes" ]]; then return fi ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT save_firewall_settings echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE } function configure_firewall_for_batman { if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then return fi if [[ $ENABLE_BATMAN != "yes" ]]; then return fi save_firewall_settings echo 'configure_firewall_for_batman' >> $COMPLETION_FILE } function configure_firewall_for_babel { if grep -Fxq "configure_firewall_for_babel" $COMPLETION_FILE; then return fi if [[ $ENABLE_BABEL != "yes" ]]; then return fi iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $BABEL_PORT -j ACCEPT save_firewall_settings echo 'configure_firewall_for_babel' >> $COMPLETION_FILE } function configure_firewall_for_zeronet { if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then return fi if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then return fi iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE } function configure_firewall_for_dlna { if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then return fi iptables -A INPUT -p udp --dport 1900 -j ACCEPT iptables -A INPUT -p tcp --dport 8200 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE } function configure_firewall_for_dns { if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_dns' >> $COMPLETION_FILE } function configure_firewall_for_xmpp { if [ ! -d /etc/prosody ]; then return fi if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT iptables -A INPUT -p tcp --dport 5269 -j ACCEPT iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE } function configure_firewall_for_irc { if [ ! -d /etc/ngircd ]; then return fi if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT iptables -A INPUT -p tcp --dport 9999 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_irc' >> $COMPLETION_FILE } function configure_firewall_for_ftp { if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -I INPUT -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE } function configure_firewall_for_web_access { if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE } function configure_firewall_for_web_server { if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE } function configure_firewall_for_tox { if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT save_firewall_settings echo 'configure_firewall_for_tox' >> $COMPLETION_FILE } function configure_firewall_for_ssh { if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT save_firewall_settings echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE } function configure_firewall_for_git { if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -A INPUT -p tcp --dport 9418 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_git' >> $COMPLETION_FILE } function configure_firewall_for_email { if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then return fi if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 587 -j ACCEPT iptables -A INPUT -p tcp --dport 465 -j ACCEPT iptables -A INPUT -p tcp --dport 993 -j ACCEPT save_firewall_settings echo 'configure_firewall_for_email' >> $COMPLETION_FILE } function configure_internet_protocol { if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then return fi if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf if ! grep -q "ignore pings" /etc/sysctl.conf; then echo '# ignore pings' >> /etc/sysctl.conf echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf fi if ! grep -q "disable ipv6" /etc/sysctl.conf; then echo '# disable ipv6' >> /etc/sysctl.conf echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf fi if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf fi if ! grep -q "keepalive" /etc/sysctl.conf; then echo '# keepalive' >> /etc/sysctl.conf echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf fi echo 'configure_internet_protocol' >> $COMPLETION_FILE } function configure_email { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "configure_email" $COMPLETION_FILE; then return fi apt-get -y remove postfix apt-get -y install exim4 sasl2-bin swaks libnet-ssleay-perl procmail if [ ! -d /etc/exim4 ]; then echo "ERROR: Exim does not appear to have installed. $CHECK_MESSAGE" exit 48 fi # configure for Maildir format sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs if ! grep -q "export MAIL" /etc/profile; then echo 'export MAIL=~/Maildir' >> /etc/profile fi sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf echo "dc_other_hostnames='$DEFAULT_DOMAIN_NAME'" >> /etc/exim4/update-exim4.conf.conf echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf RELAY_NETS=$(echo $LOCAL_NETWORK_STATIC_IP_ADDRESS | awk -F '.' '{print $1 "." $2 "." $3 ".0/24"}') echo "dc_relay_nets='$RELAY_NETS'" >> /etc/exim4/update-exim4.conf.conf echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf update-exim4.conf sed -i "s/START=no/START=yes/g" /etc/default/saslauthd /etc/init.d/saslauthd start # make a tls certificate for email if [ ! -f /etc/ssl/certs/exim.dhparam ]; then freedombone-addcert -h exim --dhkey $DH_KEYLENGTH check_certificates exim fi cp /etc/ssl/private/exim.key /etc/exim4 cp /etc/ssl/certs/exim.crt /etc/exim4 cp /etc/ssl/certs/exim.dhparam /etc/exim4 chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DEFAULT_DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4 if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template fi adduser $MY_USERNAME sasl addgroup Debian-exim sasl /etc/init.d/exim4 restart if [ ! -d /etc/skel/Maildir ]; then mkdir -m 700 /etc/skel/Maildir mkdir -m 700 /etc/skel/Maildir/Sent mkdir -m 700 /etc/skel/Maildir/Sent/tmp mkdir -m 700 /etc/skel/Maildir/Sent/cur mkdir -m 700 /etc/skel/Maildir/Sent/new mkdir -m 700 /etc/skel/Maildir/.learn-spam mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur mkdir -m 700 /etc/skel/Maildir/.learn-spam/new mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp mkdir -m 700 /etc/skel/Maildir/.learn-ham mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur mkdir -m 700 /etc/skel/Maildir/.learn-ham/new mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham fi if [ ! -d /home/$MY_USERNAME/Maildir ]; then mkdir -m 700 /home/$MY_USERNAME/Maildir mkdir -m 700 /home/$MY_USERNAME/Maildir/cur mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp mkdir -m 700 /home/$MY_USERNAME/Maildir/new mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir fi echo 'configure_email' >> $COMPLETION_FILE } function create_procmail { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "create_procmail" $COMPLETION_FILE; then return fi if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc fi echo 'create_procmail' >> $COMPLETION_FILE } function spam_filtering { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "spam_filtering" $COMPLETION_FILE; then return fi apt-get -y install exim4-daemon-heavy apt-get -y install spamassassin sa-update -v sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template # This configuration is based on https://wiki.debian.org/DebianSpamAssassin sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data # procmail configuration echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc echo '| spamc' >> /home/$MY_USERNAME/.procmailrc echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc echo ':0' >> /home/$MY_USERNAME/.procmailrc echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc echo ':0' >> /home/$MY_USERNAME/.procmailrc echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc echo 'maybe-spam/' >> /home/$MY_USERNAME/.procmailrc echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc echo ':0' >> /home/$MY_USERNAME/.procmailrc echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc echo 'spam/' >> /home/$MY_USERNAME/.procmailrc chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc # filtering scripts echo '#!/bin/bash' > /usr/bin/filterspam echo 'USERNAME=$1' >> /usr/bin/filterspam echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam echo ' exit' >> /usr/bin/filterspam echo 'fi' >> /usr/bin/filterspam echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam echo 'do' >> /usr/bin/filterspam echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam echo 'done' >> /usr/bin/filterspam echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam echo 'do' >> /usr/bin/filterspam echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam echo 'done' >> /usr/bin/filterspam echo '#!/bin/bash' > /usr/bin/filterham echo 'USERNAME=$1' >> /usr/bin/filterham echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham echo ' exit' >> /usr/bin/filterham echo 'fi' >> /usr/bin/filterham echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham echo 'do' >> /usr/bin/filterham echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham echo 'done' >> /usr/bin/filterham echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterham echo 'do' >> /usr/bin/filterham echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham echo 'done' >> /usr/bin/filterham if ! grep -q "filterspam" /etc/crontab; then echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam $MY_USERNAME" >> /etc/crontab fi if ! grep -q "filterham" /etc/crontab; then echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham $MY_USERNAME" >> /etc/crontab fi chmod 655 /usr/bin/filterspam /usr/bin/filterham sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf # user preferences if [ ! -d /home/$MY_USERNAME/.spamassassin ]; then mkdir /home/$MY_USERNAME/.spamassassin echo '# How many points before a mail is considered spam.' > /home/$MY_USERNAME/.spamassassin/user_prefs echo '# required_score 5' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# Whitelist and blacklist addresses are now file-glob-style patterns, so' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# whitelist_from someone@somewhere.com' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# Add your own customised scores for some tests below. The default scores are' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# read from the installed spamassassin rules files, but you can override them' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# here. To see the list of tests and their default scores, go to' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# http://spamassassin.apache.org/tests.html .' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '#' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# score SYMBOLIC_TEST_NAME n.nn' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# definitely want to uncomment the following lines. They will switch off some' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# rules that detect 8-bit characters, which commonly trigger on mails using CJK' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# character sets, or that assume a western-style charset is in use. ' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# ' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# score HTML_COMMENT_8BITS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# score UPPERCASE_25_50 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# score UPPERCASE_50_75 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# score UPPERCASE_75_100 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# score OBSCURED_EMAIL 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# Speakers of any language that uses non-English, accented characters may wish' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# to uncomment the following lines. They turn off rules that fire on' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# misformatted messages generated by common mail apps in contravention of the' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# email RFCs.' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs echo '# score SUBJ_ILLEGAL_CHARS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs fi # this must be accessible by root chown -R $MY_USERNAME:root /home/$MY_USERNAME/.spamassassin service spamassassin restart service exim4 restart service cron restart echo 'spam_filtering' >> $COMPLETION_FILE } function configure_imap { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "configure_imap" $COMPLETION_FILE; then return fi dpkg -P dovecot-imapd dpkg -P dovecot-core apt-get -y install dovecot-imapd if [ ! -d /etc/dovecot ]; then echo "ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE" exit 48 fi if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then freedombone-addcert -h dovecot --dhkey $DH_KEYLENGTH check_certificates dovecot fi chown root:dovecot /etc/ssl/certs/dovecot.* chown root:dovecot /etc/ssl/private/dovecot.* if [ ! -f /etc/dovecot/conf.d/10-ssl.conf ]; then echo 'Unable to find /etc/dovecot/conf.d/10-ssl.conf' exit 83629 fi sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf sed -i 's|ssl = no|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf sed -i 's|ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf sed -i 's|#ssl_cert =.*|ssl_cert = > /etc/dovecot/conf.d/10-ssl.conf if [ ! -f /etc/dovecot/conf.d/10-master.conf ]; then echo 'Unable to find /etc/dovecot/conf.d/10-master.conf' exit 49259 fi sed -i 's/#process_limit =.*/process_limit = 100/g' /etc/dovecot/conf.d/10-master.conf sed -i 's/#default_client_limit.*/default_client_limit = 100/g' /etc/dovecot/conf.d/10-master.conf sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf if [ ! -f /etc/dovecot/conf.d/10-logging.conf ]; then echo 'Unable to find /etc/dovecot/conf.d/10-logging.conf' exit 48936 fi sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf if [ ! -f /etc/dovecot/dovecot.conf ]; then echo 'Unable to find /etc/dovecot/dovecot.conf' exit 43890 fi sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf if [ ! -f /etc/dovecot/conf.d/10-auth.conf ]; then echo 'Unable to find /etc/dovecot/conf.d/10-auth.conf' exit 843256 fi sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf if [ ! -f /etc/dovecot/conf.d/10-mail.conf ]; then echo 'Unable to find /etc/dovecot/conf.d/10-mail.conf' exit 42036 fi sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf # This long notify interval makes the system more suited for use with # battery powered mobile devices sed -i 's|#imap_idle_notify_interval =.*|imap_idle_notify_interval = 29|g' /etc/dovecot/conf.d/20-imap.conf service dovecot restart echo 'configure_imap' >> $COMPLETION_FILE } function configure_imap_client_certs { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "configure_imap_client_certs" $COMPLETION_FILE; then return fi # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/ sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf sed -i "s|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt|g" /etc/dovecot/conf.d/10-ssl.conf sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then echo '' >> /etc/dovecot/conf.d/10-auth.conf echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf echo ' driver = passwd-file' >> /etc/dovecot/conf.d/10-auth.conf echo ' args = /etc/dovecot/passwd-file' >> /etc/dovecot/conf.d/10-auth.conf echo ' deny = no' >> /etc/dovecot/conf.d/10-auth.conf echo ' master = no' >> /etc/dovecot/conf.d/10-auth.conf echo ' pass = no' >> /etc/dovecot/conf.d/10-auth.conf echo '}' >> /etc/dovecot/conf.d/10-auth.conf fi # make a CA cert if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then freedombone-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH fi # CA configuration echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf echo '' >> /etc/ssl/dovecot-ca.cnf echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf echo '' >> /etc/ssl/dovecot-ca.cnf echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf echo '' >> /etc/ssl/dovecot-ca.cnf echo '[ dovecot-ca_policy ]' >> /etc/ssl/dovecot-ca.cnf echo 'commonName = supplied' >> /etc/ssl/dovecot-ca.cnf echo 'stateOrProvinceName = supplied' >> /etc/ssl/dovecot-ca.cnf echo 'countryName = supplied' >> /etc/ssl/dovecot-ca.cnf echo 'emailAddress = optional' >> /etc/ssl/dovecot-ca.cnf echo 'organizationName = supplied' >> /etc/ssl/dovecot-ca.cnf echo 'organizationalUnitName = optional' >> /etc/ssl/dovecot-ca.cnf echo '' >> /etc/ssl/dovecot-ca.cnf echo '[ dovecot-ca_extensions ]' >> /etc/ssl/dovecot-ca.cnf echo 'basicConstraints = CA:false' >> /etc/ssl/dovecot-ca.cnf echo 'subjectKeyIdentifier = hash' >> /etc/ssl/dovecot-ca.cnf echo 'authorityKeyIdentifier = keyid:always' >> /etc/ssl/dovecot-ca.cnf echo 'keyUsage = digitalSignature,keyEncipherment' >> /etc/ssl/dovecot-ca.cnf echo 'extendedKeyUsage = clientAuth' >> /etc/ssl/dovecot-ca.cnf if [ -f /etc/ssl/ssldb ]; then rm /etc/ssl/ssldb fi if [ -f /etc/ssl/sslserial ]; then rm /etc/ssl/sslserial fi touch /etc/ssl/ssldb echo 0001 > /etc/ssl/sslserial #freedombone-clientcert -u $MY_USERNAME service dovecot restart echo 'configure_imap_client_certs' >> $COMPLETION_FILE } function create_gpg_subkey { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "create_gpg_subkey" $COMPLETION_FILE; then return fi apt-get -y install gnupg GPG_KEY_USAGE=$1 if [[ $GPG_KEY_USAGE != "sign" && $GPG_KEY_USAGE != "auth" && $GPG_KEY_USAGE != "encrypt" ]]; then echo "Unknown subkey usage: $GPG_KEY_USAGE" echo 'Available types: sign|auth|encrypt' exit 14783 fi KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g') # Generate a GPG subkey # Here a 2048bit length is used to be compatible with yubikey echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf echo "Key-Grip: $KEYGRIP" > /home/$MY_USERNAME/gpg-genkey.conf echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Subkey-Length: 2048' >> /home/$MY_USERNAME/gpg-genkey.conf echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME shred -zu /home/$MY_USERNAME/gpg-genkey.conf MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') echo 'create_gpg_subkey' >> $COMPLETION_FILE } function configure_gpg { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "configure_gpg" $COMPLETION_FILE; then return fi apt-get -y install gnupg # if gpg keys directory was previously imported from usb if [[ $GPG_KEYS_IMPORTED == "yes" && -d /home/$MY_USERNAME/.gnupg ]]; then sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg chmod 700 /home/$MY_USERNAME/.gnupg chmod 600 /home/$MY_USERNAME/.gnupg/* echo 'configure_gpg' >> $COMPLETION_FILE return fi if [ ! -d /home/$MY_USERNAME/.gnupg ]; then mkdir /home/$MY_USERNAME/.gnupg echo 'keyserver hkp://keys.gnupg.net' >> /home/$MY_USERNAME/.gnupg/gpg.conf echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf fi sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf if ! grep -q "# default preferences" /home/$MY_USERNAME/.gnupg/gpg.conf; then echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf fi chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg chmod 700 /home/$MY_USERNAME/.gnupg chmod 600 /home/$MY_USERNAME/.gnupg/* if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then # use your existing GPG keys which were exported if [ ! -f $MY_GPG_PUBLIC_KEY ]; then echo "GPG public key file $MY_GPG_PUBLIC_KEY was not found" exit 5 fi if [ ! -f $MY_GPG_PRIVATE_KEY ]; then echo "GPG private key file $MY_GPG_PRIVATE_KEY was not found" exit 6 fi su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME # for security ensure that the private key file doesn't linger around shred -zu $MY_GPG_PRIVATE_KEY MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') else # Generate a GPG key echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME shred -zu /home/$MY_USERNAME/gpg-genkey.conf MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME if grep -q "configure_email" $COMPLETION_FILE; then if ! grep -q "Change your GPG password" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Change your GPG password' >> /home/$MY_USERNAME/README echo '========================' >> /home/$MY_USERNAME/README echo "It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README echo "if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README echo 'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README echo 'You can change the it with:' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README echo ' passwd' >> /home/$MY_USERNAME/README echo ' save' >> /home/$MY_USERNAME/README echo ' quit' >> /home/$MY_USERNAME/README fi if ! grep -q "Publish your GPG public key" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Publish your GPG public key' >> /home/$MY_USERNAME/README echo '===========================' >> /home/$MY_USERNAME/README echo 'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README echo 'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README fi chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi fi echo 'configure_gpg' >> $COMPLETION_FILE } function configure_backup_key { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "configure_backup_key" $COMPLETION_FILE; then return fi if [[ $BACKUP_TYPE != 'obnam' ]]; then return fi apt-get -y install gnupg BACKUP_KEY_EXISTS=$(gpg --list-keys "$MY_NAME (backup key)") if [ $BACKUP_KEY_EXISTS != *"error"* ]; then return fi # Generate a GPG key for backups BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME) if [ $BACKUP_KEY_EXISTS == *"error"* ]; then echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME shred -zu /home/$MY_USERNAME/gpg-genkey.conf BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME) if [ ! "$?" = "0" ]; then echo 'Backup key could not be created' exit 43382 fi fi MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') echo "Backup key: $MY_BACKUP_KEY_ID" MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key su -c "gpg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME su -c "gpg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then echo 'Public backup key could not be exported' exit 36829 fi if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then echo 'Private backup key could not be exported' exit 29235 fi # import backup key to root user gpg --import --import ${MY_BACKUP_KEY}_public.asc gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc shred -zu ${MY_BACKUP_KEY}_public.asc shred -zu ${MY_BACKUP_KEY}_private.asc echo 'configure_backup_key' >> $COMPLETION_FILE } function encrypt_incoming_email { # encrypts incoming mail using your GPG public key # so even if an attacker gains access to the data at rest they still need # to know your GPG key password to be able to read anything if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then return fi if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then return fi if [ ! -f /usr/bin/gpgit.pl ]; then apt-get -y install git libmail-gnupg-perl cd $INSTALL_DIR git clone https://github.com/mikecardwell/gpgit cd gpgit cp gpgit.pl /usr/bin fi # add a procmail rule if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then echo '' >> /home/$MY_USERNAME/.procmailrc echo ':0 f' >> /home/$MY_USERNAME/.procmailrc echo "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc fi echo 'encrypt_incoming_email' >> $COMPLETION_FILE } function encrypt_outgoing_email { # encrypts outgoing mail using your GPG public key # so even if an attacker gains access to the data at rest they still need # to know your GPG key password to be able to read sent mail if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then return fi if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then return fi if [ ! -d /home/$MY_USERNAME/.gnupg ]; then return fi if [ ! -f /home/$MY_USERNAME/.muttrc ]; then return fi # obtain your public key ID if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then return fi fi if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then echo '' >> /home/$MY_USERNAME/.muttrc echo '# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc else sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc fi if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc else sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc fi echo 'encrypt_outgoing_email' >> $COMPLETION_FILE } function encrypt_all_email { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "encrypt_all_email" $COMPLETION_FILE; then return fi if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then return fi echo '#!/bin/bash' > /usr/bin/encmaildir echo '#' >> /usr/bin/encmaildir echo '# GPLv2' >> /usr/bin/encmaildir echo '# GPG Encrypt a Maildir using gpgit.pl' >> /usr/bin/encmaildir echo '# Oct 03, 2014' >> /usr/bin/encmaildir echo '#' >> /usr/bin/encmaildir echo '# Change log:' >> /usr/bin/encmaildir echo '# Sep 03, 2011' >> /usr/bin/encmaildir echo '# - Temporary file is based on file_owner to avoid' >> /usr/bin/encmaildir echo '# issues with permission differences.' >> /usr/bin/encmaildir echo '# - Temporary file is removed after run.' >> /usr/bin/encmaildir echo '# - Optional arguments passed to "find".' >> /usr/bin/encmaildir echo '# - Full paths to binaries.' >> /usr/bin/encmaildir echo '# - Removed unneccessary need of "cat", "grep", etc.' >> /usr/bin/encmaildir echo '# Sep 04, 2011' >> /usr/bin/encmaildir echo '# - Dont remove Dovecot index/uid unless messages' >> /usr/bin/encmaildir echo '# have been GPG encrypted.' >> /usr/bin/encmaildir echo '# - Adjust file tests to not just use -e' >> /usr/bin/encmaildir echo '# - Quote all file operations' >> /usr/bin/encmaildir echo '# Sep 05, 2011' >> /usr/bin/encmaildir echo '# - Dont arbitrarily copy files, only overwrite the file' >> /usr/bin/encmaildir echo '# in ~/Maildir if it differs after calling gpgencmail.pl' >> /usr/bin/encmaildir echo '# - Only rebuild the index if we have modified ~/Maildir' >> /usr/bin/encmaildir echo '# Oct 03, 2014' >> /usr/bin/encmaildir echo '# - Minor modifications for use with Freedombone' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo 'if [[ -z "$1" || -z "$2" || -z "$3" ]]; then' >> /usr/bin/encmaildir echo ' echo "Usage is ./encmaildir.sh {optional arguments passed to find for messages such as -mtime 0}"' >> /usr/bin/encmaildir echo ' exit 0' >> /usr/bin/encmaildir echo 'fi' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo 'MAIL_DIR=$1' >> /usr/bin/encmaildir echo 'EMAIL_ADDRESS=$2' >> /usr/bin/encmaildir echo 'USERNAME=$3' >> /usr/bin/encmaildir echo 'if [ ! -d "$MAIL_DIR" ]; then' >> /usr/bin/encmaildir echo " MAIL_DIR='/home/$MY_USERNAME/Maildir'" >> /usr/bin/encmaildir echo 'fi' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo 'if [ ! $EMAIL_ADDRESS ]; then' >> /usr/bin/encmaildir echo " EMAIL_ADDRESS='$MY_EMAIL_ADDRESS'" >> /usr/bin/encmaildir echo 'fi' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo 'if [ ! $USERNAME ]; then' >> /usr/bin/encmaildir echo " USERNAME='$MY_USERNAME'" >> /usr/bin/encmaildir echo 'fi' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo '# Does this key exist?' >> /usr/bin/encmaildir echo 'gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1' >> /usr/bin/encmaildir echo 'if [ $? -gt 0 ]; then' >> /usr/bin/encmaildir echo ' echo "A GPG key for $EMAIL_ADDRESS could not be found!"' >> /usr/bin/encmaildir echo ' exit 0' >> /usr/bin/encmaildir echo 'fi' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo '# Find all files in the Maildir specified.' >> /usr/bin/encmaildir echo 'echo "Calling find"' >> /usr/bin/encmaildir echo -n 'find "$MAIL_DIR" -type f -regex ' >> /usr/bin/encmaildir echo -n "'.*/\(cur\|new\)/.*' " >> /usr/bin/encmaildir echo '$4|while read line; do' >> /usr/bin/encmaildir echo ' gpgit.pl --encrypt-mode prefer-inline "$EMAIL_ADDRESS" "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo ' # Check to see if there are differences between the existing' >> /usr/bin/encmaildir echo ' # Maildir file and what was created by gpgit.pl' >> /usr/bin/encmaildir echo ' diff -qa "$line" "/tmp/msg_$USERNAME" > /dev/null 2>&1;' >> /usr/bin/encmaildir echo ' if [ $? -gt 0 ]; then' >> /usr/bin/encmaildir echo ' # Preserve timestamps, set ownership.' >> /usr/bin/encmaildir echo ' chown $USERNAME:$USERNAME "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir echo ' chmod 600 "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir echo ' touch "/tmp/msg_$USERNAME" --reference="$line"' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo ' # Unlink the original Maildir message' >> /usr/bin/encmaildir echo ' unlink "$line"' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo ' # Strip message sizes, retain experimental flags' >> /usr/bin/encmaildir echo ' # and status flags, and copy the file over.' >> /usr/bin/encmaildir echo ' STRIPSIZES=$(/bin/echo "$line"|/bin/sed -e "s/W=[[:digit:]]*//" -e "s/S=[[:digit:]]*//" -e "s/,,//" -e "s/,:2/:2/")' >> /usr/bin/encmaildir echo ' cp -av "/tmp/msg_$USERNAME" "$STRIPSIZES"' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo ' #Indexes must be rebuilt, weve modified Maildir.' >> /usr/bin/encmaildir echo ' touch "/tmp/rebuild_index_$USERNAME"' >> /usr/bin/encmaildir echo ' else' >> /usr/bin/encmaildir echo ' echo "Not copying, no differences between /tmp/msg_$USERNAME and $line"' >> /usr/bin/encmaildir echo ' fi' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo ' # Remove the temporary file' >> /usr/bin/encmaildir echo ' unlink "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir echo 'done' >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo '# Remove Dovecot index and uids for regeneration.' >> /usr/bin/encmaildir echo 'if [ -f "/tmp/rebuild_index_$USERNAME" ]; then' >> /usr/bin/encmaildir echo ' echo "Removing Dovecot indexes and uids"' >> /usr/bin/encmaildir echo -n ' find "$MAIL_DIR" -type f -regex ' >> /usr/bin/encmaildir echo "'.*\(dovecot-\|dovecot\.\|\.uidvalidity\).*' -delete" >> /usr/bin/encmaildir echo '' >> /usr/bin/encmaildir echo ' # Remove the temporary file' >> /usr/bin/encmaildir echo ' unlink "/tmp/rebuild_index_$USERNAME"' >> /usr/bin/encmaildir echo 'else' >> /usr/bin/encmaildir echo ' echo "No messages found needing GPG encryption, not' >> /usr/bin/encmaildir echo ' echo "removing Dovecot indexes and UIDs."' >> /usr/bin/encmaildir echo 'fi' >> /usr/bin/encmaildir echo 'exit 0' >> /usr/bin/encmaildir chmod +x /usr/bin/encmaildir if [ ! /home/$MY_USERNAME/README ]; then touch /home/$MY_USERNAME/README fi if ! grep -q "If you have imported legacy email" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Encrypting legacy email' >> /home/$MY_USERNAME/README echo '=======================' >> /home/$MY_USERNAME/README echo 'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME/README echo 'then it can be encrypted with the command:' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo ' encmaildir' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME/README echo 'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME/README echo 'and may be better done on a faster machine.' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'encrypt_all_email' >> $COMPLETION_FILE } function email_client { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "email_client" $COMPLETION_FILE; then return fi apt-get -y install mutt-patched lynx abook if [ ! -f /etc/Muttrc ]; then echo "ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE" exit 49 fi if [ ! -d /home/$MY_USERNAME/.mutt ]; then mkdir /home/$MY_USERNAME/.mutt fi echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt echo 'set mbox_type=Maildir' >> /etc/Muttrc echo 'set folder="~/Maildir"' >> /etc/Muttrc echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc echo 'set mbox="~/Maildir"' >> /etc/Muttrc echo 'set record="+Sent"' >> /etc/Muttrc echo 'set postponed="+Drafts"' >> /etc/Muttrc echo 'set trash="+Trash"' >> /etc/Muttrc echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /etc/Muttrc echo 'set header_cache="+.cache"' >> /etc/Muttrc echo '' >> /etc/Muttrc echo 'macro index S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc echo 'macro pager S "=.learn-spam" "move to learn-spam"' >> /etc/Muttrc echo 'macro index H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc echo 'macro pager H "=.learn-ham" "copy to learn-ham"' >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# set up the sidebar' >> /etc/Muttrc echo 'set sidebar_width=22' >> /etc/Muttrc echo 'set sidebar_visible=yes' >> /etc/Muttrc echo "set sidebar_delim='|'" >> /etc/Muttrc echo 'set sidebar_sort=yes' >> /etc/Muttrc echo '' >> /etc/Muttrc echo 'set rfc2047_parameters' >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# Show inbox and sent items' >> /etc/Muttrc echo 'mailboxes = =Sent =maybe-spam =spam' >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc echo 'color sidebar_new yellow default' >> /etc/Muttrc echo 'color normal white default' >> /etc/Muttrc echo 'color hdrdefault brightcyan default' >> /etc/Muttrc echo 'color signature green default' >> /etc/Muttrc echo 'color attachment brightyellow default' >> /etc/Muttrc echo 'color quoted green default' >> /etc/Muttrc echo 'color quoted1 white default' >> /etc/Muttrc echo 'color tilde blue default' >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc echo '# ctrl-o to open selected folder' >> /etc/Muttrc echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc echo 'bind index \Cn sidebar-next' >> /etc/Muttrc echo 'bind index \Co sidebar-open' >> /etc/Muttrc echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc echo 'bind pager \Co sidebar-open' >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc echo "macro index,pager \Cb 'toggle sidebar_visible' 'toggle sidebar'" >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# esc-m Mark new messages as read' >> /etc/Muttrc echo 'macro index m "T~N;WNT~O;WO\CT~T" "mark all messages read"' >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# Collapsing threads' >> /etc/Muttrc echo 'macro index [ "" "collapse/uncollapse thread"' >> /etc/Muttrc echo 'macro index ] "" "collapse/uncollapse all threads"' >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# threads containing new messages' >> /etc/Muttrc echo 'uncolor index "~(~N)"' >> /etc/Muttrc echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# new messages themselves' >> /etc/Muttrc echo 'uncolor index "~N"' >> /etc/Muttrc echo 'color index brightyellow default "~N"' >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# GPG/PGP integration' >> /etc/Muttrc echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc echo 'set pgp_timeout=1800' >> /etc/Muttrc echo '' >> /etc/Muttrc echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc echo 'set fcc_clear=no # Keep encrypted copy of sent encrypted mail' >> /etc/Muttrc echo 'unset smime_is_default' >> /etc/Muttrc echo '' >> /etc/Muttrc echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc echo 'source ~/.mutt-alias' >> /etc/Muttrc echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc echo 'macro index,pager A "abook --add-email-quiet" "add the sender address to abook"' >> /etc/Muttrc # create an Emacs configuration specifically for use with Mutt, which # has word wrap and spell checking on by default echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$MY_USERNAME/.emacs-mutt echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs-mutt echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs-mutt echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs-mutt echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs-mutt echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs-mutt echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs-mutt echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs-mutt echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs-mutt echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs-mutt echo "(dolist (hook '(text-mode-hook))" >> /home/$MY_USERNAME/.emacs-mutt echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$MY_USERNAME/.emacs-mutt echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs-mutt echo '(setq auto-fill-mode 0)' >> /home/$MY_USERNAME/.emacs-mutt echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc touch /home/$MY_USERNAME/.mutt-alias chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs-mutt cp /home/$MY_USERNAME/.emacs-mutt /etc/skel chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias echo 'email_client' >> $COMPLETION_FILE } function email_archiving { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "email_archiving" $COMPLETION_FILE; then return fi if [ ! -d $INSTALL_DIR ]; then mkdir $INSTALL_DIR fi cd $INSTALL_DIR git clone https://github.com/bashrc/cleanup-maildir cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin echo '#!/bin/bash' > /etc/cron.daily/archivemail echo "MUTTRC=/home/$MY_USERNAME/.muttrc" >> /etc/cron.daily/archivemail echo "python /usr/bin/cleanup-maildir --archive-folder='archive' --maildir-root='/home/$MY_USERNAME/Maildir' archive ''" >> /etc/cron.daily/archivemail echo "chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir/archive-*" >> /etc/cron.daily/archivemail echo 'if [ -f $MUTTRC ]; then' >> /etc/cron.daily/archivemail echo ' MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /etc/cron.daily/archivemail echo ' BACKUP_DIRECTORY=archive-$(date +"%Y")' >> /etc/cron.daily/archivemail echo ' if [[ $MUTT_MAILBOXES != *$BACKUP_DIRECTORY* ]]; then' >> /etc/cron.daily/archivemail echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" $MUTTRC' >> /etc/cron.daily/archivemail echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /etc/cron.daily/archivemail echo ' fi' >> /etc/cron.daily/archivemail echo 'fi' >> /etc/cron.daily/archivemail echo 'exit 0' >> /etc/cron.daily/archivemail chmod +x /etc/cron.daily/archivemail echo 'email_archiving' >> $COMPLETION_FILE } # Ensure that the from field is correct when sending email from Mutt function email_from_address { if grep -Fxq "email_from_address" $COMPLETION_FILE; then return fi if [ ! -f /home/$MY_USERNAME/.muttrc ]; then return fi if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" /home/$MY_USERNAME/.muttrc else echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc fi echo 'email_from_address' >> $COMPLETION_FILE } function create_public_mailing_list { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then return fi if [ ! $PUBLIC_MAILING_LIST ]; then return fi # does the mailing list have a separate domain name? if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME fi PUBLIC_MAILING_LIST_USER="mlmmj" apt-get -y install mlmmj adduser --system $PUBLIC_MAILING_LIST_USER addgroup $PUBLIC_MAILING_LIST_USER adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER echo '' echo "Creating the $PUBLIC_MAILING_LIST mailing list" echo '' # create the list mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros # router echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj # transport echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs fi if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs fi if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs fi if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs fi if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary fi newaliases update-exim4.conf.template -r update-exim4.conf service exim4 restart if ! grep -q "$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Public mailing list' >> /home/$MY_USERNAME/README echo '===================' >> /home/$MY_USERNAME/README echo "To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README echo "cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi freedombone-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST" echo 'create_public_mailing_list' >> $COMPLETION_FILE } function create_private_mailing_list { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi # This installation doesn't work, results in ruby errors # There is currently no schleuder package for Debian jessie if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then return fi if [ ! $PRIVATE_MAILING_LIST ]; then return fi if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then echo 'The name of the private mailing list should not be the' echo 'same as your username' exit 10 fi if [ ! $MY_GPG_PUBLIC_KEY ]; then echo 'To create a private mailing list you need to specify a file' echo 'containing your exported GPG key within MY_GPG_PUBLIC_KEY at' echo 'the top of the script' exit 11 fi apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev gem install schleuder schleuder-fix-gem-dependencies schleuder-init-setup --gem # NOTE: this is version number sensitive and so might need changing ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive freedombone-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder chown -R schleuder:schleuder /var/lib/schleuder update-exim4.conf.template -r update-exim4.conf service exim4 restart useradd -d /var/schleuderlists -s /bin/false schleuder adduser Debian-exim schleuder usermod -a -G mail schleuder #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME echo 'create_private_mailing_list' >> $COMPLETION_FILE } function split_gpg_key_into_fragments { # split the gpg key into fragments if social key management is enabled if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then echo 'Splitting GPG key. You may need to enter your passphrase.' freedombone-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then echo 'Yhe GPG key could not be split' exit 86548 fi fi } function import_email { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi EMAIL_COMPLETE_MSG=' *** Freedombone mailbox installation is complete ***' if grep -Fxq "import_email" $COMPLETION_FILE; then if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then create_backup_script create_restore_script backup_to_friends_servers intrusion_detection split_gpg_key_into_fragments echo '' echo "$EMAIL_COMPLETE_MSG" if [ -d $USB_MOUNT ]; then umount $USB_MOUNT rm -rf $USB_MOUNT echo ' You can now remove the USB drive' fi exit 0 fi return fi if [ $IMPORT_MAILDIR ]; then if [ -d $IMPORT_MAILDIR ]; then echo 'Transfering email files' cp -r $IMPORT_MAILDIR /home/$MY_USERNAME chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir else echo "Email import directory $IMPORT_MAILDIR not found" exit 9 fi fi echo 'import_email' >> $COMPLETION_FILE if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then create_backup_script create_restore_script backup_to_friends_servers intrusion_detection split_gpg_key_into_fragments # unmount any attached usb drive echo '' echo "$EMAIL_COMPLETE_MSG" echo '' if [ -d $USB_MOUNT ]; then umount $USB_MOUNT rm -rf $USB_MOUNT echo ' You can now remove the USB drive' fi exit 0 fi } function install_web_server { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then return fi if grep -Fxq "install_web_server" $COMPLETION_FILE; then return fi # remove apache apt-get -y remove --purge apache2 if [ -d /etc/apache2 ]; then rm -rf /etc/apache2 fi # install nginx apt-get -y install nginx php5-fpm git # limit the number of php processes sed -i 's/; process.max = 128/process.max = 32/g' /etc/php5/fpm/php-fpm.conf sed -i 's/;process_control_timeout = 0/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf fi if [ ! -d /etc/nginx ]; then echo "ERROR: nginx does not appear to have installed. $CHECK_MESSAGE" exit 51 fi # Nginx settings echo 'user www-data;' > /etc/nginx/nginx.conf #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo 'events {' >> /etc/nginx/nginx.conf echo ' worker_connections 50;' >> /etc/nginx/nginx.conf echo ' # multi_accept on;' >> /etc/nginx/nginx.conf echo '}' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo 'http {' >> /etc/nginx/nginx.conf echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf echo ' # Note that the Owncloud web interface seems to require a rate of around 140r/s' >> /etc/nginx/nginx.conf echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf echo ' # Basic Settings' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' sendfile on;' >> /etc/nginx/nginx.conf echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf echo ' server_tokens off;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf echo ' # Logging Settings' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' ###' >> /etc/nginx/nginx.conf echo ' # Gzip Settings' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf echo ' gzip on;' >> /etc/nginx/nginx.conf echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf echo ' ##' >> /etc/nginx/nginx.conf echo '' >> /etc/nginx/nginx.conf echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf echo '}' >> /etc/nginx/nginx.conf # install a script to easily enable and disable nginx virtual hosts if [ ! -d $INSTALL_DIR ]; then mkdir $INSTALL_DIR fi cd $INSTALL_DIR git clone https://github.com/perusio/nginx_ensite cd $INSTALL_DIR/nginx_ensite cp nginx_* /usr/sbin nginx_dissite default echo 'install_web_server' >> $COMPLETION_FILE } function configure_php { sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini } function install_mariadb { if grep -Fxq "install_mariadb" $COMPLETION_FILE; then return fi apt-get -y install python-software-properties debconf-utils apt-get -y install software-properties-common apt-get -y update get_mariadb_password if [ ! $MARIADB_PASSWORD ]; then MARIADB_PASSWORD="$(openssl rand -base64 32)" echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE chmod 600 $DATABASE_PASSWORD_FILE echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'MariaDB / MySql' >> /home/$MY_USERNAME/README echo '===============' >> /home/$MY_USERNAME/README echo "Your MariaDB password is: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD" debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD" apt-get -y install mariadb-server apt-get -y remove --purge apache* if [ -d /etc/apache2 ]; then rm -rf /etc/apache2 echo 'Removed Apache installation after MariaDB install' fi if [ ! -d /etc/mysql ]; then echo "ERROR: mariadb-server does not appear to have installed. $CHECK_MESSAGE" exit 54 fi mysqladmin -u root password "$MARIADB_PASSWORD" echo 'install_mariadb' >> $COMPLETION_FILE } function backup_databases_script_header { if [ ! -f /usr/bin/backupdatabases ]; then # daily echo '#!/bin/sh' > /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo -n 'MYSQL_PASSWORD=$(cat ' >> /usr/bin/backupdatabases echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/backupdatabases echo 'umask 0077' >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases echo "if [ -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backupdatabases echo ' exit 1' >> /usr/bin/backupdatabases echo 'fi' >> /usr/bin/backupdatabases chmod 600 /usr/bin/backupdatabases chmod +x /usr/bin/backupdatabases echo '#!/bin/sh' > /etc/cron.daily/backupdatabasesdaily echo '/usr/bin/backupdatabases' >> /etc/cron.daily/backupdatabasesdaily chmod 600 /etc/cron.daily/backupdatabasesdaily chmod +x /etc/cron.daily/backupdatabasesdaily # weekly echo '#!/bin/sh' > /etc/cron.weekly/backupdatabasesweekly echo '' >> /etc/cron.weekly/backupdatabasesweekly echo 'umask 0077' >> /etc/cron.weekly/backupdatabasesweekly chmod 600 /etc/cron.weekly/backupdatabasesweekly chmod +x /etc/cron.weekly/backupdatabasesweekly # monthly echo '#!/bin/sh' > /etc/cron.monthly/backupdatabasesmonthly echo '' >> /etc/cron.monthly/backupdatabasesmonthly echo 'umask 0077' >> /etc/cron.monthly/backupdatabasesmonthly chmod 600 /etc/cron.monthly/backupdatabasesmonthly chmod +x /etc/cron.monthly/backupdatabasesmonthly fi } function repair_databases_script { if grep -Fxq "repair_databases_script" $COMPLETION_FILE; then return fi if [ ! -f $DATABASE_PASSWORD_FILE ]; then return fi echo '#!/bin/bash' > /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo 'DATABASE=$1' >> /usr/bin/repairdatabase echo "EMAIL=$MY_EMAIL_ADDRESS" >> /usr/bin/repairdatabase echo "BACKUP_TYPE='daily'" >> /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo 'if [ $2 ]; then' >> /usr/bin/repairdatabase echo ' BACKUP_TYPE=$2' >> /usr/bin/repairdatabase echo 'fi' >> /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo -n 'MYSQL_ROOT_PASSWORD=$(cat ' >> /usr/bin/repairdatabase echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/repairdatabase echo 'TEMPFILE=/root/repairdatabase_$DATABASE' >> /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo 'umask 0077' >> /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo '# check the database' >> /usr/bin/repairdatabase echo 'mysqlcheck -c -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE > $TEMPFILE' >> /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo '# Attempt to repair the database if it contains errors' >> /usr/bin/repairdatabase echo 'if grep -q "Error" "$TEMPFILE"; then' >> /usr/bin/repairdatabase echo ' mysqlcheck -u root --password=$MYSQL_ROOT_PASSWORD --auto-repair $DATABASE' >> /usr/bin/repairdatabase echo 'else' >> /usr/bin/repairdatabase echo ' # No errors were found, so exit' >> /usr/bin/repairdatabase echo ' rm -f $TEMPFILE' >> /usr/bin/repairdatabase echo ' exit 0' >> /usr/bin/repairdatabase echo 'fi' >> /usr/bin/repairdatabase echo 'rm -f $TEMPFILE' >> /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo '# Check the database again' >> /usr/bin/repairdatabase echo 'mysqlcheck -c -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE > $TEMPFILE' >> /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo '# If it still contains errors then restore from backup' >> /usr/bin/repairdatabase echo 'if grep -q "Error" "$TEMPFILE"; then' >> /usr/bin/repairdatabase echo ' mysql -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE -o < /var/backups/${DATABASE}_${BACKUP_TYPE}.sql' >> /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo ' # Send a warning email' >> /usr/bin/repairdatabase echo ' echo "$DATABASE database corruption could not be repaired. Restored from backup." | mail -s "Freedombone database maintenance" $EMAIL' >> /usr/bin/repairdatabase echo ' rm -f $TEMPFILE' >> /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo ' exit 1' >> /usr/bin/repairdatabase echo 'fi' >> /usr/bin/repairdatabase echo 'rm -f $TEMPFILE' >> /usr/bin/repairdatabase echo '' >> /usr/bin/repairdatabase echo 'exit 0' >> /usr/bin/repairdatabase chmod 600 /usr/bin/repairdatabase chmod +x /usr/bin/repairdatabase echo '#!/bin/bash' > /etc/cron.hourly/repair echo '' >> /etc/cron.hourly/repair chmod 600 /etc/cron.hourly/repair chmod +x /etc/cron.hourly/repair echo 'repair_databases_script' >> $COMPLETION_FILE } function install_owncloud_music_app { if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "install_owncloud_music_app" $COMPLETION_FILE; then return fi if ! grep -Fxq "install_owncloud" $COMPLETION_FILE; then echo 'Tried to install the Owncloud music app, but Owncloud installation was not found' exit 9823 fi cd /usr/share/owncloud/apps git clone https://github.com/owncloud/music music if grep -q "Music player in Owncloud" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Music player in Owncloud' >> /home/$MY_USERNAME/README echo '========================' >> /home/$MY_USERNAME/README echo 'To enable the music app within ouwncloud log in to the Owncloud' >> /home/$MY_USERNAME/README echo 'administrator account then go to Apps on the left hand dropdown' >> /home/$MY_USERNAME/README echo 'menu and enable the music app. You can then log out and log back' >> /home/$MY_USERNAME/README echo 'in as your Owncloud user and select music from the left hand' >> /home/$MY_USERNAME/README echo 'dropdown menu.' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'install_owncloud_music_app' >> $COMPLETION_FILE } function add_ddns_domain { if [ ! $CURRENT_DDNS_DOMAIN ]; then echo 'ddns domain not specified' exit 5638 fi if [ ! -f /etc/inadyn.conf ]; then echo 'Unable to find inadyn configuration file /etc/inadyn.conf' exit 5745 fi if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then echo '' >> /etc/inadyn.conf echo "system $DDNS_PROVIDER" >> /etc/inadyn.conf echo ' ssl' >> /etc/inadyn.conf echo " checkip-url $GET_IP_ADDRESS_URL /" >> /etc/inadyn.conf if [ $DDNS_USERNAME ]; then echo " username $DDNS_USERNAME" >> /etc/inadyn.conf fi if [ $DDNS_PASSWORD ]; then echo " password $DDNS_PASSWORD" >> /etc/inadyn.conf fi fi if ! grep -q "$CURRENT_DDNS_DOMAIN" /etc/inadyn.conf; then echo " alias $CURRENT_DDNS_DOMAIN" >> /etc/inadyn.conf fi chmod 600 /etc/inadyn.conf service inadyn restart systemctl daemon-reload # clear the arguments CURRENT_DDNS_DOMAIN= } function install_owncloud { if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi OWNCLOUD_COMPLETION_MSG1=" *** Freedombone $SYSTEM_TYPE is now installed ***" OWNCLOUD_COMPLETION_MSG2="Open $OWNCLOUD_DOMAIN_NAME in a web browser to complete the setup" if grep -Fxq "install_owncloud" $COMPLETION_FILE; then if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then install_owncloud_music_app create_backup_script create_restore_script backup_to_friends_servers intrusion_detection split_gpg_key_into_fragments # unmount any attached usb drive if [ -d $USB_MOUNT ]; then umount $USB_MOUNT rm -rf $USB_MOUNT fi echo '' echo "$OWNCLOUD_COMPLETION_MSG1" echo "$OWNCLOUD_COMPLETION_MSG2" exit 0 fi return fi # if this is exclusively a cloud setup if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then if [ ! $DEFAULT_DOMAIN_NAME ]; then echo 'No default domain name when installing cloud variant' exit 5380 fi fi if [ ! $OWNCLOUD_DOMAIN_NAME ]; then echo 'No Owncloud domain name was specified' exit 3095 fi if [[ $SYSTEM_TYPE != "$VARIANT_CLOUD" ]]; then if [[ $SYSTEM_TYPE != "$VARIANT_FULL" ]]; then echo "Owncloud install did not recognise the system type $SYSTEM_TYPE" exit 6746 fi fi apt-get -y install owncloud apt-get -y remove --purge apache* if [ -d /etc/apache2 ]; then rm -rf /etc/apache2 echo 'Removed Apache installation after Owncloud install' fi install_mariadb get_mariadb_password get_mariadb_owncloud_admin_password if [ ! $OWNCLOUD_ADMIN_PASSWORD ]; then OWNCLOUD_ADMIN_PASSWORD="$(openssl rand -base64 32)" fi if ! grep -q "Owncloud database user" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Owncloud' >> /home/$MY_USERNAME/README echo '========' >> /home/$MY_USERNAME/README echo 'Owncloud database user: owncloudadmin' >> /home/$MY_USERNAME/README echo "Owncloud database password: $OWNCLOUD_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README echo 'Owncloud database name: owncloud' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'After creating an administrator account then create a user account via' >> /home/$MY_USERNAME/README echo "the Users dropdown menu entry. The username should be '$MY_USERNAME'." >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'On mobile devices you can download the Owncloud client via F-Droid.' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'To synchronise calendar entries with Android "install CalDAV Sync Adapter"' >> /home/$MY_USERNAME/README echo 'using F-Droid then go to settings/accounts and add a CalDav account with' >> /home/$MY_USERNAME/README echo "the URL https://$OWNCLOUD_DOMAIN_NAME/remote.php/caldav/principals/$MY_USERNAME" >> /home/$MY_USERNAME/README echo 'and the username and password shown above.' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo "create database owncloud; CREATE USER 'owncloudadmin'@'localhost' IDENTIFIED BY '$OWNCLOUD_ADMIN_PASSWORD'; GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloudadmin'@'localhost'; quit" > $INSTALL_DIR/batch.sql chmod 600 $INSTALL_DIR/batch.sql mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql shred -zu $INSTALL_DIR/batch.sql if [ ! -d /var/www/$OWNCLOUD_DOMAIN_NAME ]; then mkdir /var/www/$OWNCLOUD_DOMAIN_NAME fi if [ -d /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs ]; then rm -rf /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs fi ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs echo 'server {' > /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' listen 80;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " ssl_certificate /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " ssl_certificate_key /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " ssl_dhparam /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' fastcgi_param HTTPS on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo " # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME configure_php if [ ! -f /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam ]; then freedombone-addcert -h $OWNCLOUD_DOMAIN_NAME --dhkey $DH_KEYLENGTH check_certificates $OWNCLOUD_DOMAIN_NAME fi # Ensure that the database gets backed up locally, if remote # backups are not being used backup_databases_script_header echo '' >> /usr/bin/backupdatabases echo '# Backup Owncloud database' >> /usr/bin/backupdatabases echo 'TEMPFILE=/root/owncloud.sql' >> /usr/bin/backupdatabases echo 'DAILYFILE=/var/backups/owncloud_daily.sql' >> /usr/bin/backupdatabases echo 'mysqldump --password="$MYSQL_PASSWORD" owncloud > $TEMPFILE' >> /usr/bin/backupdatabases echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases echo ' mysql -u root --password="$MYSQL_PASSWORD" owncloud -o < $DAILYFILE' >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo ' # Send a warning email' >> /usr/bin/backupdatabases echo ' echo "Unable to create a backup of the Owncloud database. Attempted to restore from yesterdays backup" | mail -s "Owncloud backup" $EMAIL' >> /usr/bin/backupdatabases echo ' else' >> /usr/bin/backupdatabases echo ' # Send a warning email' >> /usr/bin/backupdatabases echo ' echo "Unable to create a backup of the Owncloud database." | mail -s "Owncloud backup" $EMAIL' >> /usr/bin/backupdatabases echo ' fi' >> /usr/bin/backupdatabases echo 'else' >> /usr/bin/backupdatabases echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases echo 'fi' >> /usr/bin/backupdatabases nginx_ensite $OWNCLOUD_DOMAIN_NAME service php5-fpm restart service nginx restart # update the dynamic DNS CURRENT_DDNS_DOMAIN=$OWNCLOUD_DOMAIN_NAME add_ddns_domain echo 'install_owncloud' >> $COMPLETION_FILE if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then install_owncloud_music_app create_backup_script create_restore_script backup_to_friends_servers intrusion_detection split_gpg_key_into_fragments # unmount any attached usb drive if [ -d $USB_MOUNT ]; then umount $USB_MOUNT rm -rf $USB_MOUNT fi echo '' echo "$OWNCLOUD_COMPLETION_MSG1" echo "$OWNCLOUD_COMPLETION_MSG2" exit 0 fi } function install_gogs { if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "install_gogs" $COMPLETION_FILE; then return fi if [ ! $GIT_DOMAIN_NAME ]; then return fi # http://gogs.io/docs/installation/install_from_source.md # add a gogs user account adduser --disabled-login --gecos 'Gogs' git # install Go apt-get -y install golang libpam0g-dev if ! grep -q "export GOPATH=/home/git/go" ~/.bashrc; then echo 'export GOPATH=/home/git/go' >> ~/.bashrc echo 'systemctl set-environment GOPATH=/home/git/go' >> ~/.bashrc fi . ~/.bashrc export GOPATH=/home/git/go if [ ! -d $GOPATH ]; then mkdir -p $GOPATH fi go get -u github.com/gpmgo/gopm if [ ! "$?" = "0" ]; then exit 479832 fi # clone the repo if [ ! -d $GOPATH/src/github.com/gogits ]; then mkdir -p $GOPATH/src/github.com/gogits fi cd $GOPATH/src/github.com/gogits git clone $GIT_DOMAIN_REPO cd gogs # install go get -u ./... go build if [ ! "$?" = "0" ]; then exit 546750 fi install_mariadb get_mariadb_password get_mariadb_git_admin_password if [ ! $GIT_ADMIN_PASSWORD ]; then GIT_ADMIN_PASSWORD="$(openssl rand -base64 32)" fi if ! grep -q "Gogs admin user password" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Gogs' >> /home/$MY_USERNAME/README echo '====' >> /home/$MY_USERNAME/README echo 'Database type: MySql' >> /home/$MY_USERNAME/README echo 'Database host: 127.0.0.1:3306' >> /home/$MY_USERNAME/README echo 'Database user: root' >> /home/$MY_USERNAME/README echo "Database password: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README echo 'Database name: gogs' >> /home/$MY_USERNAME/README echo 'Gogs admin user: gogsadmin' >> /home/$MY_USERNAME/README echo "Gogs admin user password: $GIT_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README echo "Gogs admin user email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Install Steps For First-time Run:' >> /home/$MY_USERNAME/README echo 'Leave email service settings empty' >> /home/$MY_USERNAME/README echo 'Check "Enable Register Confirmation"' >> /home/$MY_USERNAME/README echo 'Check "Enable Mail Notification"' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'After the initial install edit /home/git/go/src/github.com/gogits/gogs/custom/conf/app.ini' >> /home/$MY_USERNAME/README echo 'and within the [server] section set:' >> /home/$MY_USERNAME/README echo " DOMAIN = $GIT_DOMAIN_NAME" >> /home/$MY_USERNAME/README echo " ROOT_URL = http://$GIT_DOMAIN_NAME/" >> /home/$MY_USERNAME/README echo " SSH_PORT = $SSH_PORT" >> /home/$MY_USERNAME/README echo 'If you want to disable new account registrations then append the following:' >> /home/$MY_USERNAME/README echo ' [service]' >> /home/$MY_USERNAME/README echo ' DISABLE_REGISTRATION = true' >> /home/$MY_USERNAME/README echo 'Then restart with:' >> /home/$MY_USERNAME/README echo ' systemctl restart gogs' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo "Note that there's a usability/security trade-off made here." >> /home/$MY_USERNAME/README echo "In order to allow git clone via http we don't redirect everything" >> /home/$MY_USERNAME/README echo 'over https. Instead only critical things such as user login,' >> /home/$MY_USERNAME/README echo 'settings and admin are encrypted.' >> /home/$MY_USERNAME/README echo 'There are also potential security issues with cloning/pulling/pushing' >> /home/$MY_USERNAME/README echo 'code over http, since a determined adversary could inject malware' >> /home/$MY_USERNAME/README echo 'into the stream as it passes, so beware.' >> /home/$MY_USERNAME/README echo 'If you have a bought domain and a non-self signed cert then you' >> /home/$MY_USERNAME/README echo "should change /etc/nginx/sites-available/$GIT_DOMAIN_NAME to redirect everything over https." >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo "create database gogs; CREATE USER 'gogsadmin'@'localhost' IDENTIFIED BY '$GOGS_ADMIN_PASSWORD'; GRANT ALL PRIVILEGES ON gogs.* TO 'gogsadmin'@'localhost'; quit" > $INSTALL_DIR/batch.sql chmod 600 $INSTALL_DIR/batch.sql mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql shred -zu $INSTALL_DIR/batch.sql chmod 600 /home/git/go/src/github.com/gogits/gogs/custom/conf/app.ini chown -R git:git /home/git cp $GOPATH/src/github.com/gogits/gogs/scripts/systemd/gogs.service /etc/systemd/system sed -i 's|#After=mysqld.service|After=mysqld.service|g' /etc/systemd/system/gogs.service sed -i "s|WorkingDirectory=.*|WorkingDirectory=$GOPATH/src/github.com/gogits/gogs|g" /etc/systemd/system/gogs.service sed -i "s|ExecStart=.*|ExecStart=$GOPATH/src/github.com/gogits/gogs/gogs web|g" /etc/systemd/system/gogs.service sed -i "s|Environment.*|Environment=\"USER=git\" \"HOME=/home/git\" \"GOPATH=/home/git/go\"|g" /etc/systemd/system/gogs.service systemctl enable gogs systemctl daemon-reload systemctl restart gogs if [ ! -d /var/www/$GIT_DOMAIN_NAME ]; then mkdir /var/www/$GIT_DOMAIN_NAME fi if [ -d /var/www/$GIT_DOMAIN_NAME/htdocs ]; then rm -rf /var/www/$GIT_DOMAIN_NAME/htdocs fi echo 'server {' > /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' listen 80;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' location ^~ /user/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' location ^~ /admin/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' ssl on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " ssl_certificate /etc/ssl/certs/$GIT_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " ssl_certificate_key /etc/ssl/private/$GIT_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " ssl_dhparam /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' log_not_found off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME configure_php if [ ! -f /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam ]; then freedombone-addcert -h $GIT_DOMAIN_NAME --dhkey $DH_KEYLENGTH check_certificates $GIT_DOMAIN_NAME fi nginx_ensite $GIT_DOMAIN_NAME service php5-fpm restart service nginx restart # update the dynamic DNS CURRENT_DDNS_DOMAIN=$GIT_DOMAIN_NAME add_ddns_domain echo 'install_gogs' >> $COMPLETION_FILE } function tox_avahi { if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then return fi if grep -Fxq "tox_avahi" $COMPLETION_FILE; then return fi if [ ! -d /etc/avahi ]; then echo 'tox_avahi: avahi is not installed' exit 87359 fi # install a command to obtain the Tox ID cd $INSTALL_DIR git clone https://github.com/bashrc/toxid if [ ! -d $INSTALL_DIR/toxid ]; then exit 63921 fi cd $INSTALL_DIR/toxid make if [ ! "$?" = "0" ]; then exit 58432 fi make install toxavahi # publish regularly if ! grep -q "toxavahi" /etc/crontab; then echo "* * * * * root toxavahi > /dev/null" >> /etc/crontab fi systemctl restart avahi-daemon echo 'tox_avahi' >> $COMPLETION_FILE } function install_tox_node { if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then return fi if grep -Fxq "install_tox_node" $COMPLETION_FILE; then return fi # toxcore apt-get -y install build-essential libtool autotools-dev apt-get -y install automake checkinstall check git yasm apt-get -y install libsodium13 libsodium-dev libcap2-bin apt-get -y install libconfig9 libconfig-dev cd $INSTALL_DIR git clone $TOX_REPO cd $INSTALL_DIR/toxcore autoreconf -i ./configure --enable-daemon if [ ! "$?" = "0" ]; then exit 78467 fi make if [ ! "$?" = "0" ]; then exit 84562 fi make install cp /usr/local/lib/libtoxcore* /usr/lib/ if [ ! -f /usr/local/bin/tox-bootstrapd ]; then echo "File not found /usr/local/bin/tox-bootstrapd" exit 73862 fi useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd chmod 700 /var/lib/tox-bootstrapd if [ ! -f $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf ]; then echo "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf" exit 476835 fi # create configuration file echo "port = $TOX_PORT" > /etc/tox-bootstrapd.conf echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> /etc/tox-bootstrapd.conf echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> /etc/tox-bootstrapd.conf echo 'enable_ipv6 = true' >> /etc/tox-bootstrapd.conf echo 'enable_ipv4_fallback = true' >> /etc/tox-bootstrapd.conf echo 'enable_lan_discovery = true' >> /etc/tox-bootstrapd.conf echo 'enable_tcp_relay = true' >> /etc/tox-bootstrapd.conf echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> /etc/tox-bootstrapd.conf echo 'enable_motd = true' >> /etc/tox-bootstrapd.conf echo 'motd = "tox-bootstrapd"' >> /etc/tox-bootstrapd.conf if [ $TOX_NODES ]; then echo 'bootstrap_nodes = (' >> /etc/tox-bootstrapd.conf toxcount=0 while [ "x${TOX_NODES[toxcount]}" != "x" ] do toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}') toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}') toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}') toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}') toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}') echo "{ // $toxval_maintainer" >> /etc/tox-bootstrapd.conf if [[ $toxval_ipv6 != 'NONE' ]]; then echo " address = \"$toxval_ipv6\"" >> /etc/tox-bootstrapd.conf else echo " address = \"$toxval_ipv4\"" >> /etc/tox-bootstrapd.conf fi echo " port = $toxval_port" >> /etc/tox-bootstrapd.conf echo " public_key = \"$toxval_pubkey\"" >> /etc/tox-bootstrapd.conf toxcount=$(( $toxcount + 1 )) if [ "x${TOX_NODES[toxcount]}" != "x" ]; then echo "}," >> /etc/tox-bootstrapd.conf else echo "}" >> /etc/tox-bootstrapd.conf fi done echo ')' >> /etc/tox-bootstrapd.conf fi if [ ! -f $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then echo "File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service" exit 7359 fi cp $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/ enable_ipv6 systemctl daemon-reload systemctl enable tox-bootstrapd.service systemctl start tox-bootstrapd.service if [ ! "$?" = "0" ]; then systemctl status tox-bootstrapd.service exit 5846 fi systemctl restart tox-bootstrapd.service TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1) if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then echo 'Could not obtain the tox node public key' exit 6529 fi # save the public key for later reference echo "$TOX_PUBLIC_KEY" > $TOX_BOOTSTRAP_ID_FILE configure_firewall_for_tox if ! grep -q "Tox node" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Tox' >> /home/$MY_USERNAME/README echo '===' >> /home/$MY_USERNAME/README echo "Your Tox node public key is: $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README echo 'In the Toxic client you can connect to it with:' >> /home/$MY_USERNAME/README echo " /connect $DEFAULT_DOMAIN_NAME.local $TOX_PORT $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'install_tox_node' >> $COMPLETION_FILE } function install_tox_client { if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then return fi if grep -Fxq "install_tox_client" $COMPLETION_FILE; then return fi apt-get -y install libncursesw5-dev libconfig-dev cd $INSTALL_DIR git clone https://github.com/Tox/toxic cd $INSTALL_DIR/toxic make if [ ! -f $INSTALL_DIR/toxic/build/toxic ]; then exit 74872 fi make install su -c 'echo "n /nick $MY_USERNAME /exit " | /usr/bin/toxic -d' - $MY_USERNAME echo 'install_tox_client' >> $COMPLETION_FILE } function install_xmpp { if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "install_xmpp" $COMPLETION_FILE; then return fi apt-get -y install lua-sec apt-get -y install prosody if [ ! -d /etc/prosody ]; then echo "ERROR: prosody does not appear to have installed. $CHECK_MESSAGE" exit 52 fi if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then freedombone-addcert -h xmpp --dhkey $DH_KEYLENGTH check_certificates xmpp fi chown prosody:prosody /etc/ssl/private/xmpp.key chown prosody:prosody /etc/ssl/certs/xmpp.* cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua fi if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua fi if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua fi if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua fi if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua fi sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua fi ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua fi if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua fi if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua fi if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua fi if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua fi sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua fi if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua fi sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua service prosody restart touch /home/$MY_USERNAME/README if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then XMPP_PASSWORD="$(openssl rand -base64 8)" prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'XMPP' >> /home/$MY_USERNAME/README echo '====' >> /home/$MY_USERNAME/README echo "Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README echo 'You can change it with: ' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'install_xmpp' >> $COMPLETION_FILE } function install_watchdog_script { if grep -Fxq "install_watchdog_script" $COMPLETION_FILE; then return fi echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME # application specific stuff is added later chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab fi echo 'install_watchdog_script' >> $COMPLETION_FILE } function install_irc_server { if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "install_irc_server" $COMPLETION_FILE; then return fi apt-get -y install ngircd # for mesh peers also install an irc client if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then apt-get -y install irssi fi if [ ! -d /etc/ngircd ]; then echo "ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE" exit 53 fi if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then freedombone-addcert -h ngircd --dhkey $DH_KEYLENGTH check_certificates ngircd fi DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local" fi echo '**************************************************' > /etc/ngircd/motd echo '* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd echo '* *' >> /etc/ngircd/motd echo '* Freedom in the Cloud *' >> /etc/ngircd/motd echo '**************************************************' >> /etc/ngircd/motd sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf sed -i "s/;Ports =.*/Ports = $IRC_PORT, 9999/g" /etc/ngircd/ngircd.conf sed -i 's/;Name = #ngircd/Name = #freedombone/g' /etc/ngircd/ngircd.conf sed -i 's/;Topic = Our ngircd testing channel/Topic = Freedombone chat channel/g' /etc/ngircd/ngircd.conf sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf sed -i 's|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#freedombone.key|g' /etc/ngircd/ngircd.conf sed -i 's/;CloakHost = cloaked.host/CloakHost = freedombone/g' /etc/ngircd/ngircd.conf IRC_SALT="$(openssl rand -base64 32)" IRC_OPERATOR_PASSWORD="$(openssl rand -base64 8)" sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf # If we are on a mesh then DNS is not available if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf fi mkdir /var/run/ircd chown -R irc:irc /var/run/ircd mkdir /var/run/ngircd touch /var/run/ngircd/ngircd.pid chown -R irc:irc /var/run/ngircd systemctl restart ngircd # keep the daemon running echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME if ! grep -q "IRC Server" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'IRC Server' >> /home/$MY_USERNAME/README echo '==========' >> /home/$MY_USERNAME/README echo 'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README echo ' /join #freedombone' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'install_irc_server' >> $COMPLETION_FILE } function get_wiki_admin_password { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "Wiki password" /home/$MY_USERNAME/README; then WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi } function install_wiki { if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then return fi if grep -Fxq "install_wiki" $COMPLETION_FILE; then return fi if [ ! $WIKI_DOMAIN_NAME ]; then return fi apt-get -y install dokuwiki apt-get -y remove --purge apache* if [ -d /etc/apache2 ]; then rm -rf /etc/apache2 echo 'Removed Apache installation after Dokuwiki install' fi if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then mkdir /var/www/$WIKI_DOMAIN_NAME fi if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs fi if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then freedombone-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH check_certificates $WIKI_DOMAIN_NAME fi ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs mkdir /var/lib/dokuwiki/custom cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php chown www-data /var/lib/dokuwiki/custom chown www-data /var/lib/dokuwiki/custom/local.php chown -R www-data /etc/dokuwiki chown -R www-data /usr/share/dokuwiki/lib/ chmod 600 /var/lib/dokuwiki/custom/local.php chmod -R 755 /usr/share/dokuwiki/lib sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php # set the admin user sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php # disallow registration of new users if ! grep -q "disableactions" /etc/dokuwiki/local.php; then echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php fi if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php fi if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php fi if ! grep -q "authtype" /etc/dokuwiki/local.php; then echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php fi get_wiki_admin_password if [ ! $WIKI_ADMIN_PASSWORD ]; then WIKI_ADMIN_PASSWORD="$(openssl rand -base64 16)" fi HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php chmod 640 /var/lib/dokuwiki/acl/users.auth.php if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf fi if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf fi if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then echo 'webm video/webm' >> /etc/dokuwiki/mime.conf fi echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " ssl_certificate /etc/ssl/certs/$WIKI_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " ssl_certificate_key /etc/ssl/private/$WIKI_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " ssl_dhparam /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME configure_php nginx_ensite $WIKI_DOMAIN_NAME service php5-fpm restart service nginx restart # update the dynamic DNS CURRENT_DDNS_DOMAIN=$WIKI_DOMAIN_NAME add_ddns_domain # add some post-install instructions if ! grep -q "Wiki password" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Wiki' >> /home/$MY_USERNAME/README echo '====' >> /home/$MY_USERNAME/README echo "Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README echo "Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'install_wiki' >> $COMPLETION_FILE } function get_blog_admin_password { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "Your blog password is" /home/$MY_USERNAME/README; then FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi } function install_blog { if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "install_blog" $COMPLETION_FILE; then return fi if [ ! $FULLBLOG_DOMAIN_NAME ]; then echo 'The blog domain name was not specified' exit 5062 fi if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then mkdir /var/www/$FULLBLOG_DOMAIN_NAME fi cd /var/www/$FULLBLOG_DOMAIN_NAME git clone https://github.com/danpros/htmly htdocs chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then freedombone-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH check_certificates $FULLBLOG_DOMAIN_NAME fi echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " ssl_certificate /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " ssl_certificate_key /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " ssl_dhparam /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME configure_php # blog settings cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|site.url.*|site.url = 'https://$FULLBLOG_DOMAIN_NAME'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini # create a user password get_blog_admin_password if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 16)" echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'HTMLy Blog' >> /home/$MY_USERNAME/README echo '==========' >> /home/$MY_USERNAME/README echo "Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README echo "Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README echo "Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README echo 'Edit your blog title and time zone at:' >> /home/$MY_USERNAME/README echo " /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi # create a user echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo "password = '$FULLBLOG_ADMIN_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini nginx_ensite $FULLBLOG_DOMAIN_NAME service php5-fpm restart service nginx restart # update the dynamic DNS CURRENT_DDNS_DOMAIN=$FULLBLOG_DOMAIN_NAME add_ddns_domain echo 'install_blog' >> $COMPLETION_FILE } function install_gnu_social { if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then return fi if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if [ ! $MICROBLOG_DOMAIN_NAME ]; then echo 'No domain name was given for the microblog' exit 7359 fi install_mariadb get_mariadb_password repair_databases_script apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then mkdir /var/www/$MICROBLOG_DOMAIN_NAME fi if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then mkdir /var/www/$MICROBLOG_DOMAIN_NAME/htdocs fi cd $INSTALL_DIR git clone $MICROBLOG_REPO gnusocial rm -rf /var/www/$MICROBLOG_DOMAIN_NAME/htdocs mv gnusocial /var/www/$MICROBLOG_DOMAIN_NAME/htdocs chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/avatar chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/background chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/file chmod +x /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php get_mariadb_gnusocial_admin_password if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then MICROBLOG_ADMIN_PASSWORD="$(openssl rand -base64 32)" echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'GNU Social' >> /home/$MY_USERNAME/README echo '==========' >> /home/$MY_USERNAME/README echo "Your MariaDB gnusocial admin password is: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo "create database gnusocial; CREATE USER 'gnusocialadmin'@'localhost' IDENTIFIED BY '$MICROBLOG_ADMIN_PASSWORD'; GRANT ALL PRIVILEGES ON gnusocial.* TO 'gnusocialadmin'@'localhost'; quit" > $INSTALL_DIR/batch.sql chmod 600 $INSTALL_DIR/batch.sql mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql shred -zu $INSTALL_DIR/batch.sql if [ ! -f "/etc/aliases" ]; then touch /etc/aliases fi if grep -q "www-data: root" /etc/aliases; then echo 'www-data: root' >> /etc/aliases fi if grep -q "/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" /etc/aliases; then echo "*: /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" >> /etc/aliases fi newaliases # update the dynamic DNS CURRENT_DDNS_DOMAIN=$MICROBLOG_DOMAIN_NAME add_ddns_domain echo 'server {' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' listen 80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " error_log /var/log/nginx/${MICROBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' index index.php index.html index.htm;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' ssl on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' location ~* ^/(.*)\.(ico|css|js|gif|png|jpg|bmp|JPG|jpeg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' rewrite ^/(.*)$ /$1 break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' expires max;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo " error_log /var/log/nginx/${MICROBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME configure_php if [ ! -f /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam ]; then freedombone-addcert -h $MICROBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH check_certificates $MICROBLOG_DOMAIN_NAME fi # Ensure that the database gets backed up locally, if remote # backups are not being used backup_databases_script_header echo '' >> /usr/bin/backupdatabases echo '# Backup the GNU Social database' >> /usr/bin/backupdatabases echo 'TEMPFILE=/root/gnusocial.sql' >> /usr/bin/backupdatabases echo 'DAILYFILE=/var/backups/gnusocial_daily.sql' >> /usr/bin/backupdatabases echo 'mysqldump --password="$MYSQL_PASSWORD" gnusocial > $TEMPFILE' >> /usr/bin/backupdatabases echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases echo ' mysql -u root --password="$MYSQL_PASSWORD" gnusocial -o < $DAILYFILE' >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo ' # Send a warning email' >> /usr/bin/backupdatabases echo ' echo "Unable to create a backup of the GNU Social database. Attempted to restore from yesterdays backup" | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases echo ' else' >> /usr/bin/backupdatabases echo ' # Send a warning email' >> /usr/bin/backupdatabases echo ' echo "Unable to create a backup of the GNU Social database." | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases echo ' fi' >> /usr/bin/backupdatabases echo 'else' >> /usr/bin/backupdatabases echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases echo 'fi' >> /usr/bin/backupdatabases echo '' >> /etc/cron.weekly/backupdatabasesweekly echo '# GNU Social' >> /etc/cron.weekly/backupdatabasesweekly echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly echo 'if [ -f /var/backups/gnusocial_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly echo ' cp -f /var/backups/gnusocial_daily.sql /var/backups/gnusocial_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly echo '' >> /etc/cron.monthly/backupdatabasesmonthly echo '# GNU Social' >> /etc/cron.monthly/backupdatabasesmonthly echo 'if [ -f /var/backups/gnusocial_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly echo ' cp -f /var/backups/gnusocial_monthly.sql /var/backups/gnusocial_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly echo '/usr/bin/repairdatabase gnusocial' >> /etc/cron.hourly/repair nginx_ensite $MICROBLOG_DOMAIN_NAME service php5-fpm restart service nginx restart # some post-install instructions for the user if ! grep -q "To set up your microblog" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Microblog' >> /home/$MY_USERNAME/README echo '=========' >> /home/$MY_USERNAME/README echo "To set up your microblog go to" >> /home/$MY_USERNAME/README echo "https://$MICROBLOG_DOMAIN_NAME/install.php" >> /home/$MY_USERNAME/README echo 'and enter the following settings:' >> /home/$MY_USERNAME/README echo ' - Set a name for the site' >> /home/$MY_USERNAME/README echo ' - Server SSL: enable' >> /home/$MY_USERNAME/README echo ' - Hostname: localhost' >> /home/$MY_USERNAME/README echo ' - Type: MySql/MariaDB' >> /home/$MY_USERNAME/README echo ' - Name: gnusocial' >> /home/$MY_USERNAME/README echo ' - DB username: root' >> /home/$MY_USERNAME/README echo " - DB Password; $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README echo " - Administrator nickname: $MY_USERNAME" >> /home/$MY_USERNAME/README echo " - Administrator password: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README echo ' - Subscribe to announcements: ticked' >> /home/$MY_USERNAME/README echo ' - Site profile: Community' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'When the install is complete you will see a lot of warnings' >> /home/$MY_USERNAME/README echo 'but just ignore those and navigate to ' >> /home/$MY_USERNAME/README echo "https://$MICROBLOG_DOMAIN_NAME and you can then " >> /home/$MY_USERNAME/README echo 'complete the configuration via the *Admin* section on the header' >> /home/$MY_USERNAME/README echo 'bar. Some recommended admin settings are:' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Under the *Site* settings:' >> /home/$MY_USERNAME/README echo ' Text limit: 140' >> /home/$MY_USERNAME/README echo ' Dupe Limit: 60000' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Under the *User* settings:' >> /home/$MY_USERNAME/README echo ' Bio limit: 1000' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Under the *Access* settings:' >> /home/$MY_USERNAME/README echo ' /Invite only/ ticked' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'install_gnu_social' >> $COMPLETION_FILE } function install_hubzilla { if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then return fi if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if [ ! $HUBZILLA_DOMAIN_NAME ]; then return fi install_mariadb get_mariadb_password repair_databases_script apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git apt-get -y install php5-dev imagemagick php5-imagick if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then mkdir /var/www/$HUBZILLA_DOMAIN_NAME fi if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then mkdir /var/www/$HUBZILLA_DOMAIN_NAME/htdocs fi if [ ! -f /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/index.php ]; then cd $INSTALL_DIR git clone $HUBZILLA_REPO hubzilla rm -rf /var/www/$HUBZILLA_DOMAIN_NAME/htdocs mv hubzilla /var/www/$HUBZILLA_DOMAIN_NAME/htdocs chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs git clone $HUBZILLA_ADDONS_REPO /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/addon # some extra themes git clone https://github.com/DeadSuperHero/redmatrix-themes /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/redmatrix-themes1 cp -r /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/redmatrix-themes1/* view/theme/ fi get_mariadb_hubzilla_admin_password if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then HUBZILLA_ADMIN_PASSWORD="$(openssl rand -base64 32)" echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Hubzilla' >> /home/$MY_USERNAME/README echo '==========' >> /home/$MY_USERNAME/README echo "Your MariaDB Hubzilla admin password is: $HUBZILLA_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo "create database hubzilla; CREATE USER 'hubzillaadmin'@'localhost' IDENTIFIED BY '$HUBZILLA_ADMIN_PASSWORD'; GRANT ALL PRIVILEGES ON hubzilla.* TO 'hubzillaadmin'@'localhost'; quit" > $INSTALL_DIR/batch.sql chmod 600 $INSTALL_DIR/batch.sql mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql shred -zu $INSTALL_DIR/batch.sql if ! grep -q "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" /etc/crontab; then echo "12,22,32,42,52 * * * * root cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs; /usr/bin/timeout 500 /usr/bin/php include/poller.php" >> /etc/crontab fi # update the dynamic DNS CURRENT_DDNS_DOMAIN=$HUBZILLA_DOMAIN_NAME add_ddns_domain echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' listen 80;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' ssl on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " ssl_certificate /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.bundle.crt;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " ssl_certificate_key /etc/ssl/private/$HUBZILLA_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " ssl_dhparam /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME configure_php if [ ! -f /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam ]; then freedombone-addcert -h $HUBZILLA_DOMAIN_NAME --dhkey $DH_KEYLENGTH check_certificates $HUBZILLA_DOMAIN_NAME fi if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl/smarty3 ]; then mkdir /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl/smarty3 fi if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store" ]; then mkdir "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store" fi if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]" ]; then mkdir "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]" fi if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3" ]; then mkdir "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3" chmod 777 "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3" fi chmod 777 /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl chown -R www-data:www-data "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store" chmod 777 /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl/smarty3 # Ensure that the database gets backed up locally, if remote # backups are not being used backup_databases_script_header echo '' >> /usr/bin/backupdatabases echo '# Backup the Hubzilla database' >> /usr/bin/backupdatabases echo 'TEMPFILE=/root/hubzilla.sql' >> /usr/bin/backupdatabases echo 'DAILYFILE=/var/backups/hubzilla_daily.sql' >> /usr/bin/backupdatabases echo 'mysqldump --password="$MYSQL_PASSWORD" hubzilla > $TEMPFILE' >> /usr/bin/backupdatabases echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases echo 'if [ "$FILESIZE" -lt "1024" ]; then' >> /usr/bin/backupdatabases echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases echo ' mysql -u root --password="$MYSQL_PASSWORD" hubzilla -o < $DAILYFILE' >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo ' # Send a warning email' >> /usr/bin/backupdatabases echo ' echo "Unable to create a backup of the Hubzilla database. Attempted to restore from yesterdays backup" | mail -s "Hubzilla backup" $EMAIL' >> /usr/bin/backupdatabases echo ' else' >> /usr/bin/backupdatabases echo ' # Send a warning email' >> /usr/bin/backupdatabases echo ' echo "Unable to create a backup of the Hubzilla database." | mail -s "Hubzilla backup" $EMAIL' >> /usr/bin/backupdatabases echo ' fi' >> /usr/bin/backupdatabases echo 'else' >> /usr/bin/backupdatabases echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases echo '' >> /usr/bin/backupdatabases echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases echo 'fi' >> /usr/bin/backupdatabases echo '' >> /etc/cron.weekly/backupdatabasesweekly echo '# Hubzilla' >> /etc/cron.weekly/backupdatabasesweekly echo 'if [ -f /var/backups/hubzilla_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly echo ' cp -f /var/backups/hubzilla_weekly.sql /var/backups/hubzilla_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly echo 'if [ -f /var/backups/hubzilla_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly echo ' cp -f /var/backups/hubzilla_daily.sql /var/backups/hubzilla_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly echo '' >> /etc/cron.monthly/backupdatabasesmonthly echo '# Hubzilla' >> /etc/cron.monthly/backupdatabasesmonthly echo 'if [ -f /var/backups/hubzilla_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly echo ' cp -f /var/backups/hubzilla_monthly.sql /var/backups/hubzilla_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly echo 'if [ -f /var/backups/hubzilla_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly echo ' cp -f /var/backups/hubzilla_weekly.sql /var/backups/hubzilla_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly echo '/usr/bin/repairdatabase hubzilla' >> /etc/cron.hourly/repair chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs nginx_ensite $HUBZILLA_DOMAIN_NAME service php5-fpm restart service nginx restart service cron restart # some post-install instructions for the user if ! grep -q "To set up your Hubzilla" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo "To set up your Hubzilla site go to" >> /home/$MY_USERNAME/README echo "https://$HUBZILLA_DOMAIN_NAME" >> /home/$MY_USERNAME/README echo 'You will need to have a non self-signed SSL certificate in order' >> /home/$MY_USERNAME/README echo "to use Hubzilla. Put the public certificate in /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.crt" >> /home/$MY_USERNAME/README echo "and the private certificate in /etc/ssl/private/$HUBZILLA_DOMAIN_NAME.key." >> /home/$MY_USERNAME/README echo 'If there is an intermediate certificate needed (such as with StartSSL) then' >> /home/$MY_USERNAME/README echo 'this will need to be concatenated onto the end of the crt file, like this:' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo " cat /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.bundle.crt" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo "Then change ssl_certificate to /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.bundle.crt" >> /home/$MY_USERNAME/README echo "within /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'install_hubzilla' >> $COMPLETION_FILE } function script_for_attaching_usb_drive { if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then return fi echo '#!/bin/bash' > /usr/bin/attach-music echo 'remove-music' >> /usr/bin/attach-music echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music echo 'fi' >> /usr/bin/attach-music echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music echo 'service minidlna restart' >> /usr/bin/attach-music echo 'minidlnad -R' >> /usr/bin/attach-music chmod +x /usr/bin/attach-music ln -s /usr/bin/attach-music /usr/bin/attach-usb ln -s /usr/bin/attach-music /usr/bin/attach-videos ln -s /usr/bin/attach-music /usr/bin/attach-pictures ln -s /usr/bin/attach-music /usr/bin/attach-media echo '#!/bin/bash' > /usr/bin/remove-music echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music echo " umount $USB_MOUNT" >> /usr/bin/remove-music echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music echo 'fi' >> /usr/bin/remove-music chmod +x /usr/bin/remove-music ln -s /usr/bin/remove-music /usr/bin/detach-music ln -s /usr/bin/remove-music /usr/bin/detach-usb ln -s /usr/bin/remove-music /usr/bin/remove-usb ln -s /usr/bin/remove-music /usr/bin/detach-media ln -s /usr/bin/remove-music /usr/bin/remove-media ln -s /usr/bin/remove-music /usr/bin/detach-videos ln -s /usr/bin/remove-music /usr/bin/remove-videos ln -s /usr/bin/remove-music /usr/bin/detach-pictures ln -s /usr/bin/remove-music /usr/bin/remove-pictures echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE } function install_dlna_server { if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then return fi if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi apt-get -y install minidlna if [ ! -f /etc/minidlna.conf ]; then echo "ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE" exit 55 fi sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf fi if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf fi if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf fi if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf fi if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf fi sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf else sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf fi sed -i 's/#friendly_name=/friendly_name="Freedombone Media"/g' /etc/minidlna.conf sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf service minidlna force-reload service minidlna reload sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf if ! grep -q "max_user_watches" $COMPLETION_FILE; then echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf fi /sbin/sysctl -p echo 'install_dlna_server' >> $COMPLETION_FILE } function install_mediagoblin { return if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then return fi if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then return fi apt-get -y install git-core python python-dev python-lxml python-imaging python-virtualenv apt-get -y install postgresql postgresql-client python-psycopg2 apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools su -c "createuser -A -D mediagoblin" - postgres su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres adduser --disabled-login --gecos 'Mediagoblin' mediagoblin MEDIAGOBLIN_DOMAIN_ROOT="/home/mediagoblin" MEDIAGOBLIN_PATH="$MEDIAGOBLIN_DOMAIN_ROOT/mediagoblin" MEDIAGOBLIN_PATH_BIN="$MEDIAGOBLIN_PATH/mediagoblin/bin" mkdir -p $MEDIAGOBLIN_DOMAIN_ROOT chown -hR mediagoblin: $MEDIAGOBLIN_DOMAIN_ROOT su -c "cd $MEDIAGOBLIN_DOMAIN_ROOT; git clone $MEDIAGOBLIN_REPO" - mediagoblin cd $MEDIAGOBLIN_DOMAIN_ROOT git checkout -q v0.7.1 su -c "cd $MEDIAGOBLIN_PATH; git submodule init" - mediagoblin su -c "cd $MEDIAGOBLIN_PATH; git submodule update" - mediagoblin su -c "cd $MEDIAGOBLIN_PATH; (virtualenv --python=python2 --system-site-packages . || cd $MEDIAGOBLIN_PATH; virtualenv --python=python2 .) && ./bin/python setup.py develop" - mediagoblin su -c "cd $MEDIAGOBLIN_PATH; ./bin/easy_install flup" - mediagoblin if [ -f $MEDIAGOBLIN_PATH/lib/python2.7/no-global-site-packages.txt ]; then virtualenv deactivate rm -f $MEDIAGOBLIN_PATH/lib/python2.7/no-global-site-packages.txt su -c "cd $MEDIAGOBLIN_PATH; source bin/activate" - mediagoblin fi if [ -f $MEDIAGOBLIN_PATH/mediagoblin.example.ini ]; then # this is for versions > 0.7.1 su -c "cp $MEDIAGOBLIN_PATH/mediagoblin.example.ini $MEDIAGOBLIN_PATH/mediagoblin_local.ini" - mediagoblin sed -i 's|# data_basedir.*|data_basedir = "/var/lib/mediagoblin"|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini else su -c "cp $MEDIAGOBLIN_PATH/mediagoblin.ini $MEDIAGOBLIN_PATH/mediagoblin_local.ini" - mediagoblin fi sed -i 's|# sql_engine.*|sql_engine = postgresql:///mediagoblin|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini sed -i "s/email_sender_address.*/email_sender_address = \"$MY_EMAIL_ADDRESS\"/g" $MEDIAGOBLIN_PATH/mediagoblin_local.ini sed -i 's|email_debug_mode.*|email_debug_mode = false|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini # add extra media types if ! grep -q "media_types.stl" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then echo '[[mediagoblin.media_types.stl]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini fi if ! grep -q "media_types.audio" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then echo '[[mediagoblin.media_types.audio]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini fi if ! grep -q "media_types.video" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then echo '[[mediagoblin.media_types.video]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini fi #su -c 'cd $MEDIAGOBLIN_PATH; ./bin/pip install scikits.audiolab' - mediagoblin #su -c "cd $MEDIAGOBLIN_PATH; git submodule update && ./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate" - mediagoblin su -c "cd $MEDIAGOBLIN_PATH; ./bin/gmg dbupdate" - mediagoblin echo 'server {' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' listen 80;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location ^~ /auth/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location ^~ /u/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location ^~ /submit/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " root /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' ssl on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " ssl_certificate /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " ssl_certificate_key /etc/ssl/private/$MEDIAGOBLIN_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " ssl_dhparam /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' log_not_found off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME if [ ! -f /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam ]; then freedombone-addcert -h $MEDIAGOBLIN_DOMAIN_NAME --dhkey $DH_KEYLENGTH check_certificates $MEDIAGOBLIN_DOMAIN_NAME fi nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME service php5-fpm restart service nginx restart /usr/sbin/nginx -s reload # update the dynamic DNS CURRENT_DDNS_DOMAIN=$MEDIAGOBLIN_DOMAIN_NAME add_ddns_domain # init with systemd echo '[Unit]' > /etc/systemd/system/mediagoblin.service echo 'Description=Mediagoblin (Media Server)' >> /etc/systemd/system/mediagoblin.service echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin.service echo 'After=network.target' >> /etc/systemd/system/mediagoblin.service echo 'After=postgresql.service' >> /etc/systemd/system/mediagoblin.service echo '' >> /etc/systemd/system/mediagoblin.service echo '[Service]' >> /etc/systemd/system/mediagoblin.service echo 'Type=simple' >> /etc/systemd/system/mediagoblin.service echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin.service echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin.service echo 'WorkingDirectory=/home/mediagoblin/mediagoblin' >> /etc/systemd/system/mediagoblin.service echo 'ExecStart=/home/mediagoblin/mediagoblin/lazyserver.sh --server-name=broadcast' >> /etc/systemd/system/mediagoblin.service echo 'Restart=always' >> /etc/systemd/system/mediagoblin.service echo 'Environment="USER=mediagoblin","HOME=/home/mediagoblin"' >> /etc/systemd/system/mediagoblin.service echo '' >> /etc/systemd/system/mediagoblin.service echo '[Install]' >> /etc/systemd/system/mediagoblin.service echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin.service systemctl enable mediagoblin systemctl restart mediagoblin echo 'install_mediagoblin' >> $COMPLETION_FILE } function create_upgrade_script { if grep -Fxq "create_upgrade_script" $COMPLETION_FILE; then return fi echo '#!/bin/bash' > /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'apt-get -y update' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'apt-get -y upgrade' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "if grep -Fxq \"install_hubzilla\" $COMPLETION_FILE; then" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' # Hubzilla' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/addon" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'fi' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "if grep -Fxq \"install_gnu_social\" $COMPLETION_FILE; then" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' # GNU Social' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'fi' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "if grep -Fxq \"install_blog\" $COMPLETION_FILE; then" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' # Blog' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " cd /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'fi' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "if grep -Fxq \"install_owncloud_music_app\" $COMPLETION_FILE; then" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' # Owncloud music app' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " cd /usr/share/owncloud/apps/music" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "fi" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "if grep -Fxq \"mesh_cjdns\" $COMPLETION_FILE; then" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' # cjdns' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " cd /etc/cjdns" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'fi' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "if grep -Fxq \"install_gogs\" $COMPLETION_FILE; then" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' # gogs' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " mv /home/git/gogs-repositories/*.git /home/git/gogs-repositories/$MY_USERNAME" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' cd /home/git/go/src/github.com/gogits/gogs' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' chown -R git:git /home/git' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' chmod 600 /home/git/go/src/github.com/gogits/gogs/custom/conf/app.ini' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' export GOPATH=/home/git/go' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' go get -u ./...' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' go build' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' systemctl restart gogs' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' systemctl daemon-reload' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'fi' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "if grep -Fxq \"install_ipfs\" $COMPLETION_FILE; then" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' # ipfs' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' chown -R git:git /home/git' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' export GOPATH=/home/git/go' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' go get -u github.com/ipfs/go-ipfs/cmd/ipfs' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' systemctl restart ipfs' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' systemctl daemon-reload' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'fi' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '# update tox node' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "if [ -d $INSTALL_DIR/toxcore ]; then" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " cd $INSTALL_DIR/toxcore" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' autoreconf -i' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' ./configure --enable-daemon' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' make' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' make install' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' systemctl restart tox-bootstrapd.service' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " cd $INSTALL_DIR/toxic" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' make' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' make install' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'fi' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '# update email encryption script' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "if [ -d $INSTALL_DIR/gpgit ]; then" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo " cd $INSTALL_DIR/gpgit" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo ' cp gpgit.pl /usr/bin' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'fi' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo "echo ' ' | reset-tripwire" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'exit 0' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME chmod +x /etc/cron.weekly/$UPGRADE_SCRIPT_NAME echo 'create_upgrade_script' >> $COMPLETION_FILE } function intrusion_detection { if grep -Fxq "intrusion_detection" $COMPLETION_FILE; then return fi if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi apt-get -y install tripwire apt-get -y autoremove cd /etc/tripwire cp site.key $DEFAULT_DOMAIN_NAME-site.key echo '' echo '' echo '*** Installing intrusion detection. Press Enter when asked for the local and site passphrases. ***' echo '' echo '' tripwire --init # make a script for easy resetting of the tripwire echo '#!/bin/sh' > /usr/bin/reset-tripwire echo 'tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt' >> /usr/bin/reset-tripwire chmod +x /usr/bin/reset-tripwire sed -i 's/SYSLOGREPORTING.*/SYSLOGREPORTING =false/g' /etc/tripwire/twcfg.txt # only send emails if something has changed sed -i 's|MAILNOVIOLATIONS.*|MAILNOVIOLATIONS = false|g' /etc/tripwire/twcfg.txt sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt sed -i 's|/etc/rc.boot.*||g' /etc/tripwire/twpol.txt # Don't show any changes to /proc sed -i 's|/proc.*||g' /etc/tripwire/twpol.txt # Don't report log changes sed -i 's|/var/log.*||g' /etc/tripwire/twpol.txt # Ignore /etc/tripwire if ! grep -q "!/etc/tripwire" /etc/tripwire/twpol.txt; then sed -i '\|/etc\t\t->.*|a\ !/etc/tripwire;' /etc/tripwire/twpol.txt fi # Avoid logging the changed database sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt # recreate the configuration echo ' ' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt # reset echo ' ' | reset-tripwire echo 'intrusion_detection' >> $COMPLETION_FILE } # see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy # Local Redirection and Anonymizing Middlebox function route_outgoing_traffic_through_tor { if grep -Fxq "route_outgoing_traffic_through_tor" $COMPLETION_FILE; then return fi if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then return fi apt-get -y install tor tor-arm ### set variables # Destinations you don't want routed through Tor _non_tor="192.168.1.0/24 192.168.0.0/24" # The user that Tor runs as _tor_uid="debian-tor" # Tor's TransPort _trans_port="9040" # Your internal interface _int_if="eth0" ### Set iptables *nat iptables -t nat -A OUTPUT -o lo -j RETURN iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53 # Allow clearnet access for hosts in $_non_tor for _clearnet in $_non_tor; do iptables -t nat -A OUTPUT -d $_clearnet -j RETURN iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN done # Redirect all other pre-routing and output to Tor iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port ### set iptables *filter iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow clearnet access for hosts in $_non_tor for _clearnet in $_non_tor 127.0.0.0/8; do iptables -A OUTPUT -d $_clearnet -j ACCEPT done # Allow only Tor output iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT iptables -A OUTPUT -j REJECT save_firewall_settings if ! grep -q "fs.file-max" /etc/sysctl.conf; then echo "fs.file-max=100000" >> /etc/sysctl.conf /sbin/sysctl -p fi echo 'domain localdomain' > /etc/resolv.conf echo 'search localdomain' >> /etc/resolv.conf echo 'nameserver 127.0.0.1' >> /etc/resolv.conf if ! grep -q "VirtualAddrNetworkIPv4" /etc/tor/torrc; then echo 'VirtualAddrNetworkIPv4 10.192.0.0/10' >> /etc/tor/torrc fi if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc fi if ! grep -q "TransPort" /etc/tor/torrc; then echo 'TransPort 9040' >> /etc/tor/torrc fi if ! grep -q "TransListenAddress 127.0.0.1" /etc/tor/torrc; then echo 'TransListenAddress 127.0.0.1' >> /etc/tor/torrc fi if ! grep -q "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then echo "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc fi if ! grep -q "DNSPort" /etc/tor/torrc; then echo 'DNSPort 53' >> /etc/tor/torrc fi if ! grep -q "DNSListenAddress 127.0.0.1" /etc/tor/torrc; then echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc fi if ! grep -q "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc fi echo 'route_outgoing_traffic_through_tor' >> $COMPLETION_FILE } # A command to create a git repository for a project function create_git_project { if grep -Fxq "create_git_project" $COMPLETION_FILE; then return fi apt-get -y install git echo '#!/bin/bash' > /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo 'GIT_PROJECT_NAME=$1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo 'if [ ! $GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo ' echo "Please specify a project name, without any spaces"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo ' exit 1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo 'if [ ! -d /home/$USER/projects/$GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo ' mkdir -p /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo 'cd /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo 'git init --bare' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo -n 'echo "Your project has been created, ' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo 'use the following command to clone the repository"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo -n " git clone ssh://$MY_USERNAME@$DEFAULT_DOMAIN_NAME:$SSH_PORT" >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo '/home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND echo 'create_git_project' >> $COMPLETION_FILE } # Create daily backups of any projects on Github # Then if Github goes away, turns evil, is censored or has # outages then you still have access to your projects function backup_github_projects { if grep -Fxq "backup_github_projects" $COMPLETION_FILE; then return fi if [ ! $GITHUB_USERNAME ]; then return 731 fi if [ ! $GITHUB_BACKUP_DIRECTORY ]; then return 732 fi apt-get -y install git # create a github backups directory if needed if [ ! -d $GITHUB_BACKUP_DIRECTORY ]; then mkdir -p $GITHUB_BACKUP_DIRECTORY fi # get the backup utility cd $INSTALL_DIR git clone https://github.com/josegonzalez/python-github-backup # install it cd $INSTALL_DIR/python-github-backup python setup.py install # add a daily cron entry echo '#!/bin/bash' > /etc/cron.daily/github echo "github-backup $GITHUB_USERNAME -o $GITHUB_BACKUP_DIRECTORY --repositories" >> /etc/cron.daily/github echo 'exit 0' >> /etc/cron.daily/github chmod +x /etc/cron.daily/github # do an initial backup /etc/cron.daily/github echo 'backup_github_projects' >> $COMPLETION_FILE } function install_dynamicdns { if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then return fi if grep -Fxq "install_dynamicdns" $COMPLETION_FILE; then return fi # Here we compile from source because the current package # doesn't support https, which could result in passwords # being leaked apt-get -y install build-essential curl libgnutls28-dev automake1.11 git clone https://github.com/bashrc/inadyn $INSTALL_DIR/inadyn if [ ! -d $INSTALL_DIR/inadyn ]; then echo 'inadyn repo not cloned' exit 6785 fi cd $INSTALL_DIR/inadyn ./configure if [ ! "$?" = "0" ]; then exit 74890 fi USE_OPENSSL=1 make if [ ! "$?" = "0" ]; then exit 74858 fi make install if [ ! "$?" = "0" ]; then exit 3785 fi # create an unprivileged user #useradd -r -s /bin/false debian-inadyn # create a configuration file echo 'background' > /etc/inadyn.conf echo 'verbose 1' >> /etc/inadyn.conf echo 'period 300' >> /etc/inadyn.conf echo 'startup-delay 60' >> /etc/inadyn.conf echo 'cache-dir /run/inadyn' >> /etc/inadyn.conf chmod 600 /etc/inadyn.conf echo '[Unit]' > /etc/systemd/system/inadyn.service echo 'Description=inadyn (DynDNS updater)' >> /etc/systemd/system/inadyn.service echo 'After=network.target' >> /etc/systemd/system/inadyn.service echo '' >> /etc/systemd/system/inadyn.service echo '[Service]' >> /etc/systemd/system/inadyn.service echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf' >> /etc/systemd/system/inadyn.service echo 'Restart=always' >> /etc/systemd/system/inadyn.service echo 'Type=forking' >> /etc/systemd/system/inadyn.service echo '' >> /etc/systemd/system/inadyn.service echo '[Install]' >> /etc/systemd/system/inadyn.service echo 'WantedBy=multi-user.target' >> /etc/systemd/system/inadyn.service systemctl enable inadyn systemctl restart inadyn systemctl daemon-reload echo 'install_dynamicdns' >> $COMPLETION_FILE } function get_voip_server_password { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "VoIP server password" /home/$MY_USERNAME/README; then if [ ! $VOIP_SERVER_PASSWORD ]; then VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi fi } function install_ipfs { if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then return fi if grep -Fxq "install_ipfs" $COMPLETION_FILE; then return fi apt-get -y install golang libpam0g-dev fuse if [ ! -d /home/git ]; then # add a gogs user account adduser --disabled-login --gecos 'Gogs' git # install Go if ! grep -q "export GOPATH=/home/git/go" ~/.bashrc; then echo 'export GOPATH=/home/git/go' >> ~/.bashrc echo 'systemctl set-environment GOPATH=/home/git/go' >> ~/.bashrc fi . ~/.bashrc export GOPATH=/home/git/go if [ ! -d $GOPATH ]; then mkdir -p $GOPATH fi fi IPFS_PATH=/home/git/go/bin if ! grep -q 'GOPATH/bin' ~/.bashrc; then echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc fi . ~/.bashrc # set gopath for the user if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then echo 'export GOPATH=/home/git/go' >> /home/$MY_USERNAME/.bashrc echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc fi go get -u github.com/ipfs/go-ipfs/cmd/ipfs if [ ! "$?" = "0" ]; then exit 8242 fi # initialise su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME if [ ! -d /home/$MY_USERNAME/.ipfs ]; then echo "IPFS could not be initialised for user $MY_USERNAME" exit 7358 fi # directories to mount to if [ ! -d /ipfs ]; then mkdir /ipfs mkdir /ipns chown $MY_USERNAME:$MY_USERNAME /ipfs chown $MY_USERNAME:$MY_USERNAME /ipns fi if [ -f /etc/fuse.conf ]; then chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf fi if [ -f /dev/fuse ]; then chown $MY_USERNAME:$MY_USERNAME /dev/fuse fi echo '[Unit]' > /etc/systemd/system/ipfs.service echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service echo 'After=network.target' >> /etc/systemd/system/ipfs.service echo '' >> /etc/systemd/system/ipfs.service echo '[Service]' >> /etc/systemd/system/ipfs.service echo 'Type=simple' >> /etc/systemd/system/ipfs.service echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=/home/git/go\"" >> /etc/systemd/system/ipfs.service echo '' >> /etc/systemd/system/ipfs.service echo '[Install]' >> /etc/systemd/system/ipfs.service echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service systemctl enable ipfs systemctl daemon-reload systemctl restart ipfs if [ -d /etc/avahi ]; then su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME if [ ! -f /tmp/ipfsid ]; then echo 'No IPFS identity was created' exit 37895 fi IPFS_PEER_ID=$(cat /tmp/ipfsid) if [ ${#IPFS_PEER_ID} -lt 10 ]; then echo 'Invalid IPFS peer ID' echo "$IPFS_PEER_ID" exit 74782 fi # Add an avahi service echo '' > /etc/avahi/services/ipfs.service echo '' >> /etc/avahi/services/ipfs.service echo '' >> /etc/avahi/services/ipfs.service echo ' %h IPFS' >> /etc/avahi/services/ipfs.service echo ' ' >> /etc/avahi/services/ipfs.service echo ' _ipfs._tcp' >> /etc/avahi/services/ipfs.service echo " $IPFS_PORT" >> /etc/avahi/services/ipfs.service echo " $IPFS_PEER_ID" >> /etc/avahi/services/ipfs.service echo ' ' >> /etc/avahi/services/ipfs.service echo '' >> /etc/avahi/services/ipfs.service rm /tmp/ipfsid fi echo 'install_ipfs' >> $COMPLETION_FILE } function install_voip { if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then return fi if grep -Fxq "install_voip" $COMPLETION_FILE; then return fi apt-get -y install mumble-server get_voip_server_password if [ ! $VOIP_SERVER_PASSWORD ]; then VOIP_SERVER_PASSWORD="$(openssl rand -base64 16)" fi if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then VOIP_SERVER_PASSWORD="$(openssl rand -base64 16)" fi # Make an ssl cert for the server if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then freedombone-addcert -h mumble --dhkey $DH_KEYLENGTH check_certificates mumble fi # Check that the cert was created if [ ! -f /etc/ssl/certs/mumble.crt ]; then echo 'VoIP server certificate not created' exit 57892 fi if [ ! -f /etc/ssl/private/mumble.key ]; then echo 'VoIP server key not created' exit 57893 fi if [ ! -d /var/lib/mumble-server ]; then mkdir /var/lib/mumble-server fi cp /etc/ssl/certs/mumble.* /var/lib/mumble-server cp /etc/ssl/private/mumble.key /var/lib/mumble-server chown -R mumble-server:mumble-server /var/lib/mumble-server sed -i "s|welcometext=.*|welcometext=\"
Welcome to $DEFAULT_DOMAIN_NAME VoIP.
Chat freely!
\"|g" /etc/mumble-server.ini if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini fi sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini if ! grep -q "allowping" /etc/mumble-server.ini; then echo 'allowping=False' >> /etc/mumble-server.ini fi sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini sed -i 's|users=100|users=10|g' /etc/mumble-server.ini sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini sed -i "s|port=.*|port=$VOIP_PORT|g" /etc/mumble-server.ini systemctl restart mumble-server if ! grep -q "VoIP Server" /home/$MY_USERNAME/README; then echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'VoIP Server' >> /home/$MY_USERNAME/README echo '===========' >> /home/$MY_USERNAME/README echo 'VoIP server username: mumble-server' >> /home/$MY_USERNAME/README if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then echo "VoIP server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README fi echo '' >> /home/$MY_USERNAME/README echo 'To connect to the VoIP server use your username and the server password shown above.' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi echo 'install_voip' >> $COMPLETION_FILE } function install_final { if grep -Fxq "install_final" $COMPLETION_FILE; then return fi # unmount any attached usb drive if [ -d $USB_MOUNT ]; then umount $USB_MOUNT rm -rf $USB_MOUNT fi split_gpg_key_into_fragments echo 'install_final' >> $COMPLETION_FILE echo '' echo ' *** Freedombone installation is complete. Rebooting... ***' echo '' if [ -f "/home/$MY_USERNAME/README" ]; then echo "See /home/$MY_USERNAME/README for post-installation instructions." echo '' fi reboot } read_configuration parse_args check_domains install_not_on_BBB remove_default_user configure_firewall configure_firewall_ping configure_firewall_for_ssh configure_firewall_for_dns configure_firewall_for_ftp configure_firewall_for_web_access configure_firewall_for_voip configure_firewall_for_avahi configure_firewall_for_zeronet configure_firewall_for_ipfs remove_proprietary_repos change_debian_repos enable_backports configure_dns install_dynamicdns randomize_cron create_freedns_updater initial_setup enforce_good_passwords install_editor change_login_message enable_zram random_number_generator set_your_domain_name time_synchronisation configure_internet_protocol create_git_project backup_github_projects configure_ssh remove_instructions_from_motd check_hwrng search_for_attached_usb_drive regenerate_ssh_keys create_upgrade_script install_zeronet install_watchdog_script configure_avahi install_zeronet_blog install_zeronet_forum #install_atheros_wifi configure_firewall_for_cjdns mesh_cjdns mesh_cjdns_tools configure_firewall_for_batman mesh_batman_bridge configure_firewall_for_babel mesh_babel route_outgoing_traffic_through_tor configure_email create_procmail spam_filtering configure_imap #configure_imap_client_certs configure_gpg configure_backup_key encrypt_incoming_email encrypt_outgoing_email email_client email_archiving email_from_address configure_firewall_for_email create_public_mailing_list #create_private_mailing_list encrypt_all_email import_email script_for_attaching_usb_drive install_web_server configure_firewall_for_web_server install_owncloud install_owncloud_music_app install_gogs install_xmpp install_tox_node install_tox_client tox_avahi configure_firewall_for_xmpp install_irc_server configure_firewall_for_irc install_voip install_wiki install_blog install_gnu_social install_hubzilla install_dlna_server configure_firewall_for_dlna install_mediagoblin install_ipfs repair_databases_script create_backup_script create_restore_script backup_to_friends_servers restore_from_friend intrusion_detection install_final echo 'Freedombone installation is complete' exit 0