freedomboneeee/src/freedombone-restore-remote

882 lines
32 KiB
Bash
Executable File

#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Restore from a given remote server
# License
# =======
#
# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
MONGODB_APPS_FILE=$HOME/.mongodbapps
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
export TEXTDOMAINDIR="/usr/share/locale"
UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
for f in $UTILS_FILES
do
source $f
done
SERVER_NAME=$1
# whether to restore everything or just a specific application
RESTORE_APP='all'
if [ ${2} ]; then
RESTORE_APP=${2}
fi
ADMIN_USERNAME=$(get_completion_param "Admin user")
ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
# Temporary location for data to be backed up to other servers
SERVER_DIRECTORY=/root/remoterestore
BACKUP_LIST=/home/${ADMIN_USERNAME}/backup.list
if [ ! $SERVER_NAME ]; then
echo $'restorefromfriend [server]'
exit 1
fi
if [ ! -f $BACKUP_LIST ]; then
echo $"No friends list found at $BACKUP_LIST"
exit 2
fi
if ! grep -q "$SERVER_NAME" $BACKUP_LIST; then
echo $"Server not found within the friends list"
exit 3
fi
REMOTE_SERVER=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $1}')
REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $2}')
REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $3}')
REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $4}')
REMOTE_SERVER=$REMOTE_SERVER:$REMOTE_DIRECTORY
NOW=$(date +"%Y-%m-%d %H:%M:%S")
echo "$NOW Starting restore from $REMOTE_SERVER" >> /var/log/remotebackups.log
rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $REMOTE_SERVER/backup $SERVER_DIRECTORY
if [ ! "$?" = "0" ]; then
echo "$NOW Restore from $REMOTE_SERVER failed" >> /var/log/remotebackups.log
# Send a warning email
echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" $ADMIN_EMAIL_ADDRESS
exit 790
else
echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> /var/log/remotebackups.log
fi
# MariaDB password
DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
function copy_gpg_keys {
echo $"Copying GPG keys from admin user to root"
cp -r /home/$ADMIN_USERNAME/.gnupg /root
gpg_set_permissions root
}
function restore_blocklist {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'blocklist' ]]; then
return
fi
fi
if [ -d $USB_MOUNT/backup/blocklist ]; then
echo $"Restoring blocklist"
temp_restore_dir=/root/tempblocklist
restore_directory_from_friend $temp_restore_dir blocklist
if [ -d $temp_restore_dir/root/tempbackupblocklist ]; then
cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
else
cp -f $temp_restore_dir/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
fi
rm -rf $temp_restore_dir
firewall_refresh_blocklist
fi
}
function restore_configfiles {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'configfiles' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/configfiles ]; then
echo $"Restoring configuration files"
temp_restore_dir=/root/tempconfigfiles
restore_directory_from_friend $temp_restore_dir configfiles
if [ -d $temp_restore_dir/root ]; then
if [ -f $temp_restore_dir/root/.nostore ]; then
if [ ! -f /root/.nostore ]; then
touch /root/.nostore
fi
else
if [ -f /root/.nostore ]; then
rm /root/.nostore
fi
fi
else
if [ -f $temp_restore_dir/.nostore ]; then
if [ ! -f /root/.nostore ]; then
touch /root/.nostore
fi
else
if [ -f /root/.nostore ]; then
rm /root/.nostore
fi
fi
fi
#if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
# cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
#fi
#if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
# cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
# if [ ! "$?" = "0" ]; then
# unmount_drive
# rm -rf $temp_restore_dir
# exit 5372
# fi
#fi
if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
if [ ! "$?" = "0" ]; then
unmount_drive
rm -rf $temp_restore_dir
exit 7835335
fi
fi
#if [ -f $CONFIGURATION_FILE ]; then
# # install according to the config file
# freedombone -c $CONFIGURATION_FILE
#fi
#if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
# cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
# if [ ! "$?" = "0" ]; then
# unmount_drive
# rm -rf $temp_restore_dir
# exit 7252
# fi
#fi
if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
if [ ! "$?" = "0" ]; then
unmount_drive
rm -rf $temp_restore_dir
exit 62121
fi
fi
# restore nginx password hashes
if [ -f $temp_restore_dir/root/htpasswd ]; then
cp -f $temp_restore_dir/root/htpasswd /etc/nginx/.htpasswd
fi
rm -rf $temp_restore_dir
fi
}
function restore_mariadb {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'mariadb' ]]; then
return
fi
fi
if [[ $(is_completed install_mariadb) == "0" ]]; then
function_check install_mariadb
install_mariadb
fi
if [ -d $SERVER_DIRECTORY/backup/mariadb ]; then
echo $"Restoring MariaDB settings"
temp_restore_dir=/root/tempmariadb
restore_directory_from_friend $temp_restore_dir mariadb
store_original_mariadb_password
echo $'Obtaining MariaDB password'
db_pass=$(cat /root/.mariadboriginal)
if [ ${#db_pass} -gt 0 ]; then
echo $"Restore the MariaDB user table"
if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
else
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
fi
if [ ! "$?" = "0" ]; then
echo $"Try again using the password obtained from backup"
db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
else
mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
fi
fi
if [ ! "$?" = "0" ]; then
echo "$mysqlsuccess"
exit 962
fi
echo $"Restarting database"
systemctl restart mariadb
echo $"Ensure MariaDB handles authentication"
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
mariadb_fix_authentication
fi
rm -rf ${temp_restore_dir}
fi
}
function restore_postgresql {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'postgresql' ]]; then
return
fi
fi
if [[ $(is_completed install_postgresql) == "0" ]]; then
function_check install_postgresql
install_postgresql
fi
if [ -d $SERVER_DIRECTORY/backup/postgresql ]; then
echo $"Restoring Postgresql settings"
temp_restore_dir=/root/temppostgresql
restore_directory_from_friend $temp_restore_dir postgresql
store_original_postgresql_password
echo $'Obtaining Postgresql password'
db_pass=$(cat /root/.postgresqloriginal)
if [ ${#db_pass} -gt 0 ]; then
echo $"Restore the Postgresql user table"
if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
else
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
fi
if [ ! "$?" = "0" ]; then
echo $"Try again using the password obtained from backup"
db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
else
mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
fi
fi
if [ ! "$?" = "0" ]; then
echo "$mysqlsuccess"
exit 962
fi
echo $"Restarting database"
systemctl restart postgresql
echo $"Ensure postgresql handles authentication"
POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
fi
rm -rf ${temp_restore_dir}
fi
}
function restore_letsencrypt {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'letsencrypt' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/letsencrypt ]; then
echo $"Restoring Lets Encrypt settings"
restore_directory_from_friend /etc/letsencrypt letsencrypt
fi
}
function restore_passwordstore {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'passwords' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/passwordstore ]; then
store_original_mariadb_password
echo $"Restoring password store"
restore_directory_from_friend /root/.passwords passwordstore
fi
}
function restore_tor {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'tor' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/tor ]; then
echo $"Restoring Tor settings"
restore_directory_from_friend /var/lib/tor tor
fi
}
function restore_mutt_settings {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'mutt' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/mutt/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/mutt/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring Mutt settings for $USERNAME"
temp_restore_dir=/root/tempmutt
restore_directory_from_friend ${temp_restore_dir} mutt/$USERNAME
if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then
if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc ]; then
cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
fi
if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc ]; then
cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
sed -i '/set sidebar_delim/d' /etc/Muttrc
sed -i '/set sidebar_sort/d' /etc/Muttrc
fi
else
if [ -f ${temp_restore_dir}/.muttrc ]; then
cp -f ${temp_restore_dir}/.muttrc /home/$USERNAME/.muttrc
sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
fi
if [ -f ${temp_restore_dir}/Muttrc ]; then
cp -f ${temp_restore_dir}/Muttrc /etc/Muttrc
sed -i '/set sidebar_delim/d' /etc/Muttrc
sed -i '/set sidebar_sort/d' /etc/Muttrc
fi
fi
if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir}
exit 276
fi
rm -rf ${temp_restore_dir}
fi
fi
done
}
function restore_gpg {
if [[ $RESTORE_APP != 'gpg' ]]; then
return
fi
for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/gnupg/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring gnupg settings for $USERNAME"
temp_restore_dir=/root/tempgnupg
restore_directory_from_friend ${temp_restore_dir} gnupg/$USERNAME
if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then
cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.gnupg ]; then
mkdir /home/$USERNAME/.gnupg
fi
cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/
fi
if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir}
exit 276
fi
rm -rf ${temp_restore_dir}
if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
cp -r /home/$USERNAME/.gnupg /root
if [ ! "$?" = "0" ]; then
exit 283
fi
gpg_set_permissions root
fi
fi
fi
done
}
function restore_procmail {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'procmail' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/procmail/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/procmail/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring procmail settings for $USERNAME"
temp_restore_dir=/root/tempprocmail
restore_directory_from_friend ${temp_restore_dir} procmail/$USERNAME
if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then
cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/
else
cp -f ${temp_restore_dir}/.procmailrc /home/$USERNAME/.procmailrc
fi
if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir}
exit 276
fi
rm -rf ${temp_restore_dir}
fi
fi
done
}
function restore_spamassassin {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'spamassassin' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/spamassassin/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/spamassassin/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring spamassassin settings for $USERNAME"
temp_restore_dir=/root/tempspamassassin
restore_directory_from_friend $temp_restore_dir spamassassin/$USERNAME
if [ -d $temp_restore_dir/home/$USERNAME ]; then
cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.spamassassin ]; then
mkdir /home/$USERNAME/.spamassassin
fi
cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 276
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_admin_readme {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'readme' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/readme ]; then
echo $"Restoring README"
temp_restore_dir=/root/tempreadme
restore_directory_from_friend $temp_restore_dir readme
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/
else
cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 276
fi
rm -rf $temp_restore_dir
fi
}
function restore_ssh_keys {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'ssh' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/ssh/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/ssh/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring ssh keys for $USERNAME"
temp_restore_dir=/root/tempssh
restore_directory_from_friend $temp_restore_dir ssh/$USERNAME
if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.ssh ]; then
mkdir /home/$USERNAME/.ssh
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 664
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_user_config {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'userconfig' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/config/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/config/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring config files for $USERNAME"
temp_restore_dir=/root/tempconfig
restore_directory_from_friend $temp_restore_dir config/$USERNAME
if [ -d $temp_restore_dir/home/$USERNAME ]; then
cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.config ]; then
mkdir /home/$USERNAME/.config
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.config/
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 664
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_user_monkeysphere {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'usermonkeysphere' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/monkeysphere/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/monkeysphere/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring monkeysphere ids for $USERNAME"
temp_restore_dir=/root/tempmonkeysphere
restore_directory_from_friend $temp_restore_dir monkeysphere/$USERNAME
if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.monkeysphere ]; then
mkdir /home/$USERNAME/.monkeysphere
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 664
fi
rm -rf $temp_restore_dir
fi
fi
# The admin user is the identity certifier
MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
read_config_param MY_EMAIL_ADDRESS
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
monkeysphere-authentication add-identity-certifier $fpr
monkeysphere-authentication update-users
done
}
function restore_user_fin {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'userfin' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/fin/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/fin/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring fin files for $USERNAME"
temp_restore_dir=/root/tempfin
restore_directory_from_friend $temp_restore_dir fin/$USERNAME
if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.fin ]; then
mkdir /home/$USERNAME/.fin
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 664
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_user_local {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'userlocal' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/local/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/local/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring local files for $USERNAME"
temp_restore_dir=/root/templocal
restore_directory_from_friend $temp_restore_dir local/$USERNAME
if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
else
if [ ! -d /home/$USERNAME/.local ]; then
mkdir /home/$USERNAME/.local
fi
cp -r $temp_restore_dir/* /home/$USERNAME/.local/
fi
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
exit 664
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_certs {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'certs' ]]; then
return
fi
fi
if [ -d $SERVER_DIRECTORY/backup/ssl ]; then
echo $"Restoring certificates"
restore_directory_from_friend /root/tempssl ssl
if [ -d /root/tempssl/etc/ssl ]; then
cp -r /root/tempssl/etc/ssl/* /etc/ssl
else
cp -r /root/tempssl/* /etc/ssl/
fi
if [ ! "$?" = "0" ]; then
exit 276
fi
rm -rf /root/tempssl
update-ca-certificates
# restore ownership
if [ -f /etc/ssl/private/xmpp.key ]; then
chown prosody:prosody /etc/ssl/private/xmpp.key
chown prosody:prosody /etc/ssl/certs/xmpp.*
fi
if [ -d /etc/dovecot ]; then
chown root:dovecot /etc/ssl/private/dovecot.*
chown root:dovecot /etc/ssl/certs/dovecot.*
fi
if [ -f /etc/ssl/private/exim.key ]; then
cp /etc/ssl/private/exim.key /etc/exim4
cp /etc/ssl/certs/exim.crt /etc/exim4
cp /etc/ssl/certs/exim.dhparam /etc/exim4
chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
fi
if [ -f /etc/ssl/private/mumble.key ]; then
if [ -d /var/lib/mumble-server ]; then
cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
cp /etc/ssl/private/mumble.key /var/lib/mumble-server
chown -R mumble-server:mumble-server /var/lib/mumble-server
fi
fi
fi
}
function restore_personal_settings {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'personal' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/personal/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/personal/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring personal settings for $USERNAME"
temp_restore_dir=/root/temppersonal
restore_directory_from_friend $temp_restore_dir personal/$USERNAME
if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
if [ -d /home/$USERNAME/personal ]; then
rm -rf /home/$USERNAME/personal
fi
mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
else
if [ ! -d /home/$USERNAME/personal ]; then
mkdir /home/$USERNAME/personal
fi
cp -r $temp_restore_dir/* /home/$USERNAME/personal/
fi
if [ ! "$?" = "0" ]; then
exit 18437643
fi
rm -rf $temp_restore_dir
fi
fi
done
}
function restore_mailing_list {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'mailinglist' ]]; then
return
fi
fi
if [ -d /var/spool/mlmmj ]; then
echo $"Restoring public mailing list"
temp_restore_dir=/root/tempmailinglist
restore_directory_from_friend $temp_restore_dir mailinglist
if [ -d $temp_restore_dir/root/spool/mlmmj ]; then
cp -r $temp_restore_dir/root/spool/mlmmj/* /var/spool/mlmmj
else
cp -r $temp_restore_dir/* /var/spool/mlmmj/
fi
if [ ! "$?" = "0" ]; then
exit 526
fi
rm -rf $temp_restore_dir
fi
}
function restore_email {
if [[ $RESTORE_APP != 'all' ]]; then
if [[ $RESTORE_APP != 'email' ]]; then
return
fi
fi
for d in $SERVER_DIRECTORY/backup/mail/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d $SERVER_DIRECTORY/backup/mail/$USERNAME ]; then
if [ ! -d /home/$USERNAME ]; then
${PROJECT_NAME}-adduser $USERNAME
fi
echo $"Restoring emails for $USERNAME"
temp_restore_dir=/root/tempmail
restore_directory_from_friend $temp_restore_dir mail/$USERNAME
if [ ! -d /home/$USERNAME/Maildir ]; then
mkdir /home/$USERNAME/Maildir
fi
if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then
tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C /
else
tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
fi
if [ ! "$?" = "0" ]; then
exit 927
fi
rm -rf $temp_restore_dir
fi
fi
done
}
# Social key management
# Recover any key fragments and reconstruct the gpg key
${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
copy_gpg_keys
restore_blocklist
restore_configfiles
restore_passwordstore
restore_mariadb
restore_postgresql
restore_letsencrypt
restore_mutt_settings
restore_gpg
restore_procmail
restore_spamassassin
restore_admin_readme
restore_ssh_keys
restore_user_config
restore_user_monkeysphere
restore_user_fin
restore_user_local
restore_certs
restore_personal_settings
restore_mailing_list
restore_email
restore_apps remote
set_user_permissions
update_default_domain
# ensure that all TLS certificates are pinned
#${PROJECT_NAME}-pin-cert all
echo $"*** Remote restore was successful ***"
exit 0