freedomboneeee/src/freedombone

8842 lines
480 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# This install script is intended for use with Debian Jessie
#
# License
# =======
#
# Copyright (C) 2014-2015 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
NO_OF_ARGS=$#
# Web site
FREEDOMBONE_WEBSITE="http://freedombone.uk.to"
# Contact details
FREEDOMBONE_BITMESSAGE="BM-2cWuhmBvVdfrHhLoZTdspCkKeiTorUesSL"
# Are we installing on a Beaglebone Black (BBB) or some other system?
INSTALLING_ON_BBB="no"
# Version number of this script
VERSION="1.00"
# Different system variants which may be specified within
# the SYSTEM_TYPE option
VARIANT_FULL="full"
VARIANT_WRITER="writer"
VARIANT_CLOUD="cloud"
VARIANT_CHAT="chat"
VARIANT_MAILBOX="mailbox"
VARIANT_NONMAILBOX="nonmailbox"
VARIANT_SOCIAL="social"
VARIANT_MEDIA="media"
VARIANT_DEVELOPER="developer"
DEFAULT_DOMAIN_NAME=
DEFAULT_DOMAIN_CODE=
MY_USERNAME=
SYSTEM_TYPE=$VARIANT_FULL
# whether the system is being installed from a pre-created configuration file
INSTALLING_FROM_CONFIGURATION_FILE="no"
# An optional configuration file which overrides some of these variables
CONFIGURATION_FILE="freedombone.cfg"
SSH_PORT=2222
# parameters used when adding a new domain
DDNS_PROVIDER="default@freedns.afraid.org"
DDNS_USERNAME=
DDNS_PASSWORD=
CURRENT_DDNS_DOMAIN=
# Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=10
# number of CPU cores
CPU_CORES=1
# The static IP address of the system within the local network
LOCAL_NETWORK_STATIC_IP_ADDRESS="192.168.1.60"
# IP address of the router (gateway)
ROUTER_IP_ADDRESS="192.168.1.254"
# DNS
NAMESERVER1='213.73.91.35'
NAMESERVER2='85.214.20.141'
# whether to route outgoing traffic through Tor
ROUTE_THROUGH_TOR="no"
# Why use Google as a time source?
# The thinking here is that it's likely to be reliable and fast.
# The ping doesn't reveal any information other than that the server
# is running, and if anyone maliciously alters the time on Google's
# servers then that would certainly be newsworthy and they'd be
# likely to do something about it quickly.
# If you have better time sources then change them here.
TLS_TIME_SOURCE1="google.com"
TLS_TIME_SOURCE2="www.ptb.de"
# kernel specifically tweaked for the Beaglebone Black
# See http://rcn-ee.net/deb/jessie-armhf/
KERNEL_VERSION="v3.15.10-bone8"
# Whether or not to use the beaglebone's hardware random number generator
USE_HWRNG="yes"
# Whether this system is being installed within a docker container
INSTALLED_WITHIN_DOCKER="no"
# If you want to run a public mailing list specify its name here.
# There should be no spaces in the name
PUBLIC_MAILING_LIST=
# Optional different domain name for the public mailing list
PUBLIC_MAILING_LIST_DOMAIN_NAME=
# Directory where the public mailing list data is stored
PUBLIC_MAILING_LIST_DIRECTORY="/var/spool/mlmmj"
# If you want to run an encrypted mailing list specify its name here.
# There should be no spaces in the name
PRIVATE_MAILING_LIST=
# Domain name for mediagoblin installation
MEDIAGOBLIN_DOMAIN_NAME=
MEDIAGOBLIN_REPO=""
MEDIAGOBLIN_ADMIN_PASSWORD=
# Domain name for microblog installation
MICROBLOG_DOMAIN_NAME=
MICROBLOG_CODE=
MICROBLOG_REPO="git://gitorious.org/social/mainline.git"
MICROBLOG_ADMIN_PASSWORD=
# Domain name for redmatrix installation
REDMATRIX_DOMAIN_NAME=
REDMATRIX_CODE=
REDMATRIX_REPO="https://github.com/friendica/red.git"
REDMATRIX_ADDONS_REPO="https://github.com/friendica/red-addons.git"
REDMATRIX_ADMIN_PASSWORD=
# Domain name for git hosting installation
GIT_DOMAIN_NAME=
GIT_CODE=
GIT_DOMAIN_REPO="https://github.com/friendica/red.git"
# Domain name for Owncloud installation
OWNCLOUD_DOMAIN_NAME=
OWNCLOUD_CODE=
OWNCLOUD_ADMIN_PASSWORD=
# Domain name for your wiki
WIKI_DOMAIN_NAME=
WIKI_ADMIN_PASSWORD=
WIKI_TITLE="Freedombone Wiki"
WIKI_CODE=
# Domain name for your blog
FULLBLOG_DOMAIN_NAME=
FULLBLOG_CODE=
MY_BLOG_TITLE="My Blog"
MY_BLOG_SUBTITLE="Another Freedombone Blog"
GPG_KEYSERVER="hkp://keys.gnupg.net"
# whether to encrypt all incoming email with your public key
GPG_ENCRYPT_STORED_EMAIL="yes"
# gets set to yes if gpg keys are imported from usb
GPG_KEYS_IMPORTED="no"
# optionally you can provide your exported GPG key pair here
# Note that the private key file will be deleted after use
# If these are unspecified then a new GPG key will be created
MY_GPG_PUBLIC_KEY=
MY_GPG_PRIVATE_KEY=
# optionally specify your public key ID
MY_GPG_PUBLIC_KEY_ID=
# If you have existing mail within a Maildir
# you can specify the directory here and the files
# will be imported
IMPORT_MAILDIR=
# The Debian package repository to use.
DEBIAN_REPO="ftp.us.debian.org"
DEBIAN_VERSION="jessie"
# Directory where source code is downloaded and compiled
INSTALL_DIR=$HOME/build
# device name for an attached usb drive
USB_DRIVE=/dev/sda1
# Location where the USB drive is mounted to
USB_MOUNT=/mnt/usb
# name of a script used to upgrade the system
UPGRADE_SCRIPT_NAME="freedombone-upgrade"
# name of a script which keeps running processes going even if they crash
WATCHDOG_SCRIPT_NAME="keepon"
# Name of a script used to create a backup of the system on usb drive
BACKUP_SCRIPT_NAME="backup"
# Name of a script used to restore the system from usb drive
RESTORE_SCRIPT_NAME="restore"
# name of a script used to backup to friends servers
BACKUP_TO_FRIENDS_SCRIPT_NAME="backup2friends"
# name of a script used to restore backed up data from a friend
RESTORE_FROM_FRIEND_SCRIPT_NAME="restorefromfriend"
# Location of the certificate used to encrypt backups
BACKUP_CERTIFICATE=/etc/ssl/private/backup.key
# memory limit for php in MB
MAX_PHP_MEMORY=64
# default MariaDB password
MARIADB_PASSWORD=
# Directory where XMPP settings are stored
XMPP_DIRECTORY="/var/lib/prosody"
# file containing a list of remote locations to backup to
# Format: [username@friendsdomain//home/username] [ssh_password]
# With the only space character being between the server and the password
FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
# list of encryption protocols
SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2"
# list of ciphers to use. See bettercrypto.org recommendations
SSL_CIPHERS="EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
# ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
SSH_CIPHERS="chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr"
SSH_MACS="hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com"
SSH_KEX="curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256"
SSH_HOST_KEY_ALGORITHMS="ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-ed25519,ssh-rsa"
# xmpp ciphers and curve
XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"'
XMPP_ECC_CURVE='"secp384r1"'
# the default email address
MY_EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
# optionally specify your name to appear on the blog
MY_NAME=$DEFAULT_DOMAIN_NAME
export DEBIAN_FRONTEND=noninteractive
# logging level for Nginx
WEBSERVER_LOG_LEVEL='crit'
# used to limit CPU usage
CPULIMIT='/usr/bin/cpulimit -l 20 -e'
# command to create a git repository
CREATE_GIT_PROJECT_COMMAND='create-project'
# File which keeps track of what has already been installed
COMPLETION_FILE=$HOME/freedombone-completed.txt
if [ ! -f $COMPLETION_FILE ]; then
touch $COMPLETION_FILE
fi
# Your github username
GITHUB_USERNAME=
# Directory where github projects will be backed up
GITHUB_BACKUP_DIRECTORY=/var/backups/github
# Used to indicate whether the backup contains MariaDB databases or not
BACKUP_INCLUDES_DATABASES="no"
# contains the mysql root password which
# is used for backups and repair
DATABASE_PASSWORD_FILE=/root/dbpass
# log file where details of remote backups are stored
REMOTE_BACKUPS_LOG=/var/log/remotebackups.log
# message if something fails to install
CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
# web site used to obtain the external IP address of the system
GET_IP_ADDRESS_URL="checkip.two-dns.de"
# Password used for VoIP server
VOIP_SERVER_PASSWORD=
# Port on which VoIP server listens
VOIP_PORT=64738
# Location of VoIP database and configuration
VOIP_DATABASE="mumble-server.sqlite"
VOIP_CONFIG_FILE="mumble-server.ini"
# other possible services to obtain the external IP address
EXTERNAL_IP_SERVICES=( \
'https://check.torproject.org/' \
'https://www.whatsmydns.net/whats-my-ip-address.html' \
'https://www.privateinternetaccess.com/pages/whats-my-ip/' \
'http://checkip.two-dns.de' \
'http://ip.dnsexit.com' \
'http://ifconfig.me/ip' \
'http://ipecho.net/plain' \
'http://checkip.dyndns.org/plain' \
'http://ipogre.com/linux.php' \
'http://whatismyipaddress.com/' \
'http://ip.my-proxy.com/' \
'http://websiteipaddress.com/WhatIsMyIp' \
'http://getmyipaddress.org/' \
'http://www.my-ip-address.net/' \
'http://myexternalip.com/raw' \
'http://www.canyouseeme.org/' \
'http://www.trackip.net/' \
'http://icanhazip.com/' \
'http://www.iplocation.net/' \
'http://www.howtofindmyipaddress.com/' \
'http://www.ipchicken.com/' \
'http://whatsmyip.net/' \
'http://www.ip-adress.com/' \
'http://checkmyip.com/' \
'http://www.tracemyip.org/' \
'http://checkmyip.net/' \
'http://www.lawrencegoetz.com/programs/ipinfo/' \
'http://www.findmyip.co/' \
'http://ip-lookup.net/' \
'http://www.dslreports.com/whois' \
'http://www.mon-ip.com/en/my-ip/' \
'http://www.myip.ru' \
'http://ipgoat.com/' \
'http://www.myipnumber.com/my-ip-address.asp' \
'http://www.whatsmyipaddress.net/' \
'http://formyip.com/' \
'http://www.displaymyip.com/' \
'http://www.bobborst.com/tools/whatsmyip/' \
'http://www.geoiptool.com/' \
'http://checkip.dyndns.com/' \
'http://myexternalip.com/' \
'http://www.ip-adress.eu/' \
'http://www.infosniper.net/' \
'http://wtfismyip.com/' \
'http://ipinfo.io/' \
'http://httpbin.org/ip')
# cjdns settings
ENABLE_CJDNS="no"
CJDNS_PRIVATE_KEY=
CJDNS_PUBLIC_KEY=
CJDNS_IPV6=
CJDNS_PASSWORD=
CJDNS_PORT=
function show_help {
echo ''
echo 'freedombone -c [configuration file]'
echo ''
echo ' -h --help Show help'
echo ' menuconfig Easy interactive installation'
echo ' -c --config Installing from a configuration file'
echo ' --bbb Installing on Beaglebone Black'
echo ' -u --user User to install the system as'
echo ' -d --domain Default domain name'
echo ' -s --system System type'
echo ' --ip Static LAN IP address of the system'
echo ' --iprouter LAN IP address of the internet router'
echo ' --ddns Dynamic DNS provider domain'
echo ' --ddnsuser Dynamic DNS provider username'
echo ' --ddnspass Dynamic DNS provider password'
echo ''
echo ' --microblogdomain Microblog domain name'
echo ' --wikidomain Wiki domain name'
echo ' --blogdomain Blog domain name'
echo ' --ownclouddomain Owncloud domain name'
echo ' --redmatrixdomain Redmatrix domain name'
echo ' --gitdomain Git hosting domain name'
echo ' -t --time Domain used as a TLS time source'
echo ' --ssh ssh port number'
echo ' --list Public mailing list name'
echo ' --cores Number of CPU cores'
echo ' --name Your name'
echo ' --email Your email address'
echo ' --usb Path for the USB drive (eg. /dev/sdb1)'
echo ' --cjdns Enable CJDNS'
echo ' --vpass VoIP server password'
echo ' --vport VoIP server port'
echo ' --ns1 First DNS nameserver'
echo ' --ns2 Second DNS nameserver'
echo ' --repo Debian repository'
echo ''
echo 'system types'
echo '------------'
echo 'This can either be blank if you wish to install the full system,'
echo "or for more specialised variants you can specify '$VARIANT_MAILBOX', '$VARIANT_CLOUD',"
echo "'$VARIANT_CHAT', '$VARIANT_SOCIAL', '$VARIANT_MEDIA', '$VARIANT_WRITER' or '$VARIANT_DEVELOPER'."
echo "If you wish to install everything except email then use the '$VARIANT_NONMAILBOX' variaint."
echo ''
exit 0
}
function interactive_configuration_remote_backups {
if [ ! -f /usr/local/bin/freedombone-remote ]; then
if [ ! -f /usr/bin/freedombone-remote ]; then
echo 'The command freedombone-remote was not found'
exit 87354
fi
fi
freedombone-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH
if [ ! "$?" = "0" ]; then
echo 'Command failed:'
echo ''
echo " freedombone-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH"
echo ''
exit 65892
fi
}
# test a domain name to see if it's valid
function validate_domain_name {
# count the number of dots in the domain name
dots=${TEST_DOMAIN_NAME//[^.]}
no_of_dots=${#dots}
if (( $no_of_dots > 3 )); then
TEST_DOMAIN_NAME="The domain $TEST_DOMAIN_NAME has too many subdomains. It should be of the type w.x.y.z, x.y.z or y.z"
fi
if (( $no_of_dots == 0 )); then
TEST_DOMAIN_NAME="The domain $TEST_DOMAIN_NAME has no top level domain. It should be of the type w.x.y.z, x.y.z or y.z"
fi
}
function interactive_configuration {
if [ ! -f /usr/local/bin/freedombone-config ]; then
if [ ! -f /usr/bin/freedombone-config ]; then
echo 'The command freedombone-config was not found'
exit 63935
fi
fi
freedombone-config \
-f $CONFIGURATION_FILE \
-w $FREEDOMBONE_WEBSITE \
-b $FREEDOMBONE_BITMESSAGE \
-m $MINIMUM_PASSWORD_LENGTH
if [ ! "$?" = "0" ]; then
echo 'Command failed:'
echo ''
echo " freedombone-config -u $MY_USERNAME -f $CONFIGURATION_FILE -w $FREEDOMBONE_WEBSITE -b $FREEDOMBONE_BITMESSAGE -m $MINIMUM_PASSWORD_LENGTH"
echo ''
exit 73594
fi
FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
dialog --title "Encrypted backup to other servers" \
--backtitle "Freedombone Configuration" \
--defaultno \
--yesno "\nDo you wish to configure some remote backup locations?" 7 60
sel=$?
case $sel in
0) interactive_configuration_remote_backups;;
esac
}
if [[ $1 == "menuconfig" ]]; then
interactive_configuration
else
while [[ $# > 1 ]]
do
key="$1"
case $key in
-h|--help)
show_help
;;
# load a configuration file
-c|--config)
shift
CONFIGURATION_FILE="$1"
INSTALLING_FROM_CONFIGURATION_FILE="yes"
break
;;
# username within /home
-u|--user)
shift
MY_USERNAME="$1"
;;
# microblog domain name
--microblogdomain)
shift
MICROBLOG_DOMAIN_NAME="$1"
;;
# wiki domain name
--wikidomain)
shift
WIKI_DOMAIN_NAME="$1"
;;
# blog domain name
--blogdomain)
shift
FULLBLOG_DOMAIN_NAME="$1"
;;
# owncloud domain name
--ownclouddomain)
shift
OWNCLOUD_DOMAIN_NAME="$1"
;;
# redmatrix domain name
--redmatrixdomain)
shift
REDMATRIX_DOMAIN_NAME="$1"
;;
# git hosting domain name
--gitdomain)
shift
GIT_DOMAIN_NAME="$1"
;;
# default domain name
-d|--domain)
shift
DEFAULT_DOMAIN_NAME="$1"
;;
# The type of system
-s|--system)
shift
SYSTEM_TYPE="$1"
;;
# The dynamic DNS provider
--ddns)
shift
DDNS_PROVIDER="$1"
;;
# Username for the synamic DNS provider
--ddnsuser)
shift
DDNS_USERNAME="$1"
;;
# Password for the synamic DNS provider
--ddnspass)
shift
DDNS_PASSWORD="$1"
;;
# Whether this installation is on a Beaglebone Black
--bbb)
INSTALLING_ON_BBB="yes"
;;
# Domain name to use as a TLS time source
-t|--time)
shift
TLS_TIME_SOURCE1="$1"
;;
# Static IP address for the system
--ip)
shift
LOCAL_NETWORK_STATIC_IP_ADDRESS=$1
;;
# IP address for the internet router
--iprouter)
shift
ROUTER_IP_ADDRESS=$1
;;
# ssh port
--ssh)
shift
SSH_PORT=$1
;;
# public mailing list name
--list)
shift
PUBLIC_MAILING_LIST="$1"
;;
# Number of CPU cores
--cores)
shift
CPU_CORES=$1
;;
# my name
--name)
shift
MY_NAME="$1"
;;
# my email address
--email)
shift
MY_EMAIL_ADDRESS="$1"
;;
# USB drive
--usb)
shift
USB_DRIVE=$1
;;
# Enable CJDNS
--cjdns)
shift
ENABLE_CJDNS="yes"
;;
# VoIP server password
--vpass)
shift
VOIP_SERVER_PASSWORD=$1
;;
# VoIP server port
--vport)
shift
VOIP_PORT=$1
;;
# DNS Nameserver 1
--ns1)
shift
NAMESERVER1=$1
;;
# DNS Nameserver 2
--ns2)
shift
NAMESERVER2=$1
;;
# Debian repository
--repo)
shift
DEBIAN_REPO=$1
;;
*)
# unknown option
;;
esac
shift
done
fi
function parse_args {
if [[ $NO_OF_ARGS == 0 ]]; then
echo 'no_of_args = 0'
show_help
exit 0
fi
if [ ! -d /home/$MY_USERNAME ]; then
echo "There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
exit 1
fi
if [ ! "$DEFAULT_DOMAIN_NAME" ]; then
echo 'No default domain specified'
show_help
exit 2
fi
if [ ! $MY_USERNAME ]; then
echo 'No username specified'
show_help
exit 3
fi
if [ ! $DDNS_USERNAME ]; then
echo 'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
exit 7823
fi
if [ ! $DDNS_PASSWORD ]; then
echo 'Please provide the password for your dynamic DNS provider with the --ddnspass option'
exit 6382
fi
if [ ! $SYSTEM_TYPE ]; then
SYSTEM_TYPE=$VARIANT_FULL
fi
if [[ $SYSTEM_TYPE != $VARIANT_WRITER && $SYSTEM_TYPE != $VARIANT_CLOUD && $SYSTEM_TYPE != $VARIANT_CHAT && $SYSTEM_TYPE != $VARIANT_MAILBOX && $SYSTEM_TYPE != $VARIANT_NONMAILBOX && $SYSTEM_TYPE != $VARIANT_SOCIAL && $SYSTEM_TYPE != $VARIANT_MEDIA && $SYSTEM_TYPE != $VARIANT_DEVELOPER && $SYSTEM_TYPE != $VARIANT_FULL ]]; then
echo "'$SYSTEM_TYPE' is an unrecognised Freedombone variant."
exit 30
fi
}
function read_configuration {
# if not installing on a Beaglebone then use sdb as the USB drive by default
if [ ! $INSTALLING_ON_BBB ]; then
if [[ $USB_DRIVE == /dev/sda1 ]]; then
USB_DRIVE=/dev/sdb1
fi
fi
if [[ $INSTALLING_FROM_CONFIGURATION_FILE == "yes" ]]; then
if [ ! -f $CONFIGURATION_FILE ]; then
echo "The configuration file $CONFIGURATION_FILE was not found"
exit 8935
fi
fi
if [ -f $CONFIGURATION_FILE ]; then
if grep -q "GIT_DOMAIN_NAME" $CONFIGURATION_FILE; then
GIT_DOMAIN_NAME=$(grep "GIT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GIT_CODE" $CONFIGURATION_FILE; then
GIT_CODE=$(grep "GIT_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SYSTEM_TYPE" $CONFIGURATION_FILE; then
SYSTEM_TYPE=$(grep "SYSTEM_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSL_PROTOCOLS" $CONFIGURATION_FILE; then
SSL_PROTOCOLS=$(grep "SSL_PROTOCOLS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSL_CIPHERS" $CONFIGURATION_FILE; then
SSL_CIPHERS=$(grep "SSL_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_CIPHERS" $CONFIGURATION_FILE; then
SSH_CIPHERS=$(grep "SSH_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_MACS" $CONFIGURATION_FILE; then
SSH_MACS=$(grep "SSH_MACS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_KEX" $CONFIGURATION_FILE; then
SSH_KEX=$(grep "SSH_KEX" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE; then
SSH_HOST_KEY_ALGORITHMS=$(grep "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_PASSWORDS" $CONFIGURATION_FILE; then
SSH_PASSWORDS=$(grep "SSH_PASSWORDS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "XMPP_CIPHERS" $CONFIGURATION_FILE; then
XMPP_CIPHERS=$(grep "XMPP_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "XMPP_ECC_CURVE" $CONFIGURATION_FILE; then
XMPP_ECC_CURVE=$(grep "XMPP_ECC_CURVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then
MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DOMAIN_NAME" $CONFIGURATION_FILE; then
# for backwards compatability
DEFAULT_DOMAIN_NAME=$(grep "DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
DEFAULT_DOMAIN_NAME=$(grep "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE; then
DEFAULT_DOMAIN_CODE=$(grep "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "NAMESERVER1" $CONFIGURATION_FILE; then
NAMESERVER1=$(grep "NAMESERVER1" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "NAMESERVER2" $CONFIGURATION_FILE; then
NAMESERVER2=$(grep "NAMESERVER2" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DEBIAN_REPO" $CONFIGURATION_FILE; then
DEBIAN_REPO=$(grep "DEBIAN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
fi
if grep -q "VOIP_PORT" $CONFIGURATION_FILE; then
VOIP_PORT=$(grep "VOIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then
VOIP_SERVER_PASSWORD=$(grep "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE; then
GET_IP_ADDRESS_URL=$(grep "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DDNS_PROVIDER" $CONFIGURATION_FILE; then
DDNS_PROVIDER=$(grep "DDNS_PROVIDER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DDNS_USERNAME" $CONFIGURATION_FILE; then
DDNS_USERNAME=$(grep "DDNS_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "DDNS_PASSWORD" $CONFIGURATION_FILE; then
DDNS_PASSWORD=$(grep "DDNS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE; then
LOCAL_NETWORK_STATIC_IP_ADDRESS=$(grep "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ENABLE_CJDNS" $CONFIGURATION_FILE; then
ENABLE_CJDNS=$(grep "ENABLE_CJDNS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CJDNS_IPV6" $CONFIGURATION_FILE; then
CJDNS_IPV6=$(grep "CJDNS_IPV6" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE; then
CJDNS_PUBLIC_KEY=$(grep "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE; then
CJDNS_PRIVATE_KEY=$(grep "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "BACKUP_CERTIFICATE" $CONFIGURATION_FILE; then
BACKUP_CERTIFICATE=$(grep "BACKUP_CERTIFICATE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE; then
ROUTER_IP_ADDRESS=$(grep "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GITHUB_USERNAME" $CONFIGURATION_FILE; then
GITHUB_USERNAME=$(grep "GITHUB_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GITHUB_BACKUP_DIRECTORY" $CONFIGURATION_FILE; then
GITHUB_BACKUP_DIRECTORY=$(grep "GITHUB_BACKUP_DIRECTORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "CPU_CORES" $CONFIGURATION_FILE; then
CPU_CORES=$(grep "CPU_CORES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE; then
WEBSERVER_LOG_LEVEL=$(grep "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE; then
ROUTE_THROUGH_TOR=$(grep "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "WIKI_TITLE" $CONFIGURATION_FILE; then
WIKI_TITLE=$(grep "WIKI_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_NAME" $CONFIGURATION_FILE; then
MY_NAME=$(grep "MY_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE; then
MY_EMAIL_ADDRESS=$(grep "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "INSTALLING_ON_BBB" $CONFIGURATION_FILE; then
INSTALLING_ON_BBB=$(grep "INSTALLING_ON_BBB" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "SSH_PORT" $CONFIGURATION_FILE; then
SSH_PORT=$(grep "SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE; then
INSTALLED_WITHIN_DOCKER=$(grep "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE; then
PUBLIC_MAILING_LIST=$(grep "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
MICROBLOG_DOMAIN_NAME=$(grep "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MICROBLOG_CODE" $CONFIGURATION_FILE; then
MICROBLOG_CODE=$(grep "MICROBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "REDMATRIX_DOMAIN_NAME" $CONFIGURATION_FILE; then
REDMATRIX_DOMAIN_NAME=$(grep "REDMATRIX_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "REDMATRIX_CODE" $CONFIGURATION_FILE; then
REDMATRIX_CODE=$(grep "REDMATRIX_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE; then
OWNCLOUD_DOMAIN_NAME=$(grep "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "OWNCLOUD_CODE" $CONFIGURATION_FILE; then
OWNCLOUD_CODE=$(grep "OWNCLOUD_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE; then
WIKI_DOMAIN_NAME=$(grep "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "WIKI_CODE" $CONFIGURATION_FILE; then
WIKI_CODE=$(grep "WIKI_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
FULLBLOG_DOMAIN_NAME=$(grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "FULLBLOG_CODE" $CONFIGURATION_FILE; then
FULLBLOG_CODE=$(grep "FULLBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_BLOG_TITLE" $CONFIGURATION_FILE; then
MY_BLOG_TITLE=$(grep "MY_BLOG_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE; then
MY_BLOG_SUBTITLE=$(grep "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE; then
GPG_ENCRYPT_STORED_EMAIL=$(grep "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE; then
MY_GPG_PUBLIC_KEY=$(grep "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE; then
MY_GPG_PRIVATE_KEY=$(grep "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE; then
MY_GPG_PUBLIC_KEY_ID=$(grep "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "USB_DRIVE" $CONFIGURATION_FILE; then
USB_DRIVE=$(grep "USB_DRIVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "MAX_PHP_MEMORY" $CONFIGURATION_FILE; then
MAX_PHP_MEMORY=$(grep "MAX_PHP_MEMORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "TLS_TIME_SOURCE1" $CONFIGURATION_FILE; then
TLS_TIME_SOURCE1=$(grep "TLS_TIME_SOURCE1" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "TLS_TIME_SOURCE2" $CONFIGURATION_FILE; then
TLS_TIME_SOURCE2=$(grep "TLS_TIME_SOURCE2" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
fi
}
# check an individual domain name
function test_domain_name {
if [ $1 ]; then
TEST_DOMAIN_NAME=$1
validate_domain_name
if [[ $TEST_DOMAIN_NAME != $1 ]]; then
echo $TEST_DOMAIN_NAME
exit 8528
fi
fi
}
# check that domain names are sensible
function check_domains {
if [ $WIKI_DOMAIN_NAME ]; then
test_domain_name "$WIKI_DOMAIN_NAME"
if [[ "$WIKI_DOMAIN_NAME" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
echo 'Wiki domain name is the same as Owncloud domain name. They must be different'
exit 73863
fi
if [[ "$WIKI_DOMAIN_NAME" == "$FULLBLOG_DOMAIN_NAME" ]]; then
echo 'Wiki domain name is the same as blog domain name. They must be different'
exit 97326
fi
if [[ "$WIKI_DOMAIN_NAME" == "$MICROBLOG_DOMAIN_NAME" ]]; then
echo 'Wiki domain name is the same as microblog domain name. They must be different'
exit 36827
fi
if [[ "$WIKI_DOMAIN_NAME" == "$REDMATRIX_DOMAIN_NAME" ]]; then
echo 'Wiki domain name is the same as redmatrix domain name. They must be different'
exit 93637
fi
fi
if [ $OWNCLOUD_DOMAIN_NAME ]; then
test_domain_name "$OWNCLOUD_DOMAIN_NAME"
if [[ "$OWNCLOUD_DOMAIN_NAME" == "$WIKI_DOMAIN_NAME" ]]; then
echo 'Owncloud domain name is the same as wiki domain name. They must be different'
exit 37994
fi
if [[ "$OWNCLOUD_DOMAIN_NAME" == "$FULLBLOG_DOMAIN_NAME" ]]; then
echo 'Owncloud domain name is the same as blog domain name. They must be different'
exit 37936
fi
if [[ "$OWNCLOUD_DOMAIN_NAME" == "$MICROBLOG_DOMAIN_NAME" ]]; then
echo 'Owncloud domain name is the same as microblog domain name. They must be different'
exit 36896
fi
if [[ "$OWNCLOUD_DOMAIN_NAME" == "$REDMATRIX_DOMAIN_NAME" ]]; then
echo 'Owncloud domain name is the same as redmatrix domain name. They must be different'
exit 79362
fi
fi
if [ $FULLBLOG_DOMAIN_NAME ]; then
test_domain_name "$FULLBLOG_DOMAIN_NAME"
if [[ "$FULLBLOG_DOMAIN_NAME" == "$WIKI_DOMAIN_NAME" ]]; then
echo 'Blog domain name is the same as wiki domain name. They must be different'
exit 62348
fi
if [[ "$FULLBLOG_DOMAIN_NAME" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
echo 'Blog domain name is the same as Owncloud domain name. They must be different'
exit 84682
fi
if [[ "$FULLBLOG_DOMAIN_NAME" == "$MICROBLOG_DOMAIN_NAME" ]]; then
echo 'Blog domain name is the same as microblog domain name. They must be different'
exit 38236
fi
if [[ "$FULLBLOG_DOMAIN_NAME" == "$REDMATRIX_DOMAIN_NAME" ]]; then
echo 'Blog domain name is the same as redmatrix domain name. They must be different'
exit 36813
fi
fi
if [ $MICROBLOG_DOMAIN_NAME ]; then
test_domain_name "$MICROBLOG_DOMAIN_NAME"
if [[ "$MICROBLOG_DOMAIN_NAME" == "$WIKI_DOMAIN_NAME" ]]; then
echo 'Microblog domain name is the same as wiki domain name. They must be different'
exit 73924
fi
if [[ "$MICROBLOG_DOMAIN_NAME" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
echo 'Microblog domain name is the same as Owncloud domain name. They must be different'
exit 73683
fi
if [[ "$MICROBLOG_DOMAIN_NAME" == "$FULLBLOG_DOMAIN_NAME" ]]; then
echo 'Microblog domain name is the same as blog domain name. They must be different'
exit 26832
fi
if [[ "$MICROBLOG_DOMAIN_NAME" == "$REDMATRIX_DOMAIN_NAME" ]]; then
echo 'Microblog domain name is the same as redmatrix domain name. They must be different'
exit 36373
fi
fi
if [ $REDMATRIX_DOMAIN_NAME ]; then
test_domain_name "$REDMATRIX_DOMAIN_NAME"
if [[ "$REDMATRIX_DOMAIN_NAME" == "$WIKI_DOMAIN_NAME" ]]; then
echo 'RedMatrix domain name is the same as wiki domain name. They must be different'
exit 83682
fi
if [[ "$REDMATRIX_DOMAIN_NAME" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
echo 'RedMatrix domain name is the same as Owncloud domain name. They must be different'
exit 65192
fi
if [[ "$REDMATRIX_DOMAIN_NAME" == "$FULLBLOG_DOMAIN_NAME" ]]; then
echo 'RedMatrix domain name is the same as blog domain name. They must be different'
exit 74817
fi
if [[ "$REDMATRIX_DOMAIN_NAME" == "$MICROBLOG_DOMAIN_NAME" ]]; then
echo 'RedMatrix domain name is the same as microblog domain name. They must be different'
exit 83683
fi
fi
}
# Checks whether certificates were generated for the given hostname
function check_certificates {
if [ ! $1 ]; then
return
fi
if [ ! -f /etc/ssl/private/$1.key ]; then
echo "Private certificate for $CHECK_HOSTNAME was not created"
exit 63959
fi
if [ ! -f /etc/ssl/certs/$1.crt ]; then
echo "Public certificate for $CHECK_HOSTNAME was not created"
exit 7679
fi
if [ ! -f /etc/ssl/certs/$1.dhparam ]; then
echo "DiffieHellman parameters for $CHECK_HOSTNAME were not created"
exit 5989
fi
}
function install_not_on_BBB {
if grep -Fxq "install_not_on_BBB" $COMPLETION_FILE; then
return
fi
if [[ INSTALLING_ON_BBB == "yes" ]]; then
return
fi
echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces
echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The loopback network interface' >> /etc/network/interfaces
echo 'auto lo' >> /etc/network/interfaces
echo 'iface lo inet loopback' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The primary network interface' >> /etc/network/interfaces
echo 'auto eth0' >> /etc/network/interfaces
echo 'iface eth0 inet static' >> /etc/network/interfaces
echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces
echo ' netmask 255.255.255.0' >> /etc/network/interfaces
echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces
echo " dns-nameservers $NAMESERVER1 $NAMESERVER2" >> /etc/network/interfaces
echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces
echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# The secondary network interface' >> /etc/network/interfaces
echo '#auto eth1' >> /etc/network/interfaces
echo '#iface eth1 inet dhcp' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# WiFi Example' >> /etc/network/interfaces
echo '#auto wlan0' >> /etc/network/interfaces
echo '#iface wlan0 inet dhcp' >> /etc/network/interfaces
echo '# wpa-ssid "essid"' >> /etc/network/interfaces
echo '# wpa-psk "password"' >> /etc/network/interfaces
echo '' >> /etc/network/interfaces
echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces
echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces
echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces
echo '#iface usb0 inet static' >> /etc/network/interfaces
echo '# address 192.168.7.2' >> /etc/network/interfaces
echo '# netmask 255.255.255.0' >> /etc/network/interfaces
echo '# network 192.168.7.0' >> /etc/network/interfaces
echo '# gateway 192.168.7.1' >> /etc/network/interfaces
echo 'install_not_on_BBB' >> $COMPLETION_FILE
}
function randomize_cron {
# The predictable default timing of Debian cron jobs might
# be exploitable knowledge. Avoid too much predictability
# by randomizing the times when cron jobs run
if grep -Fxq "randomize_cron" $COMPLETION_FILE; then
return
fi
# randomize the day on which the weekly cron job runs
randdow=$(($RANDOM%6+1))
sed -i "s|\* \* 7|* * $randdow|g" /etc/crontab
# randomize the time when the weekly cron job runs
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%3+1))
sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
# randomize the time when the daily cron job runs
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%3+4))
sed -i "s|25 6\t\* \* \*|$randmin $randhr\t* * *|g" /etc/crontab
# randomize the time when the hourly cron job runs
randmin=$(($RANDOM%60))
sed -i "s|17 \*\t|$randmin *\t|g" /etc/crontab
# randomize monthly cron job time and day
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%22+1))
randdom=$(($RANDOM%27+1))
sed -i "s|52 6\t|$randmin $randhr\t|g" /etc/crontab
sed -i "s|\t1 \* \*|\t$randdom * *|g" /etc/crontab
service cron restart
echo 'randomize_cron' >> $COMPLETION_FILE
}
function get_cjdns_public_key {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PUBLIC_KEY ]; then
CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function get_cjdns_private_key {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PRIVATE_KEY ]; then
CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function get_cjdns_ipv6_address {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_IPV6 ]; then
CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function get_cjdns_port {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns port" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PORT ]; then
CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function get_cjdns_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns password" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PASSWORD ]; then
CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function install_cjdns {
if grep -Fxq "install_cjdns" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_CJDNS != "yes" ]]; then
return
fi
apt-get -y install nodejs git build-essential nmap
# if a README exists then obtain the cjdns parameters
get_cjdns_ipv6_address
get_cjdns_public_key
get_cjdns_private_key
get_cjdns_port
get_cjdns_password
# special compile settings for running ./do on the Beaglebone Black
if [[ $INSTALLING_ON_BBB == "yes" ]]; then
CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
export LDFLAGS="$CFLAGS"
fi
if [ ! -d /etc/cjdns ]; then
git clone https://github.com/cjdelisle/cjdns.git /etc/cjdns
cd /etc/cjdns
./do
if [ ! "$?" = "0" ]; then
exit 7439
fi
# create a configuration
if [ ! -f /etc/cjdns/cjdroute.conf ]; then
./cjdroute --genconf > /etc/cjdns/cjdroute.conf
if [ ! "$?" = "0" ]; then
exit 5922
fi
fi
# create a user to run as
useradd cjdns
else
cd /etc/cjdns
git pull
./do
if [ ! "$?" = "0" ]; then
exit 9926
fi
fi
# set permissions
chown -R cjdns:cjdns /etc/cjdns
chmod 600 /etc/cjdns/cjdroute.conf
/sbin/ip tuntap add mode tun user cjdns dev cjdroute0
# insert values into the configuration file
if [ $CJDNS_PRIVATE_KEY ]; then
sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_PUBLIC_KEY ]; then
sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_IPV6 ]; then
sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_PASSWORD ]; then
sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_PORT ]; then
sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
fi
# endure that ipv6 is enabled and can route
sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf
#sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf
#sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf
sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo '#!/bin/sh -e' > /etc/init.d/cjdns
echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
echo '# Provides: cjdroute' >> /etc/init.d/cjdns
echo '# Required-Start: $remote_fs $network' >> /etc/init.d/cjdns
echo '# Required-Stop: $remote_fs $network' >> /etc/init.d/cjdns
echo '# Default-Start: 2 3 4 5' >> /etc/init.d/cjdns
echo '# Default-Stop: 0 1 6' >> /etc/init.d/cjdns
echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
echo '# Description: A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
echo '# cjdns git repo: https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
echo '### END INIT INFO' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'start() {' >> /etc/init.d/cjdns
echo ' # Start it up with the user cjdns' >> /etc/init.d/cjdns
echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
echo ' then' >> /etc/init.d/cjdns
echo ' echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
echo ' else' >> /etc/init.d/cjdns
echo ' echo " * Starting cjdroute"' >> /etc/init.d/cjdns
echo ' su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
echo ' /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
echo ' /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
echo ' /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
echo ' /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
echo ' fi' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'stop() {' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo ' if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
echo ' then' >> /etc/init.d/cjdns
echo ' echo "cjdns isnt running."' >> /etc/init.d/cjdns
echo ' else' >> /etc/init.d/cjdns
echo ' echo "Killing cjdroute"' >> /etc/init.d/cjdns
echo ' killall cjdroute' >> /etc/init.d/cjdns
echo ' fi' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'status() {' >> /etc/init.d/cjdns
echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
echo ' then' >> /etc/init.d/cjdns
echo ' echo "Cjdns is running"' >> /etc/init.d/cjdns
echo ' else' >> /etc/init.d/cjdns
echo ' echo "Cjdns is not running"' >> /etc/init.d/cjdns
echo ' fi' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo ' update() {' >> /etc/init.d/cjdns
echo ' cd $GIT_PATH' >> /etc/init.d/cjdns
echo ' echo "Updating..."' >> /etc/init.d/cjdns
echo ' git pull' >> /etc/init.d/cjdns
echo ' ./do' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
echo ' echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
echo ' exit 1' >> /etc/init.d/cjdns
echo 'fi' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'case $1 in' >> /etc/init.d/cjdns
echo ' start)' >> /etc/init.d/cjdns
echo ' start' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' stop)' >> /etc/init.d/cjdns
echo ' stop' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' reload|restart|force-reload)' >> /etc/init.d/cjdns
echo ' stop' >> /etc/init.d/cjdns
echo ' sleep 1' >> /etc/init.d/cjdns
echo ' start' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' status)' >> /etc/init.d/cjdns
echo ' status' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' update|upgrade)' >> /etc/init.d/cjdns
echo ' update' >> /etc/init.d/cjdns
echo ' stop' >> /etc/init.d/cjdns
echo ' sleep 2' >> /etc/init.d/cjdns
echo ' start' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' **)' >> /etc/init.d/cjdns
echo ' echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
echo ' exit 1' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo 'esac' >> /etc/init.d/cjdns
chmod +x /etc/init.d/cjdns
update-rc.d cjdns defaults
service cjdns start
if [ ! "$?" = "0" ]; then
systemctl status cjdns.service
exit 8260
fi
apt-get -y install radvd
echo 'interface eth0' > /etc/radvd.conf
echo '{' >> /etc/radvd.conf
echo ' AdvSendAdvert on;' >> /etc/radvd.conf
echo ' prefix fdfc::1/64' >> /etc/radvd.conf
echo ' {' >> /etc/radvd.conf
echo ' AdvRouterAddr on;' >> /etc/radvd.conf
echo ' };' >> /etc/radvd.conf
echo '};' >> /etc/radvd.conf
service radvd restart
if [ ! "$?" = "0" ]; then
systemctl status radvd.service
exit 4395
fi
if ! grep -q "# Mesh network" /etc/network/interfaces; then
echo '' >> /etc/network/interfaces
echo '# Mesh network' >> /etc/network/interfaces
echo 'iface eth0 inet6 static' >> /etc/network/interfaces
echo ' pre-up modprobe ipv6' >> /etc/network/interfaces
echo ' address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
echo ' netmask 64' >> /etc/network/interfaces
service networking restart
if [ ! "$?" = "0" ]; then
systemctl status networking.service
exit 6949
fi
fi
ip6tables -A INPUT -i eth0 -p udp --dport $CJDNS_PORT -j ACCEPT
ip6tables -A INPUT -i eth0 -p tcp --dport $CJDNS_PORT -j ACCEPT
save_firewall_settings
if ! grep -q "Mesh Networking" /home/$MY_USERNAME/README; then
CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Mesh Networking' >> /home/$MY_USERNAME/README
echo '===============' >> /home/$MY_USERNAME/README
echo "cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
echo "cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
echo "cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
echo "cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
echo "cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo "Forward port $CJDNS_PORT from your internet router to the Freedombone" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
echo 'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
echo 'to you using your default password' >> /home/$MY_USERNAME/README
echo 'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
echo 'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
echo 'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
echo 'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
echo 'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
echo 'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
echo 'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
echo 'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
echo 'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
echo 'each password is for.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
echo ' http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
echo ' http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo 'install_cjdns' >> $COMPLETION_FILE
}
function install_cjdns_tools {
if grep -Fxq "install_cjdns_tools" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_CJDNS != "yes" ]]; then
return
fi
if [ ! -d /etc/cjdns ]; then
install_cjdns
fi
apt-get -y install golang mercurial
if [ ! -f ~/.bashrc ]; then
touch ~/.bashrc
fi
if ! grep -q "export GOPATH=" ~/.bashrc; then
echo 'export GOPATH=$HOME/projects/go' >> ~/.bashrc
fi
if ! grep -q "export PATH=$PATH:$HOME/projects/go/bin" ~/.bashrc; then
echo 'export PATH=$PATH:$HOME/projects/go/bin' >> ~/.bashrc
fi
. ~/.bashrc
export GOPATH=$HOME/projects/go
export PATH=$PATH:$HOME/projects/go/bin
go get github.com/inhies/cjdcmd
if [ ! -f $HOME/projects/go/bin/cjdcmd ]; then
echo 'cjdcmd was not compiled. Check your golang installation'
exit 7439
fi
cp $HOME/projects/go/bin/cjdcmd /usr/bin
# initialise from the cjdns config
/usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
echo 'install_cjdns_tools' >> $COMPLETION_FILE
}
function remove_instructions_from_motd {
sed -i '/## /d' /etc/motd
}
function check_hwrng {
# If hardware random number generation was enabled then make sure that the device exists.
# if /dev/hwrng is not found then any subsequent cryptographic key generation would
# suffer from low entropy and might be insecure
if [ ! -f /etc/default/rng-tools ]; then
return
fi
if [ ! -e /dev/hwrng ]; then
ls /dev/hw*
echo 'The hardware random number generator is enabled but could not be detected on'
echo '/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.'
exit 75
fi
}
function get_mariadb_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "MariaDB password" /home/$MY_USERNAME/README; then
if [ -f $DATABASE_PASSWORD_FILE ]; then
MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE)
else
MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
chmod 600 $DATABASE_PASSWORD_FILE
fi
fi
fi
}
function get_mariadb_gnusocial_admin_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "MariaDB gnusocial admin password" /home/$MY_USERNAME/README; then
MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
}
function get_mariadb_redmatrix_admin_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "MariaDB Red Matrix admin password" /home/$MY_USERNAME/README; then
REDMATRIX_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB Red Matrix admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
}
function get_mariadb_owncloud_admin_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Owncloud database password" /home/$MY_USERNAME/README; then
OWNCLOUD_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Owncloud database password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
}
# For rsyncrypto usage see http://archive09.linux.com/feature/125322
function create_backup_script {
if grep -Fxq "create_backup_script" $COMPLETION_FILE; then
return
fi
apt-get -y install rsyncrypto
get_mariadb_password
get_mariadb_gnusocial_admin_password
get_mariadb_redmatrix_admin_password
get_mariadb_owncloud_admin_password
echo '#!/bin/bash' > /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "USB_DRIVE=$USB_DRIVE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ $1 ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' USB_DRIVE=/dev/${1}1' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! -b $USB_DRIVE ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Please attach a USB drive"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 1' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo -n ' mount $USB_DRIVE ' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "$USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT/backup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir $USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT/backup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " echo 'There was a problem making the directory $USB_MOUNT/backup.'" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 27' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Creating backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' makecert backup' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -f $BACKUP_CERTIFICATE.gpg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "GPG encrypt the backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " gpg -c $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "cp $BACKUP_CERTIFICATE.gpg $USB_MOUNT/backup/key.gpg" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# MariaDB password' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
BACKUP_INCLUDES_DATABASES="yes"
echo "if [ ! -d $USB_MOUNT/backup/gnusocial ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/gnusocial" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT/backup/gnusocialdata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/gnusocialdata" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d /root/tempgnusocialdata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p /root/tempgnusocialdata" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'echo "Obtaining GNU Social database backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'mysqldump --password=$DATABASE_PASSWORD gnusocial > /root/tempgnusocialdata/gnusocial.sql' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -s /root/tempgnusocialdata/gnusocial.sql ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "GNU social database could not be saved"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " fi" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' shred -zu /root/tempgnusocialdata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 296' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "fi" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /root/tempgnusocialdata $USB_MOUNT/backup/gnusocialdata $USB_MOUNT/backup/gnusocialdata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 853' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'shred -zu /root/tempgnusocialdata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'rm -rf /root/tempgnusocialdata' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'echo "Backing up GNU social installation"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /var/www/$MICROBLOG_DOMAIN_NAME/htdocs $USB_MOUNT/backup/gnusocial $USB_MOUNT/backup/gnusocial.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 846' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
fi
if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then
BACKUP_INCLUDES_DATABASES="yes"
echo "if [ ! -d $USB_MOUNT/backup/redmatrix ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/redmatrix" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT/backup/redmatrixdata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/redmatrixdata" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d /root/tempredmatrixdata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p /root/tempredmatrixdata" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'echo "Obtaining Red Matrix database backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'mysqldump --password=$DATABASE_PASSWORD redmatrix > /root/tempredmatrixdata/redmatrix.sql' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -s /root/tempredmatrixdata/redmatrix.sql ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Red Matrix database could not be saved"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " fi" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' shred -zu /root/tempredmatrixdata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 378' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "fi" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /root/tempredmatrixdata $USB_MOUNT/backup/redmatrixdata $USB_MOUNT/backup/redmatrixdata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 285' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'shred -zu /root/tempredmatrixdata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'rm -rf /root/tempredmatrixdata' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'echo "Backing up Red Matrix installation"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /var/www/$REDMATRIX_DOMAIN_NAME/htdocs $USB_MOUNT/backup/redmatrix $USB_MOUNT/backup/redmatrix.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 593' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
fi
if grep -Fxq "install_owncloud" $COMPLETION_FILE; then
BACKUP_INCLUDES_DATABASES="yes"
echo "if [ ! -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/owncloud" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT/backup/owncloud2 ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/owncloud2" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT/backup/ownclouddata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/ownclouddata" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d /root/tempownclouddata ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p /root/tempownclouddata" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'mysqldump --password=$DATABASE_PASSWORD owncloud > /root/tempownclouddata/owncloud.sql' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -s /root/tempownclouddata/owncloud.sql ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Owncloud database could not be saved"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " fi" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' shred -zu /root/tempownclouddata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 377' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "fi" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /root/tempownclouddata $USB_MOUNT/backup/ownclouddata $USB_MOUNT/backup/ownclouddata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 188' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'shred -zu /root/tempownclouddata/*' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'rm -rf /root/tempownclouddata' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'echo "Obtaining Owncloud data backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /var/lib/owncloud $USB_MOUNT/backup/owncloud $USB_MOUNT/backup/owncloud.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 632' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /etc/owncloud $USB_MOUNT/backup/owncloud2 $USB_MOUNT/backup/owncloud2.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 632' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
fi
if grep -Fxq "install_wiki" $COMPLETION_FILE; then
echo "if [ ! -d $USB_MOUNT/backup/wiki ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/wiki" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT/backup/wiki2 ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/wiki2" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'echo "Obtaining wiki data backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /var/lib/dokuwiki $USB_MOUNT/backup/wiki $USB_MOUNT/backup/wiki.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 964' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /etc/dokuwiki $USB_MOUNT/backup/wiki2 $USB_MOUNT/backup/wiki2.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 964' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
fi
if grep -Fxq "install_blog" $COMPLETION_FILE; then
echo "if [ ! -d $USB_MOUNT/backup/blog ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/blog" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'echo "Obtaining blog backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /var/www/$FULLBLOG_DOMAIN_NAME/htdocs $USB_MOUNT/backup/blog $USB_MOUNT/backup/blog.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 854' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
fi
if grep -Fxq "install_cjdns" $COMPLETION_FILE; then
echo "if [ ! -d $USB_MOUNT/backup/cjdns ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/cjdns" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'echo "Obtaining cjdns backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /etc/cjdns $USB_MOUNT/backup/blog $USB_MOUNT/backup/cjdns.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 7438' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
fi
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup certificates' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /etc/ssl ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up certificates"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/ssl ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/ssl" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /etc/ssl $USB_MOUNT/backup/ssl $USB_MOUNT/backup/ssl.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 343' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup projects' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /home/$MY_USERNAME/projects ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up projects"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/projects ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/projects" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /home/$MY_USERNAME/projects $USB_MOUNT/backup/projects $USB_MOUNT/backup/projects.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 873' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup personal settings' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /home/$MY_USERNAME/personal ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up personal settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/personal ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/personal" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /home/$MY_USERNAME/personal $USB_MOUNT/backup/personal $USB_MOUNT/backup/personal.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 649' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup the public mailing list' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up the public mailing list"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/mailinglist ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/mailinglist" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r $PUBLIC_MAILING_LIST_DIRECTORY $USB_MOUNT/backup/mailinglist $USB_MOUNT/backup/mailinglist.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 938' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup xmpp settings' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up the XMPP settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/xmpp ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/xmpp" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r $XMPP_DIRECTORY $USB_MOUNT/backup/xmpp $USB_MOUNT/backup/xmpp.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 593' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup gpg keys' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /home/$MY_USERNAME/.gnupg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up gpg keys"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/gnupg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/gnupg" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /home/$MY_USERNAME/.gnupg $USB_MOUNT/backup/gnupg $USB_MOUNT/backup/gnupg.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 491' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup ssh keys' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /home/$MY_USERNAME/.ssh ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up ssh keys"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/ssh ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/ssh" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /home/$MY_USERNAME/.ssh $USB_MOUNT/backup/ssh $USB_MOUNT/backup/ssh.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 731' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup web sites' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /etc/nginx ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up web settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/web ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/web" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /etc/nginx/sites-available $USB_MOUNT/backup/web $USB_MOUNT/backup/web.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 848' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup README file' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -f /home/$MY_USERNAME/README ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up README"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/readme ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/readme" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " cp -f /home/$MY_USERNAME/README /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup $USB_MOUNT/backup/readme $USB_MOUNT/backup/readme.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 848' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup Mutt settings' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -f /home/$MY_USERNAME/.muttrc ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up Mutt settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " cp /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ -f /etc/Muttrc ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " cp /etc/Muttrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/mutt ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/mutt" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup $USB_MOUNT/backup/mutt $USB_MOUNT/backup/mutt.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 492' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup procmail settings' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -f /home/$MY_USERNAME/.procmailrc ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up procmail settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " cp /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/procmail ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/procmail" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup $USB_MOUNT/backup/procmail $USB_MOUNT/backup/procmail.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 492' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup email' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /home/$MY_USERNAME/Maildir ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Creating an email archive"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! -d /root/backupemail ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p /root/backupemail" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " tar -czvf /root/backupemail/maildir.tar.gz /home/$MY_USERNAME/Maildir" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up emails"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/mail ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/mail" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /root/backupemail $USB_MOUNT/backup/mail $USB_MOUNT/backup/mail.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' rm -rf /root/backupemail' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 396' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' rm -rf /root/backupemail' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup DLNA cache' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up DLNA cache"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/dlna" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /var/cache/minidlna $USB_MOUNT/backup/dlna $USB_MOUNT/backup/dlna.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 498' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '# Backup VoIP settings' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ -f /etc/$VOIP_CONFIG_FILE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Backing up VoIP settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " cp -f /etc/$VOIP_CONFIG_FILE /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " cp -f /var/lib/mumble-server/$VOIP_DATABASE /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " if [ ! -d $USB_MOUNT/backup/voip ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/voip" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup $USB_MOUNT/backup/voip $USB_MOUNT/backup/voip.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 2492' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then
echo '# Mysql settings' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT/backup/mariadb ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " mkdir -p $USB_MOUNT/backup/mariadb" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! -d /root/tempmariadb ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' mkdir /root/tempmariadb' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'mysqldump --password=$DATABASE_PASSWORD mysql user > /root/tempmariadb/mysql.sql' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "if [ ! -s /root/tempmariadb/mysql.sql ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' echo "Unable to backup mysql settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' rm -rf /root/tempmariadb' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 653' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'echo "$DATABASE_PASSWORD" > /root/tempmariadb/db' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'chmod 400 /root/tempmariadb/db' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rsyncrypto -v -r /root/tempmariadb $USB_MOUNT/backup/mariadb $USB_MOUNT/backup/mariadb.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo ' exit 794' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'shred -zu /root/tempmariadb/*' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'rm -rf /root/tempmariadb' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
fi
echo 'sync' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "umount $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo "rm -rf $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'echo "Backup to USB drive is complete. You can now unplug it."' >> /usr/bin/$BACKUP_SCRIPT_NAME
echo 'exit 0' >> /usr/bin/$BACKUP_SCRIPT_NAME
chmod 400 /usr/bin/$BACKUP_SCRIPT_NAME
chmod +x /usr/bin/$BACKUP_SCRIPT_NAME
echo 'create_backup_script' >> $COMPLETION_FILE
}
function create_restore_script {
if grep -Fxq "create_restore_script" $COMPLETION_FILE; then
return
fi
apt-get -y install rsyncrypto
get_mariadb_password
get_mariadb_gnusocial_admin_password
get_mariadb_redmatrix_admin_password
get_mariadb_owncloud_admin_password
echo '#!/bin/bash' > /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "USB_DRIVE=$USB_DRIVE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'if [ $1 ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' USB_DRIVE=/dev/${1}1' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'if [ ! -b $USB_DRIVE ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Please attach a USB drive"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 1' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " mkdir $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo -n ' mount $USB_DRIVE ' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "$USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ ! -d $USB_MOUNT/backup ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "No backup directory found on the USB drive."' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 2' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'echo "Checking that user exists"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ ! -d /home/$MY_USERNAME ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " echo 'Username $MY_USERNAME not found. Reinstall Freedombone with this username.'" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 295' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'echo "Copying GPG keys to root"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "cp -r /home/$MY_USERNAME/.gnupg /root" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -f $USB_MOUNT/backup/key.gpg ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ -f $BACKUP_CERTIFICATE.new ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm $BACKUP_CERTIFICATE.new" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp $USB_MOUNT/backup/key.gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ -f /root/tempbackupkey ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Backup key decrypted"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp /root/tempbackupkey $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " shred -zu /root/tempbackupkey" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " chmod 400 $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Backup certificate installed"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' else' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Unable to decrypt the backup key"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 735' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " echo 'No backup key was found. Copy your backup key to $BACKUP_CERTIFICATE'" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 563' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '# MariaDB password' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '# Make a backup of the original README file' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '# incase old passwords need to be used' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -f /home/$MY_USERNAME/README ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ ! -f /home/$MY_USERNAME/README_original ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp /home/$MY_USERNAME/README /home/$MY_USERNAME/README_original" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then
echo "if [ -d $USB_MOUNT/backup/mariadb ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring mysql settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -d /root/tempmariadb ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempmariadb' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/mariadb /root/tempmariadb $USB_MOUNT/backup/mariadb.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Get the MariaDB password from the backup"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -f /root/tempmariadb/usb/backup/mariadb/tempmariadb/db ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "MariaDB password file not found"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 495' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' BACKUP_MARIADB_PASSWORD=$(cat /root/tempmariadb/usb/backup/mariadb/tempmariadb/db)' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [[ $BACKUP_MARIADB_PASSWORD != $DATABASE_PASSWORD ]]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restore the MariaDB user table"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD mysql -o < /root/tempmariadb/usb/backup/mariadb/tempmariadb/mysql.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Try again using the password obtained from backup"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mysqlsuccess=$(mysql -u root --password=$BACKUP_MARIADB_PASSWORD mysql -o < /root/tempmariadb/usb/backup/mariadb/tempmariadb/mysql.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 962' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restarting database"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' service mysql restart' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Change the MariaDB password to the backup version"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' DATABASE_PASSWORD=$BACKUP_MARIADB_PASSWORD' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' shred -zu /root/tempmariadb/usb/backup/mariadb/tempmariadb/db' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempmariadb' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' # Change database password file' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo -n ' echo "$DATABASE_PASSWORD" > ' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "$DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " chmod 600 $DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
fi
echo "if [ -d $USB_MOUNT/backup/mutt ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring Mutt settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempmutt' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/mutt /root/tempmutt $USB_MOUNT/backup/mutt.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ -f /root/tempmutt/usb/backup/mutt/$MY_USERNAME/tempbackup/.muttrc ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -f /root/tempmutt/usb/backup/mutt/$MY_USERNAME/tempbackup/.muttrc /home/$MY_USERNAME/.muttrc" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ -f /root/tempmutt/usb/backup/mutt/$MY_USERNAME/tempbackup/Muttrc ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -f /root/tempmutt/usb/backup/mutt/$MY_USERNAME/tempbackup/Muttrc /etc/Muttrc" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/gnupg ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring gnupg settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempgnupg' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/gnupg /root/tempgnupg $USB_MOUNT/backup/gnupg.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempgnupg/usb/backup/gnupg/$MY_USERNAME/.gnupg /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /home/$MY_USERNAME/.gnupg /root" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 283' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/procmail ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring procmail settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempprocmail' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/procmail /root/tempprocmail $USB_MOUNT/backup/procmail.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -f /root/tempprocmail/usb/backup/procmail/$MY_USERNAME/tempbackup/.procmailrc /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/readme ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring README"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempreadme' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/readme /root/tempreadme $USB_MOUNT/backup/readme.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -f /root/tempreadme/usb/backup/readme/$MY_USERNAME/tempbackup/README /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/ssh ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring ssh keys"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempssh' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/ssh /root/tempssh $USB_MOUNT/backup/ssh.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempssh/usb/backup/ssh/$MY_USERNAME/.ssh /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 664' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/ssl ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring certificates"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempssl' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/ssl /root/tempssl $USB_MOUNT/backup/ssl.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' cp -r /root/tempssl/usb/backup/ssl/ssl/* /etc/ssl' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempssl' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/projects ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring projects"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempprojects' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/projects /root/tempprojects $USB_MOUNT/backup/projects.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ -d /home/$MY_USERNAME/projects ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/projects" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " mv /root/tempprojects/usb/backup/projects/$MY_USERNAME/projects /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 166' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempprojects' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/personal ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring personal settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/temppersonal' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/personal /root/temppersonal $USB_MOUNT/backup/personal.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ -d /home/$MY_USERNAME/personal ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/personal" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " mv /root/temppersonal/usb/backup/personal/$MY_USERNAME/personal /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 184' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/temppersonal' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring public mailing list"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempmailinglist' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/mailinglist /root/tempmailinglist $USB_MOUNT/backup/mailinglist.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempmailinglist/usb/backup/mailinglist/spool/mlmmj/* $PUBLIC_MAILING_LIST_DIRECTORY" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 526' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempmailinglist' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring XMPP settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempxmpp' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/xmpp /root/tempxmpp $USB_MOUNT/backup/xmpp.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempxmpp/usb/backup/xmpp/lib/prosody/* $XMPP_DIRECTORY" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 725' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempxmpp' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' service prosody restart' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' chown -R prosody:prosody /var/lib/prosody/*' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
BACKUP_INCLUDES_WEBSITES="no"
if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
BACKUP_INCLUDES_WEBSITES="yes"
echo "if [ -d $USB_MOUNT/backup/gnusocial ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring microblog database"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -d /root/tempgnusocialdata ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempgnusocialdata' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/gnusocialdata /root/tempgnusocialdata $USB_MOUNT/backup/gnusocialdata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -f /root/tempgnusocialdata/usb/backup/gnusocialdata/tempgnusocialdata/gnusocial.sql ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Unable to restore microblog database"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 503' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD gnusocial -o < /root/tempgnusocialdata/usb/backup/gnusocialdata/tempgnusocialdata/gnusocial.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 964' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' shred -zu /root/tempgnusocialdata/usb/backup/gnusocialdata/tempgnusocialdata/*' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring microblog installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -d /root/tempgnusocial ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempgnusocial' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/gnusocial /root/tempgnusocial $USB_MOUNT/backup/gnusocial.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf /var/www/$MICROBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " mv /root/tempgnusocial/usb/backup/gnusocial/www/$MICROBLOG_DOMAIN_NAME/htdocs /var/www/$MICROBLOG_DOMAIN_NAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 683' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempgnusocial' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
fi
if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then
BACKUP_INCLUDES_WEBSITES="yes"
echo "if [ -d $USB_MOUNT/backup/redmatrix ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring Red Matrix database"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -d /root/tempredmatrixdata ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempredmatrixdata' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/redmatrixdata /root/tempredmatrixdata $USB_MOUNT/backup/redmatrixdata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -f /root/tempredmatrixdata/usb/backup/redmatrixdata/tempredmatrixdata/redmatrix.sql ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Unable to restore Red Matrix database"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 504' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD redmatrix -o < /root/tempredmatrixdata/usb/backup/redmatrixdata/tempredmatrixdata/redmatrix.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 965' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' shred -zu /root/tempredmatrixdata/usb/backup/redmatrixdata/tempredmatrixdata/*' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring Red Matrix installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -d /root/tempredmatrix ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempredmatrix' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/redmatrix /root/tempredmatrix $USB_MOUNT/backup/redmatrix.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf /var/www/$REDMATRIX_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempredmatrix/usb/backup/redmatrix/www/$REDMATRIX_DOMAIN_NAME/htdocs/* /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' else' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " mv /root/tempredmatrix/usb/backup/redmatrix/www/$REDMATRIX_DOMAIN_NAME/htdocs /var/www/$REDMATRIX_DOMAIN_NAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 759' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempredmatrix' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " chown -R www-data:www-data /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/*" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
fi
if grep -Fxq "install_owncloud" $COMPLETION_FILE; then
BACKUP_INCLUDES_WEBSITES="yes"
echo "if [ -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring owncloud database"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -d /root/tempownclouddata ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempownclouddata' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/ownclouddata /root/tempownclouddata $USB_MOUNT/backup/ownclouddata.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -f /root/tempownclouddata/usb/backup/ownclouddata/tempownclouddata/owncloud.sql ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Unable to restore Owncloud database"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 505' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD owncloud -o < /root/tempownclouddata/usb/backup/ownclouddata/tempownclouddata/owncloud.sql)' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 965' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring Owncloud installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -d /root/tempowncloud ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempowncloud' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! -d /root/tempowncloud2 ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempowncloud2' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/owncloud /root/tempowncloud $USB_MOUNT/backup/owncloud.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempowncloud/usb/backup/owncloud/lib/owncloud/* /var/lib/owncloud/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 981' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/owncloud2 /root/tempowncloud2 $USB_MOUNT/backup/owncloud2.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempowncloud2/usb/backup/owncloud2/owncloud/* /etc/owncloud/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 982' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempowncloud' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempowncloud2' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' chown -R www-data:www-data /var/lib/owncloud/data' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' chown -R www-data:www-data /var/lib/owncloud/backup' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' chown -R www-data:www-data /var/lib/owncloud/assets' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " occ files:scan $MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
fi
echo "if [ -d $USB_MOUNT/backup/wiki ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring Wiki installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempwiki' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/wiki /root/tempwiki $USB_MOUNT/backup/wiki.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempwiki/usb/backup/wiki/lib/dokuwiki/* /var/lib/dokuwiki/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 868' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempwiki2' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/wiki2 /root/tempwiki2 $USB_MOUNT/backup/wiki2.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempwiki2/usb/backup/wiki2/dokuwiki/* /etc/dokuwiki/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 869' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempwiki' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempwiki2' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' chown -R www-data:www-data /var/lib/dokuwiki/*' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/blog ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring blog installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempblog' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/blog /root/tempblog $USB_MOUNT/backup/blog.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempblog/usb/backup/blog/www/$FULLBLOG_DOMAIN_NAME/htdocs /var/www/$FULLBLOG_DOMAIN_NAME/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 593' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempblog' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "No content directory found after restoring blog"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 287' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/cjdns ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring cjdns installation"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempcjdns' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/cjdns /root/tempcjdns $USB_MOUNT/backup/cjdns.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf /etc/cjdns" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempcjdns/usb/backup/cjdns/cjdns /etc/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 8472' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempcjdns' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/mail ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring emails"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempmail' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/mail /root/tempmail $USB_MOUNT/backup/mail.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ ! -d /home/$MY_USERNAME/Maildir ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " mkdir /home/$MY_USERNAME/Maildir" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' tar -xzvf /root/tempmail/usb/backup/mail/backupemail/maildir.tar.gz' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 927' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempmail' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " if [ -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring DLNA cache"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempdlna' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/dlna /root/tempdlna $USB_MOUNT/backup/dlna.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -r /root/tempdlna/usb/backup/dlna/cache/minidlna/* /var/cache/minidlna/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 982' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempdlna' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "if [ -d $USB_MOUNT/backup/voip ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' echo "Restoring VoIP settings"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' mkdir /root/tempvoip' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rsyncrypto -v -d -r $USB_MOUNT/backup/voip /root/tempvoip $USB_MOUNT/backup/voip.keys $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -f /root/tempvoip/usb/backup/voip/$MY_USERNAME/tempbackup/$VOIP_CONFIG_FILE /etc/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " cp -f /root/tempvoip/usb/backup/voip/$MY_USERNAME/tempbackup/$VOIP_DATABASE /var/lib/mumble-server/" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo ' rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'sync' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "# Unmount the USB drive" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
if [[ $BACKUP_INCLUDES_WEBSITES == "yes" ]]; then
echo "# Restart the web server" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "service nginx restart" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "service php5-fpm restart" >> /usr/bin/$RESTORE_SCRIPT_NAME
fi
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'echo "Setting permissions"' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo "chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'echo "Restore from USB drive is complete. You can now remove it."' >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'exit 0' >> /usr/bin/$RESTORE_SCRIPT_NAME
chmod 400 /usr/bin/$RESTORE_SCRIPT_NAME
chmod +x /usr/bin/$RESTORE_SCRIPT_NAME
echo 'create_restore_script' >> $COMPLETION_FILE
}
function create_freedns_updater {
# currently inadyn doesn't work as expected with freeDNS, so this is a workaround
if grep -Fxq "create_freedns_updater" $COMPLETION_FILE; then
return
fi
if [[ $DDNS_PROVIDER != "default@freedns.afraid.org" ]]; then
return
fi
FREEDNS_WGET='wget -q --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
echo '#!/bin/bash' > /usr/bin/dynamicdns
echo 'cd /tmp' >> /usr/bin/dynamicdns
if [ $DEFAULT_DOMAIN_CODE ]; then
echo "# $DEFAULT_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$DEFAULT_DOMAIN_CODE=" >> /usr/bin/dynamicdns
fi
if [ $WIKI_CODE ]; then
if [[ $WIKI_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $WIKI_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$WIKI_CODE=" >> /usr/bin/dynamicdns
fi
fi
if [ $FULLBLOG_CODE ]; then
if [[ $FULLBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $FULLBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$FULLBLOG_CODE=" >> /usr/bin/dynamicdns
fi
fi
if [ $REDMATRIX_CODE ]; then
if [[ $REDMATRIX_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $REDMATRIX_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$REDMATRIX_CODE=" >> /usr/bin/dynamicdns
fi
fi
if [ $OWNCLOUD_CODE ]; then
if [[ $OWNCLOUD_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $OWNCLOUD_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$OWNCLOUD_CODE=" >> /usr/bin/dynamicdns
fi
fi
if [ $MICROBLOG_CODE ]; then
if [[ $MICROBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
echo "# $MICROBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
echo "$FREEDNS_WGET$MICROBLOG_CODE=" >> /usr/bin/dynamicdns
fi
fi
echo 'exit 0' >> /usr/bin/dynamicdns
chmod 600 /usr/bin/dynamicdns
chmod +x /usr/bin/dynamicdns
if ! grep -q "/usr/bin/dynamicdns" /etc/crontab; then
echo '*/3 * * * * root /usr/bin/dynamicdns' >> /etc/crontab
service cron restart
fi
echo 'create_freedns_updater' >> $COMPLETION_FILE
}
function backup_to_friends_servers {
if grep -Fxq "backup_to_friends_servers" $COMPLETION_FILE; then
return
fi
if [ ! $FRIENDS_SERVERS_LIST ]; then
return
fi
apt-get -y install rsyncrypto sshpass
get_mariadb_password
get_mariadb_gnusocial_admin_password
get_mariadb_redmatrix_admin_password
get_mariadb_owncloud_admin_password
if ! grep -q "backups on friends servers" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Backups' >> /home/$MY_USERNAME/README
echo '=======' >> /home/$MY_USERNAME/README
echo 'Key file: /root/backupkey' >> /home/$MY_USERNAME/README
echo "To add friends servers create a file called $FRIENDS_SERVERS_LIST" >> /home/$MY_USERNAME/README
echo 'and add entries like this:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo "username1@domain1:$SSH_PORT//home/username1 ssh_password1" >> /home/$MY_USERNAME/README
echo "username2@domain2:$SSH_PORT//home/username2 ssh_password2" >> /home/$MY_USERNAME/README
echo '...' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'The system will try to backup to these remote locations once per day.' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo '#!/bin/bash' > /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Temporary location for data to be backed up to other servers' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'SERVER_DIRECTORY=/root/remotebackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Creating backup key"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' makecert backup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ ! -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 1' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# MariaDB password' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# local directory where the backup will be made' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! -d $SERVER_DIRECTORY ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir $SERVER_DIRECTORY' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! -d $SERVER_DIRECTORY/backup ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
BACKUP_INCLUDES_DATABASES="yes"
echo 'if [ ! -d $SERVER_DIRECTORY/backup/gnusocial ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/gnusocial' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! -d $SERVER_DIRECTORY/backup/gnusocialdata ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/gnusocialdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ ! -d /root/tempgnusocialdata ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mkdir -p /root/tempgnusocialdata" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'echo "Obtaining GNU Social database backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'mysqldump --password=$DATABASE_PASSWORD gnusocial > /root/tempgnusocialdata/gnusocial.sql' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ ! -s /root/tempgnusocialdata/gnusocial.sql ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "GNU social database could not be saved"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' shred -zu /root/tempgnusocialdata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to export gnusocial database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 296' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n 'rsyncrypto -v -r /root/tempgnusocialdata $SERVER_DIRECTORY/backup/gnusocialdata $SERVER_DIRECTORY/backup/gnusocialdata.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' shred -zu /root/tempgnusocialdata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt gnusocial database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 853' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'shred -zu /root/tempgnusocialdata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'rm -rf /root/tempgnusocialdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'echo "Backing up GNU social installation"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n "rsyncrypto -v -r /var/www/$MICROBLOG_DOMAIN_NAME/htdocs " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/gnusocial $SERVER_DIRECTORY/backup/gnusocial.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt gnusocial installation" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 846' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
fi
if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then
BACKUP_INCLUDES_DATABASES="yes"
echo 'if [ ! -d $SERVER_DIRECTORY/backup/redmatrix ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/redmatrix' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! -d $SERVER_DIRECTORY/backup/redmatrixdata ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/redmatrixdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ ! -d /root/tempredmatrixdata ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mkdir -p /root/tempredmatrixdata" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'echo "Obtaining Red Matrix database backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'mysqldump --password=$DATABASE_PASSWORD redmatrix > /root/tempredmatrixdata/redmatrix.sql' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ ! -s /root/tempredmatrixdata/redmatrix.sql ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Red Matrix database could not be saved"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to export redmatrix database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 378' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n 'rsyncrypto -v -r /root/tempredmatrixdata $SERVER_DIRECTORY/backup/redmatrixdata $SERVER_DIRECTORY/backup/redmatrixdata.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' shred -zu /root/tempredmatrixdata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt redmatrix database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 285' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'shred -zu /root/tempredmatrixdata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'rm -rf /root/tempredmatrixdata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'echo "Backing up Red Matrix installation"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n "rsyncrypto -v -r /var/www/$REDMATRIX_DOMAIN_NAME/htdocs " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/redmatrix $SERVER_DIRECTORY/backup/redmatrix.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt redmatrix installation" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 593' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
fi
if grep -Fxq "install_owncloud" $COMPLETION_FILE; then
BACKUP_INCLUDES_DATABASES="yes"
echo 'if [ ! -d $SERVER_DIRECTORY/backup/owncloud ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/owncloud' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! -d $SERVER_DIRECTORY/backup/owncloud2 ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/owncloud2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! -d $SERVER_DIRECTORY/backup/ownclouddata ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/ownclouddata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ ! -d /root/tempownclouddata ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mkdir -p /root/tempownclouddata" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'mysqldump --password=$DATABASE_PASSWORD owncloud > /root/tempownclouddata/owncloud.sql' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ ! -s /root/tempownclouddata/owncloud.sql ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Owncloud database could not be saved"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! $DATABASE_PASSWORD ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " echo 'No MariaDB password was given'" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to export owncloud database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 377' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "fi" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n 'rsyncrypto -v -r /root/tempownclouddata $SERVER_DIRECTORY/backup/ownclouddata $SERVER_DIRECTORY/backup/ownclouddata.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' shred -zu /root/tempownclouddata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt owncloud database" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 188' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'shred -zu /root/tempownclouddata/*' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'rm -rf /root/tempownclouddata' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'echo "Obtaining Owncloud data backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n 'rsyncrypto -v -r /var/lib/owncloud $SERVER_DIRECTORY/backup/owncloud $SERVER_DIRECTORY/backup/owncloud.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt owncloud installation (/var/lib/owncloud)" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 632' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n 'rsyncrypto -v -r /etc/owncloud $SERVER_DIRECTORY/backup/owncloud2 $SERVER_DIRECTORY/backup/owncloud2.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt owncloud installation (/etc/owncloud)" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 632' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
fi
if grep -Fxq "install_wiki" $COMPLETION_FILE; then
echo 'if [ ! -d $SERVER_DIRECTORY/backup/wiki ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/wiki' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! -d $SERVER_DIRECTORY/backup/wiki2 ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/wiki2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'echo "Obtaining wiki data backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n 'rsyncrypto -v -r /var/lib/dokuwiki $SERVER_DIRECTORY/backup/wiki $SERVER_DIRECTORY/backup/wiki.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt wiki installation (/var/lib/dokuwiki)" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 964' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n 'rsyncrypto -v -r /etc/dokuwiki $SERVER_DIRECTORY/backup/wiki2 $SERVER_DIRECTORY/backup/wiki2.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt wiki installation (/etc/dokuwiki)" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 964' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
fi
if grep -Fxq "install_blog" $COMPLETION_FILE; then
echo 'if [ ! -d $SERVER_DIRECTORY/backup/blog ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/blog' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'echo "Obtaining blog backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n "rsyncrypto -v -r /var/www/$FULLBLOG_DOMAIN_NAME/htdocs " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/blog $SERVER_DIRECTORY/backup/blog.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt blog installation" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 854' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
fi
if grep -Fxq "install_cjdns" $COMPLETION_FILE; then
echo 'if [ ! -d $SERVER_DIRECTORY/backup/cjdns ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/cjdns' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'echo "Obtaining cjdns backup"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n "rsyncrypto -v -r /etc/cjdns " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/cjdns $SERVER_DIRECTORY/backup/cjdns.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt cjdns installation" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 854' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
fi
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup certificates' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -d /etc/ssl ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up certificates"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/ssl ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/ssl' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' rsyncrypto -v -r /etc/ssl $SERVER_DIRECTORY/backup/ssl $SERVER_DIRECTORY/backup/ssl.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt ssl certificates" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 343' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup projects' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -d /home/$MY_USERNAME/projects ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up projects"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/projects ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/projects' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n " rsyncrypto -v -r /home/$MY_USERNAME/projects " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/projects $SERVER_DIRECTORY/backup/projects.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt git projects" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 873' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup personal settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -d /home/$MY_USERNAME/personal ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up personal settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/personal ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/personal' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n " rsyncrypto -v -r /home/$MY_USERNAME/personal " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/personal $SERVER_DIRECTORY/backup/personal.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt personal settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 649' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup the public mailing list' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up the public mailing list"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/mailinglist ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/mailinglist' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n " rsyncrypto -v -r $PUBLIC_MAILING_LIST_DIRECTORY " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/mailinglist $SERVER_DIRECTORY/backup/mailinglist.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt public mailing list" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 938' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup xmpp settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up the XMPP settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/xmpp ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/xmpp' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n " rsyncrypto -v -r $XMPP_DIRECTORY " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/xmpp $SERVER_DIRECTORY/backup/xmpp.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt XMPP settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 593' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup gpg keys' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -d /home/$MY_USERNAME/.gnupg ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up gpg keys"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/gnupg ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/gnupg' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n " rsyncrypto -v -r /home/$MY_USERNAME/.gnupg " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/gnupg $SERVER_DIRECTORY/backup/gnupg.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt gpg keys" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 491' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup ssh keys' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -d /home/$MY_USERNAME/.ssh ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up ssh keys"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/ssh ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/ssh' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n " rsyncrypto -v -r /home/$MY_USERNAME/.ssh " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/ssh $SERVER_DIRECTORY/backup/ssh.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt ssh keys" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 731' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup web sites' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -d /etc/nginx ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up web settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/web ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/web' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' rsyncrypto -v -r /etc/nginx/sites-available $SERVER_DIRECTORY/backup/web $SERVER_DIRECTORY/backup/web.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 848' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup README file' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -f /home/$MY_USERNAME/README ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up README"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/readme ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/readme' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " cp -f /home/$MY_USERNAME/README /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/readme $SERVER_DIRECTORY/backup/readme.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt README file" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 848' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup Mutt settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -f /home/$MY_USERNAME/.muttrc ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up Mutt settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " cp /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ -f /etc/Muttrc ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " cp /etc/Muttrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/mutt ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/mutt' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/mutt $SERVER_DIRECTORY/backup/mutt.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt Mutt settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 492' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup procmail settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -f /home/$MY_USERNAME/.procmailrc ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up procmail settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " cp /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/procmail ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/procmail' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/procmail $SERVER_DIRECTORY/backup/procmail.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt procmail settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 492' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -d /home/$MY_USERNAME/Maildir ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Creating an email archive"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d /root/backupemail ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mkdir -p /root/backupemail" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " tar -czvf /root/backupemail/maildir.tar.gz /home/$MY_USERNAME/Maildir" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up emails"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/mail ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/mail' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' rsyncrypto -v -r /root/backupemail ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/mail $SERVER_DIRECTORY/backup/mail.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt emails" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 396' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup DLNA cache' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up DLNA cache"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/dlna ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/dlna' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' rsyncrypto -v -r /var/cache/minidlna $SERVER_DIRECTORY/backup/dlna $SERVER_DIRECTORY/backup/dlna.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt DLNA settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 498' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '# Backup VoIP settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ -f /etc/$VOIP_CONFIG_FILE ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Backing up VoIP settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " if [ ! -d /home/$MY_USERNAME/tempbackup ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " mkdir -p /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " cp -f /etc/$VOIP_CONFIG_FILE /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " cp -f /var/lib/mumble-server/$VOIP_DATABASE /home/$MY_USERNAME/tempbackup" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! -d $SERVER_DIRECTORY/backup/voip ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/voip' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n " rsyncrypto -v -r /home/$MY_USERNAME/tempbackup " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$SERVER_DIRECTORY/backup/voip $SERVER_DIRECTORY/backup/voip.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt VoIP settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 4923' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /home/$MY_USERNAME/tempbackup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then
echo '# Mysql settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! -d $SERVER_DIRECTORY/backup/mariadb ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir -p $SERVER_DIRECTORY/backup/mariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! -d /root/tempmariadb ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' mkdir /root/tempmariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'mysqldump --password=$DATABASE_PASSWORD mysql user > /root/tempmariadb/mysql.sql' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "if [ ! -s /root/tempmariadb/mysql.sql ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' echo "Unable to backup mysql settings"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' rm -rf /root/tempmariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to export database settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 653' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'echo "$DATABASE_PASSWORD" > /root/tempmariadb/db' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'chmod 400 /root/tempmariadb/db' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n 'rsyncrypto -v -r /root/tempmariadb $SERVER_DIRECTORY/backup/mariadb $SERVER_DIRECTORY/backup/mariadb.keys ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Unable to encrypt database settings" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' exit 794' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'rm -rf /root/tempmariadb' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
fi
# Now that we have the server directory updated with the encrypted backup
# we just need to rsync it to each friend
echo '# For each remote server' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'while read remote_server' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'do' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Get the server and its password' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Format is:' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # username@domain:/home/username <port number> <ssh password>' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' REMOTE_SERVER=$(echo "${remote_server}" | ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n "awk -F ' ' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$1' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ $REMOTE_SERVER ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' REMOTE_SSH_PORT=$(echo "${remote_server}" | ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n "awk -F ' ' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$2' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' REMOTE_PASSWORD=$(echo "${remote_server}" | ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n "awk -F ' ' '{print " >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n '$3' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "}')" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' NOW=$(date +"%Y-%m-%d %H:%M:%S")' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "$NOW Starting backup to $REMOTE_SERVER" >> ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '$SERVER_DIRECTORY/backup $REMOTE_SERVER' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "$NOW Backup to $REMOTE_SERVER failed" >> ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "Backup to $REMOTE_SERVER failed" | mail -s "Freedombone backup to friends" ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' else' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo -n ' echo "$NOW Backed up to $REMOTE_SERVER" >> ' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
# End of the loop
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo "done < $FRIENDS_SERVERS_LIST" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo 'exit 0' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
chown root:root /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
chmod 400 /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
chmod +x /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
# update crontab
echo '#!/bin/bash' > /etc/cron.daily/backuptofriends
echo "/usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME" >> /etc/cron.daily/backuptofriends
chmod +x /etc/cron.daily/backuptofriends
echo 'backup_to_friends_servers' >> $COMPLETION_FILE
}
function restore_from_friend {
if grep -Fxq "restore_from_friend" $COMPLETION_FILE; then
return
fi
apt-get -y install rsyncrypto sshpass
get_mariadb_password
get_mariadb_gnusocial_admin_password
get_mariadb_redmatrix_admin_password
get_mariadb_owncloud_admin_password
if ! grep -q "restore from a friend's server" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Restoring from backups to friends servers' >> /home/$MY_USERNAME/README
echo '=========================================' >> /home/$MY_USERNAME/README
echo "To restore from a friend's server use the command:" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " $RESTORE_FROM_FRIEND_SCRIPT_NAME [server]" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo '#!/bin/bash' > /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'SERVER_NAME=$1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '# Temporary location for data to be backed up to other servers' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'SERVER_DIRECTORY=/root/remoterestore' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ ! $SERVER_NAME ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " echo '$RESTORE_FROM_FRIEND_SCRIPT_NAME [server]'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "if [ ! -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " echo 'No friends list found at $FRIENDS_SERVERS_LIST'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n 'if ! grep -q "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$FRIENDS_SERVERS_LIST; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Server not found within the friends list"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 3' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n 'REMOTE_SERVER=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n "$FRIENDS_SERVERS_LIST | awk -F ' ' '{print " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n '$1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "}')" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n 'REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n "$FRIENDS_SERVERS_LIST | awk -F ' ' '{print " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n '$2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "}')" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n 'REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n "$FRIENDS_SERVERS_LIST | awk -F ' ' '{print " >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n '$3' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "}')" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '# Check that a backup key exists' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " echo 'No backup key was found in $BACKUP_CERTIFICATE'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 84' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
# Rsync from the remote server back to this server
echo 'NOW=$(date +"%Y-%m-%d %H:%M:%S")' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n 'echo "$NOW Starting restore from $REMOTE_SERVER" >> ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n 'rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '$REMOTE_SERVER/backup $SERVER_DIRECTORY' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' echo "$NOW Restore from $REMOTE_SERVER failed" >> ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' # Send a warning email' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' echo "Restore from $REMOTE_SERVER failed" | mail -s "Freedombone restore from friend" ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$MY_EMAIL_ADDRESS" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 790' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'else' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$REMOTE_BACKUPS_LOG" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '# MariaDB password' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/mariadb ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring mysql settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -d /root/tempmariadb ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempmariadb' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/mariadb /root/tempmariadb $SERVER_DIRECTORY/backup/mariadb.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Get the MariaDB password from the backup"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -f /root/tempmariadb/remoterestore/backup/mariadb/tempmariadb/db ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "MariaDB password file not found"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 495' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' BACKUP_MARIADB_PASSWORD=$(cat /root/tempmariadb/remoterestore/backup/mariadb/tempmariadb/db)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [[ $BACKUP_MARIADB_PASSWORD != $DATABASE_PASSWORD ]]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restore the MariaDB user table"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD mysql -o < /root/tempmariadb/remoterestore/backup/mariadb/tempmariadb/mysql.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Try again using the password obtained from backup"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mysqlsuccess=$(mysql -u root --password=$BACKUP_MARIADB_PASSWORD mysql -o < /root/tempmariadb/remoterestore/backup/mariadb/tempmariadb/mysql.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 962' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restarting database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' service mysql restart' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Change the MariaDB password to the backup version"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' DATABASE_PASSWORD=$BACKUP_MARIADB_PASSWORD' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' shred -zu /root/tempmariadb/remoterestore/backup/mariadb/tempmariadb/db' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempmariadb' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' # Change database password file' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' echo "$DATABASE_PASSWORD" > ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " chmod 600 $DATABASE_PASSWORD_FILE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/mutt ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring Mutt settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempmutt' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/mutt /root/tempmutt $SERVER_DIRECTORY/backup/mutt.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ -f /root/tempmutt/remoterestore/backup/mutt/$MY_USERNAME/tempbackup/.muttrc ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -f /root/tempmutt/remoterestore/backup/mutt/$MY_USERNAME/tempbackup/.muttrc /home/$MY_USERNAME/.muttrc" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ -f /root/tempmutt/remoterestore/backup/mutt/$MY_USERNAME/tempbackup/Muttrc ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -f /root/tempmutt/remoterestore/backup/mutt/$MY_USERNAME/tempbackup/Muttrc /etc/Muttrc" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempmutt' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/gnupg ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring gnupg settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempgnupg' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/gnupg /root/tempgnupg $SERVER_DIRECTORY/backup/gnupg.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempgnupg/remoterestore/backup/gnupg/$MY_USERNAME/.gnupg /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempgnupg' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /home/$MY_USERNAME/.gnupg /root" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 283' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/procmail ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring procmail settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempprocmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/procmail /root/tempprocmail $SERVER_DIRECTORY/backup/procmail.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -f /root/tempprocmail/remoterestore/backup/procmail/$MY_USERNAME/tempbackup/.procmailrc /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempprocmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/readme ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring README"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempreadme' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/readme /root/tempreadme $SERVER_DIRECTORY/backup/readme.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -f /root/tempreadme/remoterestore/backup/readme/$MY_USERNAME/tempbackup/README /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempreadme' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/ssh ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring ssh keys"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/ssh /root/tempssh $SERVER_DIRECTORY/backup/ssh.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempssh/remoterestore/backup/ssh/$MY_USERNAME/.ssh /home/$MY_USERNAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 664' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempssh' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/ssl ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring certificates"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempssl' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/ssl /root/tempssl $SERVER_DIRECTORY/backup/ssl.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' cp -r /root/tempssl/remoterestore/backup/ssl/ssl/* /etc/ssl' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempssl' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/projects ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring projects"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempprojects' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/projects /root/tempprojects $SERVER_DIRECTORY/backup/projects.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ -d /home/$MY_USERNAME/projects ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/projects" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " mv /root/tempprojects/remoterestore/backup/projects/$MY_USERNAME/projects /home/$MY_USERNAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 166' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempprojects' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/personal ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring personal settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/temppersonal' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/personal /root/temppersonal $SERVER_DIRECTORY/backup/personal.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ -d /home/$MY_USERNAME/personal ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " rm -rf /home/$MY_USERNAME/personal" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " mv /root/temppersonal/remoterestore/backup/personal/$MY_USERNAME/personal /home/$MY_USERNAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 184' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/temppersonal' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring public mailing list"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempmailinglist' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/mailinglist /root/tempmailinglist $SERVER_DIRECTORY/backup/mailinglist.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempmailinglist/remoterestore/backup/mailinglist/spool/mlmmj/* $PUBLIC_MAILING_LIST_DIRECTORY" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 526' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempmailinglist' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring XMPP settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempxmpp' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/xmpp /root/tempxmpp $SERVER_DIRECTORY/backup/xmpp.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempxmpp/remoterestore/backup/xmpp/lib/prosody/* $XMPP_DIRECTORY" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 725' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempxmpp' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' service prosody restart' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' chown -R prosody:prosody /var/lib/prosody/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
BACKUP_INCLUDES_WEBSITES="no"
if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
BACKUP_INCLUDES_WEBSITES="yes"
echo 'if [ -d $SERVER_DIRECTORY/backup/gnusocial ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring microblog database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -d /root/tempgnusocialdata ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempgnusocialdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/gnusocialdata /root/tempgnusocialdata $SERVER_DIRECTORY/backup/gnusocialdata.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -f /root/tempgnusocialdata/remoterestore/backup/gnusocialdata/tempgnusocialdata/gnusocial.sql ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Unable to restore microblog database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 503' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD gnusocial -o < /root/tempgnusocialdata/remoterestore/backup/gnusocialdata/tempgnusocialdata/gnusocial.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 964' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' shred -zu /root/tempgnusocialdata/remoterestore/backup/gnusocialdata/tempgnusocialdata/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempgnusocialdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring microblog installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -d /root/tempgnusocial ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempgnusocial' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/gnusocial /root/tempgnusocial $SERVER_DIRECTORY/backup/gnusocial.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " rm -rf /var/www/$MICROBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " mv /root/tempgnusocial/remoterestore/backup/gnusocial/www/$MICROBLOG_DOMAIN_NAME/htdocs /var/www/$MICROBLOG_DOMAIN_NAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 683' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempgnusocial' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
fi
if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then
BACKUP_INCLUDES_WEBSITES="yes"
echo 'if [ -d $SERVER_DIRECTORY/backup/redmatrix ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring Red Matrix database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -d /root/tempredmatrixdata ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempredmatrixdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/redmatrixdata /root/tempredmatrixdata $SERVER_DIRECTORY/backup/redmatrixdata.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -f /root/tempredmatrixdata/remoterestore/backup/redmatrixdata/tempredmatrixdata/redmatrix.sql ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Unable to restore Red Matrix database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 504' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD redmatrix -o < /root/tempredmatrixdata/remoterestore/backup/redmatrixdata/tempredmatrixdata/redmatrix.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 965' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' shred -zu /root/tempredmatrixdata/remoterestore/backup/redmatrixdata/tempredmatrixdata/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempredmatrixdata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring Red Matrix installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -d /root/tempredmatrix ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempredmatrix' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/redmatrix /root/tempredmatrix $SERVER_DIRECTORY/backup/redmatrix.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " rm -rf /var/www/$REDMATRIX_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempredmatrix/remoterestore/backup/redmatrix/www/$REDMATRIX_DOMAIN_NAME/htdocs/* /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' else' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " mv /root/tempredmatrix/remoterestore/backup/redmatrix/www/$REDMATRIX_DOMAIN_NAME/htdocs /var/www/$REDMATRIX_DOMAIN_NAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 759' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempredmatrix' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " chown -R www-data:www-data /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/*" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
fi
if grep -Fxq "install_owncloud" $COMPLETION_FILE; then
BACKUP_INCLUDES_WEBSITES="yes"
echo 'if [ -d $SERVER_DIRECTORY/backup/owncloud ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring owncloud database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -d /root/tempownclouddata ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempownclouddata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/ownclouddata /root/tempownclouddata $SERVER_DIRECTORY/backup/ownclouddata.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -f /root/tempownclouddata/remoterestore/backup/ownclouddata/tempownclouddata/owncloud.sql ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Unable to restore Owncloud database"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 505' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD owncloud -o < /root/tempownclouddata/remoterestore/backup/ownclouddata/tempownclouddata/owncloud.sql)' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "$mysqlsuccess"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 965' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring Owncloud installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -d /root/tempowncloud ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempowncloud' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! -d /root/tempowncloud2 ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempowncloud2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/owncloud /root/tempowncloud $SERVER_DIRECTORY/backup/owncloud.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempowncloud/remoterestore/backup/owncloud/lib/owncloud/* /var/lib/owncloud/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 981' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/owncloud2 /root/tempowncloud2 $SERVER_DIRECTORY/backup/owncloud2.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempowncloud2/remoterestore/backup/owncloud2/owncloud/* /etc/owncloud/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 982' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempowncloud' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempowncloud2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempownclouddata' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' chown -R www-data:www-data /var/lib/owncloud/data' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' chown -R www-data:www-data /var/lib/owncloud/backup' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' chown -R www-data:www-data /var/lib/owncloud/assets' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " occ files:scan $MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
fi
echo 'if [ -d $SERVER_DIRECTORY/backup/wiki ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring Wiki installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempwiki' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/wiki /root/tempwiki $SERVER_DIRECTORY/backup/wiki.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempwiki/remoterestore/backup/wiki/lib/dokuwiki/* /var/lib/dokuwiki/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 868' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempwiki2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/wiki2 /root/tempwiki2 $SERVER_DIRECTORY/backup/wiki2.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempwiki2/remoterestore/backup/wiki2/dokuwiki/* /etc/dokuwiki/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 869' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempwiki' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempwiki2' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' chown -R www-data:www-data /var/lib/dokuwiki/*' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/blog ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring blog installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempblog' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/blog /root/tempblog $SERVER_DIRECTORY/backup/blog.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " rm -rf /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempblog/remoterestore/backup/blog/www/$FULLBLOG_DOMAIN_NAME/htdocs /var/www/$FULLBLOG_DOMAIN_NAME/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 593' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempblog' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/content ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "No content directory found after restoring blog"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 287' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring cjdns installation"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempcjdns' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/cjdns /root/tempcjdns $SERVER_DIRECTORY/backup/cjdns.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " rm -rf /etc/cjdns" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempcjdns/remoterestore/backup/cjdns/cjdns /etc/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 7438' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempcjdns' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/voip ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring VoIP settings"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempvoip' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/voip /root/tempvoip $SERVER_DIRECTORY/backup/voip.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -f /root/tempvoip/remoterestore/backup/voip/$MY_USERNAME/tempbackup/$VOIP_CONFIG_FILE /etc/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -f /root/tempvoip/remoterestore/backup/voip/$MY_USERNAME/tempbackup/$VOIP_DATABASE /var/lib/mumble-server/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 276' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'if [ -d $SERVER_DIRECTORY/backup/mail ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring emails"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/mail /root/tempmail $SERVER_DIRECTORY/backup/mail.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " if [ ! -d /home/$MY_USERNAME/Maildir ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " mkdir /home/$MY_USERNAME/Maildir" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' tar -xzvf /root/tempmail/usb/backup/mail/backupemail/maildir.tar.gz' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 927' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ -d $SERVER_DIRECTORY/backup/dlna ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' echo "Restoring DLNA cache"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' mkdir /root/tempdlna' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo -n ' rsyncrypto -v -d -r $SERVER_DIRECTORY/backup/dlna /root/tempdlna $SERVER_DIRECTORY/backup/dlna.keys ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo "$BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo " cp -r /root/tempdlna/remoterestore/backup/dlna/cache/minidlna/* /var/cache/minidlna/" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' exit 982' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' rm -rf /root/tempdlna' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'echo "*** Remote restore was successful ***"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'exit 0' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
chmod 400 /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
chmod +x /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
echo 'restore_from_friend' >> $COMPLETION_FILE
}
function remove_default_user {
# make sure you don't use the default user account
if [[ $MY_USERNAME == "debian" ]]; then
echo 'Do not use the default debian user account. Create a different user with: adduser [username]'
exit 68
fi
# remove the default debian user to prevent it from becoming an attack vector
if [ -d /home/debian ]; then
userdel -r debian
echo 'Default debian user account removed'
fi
}
function enforce_good_passwords {
# because humans are generally bad at choosing passwords
if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
return
fi
apt-get -y install libpam-cracklib
sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
echo 'enforce_good_passwords' >> $COMPLETION_FILE
}
function change_login_message {
if grep -Fxq "change_login_message" $COMPLETION_FILE; then
return
fi
echo '' > /etc/motd
echo ".---. . . " >> /etc/motd
echo "| | | " >> /etc/motd
echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd
echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd
echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
echo ' M A I L B O X E D I T I O N' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
echo ' S O C I A L E D I T I O N' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
echo ' C H A T E D I T I O N' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
echo ' C L O U D E D I T I O N' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then
echo ' W R I T E R E D I T I O N ' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
echo ' M E D I A E D I T I O N' >> /etc/motd
fi
if [[ $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
echo ' D E V E L O P E R E D I T I O N' >> /etc/motd
fi
echo '' >> /etc/motd
echo ' Freedom in the Cloud' >> /etc/motd
echo '' >> /etc/motd
echo 'change_login_message' >> $COMPLETION_FILE
}
function search_for_attached_usb_drive {
# If a USB drive is attached then search for email,
# gpg, ssh keys and emacs configuration
if grep -Fxq "search_for_attached_usb_drive" $COMPLETION_FILE; then
return
fi
if [ -b $USB_DRIVE ]; then
if [ ! -d $USB_MOUNT ]; then
echo 'Mounting USB drive'
mkdir $USB_MOUNT
mount $USB_DRIVE $USB_MOUNT
fi
if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
if [ -d $USB_MOUNT/Maildir ]; then
echo 'Maildir found on USB drive'
IMPORT_MAILDIR=$USB_MOUNT/Maildir
fi
if [ -d $USB_MOUNT/.gnupg ]; then
echo 'Importing GPG keyring'
cp -r $USB_MOUNT/.gnupg /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
GPG_KEYS_IMPORTED="yes"
if [ -f /home/$MY_USERNAME/.gnupg/secring.gpg ]; then
shred -zu $USB_MOUNT/.gnupg/secring.gpg
shred -zu $USB_MOUNT/.gnupg/random_seed
shred -zu $USB_MOUNT/.gnupg/trustdb.gpg
rm -rf $USB_MOUNT/.gnupg
else
echo 'GPG files did not copy'
exit 7
fi
fi
if [ -f $USB_MOUNT/.procmailrc ]; then
echo 'Importing procmail settings'
cp $USB_MOUNT/.procmailrc /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
fi
if [ -f $USB_MOUNT/private_key.gpg ]; then
echo 'GPG private key found on USB drive'
MY_GPG_PRIVATE_KEY=$USB_MOUNT/private_key.gpg
fi
if [ -f $USB_MOUNT/public_key.gpg ]; then
echo 'GPG public key found on USB drive'
MY_GPG_PUBLIC_KEY=$USB_MOUNT/public_key.gpg
fi
fi
if [ -d $USB_MOUNT/prosody ]; then
if [ ! -d $XMPP_DIRECTORY ]; then
mkdir $XMPP_DIRECTORY
fi
cp -r $USB_MOUNT/prosody/* $XMPP_DIRECTORY
chown -R prosody:prosody $XMPP_DIRECTORY
fi
if [ -d $USB_MOUNT/.ssh ]; then
echo 'Importing ssh keys'
cp -r $USB_MOUNT/.ssh /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
# for security delete the ssh keys from the usb drive
if [ -f /home/$MY_USERNAME/.ssh/id_rsa ]; then
shred -zu $USB_MOUNT/.ssh/id_rsa
shred -zu $USB_MOUNT/.ssh/id_rsa.pub
shred -zu $USB_MOUNT/.ssh/known_hosts
rm -rf $USB_MOUNT/.ssh
else
echo 'ssh files did not copy'
exit 8
fi
fi
if [ -f $USB_MOUNT/.emacs ]; then
echo 'Importing .emacs file'
cp -f $USB_MOUNT/.emacs /home/$MY_USERNAME/.emacs
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
fi
if [ -d $USB_MOUNT/.emacs.d ]; then
echo 'Importing .emacs.d directory'
cp -r $USB_MOUNT/.emacs.d /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs.d
fi
if [ -d $USB_MOUNT/ssl ]; then
echo 'Importing SSL certificates'
cp -r $USB_MOUNT/ssl/* /etc/ssl
chmod 640 /etc/ssl/certs/*
chmod 400 /etc/ssl/private/*
# change ownership of some certificates
if [ -d /etc/prosody ]; then
chown prosody:prosody /etc/ssl/private/xmpp.*
chown prosody:prosody /etc/ssl/certs/xmpp.*
fi
if [ -d /etc/dovecot ]; then
chown root:dovecot /etc/ssl/certs/dovecot.*
chown root:dovecot /etc/ssl/private/dovecot.*
fi
if [ -f /etc/ssl/private/exim.key ]; then
chown root:Debian-exim /etc/ssl/private/exim.key /etc/ssl/certs/exim.crt /etc/ssl/certs/exim.dhparam
fi
fi
if [ -d $USB_MOUNT/personal ]; then
echo 'Importing personal directory'
cp -r $USB_MOUNT/personal /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/personal
fi
else
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
fi
echo 'No USB drive attached'
fi
echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE
}
function remove_proprietary_repos {
if grep -Fxq "remove_proprietary_repos" $COMPLETION_FILE; then
return
fi
sed -i 's/ non-free//g' /etc/apt/sources.list
echo 'remove_proprietary_repos' >> $COMPLETION_FILE
}
function change_debian_repos {
if grep -Fxq "change_debian_repos" $COMPLETION_FILE; then
return
fi
rm -rf /var/lib/apt/lists/*
apt-get clean
sed -i "s/ftp.us.debian.org/$DEBIAN_REPO/g" /etc/apt/sources.list
# ensure that there is a security repo
if ! grep -q "security" /etc/apt/sources.list; then
echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib" >> /etc/apt/sources.list
echo "#deb-src http://security.debian.org/ $DEBIAN_VERSION/updates main contrib" >> /etc/apt/sources.list
fi
apt-get update
apt-get -y install apt-transport-https
echo 'change_debian_repos' >> $COMPLETION_FILE
}
function initial_setup {
if grep -Fxq "initial_setup" $COMPLETION_FILE; then
return
fi
apt-get -y remove --purge apache*
apt-get -y dist-upgrade
apt-get -y install ca-certificates emacs24 cpulimit
echo 'initial_setup' >> $COMPLETION_FILE
}
function install_editor {
if grep -Fxq "install_editor" $COMPLETION_FILE; then
return
fi
update-alternatives --set editor /usr/bin/emacs24
# A minimal emacs configuration
#echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
#echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
#echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs
echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
cp /home/$MY_USERNAME/.emacs /root/.emacs
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
echo 'install_editor' >> $COMPLETION_FILE
}
function enable_backports {
if grep -Fxq "enable_backports" $COMPLETION_FILE; then
return
fi
if ! grep -Fxq "deb http://$DEBIAN_REPO/debian $DEBIAN_VERSION-backports main" /etc/apt/sources.list; then
echo "deb http://$DEBIAN_REPO/debian $DEBIAN_VERSION-backports main" >> /etc/apt/sources.list
fi
echo 'enable_backports' >> $COMPLETION_FILE
}
function update_the_kernel {
if grep -Fxq "update_the_kernel" $COMPLETION_FILE; then
return
fi
# if this is not a beaglebone or is a docker container
# then just use the standard kernel
if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
return
fi
cd /opt/scripts/tools
./update_kernel.sh --kernel $KERNEL_VERSION
echo 'update_the_kernel' >> $COMPLETION_FILE
}
function enable_zram {
if grep -Fxq "enable_zram" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
return
fi
if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then
echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf
fi
echo '#!/bin/bash' > /etc/init.d/zram
echo '### BEGIN INIT INFO' >> /etc/init.d/zram
echo '# Provides: zram' >> /etc/init.d/zram
echo '# Required-Start:' >> /etc/init.d/zram
echo '# Required-Stop:' >> /etc/init.d/zram
echo '# Default-Start: 2 3 4 5' >> /etc/init.d/zram
echo '# Default-Stop: 0 1 6' >> /etc/init.d/zram
echo '# Short-Description: Increased Performance In Linux With zRam (Virtual Swap Compressed in RAM)' >> /etc/init.d/zram
echo '# Description: Adapted from systemd scripts at https://github.com/mystilleef/FedoraZram' >> /etc/init.d/zram
echo '### END INIT INFO' >> /etc/init.d/zram
echo 'start() {' >> /etc/init.d/zram
echo ' # get the number of CPUs' >> /etc/init.d/zram
echo ' num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram
echo ' # if something goes wrong, assume we have 1' >> /etc/init.d/zram
echo ' [ "$num_cpus" != 0 ] || num_cpus=1' >> /etc/init.d/zram
echo ' # set decremented number of CPUs' >> /etc/init.d/zram
echo ' decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram
echo ' # get the amount of memory in the machine' >> /etc/init.d/zram
echo ' mem_total_kb=$(grep MemTotal /proc/meminfo | grep -E --only-matching "[[:digit:]]+")' >> /etc/init.d/zram
echo ' mem_total=$((mem_total_kb * 1024))' >> /etc/init.d/zram
echo ' # load dependency modules' >> /etc/init.d/zram
echo ' modprobe zram num_devices=$num_cpus' >> /etc/init.d/zram
echo ' # initialize the devices' >> /etc/init.d/zram
echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
echo ' echo $((mem_total / num_cpus)) > /sys/block/zram$i/disksize' >> /etc/init.d/zram
echo ' done' >> /etc/init.d/zram
echo ' # Creating swap filesystems' >> /etc/init.d/zram
echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
echo ' mkswap /dev/zram$i' >> /etc/init.d/zram
echo ' done' >> /etc/init.d/zram
echo ' # Switch the swaps on' >> /etc/init.d/zram
echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
echo ' swapon -p 100 /dev/zram$i' >> /etc/init.d/zram
echo ' done' >> /etc/init.d/zram
echo '}' >> /etc/init.d/zram
echo 'stop() {' >> /etc/init.d/zram
echo ' # get the number of CPUs' >> /etc/init.d/zram
echo ' num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram
echo ' # set decremented number of CPUs' >> /etc/init.d/zram
echo ' decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram
echo ' # Switching off swap' >> /etc/init.d/zram
echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
echo ' if [ "$(grep /dev/zram$i /proc/swaps)" != "" ]; then' >> /etc/init.d/zram
echo ' swapoff /dev/zram$i' >> /etc/init.d/zram
echo ' sleep 1' >> /etc/init.d/zram
echo ' fi' >> /etc/init.d/zram
echo ' done' >> /etc/init.d/zram
echo ' sleep 1' >> /etc/init.d/zram
echo ' rmmod zram' >> /etc/init.d/zram
echo '}' >> /etc/init.d/zram
echo 'case "$1" in' >> /etc/init.d/zram
echo ' start)' >> /etc/init.d/zram
echo ' start' >> /etc/init.d/zram
echo ' ;;' >> /etc/init.d/zram
echo ' stop)' >> /etc/init.d/zram
echo ' stop' >> /etc/init.d/zram
echo ' ;;' >> /etc/init.d/zram
echo ' restart)' >> /etc/init.d/zram
echo ' stop' >> /etc/init.d/zram
echo ' sleep 3' >> /etc/init.d/zram
echo ' start' >> /etc/init.d/zram
echo ' ;;' >> /etc/init.d/zram
echo ' *)' >> /etc/init.d/zram
echo ' echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/zram
echo ' RETVAL=1' >> /etc/init.d/zram
echo 'esac' >> /etc/init.d/zram
echo 'exit $RETVAL' >> /etc/init.d/zram
chmod +x /etc/init.d/zram
update-rc.d zram defaults
echo 'enable_zram' >> $COMPLETION_FILE
}
function random_number_generator {
if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLING_ON_BBB != "yes" ]]; then
# On systems which are not beaglebones assume that
# no hardware random number generator is available
# and use the second best option
apt-get -y install haveged
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# it is assumed that docker uses the random number
# generator of the host system
return
fi
if [[ $USE_HWRNG == "yes" ]]; then
apt-get -y install rng-tools
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
else
apt-get -y install haveged
fi
echo 'random_number_generator' >> $COMPLETION_FILE
}
function configure_ssh {
if grep -Fxq "configure_ssh" $COMPLETION_FILE; then
return
fi
sed -i "s/Port .*/Port $SSH_PORT/g" /etc/ssh/sshd_config
sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/X11Forwarding.*/X11Forwarding no/g' /etc/ssh/sshd_config
sed -i 's/ServerKeyBits.*/ServerKeyBits 4096/g' /etc/ssh/sshd_config
sed -i 's/TCPKeepAlive.*/TCPKeepAlive no/g' /etc/ssh/sshd_config
sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config
sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config
if grep -q 'ClientAliveInterval' /etc/ssh/sshd_config; then
sed -i 's/ClientAliveInterval.*/ClientAliveInterval 60/g' /etc/ssh/sshd_config
else
echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config
fi
if grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config; then
sed -i 's/ClientAliveCountMax.*/ClientAliveCountMax 3/g' /etc/ssh/sshd_config
else
echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config
fi
if grep -q 'Ciphers' /etc/ssh/sshd_config; then
sed -i "s|Ciphers.*|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config
else
echo "Ciphers $SSH_CIPHERS" >> /etc/ssh/sshd_config
fi
if grep -q 'MACs' /etc/ssh/sshd_config; then
sed -i "s|MACs.*|MACs $SSH_MACS|g" /etc/ssh/sshd_config
else
echo "MACs $SSH_MACS" >> /etc/ssh/sshd_config
fi
if grep -q 'KexAlgorithms' /etc/ssh/sshd_config; then
sed -i "s|KexAlgorithms.*|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config
else
echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config
fi
apt-get -y install fail2ban
echo 'configure_ssh' >> $COMPLETION_FILE
# Don't reboot if installing within docker
# random numbers will come from the host system
if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
return
fi
echo ''
echo ''
echo ' *** Rebooting to initialise ssh settings and random number generator ***'
echo ''
echo " *** Reconnect via ssh on port $SSH_PORT, then run this script again ***"
echo ''
echo '## ' >> /etc/motd
echo '## Type "su" and enter your administrator password, then use the command:' >> /etc/motd
echo '## ' >> /etc/motd
echo '## freedombone -c freedombone.cfg' >> /etc/motd
echo '## ' >> /etc/motd
echo '## to continue the installation.' >> /etc/motd
reboot
}
# see https://stribika.github.io/2015/01/04/secure-secure-shell.html
function ssh_remove_small_moduli {
awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
mv ~/moduli /etc/ssh/moduli
}
function configure_ssh_client {
if grep -Fxq "configure_ssh_client" $COMPLETION_FILE; then
return
fi
#sed -i 's/# PasswordAuthentication.*/ PasswordAuthentication no/g' /etc/ssh/ssh_config
#sed -i 's/# ChallengeResponseAuthentication.*/ ChallengeResponseAuthentication no/g' /etc/ssh/ssh_config
sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config
if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> /etc/ssh/ssh_config
fi
sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
echo " Ciphers $SSH_CIPHERS" >> /etc/ssh/ssh_config
fi
sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
if ! grep -q "MACs " /etc/ssh/ssh_config; then
echo " MACs $SSH_MACS" >> /etc/ssh/ssh_config
fi
# Create ssh keys
if [ ! -f ~/.ssh/id_ed25519 ]; then
ssh-keygen -t ed25519 -o -a 100
fi
if [ ! -f ~/.ssh/id_rsa ]; then
ssh-keygen -t rsa -b 4096 -o -a 100
fi
ssh_remove_small_moduli
echo 'configure_ssh_client' >> $COMPLETION_FILE
}
function regenerate_ssh_keys {
if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE; then
return
fi
rm -f /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
ssh_remove_small_moduli
service ssh restart
echo 'regenerate_ssh_keys' >> $COMPLETION_FILE
}
function configure_dns {
if grep -Fxq "configure_dns" $COMPLETION_FILE; then
return
fi
echo 'domain localdomain' > /etc/resolv.conf
echo 'search localdomain' >> /etc/resolv.conf
echo "nameserver $NAMESERVER1" >> /etc/resolv.conf
echo "nameserver $NAMESERVER2" >> /etc/resolv.conf
echo 'configure_dns' >> $COMPLETION_FILE
}
function set_your_domain_name {
if grep -Fxq "set_your_domain_name" $COMPLETION_FILE; then
return
fi
echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
hostname $DEFAULT_DOMAIN_NAME
if grep -q "127.0.1.1" /etc/hosts; then
sed -i "s/127.0.1.1.*/127.0.1.1 $DEFAULT_DOMAIN_NAME/g" /etc/hosts
else
echo "127.0.1.1 $DEFAULT_DOMAIN_NAME" >> /etc/hosts
fi
echo 'set_your_domain_name' >> $COMPLETION_FILE
}
function time_synchronisation {
if grep -Fxq "time_synchronisation" $COMPLETION_FILE; then
return
fi
#apt-get -y install tlsdate
# building tlsdate from source is a workaround because of
# this bug https://github.com/ioerror/tlsdate/issues/130
apt-get -y install build-essential automake git pkg-config autoconf libtool libssl-dev libevent-dev
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
fi
cd $INSTALL_DIR
git clone https://github.com/ioerror/tlsdate.git
cd $INSTALL_DIR/tlsdate
./autogen.sh
./configure
make
make install
cp /usr/local/bin/tlsdate* /usr/bin
cp /usr/local/sbin/tlsdate* /usr/bin
apt-get -y remove ntpdate
echo '#!/bin/bash' > /usr/bin/updatedate
echo "TIMESOURCE='TLS_TIME_SOURCE1'" >> /usr/bin/updatedate
echo "TIMESOURCE2='TLS_TIME_SOURCE2'" >> /usr/bin/updatedate
echo 'LOGFILE=/var/log/tlsdate.log' >> /usr/bin/updatedate
echo 'TIMEOUT=5' >> /usr/bin/updatedate
echo "EMAIL=$MY_EMAIL_ADDRESS" >> /usr/bin/updatedate
echo '# File which contains the previous date as a number' >> /usr/bin/updatedate
echo 'BEFORE_DATE_FILE=/var/log/tlsdateprevious.txt' >> /usr/bin/updatedate
echo '# File which contains the previous date as a string' >> /usr/bin/updatedate
echo 'BEFORE_FULLDATE_FILE=/var/log/tlsdate.txt' >> /usr/bin/updatedate
echo 'DATE_BEFORE=$(date)' >> /usr/bin/updatedate
echo 'BEFORE=$(date -d "$Y-$M-$D" "+%s")' >> /usr/bin/updatedate
echo 'BACKWARDS_BETWEEN=0' >> /usr/bin/updatedate
echo '# If the date was previously set' >> /usr/bin/updatedate
echo 'if [ -f "$BEFORE_DATE_FILE" ]; then' >> /usr/bin/updatedate
echo ' BEFORE_FILE=$(cat $BEFORE_DATE_FILE)' >> /usr/bin/updatedate
echo ' BEFORE_FULLDATE=$(cat $BEFORE_FULLDATE_FILE)' >> /usr/bin/updatedate
echo ' # is the date going backwards?' >> /usr/bin/updatedate
echo ' if (( $BEFORE_FILE > $BEFORE )); then' >> /usr/bin/updatedate
echo ' echo -n "Date went backwards between tlsdate updates. " >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo -n "$BEFORE_FILE > $BEFORE, " >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo "$BEFORE_FULLDATE > $DATE_BEFORE" >> $LOGFILE' >> /usr/bin/updatedate
echo ' # Send a warning email' >> /usr/bin/updatedate
echo ' echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate
echo ' # Try another time source' >> /usr/bin/updatedate
echo ' TIMESOURCE=$TIMESOURCE2' >> /usr/bin/updatedate
echo ' # try running without any parameters' >> /usr/bin/updatedate
echo ' tlsdate >> $LOGFILE' >> /usr/bin/updatedate
echo ' BACKWARDS_BETWEEN=1' >> /usr/bin/updatedate
echo ' fi' >> /usr/bin/updatedate
echo 'fi' >> /usr/bin/updatedate
echo '# Set the date' >> /usr/bin/updatedate
echo '/usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE -p 443 >> $LOGFILE' >> /usr/bin/updatedate
echo 'DATE_AFTER=$(date)' >> /usr/bin/updatedate
echo 'AFTER=$(date -d "$Y-$M-$D" '+%s')' >> /usr/bin/updatedate
echo '# After setting the date did it go backwards?' >> /usr/bin/updatedate
echo 'if (( $AFTER < $BEFORE )); then' >> /usr/bin/updatedate
echo ' echo "Incorrect date: $DATE_BEFORE -> $DATE_AFTER" >> $LOGFILE' >> /usr/bin/updatedate
echo ' # Send a warning email' >> /usr/bin/updatedate
echo ' echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate
echo ' # Try resetting the date from another time source' >> /usr/bin/updatedate
echo ' /usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE2 -p 443 >> $LOGFILE' >> /usr/bin/updatedate
echo ' DATE_AFTER=$(date)' >> /usr/bin/updatedate
echo ' AFTER=$(date -d "$Y-$M-$D" "+%s")' >> /usr/bin/updatedate
echo 'else' >> /usr/bin/updatedate
echo ' echo -n $TIMESOURCE >> $LOGFILE' >> /usr/bin/updatedate
echo ' if [ -f "$BEFORE_DATE_FILE" ]; then' >> /usr/bin/updatedate
echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo -n $BEFORE_FILE >> $LOGFILE' >> /usr/bin/updatedate
echo ' fi' >> /usr/bin/updatedate
echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo -n $BEFORE >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo -n $AFTER >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
echo ' echo $DATE_AFTER >> $LOGFILE' >> /usr/bin/updatedate
echo 'fi' >> /usr/bin/updatedate
echo '# Log the last date' >> /usr/bin/updatedate
echo 'if [[ $BACKWARDS_BETWEEN == 0 ]]; then' >> /usr/bin/updatedate
echo ' echo "$AFTER" > $BEFORE_DATE_FILE' >> /usr/bin/updatedate
echo ' echo "$DATE_AFTER" > $BEFORE_FULLDATE_FILE' >> /usr/bin/updatedate
echo ' exit 0' >> /usr/bin/updatedate
echo 'else' >> /usr/bin/updatedate
echo ' exit 1' >> /usr/bin/updatedate
echo 'fi' >> /usr/bin/updatedate
chmod +x /usr/bin/updatedate
echo '*/15 * * * * root /usr/bin/updatedate' >> /etc/crontab
service cron restart
echo '#!/bin/bash' > /etc/init.d/tlsdate
echo '# /etc/init.d/tlsdate' >> /etc/init.d/tlsdate
echo '### BEGIN INIT INFO' >> /etc/init.d/tlsdate
echo '# Provides: tlsdate' >> /etc/init.d/tlsdate
echo '# Required-Start: $remote_fs $syslog' >> /etc/init.d/tlsdate
echo '# Required-Stop: $remote_fs $syslog' >> /etc/init.d/tlsdate
echo '# Default-Start: 2 3 4 5' >> /etc/init.d/tlsdate
echo '# Default-Stop: 0 1 6' >> /etc/init.d/tlsdate
echo '# Short-Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate
echo '# Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate
echo '### END INIT INFO' >> /etc/init.d/tlsdate
echo '# Author: Bob Mottram <bob@robotics.uk.to>' >> /etc/init.d/tlsdate
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin"' >> /etc/init.d/tlsdate
echo 'LOGFILE="/var/log/tlsdate.log"' >> /etc/init.d/tlsdate
echo 'TLSDATECOMMAND="tlsdate --timewarp -l -H www.ptb.de -p 443 >> $LOGFILE"' >> /etc/init.d/tlsdate
echo '#Start-Stop here' >> /etc/init.d/tlsdate
echo 'case "$1" in' >> /etc/init.d/tlsdate
echo ' start)' >> /etc/init.d/tlsdate
echo ' echo "tlsdate started"' >> /etc/init.d/tlsdate
echo ' $TLSDATECOMMAND' >> /etc/init.d/tlsdate
echo ' ;;' >> /etc/init.d/tlsdate
echo ' stop)' >> /etc/init.d/tlsdate
echo ' echo "tlsdate stopped"' >> /etc/init.d/tlsdate
echo ' ;;' >> /etc/init.d/tlsdate
echo ' restart)' >> /etc/init.d/tlsdate
echo ' echo "tlsdate restarted"' >> /etc/init.d/tlsdate
echo ' $TLSDATECOMMAND' >> /etc/init.d/tlsdate
echo ' ;;' >> /etc/init.d/tlsdate
echo ' *)' >> /etc/init.d/tlsdate
echo ' echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/tlsdate
echo ' exit 1' >> /etc/init.d/tlsdate
echo ' ;;' >> /etc/init.d/tlsdate
echo 'esac' >> /etc/init.d/tlsdate
echo 'exit 0' >> /etc/init.d/tlsdate
chmod +x /etc/init.d/tlsdate
update-rc.d tlsdate defaults
echo 'time_synchronisation' >> $COMPLETION_FILE
}
function configure_firewall {
if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -P INPUT ACCEPT
ip6tables -P INPUT ACCEPT
iptables -F
ip6tables -F
iptables -t nat -F
ip6tables -t nat -F
iptables -X
ip6tables -X
iptables -P INPUT DROP
ip6tables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Make sure incoming tcp connections are SYN packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# Drop packets with incoming fragments
iptables -A INPUT -f -j DROP
# Drop bogons
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# Incoming malformed NULL packets:
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
echo 'configure_firewall' >> $COMPLETION_FILE
}
function save_firewall_settings {
iptables-save > /etc/firewall.conf
ip6tables-save > /etc/firewall6.conf
printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables
}
function configure_firewall_for_voip {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
return
fi
iptables -A INPUT -i eth0 -p udp --dport $VOIP_PORT -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport $VOIP_PORT -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
}
function configure_firewall_for_cjdns {
if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_CJDNS != "yes" ]]; then
return
fi
ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
}
function configure_firewall_for_dlna {
if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
return
fi
iptables -A INPUT -i eth0 -p udp --dport 1900 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8200 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
}
function configure_firewall_for_dns {
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
}
function configure_firewall_for_xmpp {
if [ ! -d /etc/prosody ]; then
return
fi
if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p tcp --dport 5222:5223 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 5269 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 5280:5281 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
}
function configure_firewall_for_irc {
if [ ! -d /etc/ngircd ]; then
return
fi
if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p tcp --dport 6697 -j ACCEPT
iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 6697 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 9999 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
}
function configure_firewall_for_ftp {
if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
}
function configure_firewall_for_web_access {
if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
}
function configure_firewall_for_web_server {
if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
}
function configure_firewall_for_ssh {
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
}
function configure_firewall_for_git {
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
}
function configure_firewall_for_email {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_email' >> $COMPLETION_FILE
}
function configure_internet_protocol {
if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
return
fi
sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
echo '# ignore pings' >> /etc/sysctl.conf
echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
echo '# disable ipv6' >> /etc/sysctl.conf
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
echo '# keepalive' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
echo 'configure_internet_protocol' >> $COMPLETION_FILE
}
function script_to_make_self_signed_certificates {
if grep -Fxq "script_to_make_self_signed_certificates" $COMPLETION_FILE; then
return
fi
echo '#!/bin/bash' > /usr/bin/makecert
echo 'HOSTNAME=$1' >> /usr/bin/makecert
echo 'COUNTRY_CODE="US"' >> /usr/bin/makecert
echo 'AREA="Free Speech Zone"' >> /usr/bin/makecert
echo 'LOCATION="Freedomville"' >> /usr/bin/makecert
echo 'ORGANISATION="Freedombone"' >> /usr/bin/makecert
echo 'UNIT="Freedombone Unit"' >> /usr/bin/makecert
echo 'if ! which openssl > /dev/null ;then' >> /usr/bin/makecert
echo ' echo "$0: openssl is not installed, exiting" 1>&2' >> /usr/bin/makecert
echo ' exit 1' >> /usr/bin/makecert
echo 'fi' >> /usr/bin/makecert
echo 'openssl req -x509 -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt' >> /usr/bin/makecert
echo 'openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam' >> /usr/bin/makecert
echo 'chmod 400 /etc/ssl/private/$HOSTNAME.key' >> /usr/bin/makecert
echo 'chmod 640 /etc/ssl/certs/$HOSTNAME.crt' >> /usr/bin/makecert
echo 'chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam' >> /usr/bin/makecert
echo 'if [ -f /etc/init.d/nginx ]; then' >> /usr/bin/makecert
echo ' /etc/init.d/nginx reload' >> /usr/bin/makecert
echo 'fi' >> /usr/bin/makecert
echo '# add the public certificate to a separate directory' >> /usr/bin/makecert
echo '# so that we can redistribute it easily' >> /usr/bin/makecert
echo 'if [ ! -d /etc/ssl/mycerts ]; then' >> /usr/bin/makecert
echo ' mkdir /etc/ssl/mycerts' >> /usr/bin/makecert
echo 'fi' >> /usr/bin/makecert
echo 'cp /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/mycerts' >> /usr/bin/makecert
echo '# Create a bundle of your certificates' >> /usr/bin/makecert
echo 'cat /etc/ssl/mycerts/*.crt > /etc/ssl/freedombone-bundle.crt' >> /usr/bin/makecert
echo 'tar -czvf /etc/ssl/freedombone-certs.tar.gz /etc/ssl/mycerts/*.crt' >> /usr/bin/makecert
chmod +x /usr/bin/makecert
echo 'script_to_make_self_signed_certificates' >> $COMPLETION_FILE
}
function configure_email {
if [[ || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
return
fi
if grep -Fxq "configure_email" $COMPLETION_FILE; then
return
fi
apt-get -y remove postfix
apt-get -y install exim4 sasl2-bin swaks libnet-ssleay-perl procmail
if [ ! -d /etc/exim4 ]; then
echo "ERROR: Exim does not appear to have installed. $CHECK_MESSAGE"
exit 48
fi
# configure for Maildir format
sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs
sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs
if ! grep -q "export MAIL" /etc/profile; then
echo 'export MAIL=~/Maildir' >> /etc/profile
fi
sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login
sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd
sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su
echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf
echo "dc_other_hostnames='$DEFAULT_DOMAIN_NAME'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf
RELAY_NETS=$(echo $LOCAL_NETWORK_STATIC_IP_ADDRESS | awk -F '.' '{print $1 "." $2 "." $3 ".0/24"}')
echo "dc_relay_nets='$RELAY_NETS'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf
echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf
echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf
echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf
update-exim4.conf
sed -i "s/START=no/START=yes/g" /etc/default/saslauthd
/etc/init.d/saslauthd start
# make a tls certificate for email
if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
makecert exim
check_certificates exim
fi
cp /etc/ssl/private/exim.key /etc/exim4
cp /etc/ssl/certs/exim.crt /etc/exim4
cp /etc/ssl/certs/exim.dhparam /etc/exim4
chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template
sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DEFAULT_DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template
sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4
if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then
sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template
fi
adduser $MY_USERNAME sasl
addgroup Debian-exim sasl
/etc/init.d/exim4 restart
if [ ! -d /etc/skel/Maildir ]; then
mkdir -m 700 /etc/skel/Maildir
mkdir -m 700 /etc/skel/Maildir/Sent
mkdir -m 700 /etc/skel/Maildir/Sent/tmp
mkdir -m 700 /etc/skel/Maildir/Sent/cur
mkdir -m 700 /etc/skel/Maildir/Sent/new
mkdir -m 700 /etc/skel/Maildir/.learn-spam
mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur
mkdir -m 700 /etc/skel/Maildir/.learn-spam/new
mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp
mkdir -m 700 /etc/skel/Maildir/.learn-ham
mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur
mkdir -m 700 /etc/skel/Maildir/.learn-ham/new
mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp
ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam
ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham
fi
if [ ! -d /home/$MY_USERNAME/Maildir ]; then
mkdir -m 700 /home/$MY_USERNAME/Maildir
mkdir -m 700 /home/$MY_USERNAME/Maildir/cur
mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp
mkdir -m 700 /home/$MY_USERNAME/Maildir/new
mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent
mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur
mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp
mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new
mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp
ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam
ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
fi
echo 'configure_email' >> $COMPLETION_FILE
}
function create_procmail {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "create_procmail" $COMPLETION_FILE; then
return
fi
if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then
echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc
echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc
echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc
echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc
fi
echo 'create_procmail' >> $COMPLETION_FILE
}
function spam_filtering {
# NOTE: spamassassin installation currently doesn't work, sa-compile fails with a make error 23/09/2014
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "spam_filtering" $COMPLETION_FILE; then
return
fi
apt-get -y install exim4-daemon-heavy
apt-get -y install spamassassin
sa-update -v
sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin
sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template
# This configuration is based on https://wiki.debian.org/DebianSpamAssassin
sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
# procmail configuration
echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc
echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc
echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc
echo '| spamc' >> /home/$MY_USERNAME/.procmailrc
echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc
echo ':0' >> /home/$MY_USERNAME/.procmailrc
echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc
echo ':0' >> /home/$MY_USERNAME/.procmailrc
echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
echo '.0-spam/' >> /home/$MY_USERNAME/.procmailrc
echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc
echo ':0' >> /home/$MY_USERNAME/.procmailrc
echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc
echo '.spam/' >> /home/$MY_USERNAME/.procmailrc
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
# filtering scripts
echo '#!/bin/bash' > /usr/bin/filterspam
echo 'USERNAME=$1' >> /usr/bin/filterspam
echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
echo ' exit' >> /usr/bin/filterspam
echo 'fi' >> /usr/bin/filterspam
echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam
echo 'do' >> /usr/bin/filterspam
echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam
echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam
echo 'done' >> /usr/bin/filterspam
echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam
echo 'do' >> /usr/bin/filterspam
echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam
echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam
echo 'done' >> /usr/bin/filterspam
echo '#!/bin/bash' > /usr/bin/filterham
echo 'USERNAME=$1' >> /usr/bin/filterham
echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
echo ' exit' >> /usr/bin/filterham
echo 'fi' >> /usr/bin/filterham
echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham
echo 'do' >> /usr/bin/filterham
echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham
echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham
echo 'done' >> /usr/bin/filterham
echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterham
echo 'do' >> /usr/bin/filterham
echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham
echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham
echo 'done' >> /usr/bin/filterham
if ! grep -q "filterspam" /etc/crontab; then
echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam $MY_USERNAME" >> /etc/crontab
fi
if ! grep -q "filterham" /etc/crontab; then
echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham $MY_USERNAME" >> /etc/crontab
fi
chmod 655 /usr/bin/filterspam /usr/bin/filterham
sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf
sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf
service spamassassin restart
service exim4 restart
service cron restart
echo 'spam_filtering' >> $COMPLETION_FILE
}
function configure_imap {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "configure_imap" $COMPLETION_FILE; then
return
fi
apt-get -y install dovecot-common dovecot-imapd
if [ ! -d /etc/dovecot ]; then
echo "ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE"
exit 48
fi
if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then
makecert dovecot
check_certificates dovecot
fi
chown root:dovecot /etc/ssl/certs/dovecot.*
chown root:dovecot /etc/ssl/private/dovecot.*
sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = 1024|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
echo "ssl_cipher_list = '$SSL_CIPHERS'" >> /etc/dovecot/conf.d/10-ssl.conf
sed -i 's/#process_limit =.*/process_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
sed -i 's/#default_client_limit.*/default_client_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf
sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
service dovecot restart
echo 'configure_imap' >> $COMPLETION_FILE
}
function configure_gpg {
if grep -Fxq "configure_gpg" $COMPLETION_FILE; then
return
fi
apt-get -y install gnupg
# if gpg keys directory was previously imported from usb
if [[ $GPG_KEYS_IMPORTED == "yes" && -d /home/$MY_USERNAME/.gnupg ]]; then
sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf
MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
echo 'configure_gpg' >> $COMPLETION_FILE
return
fi
if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
mkdir /home/$MY_USERNAME/.gnupg
echo 'keyserver hkp://keys.gnupg.net' >> /home/$MY_USERNAME/.gnupg/gpg.conf
echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf
fi
sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf
if ! grep -q "# default preferences" /home/$MY_USERNAME/.gnupg/gpg.conf; then
echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf
echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf
echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf
fi
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then
# use your existing GPG keys which were exported
if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
echo "GPG public key file $MY_GPG_PUBLIC_KEY was not found"
exit 5
fi
if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
echo "GPG private key file $MY_GPG_PRIVATE_KEY was not found"
exit 6
fi
su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
# for security ensure that the private key file doesn't linger around
shred -zu $MY_GPG_PRIVATE_KEY
MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
else
# Generate a GPG key
echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
if grep -q "configure_email" $COMPLETION_FILE; then
if ! grep -q "Change your GPG password" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Change your GPG password' >> /home/$MY_USERNAME/README
echo '========================' >> /home/$MY_USERNAME/README
echo "It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
echo "if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
echo 'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
echo 'You can change the it with:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " gpg --edit-key $MY_GPG_PUBLIC_KEY" >> /home/$MY_USERNAME/README
echo ' passwd' >> /home/$MY_USERNAME/README
echo ' save' >> /home/$MY_USERNAME/README
echo ' quit' >> /home/$MY_USERNAME/README
fi
if ! grep -q "Publish your GPG public key" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Publish your GPG public key' >> /home/$MY_USERNAME/README
echo '===========================' >> /home/$MY_USERNAME/README
echo 'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
echo 'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " gpg --send-keys $MY_GPG_PUBLIC_KEY" >> /home/$MY_USERNAME/README
fi
fi
fi
echo 'configure_gpg' >> $COMPLETION_FILE
}
function encrypt_incoming_email {
# encrypts incoming mail using your GPG public key
# so even if an attacker gains access to the data at rest they still need
# to know your GPG key password to be able to read anything
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then
return
fi
if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
return
fi
if [ ! -f /usr/bin/gpgit.pl ]; then
apt-get -y install git libmail-gnupg-perl
cd $INSTALL_DIR
git clone https://github.com/mikecardwell/gpgit
cd gpgit
cp gpgit.pl /usr/bin
fi
# add a procmail rule
if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
echo '' >> /home/$MY_USERNAME/.procmailrc
echo ':0 f' >> /home/$MY_USERNAME/.procmailrc
echo "| /usr/bin/gpgit.pl $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
fi
echo 'encrypt_incoming_email' >> $COMPLETION_FILE
}
function encrypt_outgoing_email {
# encrypts outgoing mail using your GPG public key
# so even if an attacker gains access to the data at rest they still need
# to know your GPG key password to be able to read sent mail
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then
return
fi
if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
return
fi
if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
return
fi
if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
return
fi
fi
sed -i "s|#encrypt-to .*|hidden-encrypt-to $MY_GPG_PUBLIC_KEY_ID|g" /home/$MY_USERNAME/.gnupg/gpg.conf
echo 'encrypt_outgoing_email' >> $COMPLETION_FILE
}
function encrypt_all_email {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "encrypt_all_email" $COMPLETION_FILE; then
return
fi
if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
return
fi
echo '#!/bin/bash' > /usr/bin/encmaildir
echo '#' >> /usr/bin/encmaildir
echo '# GPLv2' >> /usr/bin/encmaildir
echo '# GPG Encrypt a Maildir using gpgit.pl' >> /usr/bin/encmaildir
echo '# Oct 03, 2014' >> /usr/bin/encmaildir
echo '#' >> /usr/bin/encmaildir
echo '# Change log:' >> /usr/bin/encmaildir
echo '# Sep 03, 2011' >> /usr/bin/encmaildir
echo '# - Temporary file is based on file_owner to avoid' >> /usr/bin/encmaildir
echo '# issues with permission differences.' >> /usr/bin/encmaildir
echo '# - Temporary file is removed after run.' >> /usr/bin/encmaildir
echo '# - Optional arguments passed to "find".' >> /usr/bin/encmaildir
echo '# - Full paths to binaries.' >> /usr/bin/encmaildir
echo '# - Removed unneccessary need of "cat", "grep", etc.' >> /usr/bin/encmaildir
echo '# Sep 04, 2011' >> /usr/bin/encmaildir
echo '# - Dont remove Dovecot index/uid unless messages' >> /usr/bin/encmaildir
echo '# have been GPG encrypted.' >> /usr/bin/encmaildir
echo '# - Adjust file tests to not just use -e' >> /usr/bin/encmaildir
echo '# - Quote all file operations' >> /usr/bin/encmaildir
echo '# Sep 05, 2011' >> /usr/bin/encmaildir
echo '# - Dont arbitrarily copy files, only overwrite the file' >> /usr/bin/encmaildir
echo '# in ~/Maildir if it differs after calling gpgencmail.pl' >> /usr/bin/encmaildir
echo '# - Only rebuild the index if we have modified ~/Maildir' >> /usr/bin/encmaildir
echo '# Oct 03, 2014' >> /usr/bin/encmaildir
echo '# - Minor modifications for use with Freedombone' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo 'if [[ -z "$1" || -z "$2" || -z "$3" ]]; then' >> /usr/bin/encmaildir
echo ' echo "Usage is ./encmaildir.sh {optional arguments passed to find for messages such as -mtime 0}"' >> /usr/bin/encmaildir
echo ' exit 0' >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo 'MAIL_DIR=$1' >> /usr/bin/encmaildir
echo 'EMAIL_ADDRESS=$2' >> /usr/bin/encmaildir
echo 'USERNAME=$3' >> /usr/bin/encmaildir
echo 'if [ ! -d "$MAIL_DIR" ]; then' >> /usr/bin/encmaildir
echo " MAIL_DIR='/home/$MY_USERNAME/Maildir'" >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo 'if [ ! $EMAIL_ADDRESS ]; then' >> /usr/bin/encmaildir
echo " EMAIL_ADDRESS='$MY_EMAIL_ADDRESS'" >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo 'if [ ! $USERNAME ]; then' >> /usr/bin/encmaildir
echo " USERNAME='$MY_USERNAME'" >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo '# Does this key exist?' >> /usr/bin/encmaildir
echo 'gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1' >> /usr/bin/encmaildir
echo 'if [ $? -gt 0 ]; then' >> /usr/bin/encmaildir
echo ' echo "A GPG key for $EMAIL_ADDRESS could not be found!"' >> /usr/bin/encmaildir
echo ' exit 0' >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo '# Find all files in the Maildir specified.' >> /usr/bin/encmaildir
echo 'echo "Calling find"' >> /usr/bin/encmaildir
echo -n 'find "$MAIL_DIR" -type f -regex ' >> /usr/bin/encmaildir
echo -n "'.*/\(cur\|new\)/.*' " >> /usr/bin/encmaildir
echo '$4|while read line; do' >> /usr/bin/encmaildir
echo ' gpgit.pl --encrypt-mode prefer-inline "$EMAIL_ADDRESS" "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' # Check to see if there are differences between the existing' >> /usr/bin/encmaildir
echo ' # Maildir file and what was created by gpgit.pl' >> /usr/bin/encmaildir
echo ' diff -qa "$line" "/tmp/msg_$USERNAME" > /dev/null 2>&1;' >> /usr/bin/encmaildir
echo ' if [ $? -gt 0 ]; then' >> /usr/bin/encmaildir
echo ' # Preserve timestamps, set ownership.' >> /usr/bin/encmaildir
echo ' chown $USERNAME:$USERNAME "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir
echo ' chmod 600 "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir
echo ' touch "/tmp/msg_$USERNAME" --reference="$line"' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' # Unlink the original Maildir message' >> /usr/bin/encmaildir
echo ' unlink "$line"' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' # Strip message sizes, retain experimental flags' >> /usr/bin/encmaildir
echo ' # and status flags, and copy the file over.' >> /usr/bin/encmaildir
echo ' STRIPSIZES=$(/bin/echo "$line"|/bin/sed -e "s/W=[[:digit:]]*//" -e "s/S=[[:digit:]]*//" -e "s/,,//" -e "s/,:2/:2/")' >> /usr/bin/encmaildir
echo ' cp -av "/tmp/msg_$USERNAME" "$STRIPSIZES"' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' #Indexes must be rebuilt, weve modified Maildir.' >> /usr/bin/encmaildir
echo ' touch "/tmp/rebuild_index_$USERNAME"' >> /usr/bin/encmaildir
echo ' else' >> /usr/bin/encmaildir
echo ' echo "Not copying, no differences between /tmp/msg_$USERNAME and $line"' >> /usr/bin/encmaildir
echo ' fi' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' # Remove the temporary file' >> /usr/bin/encmaildir
echo ' unlink "/tmp/msg_$USERNAME"' >> /usr/bin/encmaildir
echo 'done' >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo '# Remove Dovecot index and uids for regeneration.' >> /usr/bin/encmaildir
echo 'if [ -f "/tmp/rebuild_index_$USERNAME" ]; then' >> /usr/bin/encmaildir
echo ' echo "Removing Dovecot indexes and uids"' >> /usr/bin/encmaildir
echo -n ' find "$MAIL_DIR" -type f -regex ' >> /usr/bin/encmaildir
echo "'.*\(dovecot-\|dovecot\.\|\.uidvalidity\).*' -delete" >> /usr/bin/encmaildir
echo '' >> /usr/bin/encmaildir
echo ' # Remove the temporary file' >> /usr/bin/encmaildir
echo ' unlink "/tmp/rebuild_index_$USERNAME"' >> /usr/bin/encmaildir
echo 'else' >> /usr/bin/encmaildir
echo ' echo "No messages found needing GPG encryption, not' >> /usr/bin/encmaildir
echo ' echo "removing Dovecot indexes and UIDs."' >> /usr/bin/encmaildir
echo 'fi' >> /usr/bin/encmaildir
echo 'exit 0' >> /usr/bin/encmaildir
chmod +x /usr/bin/encmaildir
if [ ! /home/$MY_USERNAME/README ]; then
touch /home/$MY_USERNAME/README
fi
if ! grep -q "If you have imported legacy email" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Encrypting legacy email' >> /home/$MY_USERNAME/README
echo '=======================' >> /home/$MY_USERNAME/README
echo 'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME/README
echo 'then it can be encrypted with the command:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo ' encmaildir' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME/README
echo 'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME/README
echo 'and may be better done on a faster machine.' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo 'encrypt_all_email' >> $COMPLETION_FILE
}
function email_client {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "email_client" $COMPLETION_FILE; then
return
fi
apt-get -y install mutt-patched lynx abook
if [ ! -f /etc/Muttrc ]; then
echo "ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE"
exit 49
fi
if [ ! -d /home/$MY_USERNAME/.mutt ]; then
mkdir /home/$MY_USERNAME/.mutt
fi
echo "text/html; lynx -dump -width=78 -nolist %s | sed s/^ //; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
echo 'set mbox_type=Maildir' >> /etc/Muttrc
echo 'set folder="~/Maildir"' >> /etc/Muttrc
echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc
echo 'set mbox="~/Maildir"' >> /etc/Muttrc
echo 'set record="+Sent"' >> /etc/Muttrc
echo 'set postponed="+Drafts"' >> /etc/Muttrc
echo 'set trash="+Trash"' >> /etc/Muttrc
echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc
echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc
echo 'set editor="emacs"' >> /etc/Muttrc
echo 'set header_cache="+.cache"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo 'macro index S "<tag-prefix><save-message>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
echo 'macro pager S "<save-message>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
echo 'macro index H "<tag-prefix><copy-message>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
echo 'macro pager H "<copy-message>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# set up the sidebar' >> /etc/Muttrc
echo 'set sidebar_width=22' >> /etc/Muttrc
echo 'set sidebar_visible=yes' >> /etc/Muttrc
echo "set sidebar_delim='|'" >> /etc/Muttrc
echo 'set sidebar_sort=yes' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo 'set rfc2047_parameters' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# Show inbox and sent items' >> /etc/Muttrc
echo 'mailboxes = =Sent' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc
echo 'color sidebar_new yellow default' >> /etc/Muttrc
echo 'color normal white default' >> /etc/Muttrc
echo 'color hdrdefault brightcyan default' >> /etc/Muttrc
echo 'color signature green default' >> /etc/Muttrc
echo 'color attachment brightyellow default' >> /etc/Muttrc
echo 'color quoted green default' >> /etc/Muttrc
echo 'color quoted1 white default' >> /etc/Muttrc
echo 'color tilde blue default' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc
echo '# ctrl-o to open selected folder' >> /etc/Muttrc
echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc
echo 'bind index \Cn sidebar-next' >> /etc/Muttrc
echo 'bind index \Co sidebar-open' >> /etc/Muttrc
echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc
echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc
echo 'bind pager \Co sidebar-open' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc
echo "macro index,pager \Cb '<enter-command>toggle sidebar_visible<enter><redraw-screen>' 'toggle sidebar'" >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# esc-m Mark new messages as read' >> /etc/Muttrc
echo 'macro index <esc>m "T~N<enter>;WNT~O<enter>;WO\CT~T<enter>" "mark all messages read"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# Collapsing threads' >> /etc/Muttrc
echo 'macro index [ "<collapse-thread>" "collapse/uncollapse thread"' >> /etc/Muttrc
echo 'macro index ] "<collapse-all>" "collapse/uncollapse all threads"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# threads containing new messages' >> /etc/Muttrc
echo 'uncolor index "~(~N)"' >> /etc/Muttrc
echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# new messages themselves' >> /etc/Muttrc
echo 'uncolor index "~N"' >> /etc/Muttrc
echo 'color index brightyellow default "~N"' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# GPG/PGP integration' >> /etc/Muttrc
echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc
echo 'set pgp_timeout=1800' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc
echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc
echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc
echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc
echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc
echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc
echo 'set fcc_clear # Keep cleartext copy of sent encrypted mail' >> /etc/Muttrc
echo 'unset smime_is_default' >> /etc/Muttrc
echo '' >> /etc/Muttrc
echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc
echo 'source ~/.mutt-alias' >> /etc/Muttrc
echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc
echo 'macro index,pager A "<pipe-message>abook --add-email-quiet<return>" "add the sender address to abook"' >> /etc/Muttrc
cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc
touch /home/$MY_USERNAME/.mutt-alias
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias
echo 'email_client' >> $COMPLETION_FILE
}
function email_archiving {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "email_archiving" $COMPLETION_FILE; then
return
fi
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
fi
cd $INSTALL_DIR
git clone https://github.com/bashrc/cleanup-maildir
cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
echo '#!/bin/bash' > /etc/cron.daily/archivemail
echo "MUTTRC=/home/$MY_USERNAME/.muttrc" >> /etc/cron.daily/archivemail
echo "python /usr/bin/cleanup-maildir --archive-folder='archive' --maildir-root='/home/$MY_USERNAME/Maildir' archive ''" >> /etc/cron.daily/archivemail
echo "chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir/archive-*" >> /etc/cron.daily/archivemail
echo 'if [ -f $MUTTRC ]; then' >> /etc/cron.daily/archivemail
echo ' MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /etc/cron.daily/archivemail
echo ' BACKUP_DIRECTORY=archive-$(date +"%Y")' >> /etc/cron.daily/archivemail
echo ' if [[ $MUTT_MAILBOXES != *$BACKUP_DIRECTORY* ]]; then' >> /etc/cron.daily/archivemail
echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" $MUTTRC' >> /etc/cron.daily/archivemail
echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /etc/cron.daily/archivemail
echo ' fi' >> /etc/cron.daily/archivemail
echo 'fi' >> /etc/cron.daily/archivemail
echo 'exit 0' >> /etc/cron.daily/archivemail
chmod +x /etc/cron.daily/archivemail
echo 'email_archiving' >> $COMPLETION_FILE
}
function folders_for_mailing_lists {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "folders_for_mailing_lists" $COMPLETION_FILE; then
return
fi
echo '#!/bin/bash' > /usr/bin/addmailinglist
echo 'MYUSERNAME=$1' >> /usr/bin/addmailinglist
echo 'MAILINGLIST=$2' >> /usr/bin/addmailinglist
echo 'SUBJECTTAG=$3' >> /usr/bin/addmailinglist
echo 'MUTTRC=/home/$MYUSERNAME/.muttrc' >> /usr/bin/addmailinglist
echo 'PM=/home/$MYUSERNAME/.procmailrc' >> /usr/bin/addmailinglist
echo 'LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo '# Exit if the list was already added' >> /usr/bin/addmailinglist
echo 'if grep -q "=$MAILINGLIST" $MUTTRC; then' >> /usr/bin/addmailinglist
echo ' exit 1' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'if ! [[ $MYUSERNAME && $MAILINGLIST && $SUBJECTTAG ]]; then' >> /usr/bin/addmailinglist
echo ' echo "addmailinglist [user name] [mailing list name] [subject tag]"' >> /usr/bin/addmailinglist
echo ' exit 1' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'if [ ! -d "$LISTDIR" ]; then' >> /usr/bin/addmailinglist
echo ' mkdir -m 700 $LISTDIR' >> /usr/bin/addmailinglist
echo ' mkdir -m 700 $LISTDIR/tmp' >> /usr/bin/addmailinglist
echo ' mkdir -m 700 $LISTDIR/new' >> /usr/bin/addmailinglist
echo ' mkdir -m 700 $LISTDIR/cur' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR' >> /usr/bin/addmailinglist
echo 'echo "" >> $PM' >> /usr/bin/addmailinglist
echo 'echo ":0" >> $PM' >> /usr/bin/addmailinglist
echo 'echo " * ^Subject:.*()\[$SUBJECTTAG\]" >> $PM' >> /usr/bin/addmailinglist
echo 'echo "$LISTDIR/new" >> $PM' >> /usr/bin/addmailinglist
echo 'chown $MYUSERNAME:$MYUSERNAME $PM' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'if [ ! -f "$MUTTRC" ]; then' >> /usr/bin/addmailinglist
echo ' cp /etc/Muttrc $MUTTRC' >> /usr/bin/addmailinglist
echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'PROCMAILLOG=/home/$MYUSERNAME/log' >> /usr/bin/addmailinglist
echo 'if [ ! -d $PROCMAILLOG ]; then' >> /usr/bin/addmailinglist
echo ' mkdir $PROCMAILLOG' >> /usr/bin/addmailinglist
echo ' chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo '' >> /usr/bin/addmailinglist
echo 'MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /usr/bin/addmailinglist
echo 'if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then' >> /usr/bin/addmailinglist
echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC' >> /usr/bin/addmailinglist
echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addmailinglist
echo 'fi' >> /usr/bin/addmailinglist
echo 'exit 0' >> /usr/bin/addmailinglist
chmod +x /usr/bin/addmailinglist
echo 'folders_for_mailing_lists' >> $COMPLETION_FILE
}
# Ensure that the from field is correct when sending email from Mutt
function email_from_address {
if grep -Fxq "email_from_address" $COMPLETION_FILE; then
return
fi
if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
return
fi
if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" /home/$MY_USERNAME/.muttrc
else
echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc
fi
echo 'email_from_address' >> $COMPLETION_FILE
}
function folders_for_email_addresses {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "folders_for_email_addresses" $COMPLETION_FILE; then
return
fi
echo '#!/bin/bash' > /usr/bin/addemailtofolder
echo 'MYUSERNAME=$1' >> /usr/bin/addemailtofolder
echo 'EMAILADDRESS=$2' >> /usr/bin/addemailtofolder
echo 'MAILINGLIST=$3' >> /usr/bin/addemailtofolder
echo 'MUTTRC=/home/$MYUSERNAME/.muttrc' >> /usr/bin/addemailtofolder
echo 'PM=/home/$MYUSERNAME/.procmailrc' >> /usr/bin/addemailtofolder
echo 'LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST' >> /usr/bin/addemailtofolder
echo '' >> /usr/bin/addemailtofolder
echo 'if ! [[ $MYUSERNAME && $EMAILADDRESS && $MAILINGLIST ]]; then' >> /usr/bin/addemailtofolder
echo ' echo "addemailtofolder [user name] [email address] [mailing list name]"' >> /usr/bin/addemailtofolder
echo ' exit 1' >> /usr/bin/addemailtofolder
echo 'fi' >> /usr/bin/addemailtofolder
echo '' >> /usr/bin/addemailtofolder
echo 'if [ ! -d "$LISTDIR" ]; then' >> /usr/bin/addemailtofolder
echo ' mkdir -m 700 $LISTDIR' >> /usr/bin/addemailtofolder
echo ' mkdir -m 700 $LISTDIR/tmp' >> /usr/bin/addemailtofolder
echo ' mkdir -m 700 $LISTDIR/new' >> /usr/bin/addemailtofolder
echo ' mkdir -m 700 $LISTDIR/cur' >> /usr/bin/addemailtofolder
echo 'fi' >> /usr/bin/addemailtofolder
echo 'chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR' >> /usr/bin/addemailtofolder
echo 'echo "" >> $PM' >> /usr/bin/addemailtofolder
echo 'echo ":0" >> $PM' >> /usr/bin/addemailtofolder
echo 'echo " * ^From: $EMAILADDRESS" >> $PM' >> /usr/bin/addemailtofolder
echo 'echo "$LISTDIR/new" >> $PM' >> /usr/bin/addemailtofolder
echo 'chown $MYUSERNAME:$MYUSERNAME $PM' >> /usr/bin/addemailtofolder
echo 'if [ ! -f "$MUTTRC" ]; then' >> /usr/bin/addemailtofolder
echo ' cp /etc/Muttrc $MUTTRC' >> /usr/bin/addemailtofolder
echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addemailtofolder
echo 'fi' >> /usr/bin/addemailtofolder
echo 'PROCMAILLOG=/home/$MYUSERNAME/log' >> /usr/bin/addemailtofolder
echo 'if [ ! -d $PROCMAILLOG ]; then' >> /usr/bin/addemailtofolder
echo ' mkdir $PROCMAILLOG' >> /usr/bin/addemailtofolder
echo ' chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG' >> /usr/bin/addemailtofolder
echo 'fi' >> /usr/bin/addemailtofolder
echo 'MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /usr/bin/addemailtofolder
echo 'if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then' >> /usr/bin/addemailtofolder
echo ' if ! grep -q "=$MAILINGLIST" $MUTTRC; then' >> /usr/bin/addemailtofolder
echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC' >> /usr/bin/addemailtofolder
echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addemailtofolder
echo ' fi' >> /usr/bin/addemailtofolder
echo 'fi' >> /usr/bin/addemailtofolder
echo 'exit 0' >> /usr/bin/addemailtofolder
chmod +x /usr/bin/addemailtofolder
echo 'folders_for_email_addresses' >> $COMPLETION_FILE
}
function create_public_mailing_list {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then
return
fi
if [ ! $PUBLIC_MAILING_LIST ]; then
return
fi
# does the mailing list have a separate domain name?
if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then
PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
fi
PUBLIC_MAILING_LIST_USER="mlmmj"
apt-get -y install mlmmj
adduser --system $PUBLIC_MAILING_LIST_USER
addgroup $PUBLIC_MAILING_LIST_USER
adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER
echo ''
echo "Creating the $PUBLIC_MAILING_LIST mailing list"
echo ''
# create the list
mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER
echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros
echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
# router
echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
# transport
echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
fi
if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then
sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary
fi
newaliases
update-exim4.conf.template -r
update-exim4.conf
service exim4 restart
if ! grep -q "$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Public mailing list' >> /home/$MY_USERNAME/README
echo '===================' >> /home/$MY_USERNAME/README
echo "To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README
echo "cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
fi
addmailinglist $MY_USERNAME "$PUBLIC_MAILING_LIST" "$PUBLIC_MAILING_LIST"
echo 'create_public_mailing_list' >> $COMPLETION_FILE
}
function create_private_mailing_list {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
# This installation doesn't work, results in ruby errors
# There is currently no schleuder package for Debian jessie
if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then
return
fi
if [ ! $PRIVATE_MAILING_LIST ]; then
return
fi
if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then
echo 'The name of the private mailing list should not be the'
echo 'same as your username'
exit 10
fi
if [ ! $MY_GPG_PUBLIC_KEY ]; then
echo 'To create a private mailing list you need to specify a file'
echo 'containing your exported GPG key within MY_GPG_PUBLIC_KEY at'
echo 'the top of the script'
exit 11
fi
apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev
gem install schleuder
schleuder-fix-gem-dependencies
schleuder-init-setup --gem
# NOTE: this is version number sensitive and so might need changing
ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder
sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf
sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf
schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
addemailtofolder $MY_USERNAME $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME $PRIVATE_MAILING_LIST
echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
chown -R schleuder:schleuder /var/lib/schleuder
update-exim4.conf.template -r
update-exim4.conf
service exim4 restart
useradd -d /var/schleuderlists -s /bin/false schleuder
adduser Debian-exim schleuder
usermod -a -G mail schleuder
#exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME
echo 'create_private_mailing_list' >> $COMPLETION_FILE
}
function import_email {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
EMAIL_COMPLETE_MSG=' *** Freedombone mailbox installation is complete ***'
if grep -Fxq "import_email" $COMPLETION_FILE; then
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
create_backup_script
create_restore_script
backup_to_friends_servers
intrusion_detection
echo ''
echo "$EMAIL_COMPLETE_MSG"
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
echo ' You can now remove the USB drive'
fi
exit 0
fi
return
fi
if [ $IMPORT_MAILDIR ]; then
if [ -d $IMPORT_MAILDIR ]; then
echo 'Transfering email files'
cp -r $IMPORT_MAILDIR /home/$MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
else
echo "Email import directory $IMPORT_MAILDIR not found"
exit 9
fi
fi
echo 'import_email' >> $COMPLETION_FILE
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
create_backup_script
create_restore_script
backup_to_friends_servers
intrusion_detection
# unmount any attached usb drive
echo ''
echo "$EMAIL_COMPLETE_MSG"
echo ''
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
echo ' You can now remove the USB drive'
fi
exit 0
fi
}
function install_web_server {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
return
fi
if grep -Fxq "install_web_server" $COMPLETION_FILE; then
return
fi
# remove apache
apt-get -y remove --purge apache2
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
fi
# install nginx
apt-get -y install nginx php5-fpm git
# limit the number of php processes
sed -i 's/; process.max = 128/process.max = 32/g' /etc/php5/fpm/php-fpm.conf
sed -i 's/;process_control_timeout = 0/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf
if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then
echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf
echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf
fi
if [ ! -d /etc/nginx ]; then
echo "ERROR: nginx does not appear to have installed. $CHECK_MESSAGE"
exit 51
fi
# Nginx settings
echo 'user www-data;' > /etc/nginx/nginx.conf
#echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf
echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo 'events {' >> /etc/nginx/nginx.conf
echo ' worker_connections 50;' >> /etc/nginx/nginx.conf
echo ' # multi_accept on;' >> /etc/nginx/nginx.conf
echo '}' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo 'http {' >> /etc/nginx/nginx.conf
echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf
echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf
echo ' # Note that the Owncloud web interface seems to require a rate of around 140r/s' >> /etc/nginx/nginx.conf
echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf
echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf
echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf
echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf
echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf
echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo ' # Basic Settings' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' sendfile on;' >> /etc/nginx/nginx.conf
echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf
echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf
echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf
echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf
echo ' server_tokens off;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf
echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf
echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo ' # Logging Settings' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf
echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' ###' >> /etc/nginx/nginx.conf
echo ' # Gzip Settings' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo ' gzip on;' >> /etc/nginx/nginx.conf
echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf
echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf
echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf
echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf
echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf
echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf
echo ' ##' >> /etc/nginx/nginx.conf
echo '' >> /etc/nginx/nginx.conf
echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf
echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf
echo '}' >> /etc/nginx/nginx.conf
# install a script to easily enable and disable nginx virtual hosts
if [ ! -d $INSTALL_DIR ]; then
mkdir $INSTALL_DIR
fi
cd $INSTALL_DIR
git clone https://github.com/perusio/nginx_ensite
cd $INSTALL_DIR/nginx_ensite
cp nginx_* /usr/sbin
nginx_dissite default
echo 'install_web_server' >> $COMPLETION_FILE
}
function configure_php {
sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini
}
function install_mariadb {
if grep -Fxq "install_mariadb" $COMPLETION_FILE; then
return
fi
apt-get -y install python-software-properties debconf-utils
apt-get -y install software-properties-common
apt-get -y update
get_mariadb_password
if [ ! $MARIADB_PASSWORD ]; then
MARIADB_PASSWORD=$(openssl rand -base64 32)
echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
chmod 600 $DATABASE_PASSWORD_FILE
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'MariaDB / MySql' >> /home/$MY_USERNAME/README
echo '===============' >> /home/$MY_USERNAME/README
echo "Your MariaDB password is: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD"
debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD"
apt-get -y install mariadb-server
apt-get -y remove --purge apache*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo 'Removed Apache installation after MariaDB install'
fi
if [ ! -d /etc/mysql ]; then
echo "ERROR: mariadb-server does not appear to have installed. $CHECK_MESSAGE"
exit 54
fi
mysqladmin -u root password "$MARIADB_PASSWORD"
echo 'install_mariadb' >> $COMPLETION_FILE
}
function backup_databases_script_header {
if [ ! -f /usr/bin/backupdatabases ]; then
# daily
echo '#!/bin/sh' > /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo -n 'MYSQL_PASSWORD=$(cat ' >> /usr/bin/backupdatabases
echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/backupdatabases
echo 'umask 0077' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases
echo "if [ -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backupdatabases
echo ' exit 1' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
chmod 600 /usr/bin/backupdatabases
chmod +x /usr/bin/backupdatabases
echo '#!/bin/sh' > /etc/cron.daily/backupdatabasesdaily
echo '/usr/bin/backupdatabases' >> /etc/cron.daily/backupdatabasesdaily
chmod 600 /etc/cron.daily/backupdatabasesdaily
chmod +x /etc/cron.daily/backupdatabasesdaily
# weekly
echo '#!/bin/sh' > /etc/cron.weekly/backupdatabasesweekly
echo '' >> /etc/cron.weekly/backupdatabasesweekly
echo 'umask 0077' >> /etc/cron.weekly/backupdatabasesweekly
chmod 600 /etc/cron.weekly/backupdatabasesweekly
chmod +x /etc/cron.weekly/backupdatabasesweekly
# monthly
echo '#!/bin/sh' > /etc/cron.monthly/backupdatabasesmonthly
echo '' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'umask 0077' >> /etc/cron.monthly/backupdatabasesmonthly
chmod 600 /etc/cron.monthly/backupdatabasesmonthly
chmod +x /etc/cron.monthly/backupdatabasesmonthly
fi
}
function repair_databases_script {
if grep -Fxq "repair_databases_script" $COMPLETION_FILE; then
return
fi
if [ ! -f $DATABASE_PASSWORD_FILE ]; then
return
fi
echo '#!/bin/bash' > /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo 'DATABASE=$1' >> /usr/bin/repairdatabase
echo "EMAIL=$MY_EMAIL_ADDRESS" >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo -n 'MYSQL_ROOT_PASSWORD=$(cat ' >> /usr/bin/repairdatabase
echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/repairdatabase
echo 'TEMPFILE=/root/repairdatabase_$DATABASE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo 'umask 0077' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo '# check the database' >> /usr/bin/repairdatabase
echo 'mysqlcheck -c -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE > $TEMPFILE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo '# Attempt to repair the database if it contains errors' >> /usr/bin/repairdatabase
echo 'if grep -q "Error" "$TEMPFILE"; then' >> /usr/bin/repairdatabase
echo ' mysqlcheck -u root --password=$MYSQL_ROOT_PASSWORD --auto-repair $DATABASE' >> /usr/bin/repairdatabase
echo 'else' >> /usr/bin/repairdatabase
echo ' # No errors were found, so exit' >> /usr/bin/repairdatabase
echo ' rm -f $TEMPFILE' >> /usr/bin/repairdatabase
echo ' exit 0' >> /usr/bin/repairdatabase
echo 'fi' >> /usr/bin/repairdatabase
echo 'rm -f $TEMPFILE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo '# Check the database again' >> /usr/bin/repairdatabase
echo 'mysqlcheck -c -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE > $TEMPFILE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo '# If it still contains errors then restore from backup' >> /usr/bin/repairdatabase
echo 'if grep -q "Error" "$TEMPFILE"; then' >> /usr/bin/repairdatabase
echo ' mysql -u root --password=$MYSQL_ROOT_PASSWORD $DATABASE -o < /var/backups/${DATABASE}_daily.sql' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo ' # Send a warning email' >> /usr/bin/repairdatabase
echo ' echo "$DATABASE database corruption could not be repaired. Restored from backup." | mail -s "Freedombone database maintenance" $EMAIL' >> /usr/bin/repairdatabase
echo ' rm -f $TEMPFILE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo ' exit 1' >> /usr/bin/repairdatabase
echo 'fi' >> /usr/bin/repairdatabase
echo 'rm -f $TEMPFILE' >> /usr/bin/repairdatabase
echo '' >> /usr/bin/repairdatabase
echo 'exit 0' >> /usr/bin/repairdatabase
chmod 600 /usr/bin/repairdatabase
chmod +x /usr/bin/repairdatabase
echo '#!/bin/bash' > /etc/cron.hourly/repair
echo '' >> /etc/cron.hourly/repair
chmod 600 /etc/cron.hourly/repair
chmod +x /etc/cron.hourly/repair
echo 'repair_databases_script' >> $COMPLETION_FILE
}
function install_owncloud_music_app {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "install_owncloud_music_app" $COMPLETION_FILE; then
return
fi
if ! grep -Fxq "install_owncloud" $COMPLETION_FILE; then
echo 'Tried to install the Owncloud music app, but Owncloud installation was not found'
exit 9823
fi
cd /usr/share/owncloud/apps
git clone https://github.com/owncloud/music music
if grep -q "Music player in Owncloud" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Music player in Owncloud' >> /home/$MY_USERNAME/README
echo '========================' >> /home/$MY_USERNAME/README
echo 'To enable the music app within ouwncloud log in to the Owncloud' >> /home/$MY_USERNAME/README
echo 'administrator account then go to Apps on the left hand dropdown' >> /home/$MY_USERNAME/README
echo 'menu and enable the music app. You can then log out and log back' >> /home/$MY_USERNAME/README
echo 'in as your Owncloud user and select music from the left hand' >> /home/$MY_USERNAME/README
echo 'dropdown menu.' >> /home/$MY_USERNAME/README
fi
echo 'install_owncloud_music_app' >> $COMPLETION_FILE
}
function add_ddns_domain {
if [ ! $CURRENT_DDNS_DOMAIN ]; then
echo 'ddns domain not specified'
exit 5638
fi
if [ ! -f /etc/inadyn.conf ]; then
echo 'Unable to find inadyn configuration file /etc/inadyn.conf'
exit 5745
fi
if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then
echo '' >> /etc/inadyn.conf
echo "system $DDNS_PROVIDER" >> /etc/inadyn.conf
echo ' ssl' >> /etc/inadyn.conf
echo " checkip-url $GET_IP_ADDRESS_URL /" >> /etc/inadyn.conf
if [ $DDNS_USERNAME ]; then
echo " username $DDNS_USERNAME" >> /etc/inadyn.conf
fi
if [ $DDNS_PASSWORD ]; then
echo " password $DDNS_PASSWORD" >> /etc/inadyn.conf
fi
fi
if ! grep -q "$CURRENT_DDNS_DOMAIN" /etc/inadyn.conf; then
echo " alias $CURRENT_DDNS_DOMAIN" >> /etc/inadyn.conf
fi
chmod 600 /etc/inadyn.conf
service inadyn restart
systemctl daemon-reload
# clear the arguments
CURRENT_DDNS_DOMAIN=
}
function install_owncloud {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
OWNCLOUD_COMPLETION_MSG1=" *** Freedombone $SYSTEM_TYPE is now installed ***"
OWNCLOUD_COMPLETION_MSG2="Open $OWNCLOUD_DOMAIN_NAME in a web browser to complete the setup"
if grep -Fxq "install_owncloud" $COMPLETION_FILE; then
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
install_owncloud_music_app
create_backup_script
create_restore_script
backup_to_friends_servers
intrusion_detection
# unmount any attached usb drive
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
fi
echo ''
echo "$OWNCLOUD_COMPLETION_MSG1"
echo "$OWNCLOUD_COMPLETION_MSG2"
exit 0
fi
return
fi
# if this is exclusively a cloud setup
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
if [ ! $DEFAULT_DOMAIN_NAME ]; then
echo 'No default domain name when installing cloud variant'
exit 5380
fi
fi
if [ ! $OWNCLOUD_DOMAIN_NAME ]; then
echo 'No Owncloud domain name was specified'
exit 3095
fi
if [[ $SYSTEM_TYPE != "$VARIANT_CLOUD" ]]; then
if [[ $SYSTEM_TYPE != "$VARIANT_FULL" ]]; then
echo "Owncloud install did not recognise the system type $SYSTEM_TYPE"
exit 6746
fi
fi
apt-get -y install owncloud
apt-get -y remove --purge apache*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo 'Removed Apache installation after Owncloud install'
fi
install_mariadb
get_mariadb_password
get_mariadb_owncloud_admin_password
if [ ! $OWNCLOUD_ADMIN_PASSWORD ]; then
OWNCLOUD_ADMIN_PASSWORD=$(openssl rand -base64 32)
fi
if ! grep -q "Owncloud database user" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Owncloud' >> /home/$MY_USERNAME/README
echo '========' >> /home/$MY_USERNAME/README
echo 'Owncloud database user: owncloudadmin' >> /home/$MY_USERNAME/README
echo "Owncloud database password: $OWNCLOUD_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo 'Owncloud database name: owncloud' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'After creating an administrator account then create a user account via' >> /home/$MY_USERNAME/README
echo "the Users dropdown menu entry. The username should be '$MY_USERNAME'." >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'On mobile devices you can download the Owncloud client via F-Droid.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'To synchronise calendar entries with Android "install CalDAV Sync Adapter"' >> /home/$MY_USERNAME/README
echo 'using F-Droid then go to settings/accounts and add a CalDav account with' >> /home/$MY_USERNAME/README
echo "the URL https://$OWNCLOUD_DOMAIN_NAME/remote.php/caldav/principals/$MY_USERNAME" >> /home/$MY_USERNAME/README
echo 'and the username and password shown above.' >> /home/$MY_USERNAME/README
fi
echo "create database owncloud;
CREATE USER 'owncloudadmin'@'localhost' IDENTIFIED BY '$OWNCLOUD_ADMIN_PASSWORD';
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloudadmin'@'localhost';
quit" > $INSTALL_DIR/batch.sql
chmod 600 $INSTALL_DIR/batch.sql
mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
shred -zu $INSTALL_DIR/batch.sql
if [ ! -d /var/www/$OWNCLOUD_DOMAIN_NAME ]; then
mkdir /var/www/$OWNCLOUD_DOMAIN_NAME
fi
if [ -d /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
fi
ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
echo 'server {' > /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " error_log /var/log/nginx/$OWNCLOUD_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " error_log /var/log/nginx/$OWNCLOUD_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' fastcgi_param HTTPS on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo " # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
configure_php
if [ ! -f /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam ]; then
makecert $OWNCLOUD_DOMAIN_NAME
check_certificates $OWNCLOUD_DOMAIN_NAME
fi
# Ensure that the database gets backed up locally, if remote
# backups are not being used
backup_databases_script_header
echo '' >> /usr/bin/backupdatabases
echo '# Backup Owncloud database' >> /usr/bin/backupdatabases
echo 'TEMPFILE=/root/owncloud.sql' >> /usr/bin/backupdatabases
echo 'DAILYFILE=/var/backups/owncloud_daily.sql' >> /usr/bin/backupdatabases
echo 'mysqldump --password="$MYSQL_PASSWORD" owncloud > $TEMPFILE' >> /usr/bin/backupdatabases
echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases
echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
echo ' mysql -u root --password="$MYSQL_PASSWORD" owncloud -o < $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the Owncloud database. Attempted to restore from yesterdays backup" | mail -s "Owncloud backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' else' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the Owncloud database." | mail -s "Owncloud backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' fi' >> /usr/bin/backupdatabases
echo 'else' >> /usr/bin/backupdatabases
echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
nginx_ensite $OWNCLOUD_DOMAIN_NAME
service php5-fpm restart
service nginx restart
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$OWNCLOUD_DOMAIN_NAME
add_ddns_domain
echo 'install_owncloud' >> $COMPLETION_FILE
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
install_owncloud_music_app
create_backup_script
create_restore_script
backup_to_friends_servers
intrusion_detection
# unmount any attached usb drive
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
fi
echo ''
echo "$OWNCLOUD_COMPLETION_MSG1"
echo "$OWNCLOUD_COMPLETION_MSG2"
exit 0
fi
}
function install_gogs {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
return
fi
if grep -Fxq "install_gogs" $COMPLETION_FILE; then
return
fi
if [ ! $GIT_DOMAIN_NAME ]; then
return
fi
# http://gogs.io/docs/installation/install_from_source.md
# install Go
apt-get -y install golang
export GOPATH=/etc/gocode
if [ ! -d $GOPATH ]; then
mkdir -p $GOPATH
fi
go get -u github.com/gpmgo/gopm
# add a gogs user account
adduser --disabled-login --gecos 'Gogs' git
# clone the repo
mkdir -p $GOPATH/src/github.com/gogits
cd $GOPATH/src/github.com/gogits
git clone https://github.com/gogits/gogs.git
cd gogs
# install
go get ./...
go build
echo '#! /bin/sh' > /etc/init.d/gogs
echo '### BEGIN INIT INFO' >> /etc/init.d/gogs
echo '# Provides: gogs' >> /etc/init.d/gogs
echo '# Required-Start: $syslog $network' >> /etc/init.d/gogs
echo '# Required-Stop: $syslog' >> /etc/init.d/gogs
echo '# Default-Start: 2 3 4 5' >> /etc/init.d/gogs
echo '# Default-Stop: 0 1 6' >> /etc/init.d/gogs
echo '# Short-Description: A self-hosted Git service written in Go.' >> /etc/init.d/gogs
echo '# Description: A self-hosted Git service written in Go.' >> /etc/init.d/gogs
echo '### END INIT INFO' >> /etc/init.d/gogs
echo '# Author: Danny Boisvert' >> /etc/init.d/gogs
echo '' >> /etc/init.d/gogs
echo '# PATH should only include /usr/* if it runs after the mountnfs.sh script' >> /etc/init.d/gogs
echo 'PATH=/sbin:/usr/sbin:/bin:/usr/bin;' >> /etc/init.d/gogs
echo 'DESC="Go Git Service";' >> /etc/init.d/gogs
echo 'NAME=gogs' >> /etc/init.d/gogs
echo 'SERVICEVERBOSE=yes' >> /etc/init.d/gogs
echo 'PIDFILE=/var/run/$NAME.pid' >> /etc/init.d/gogs
echo 'SCRIPTNAME=/etc/init.d/$NAME' >> /etc/init.d/gogs
echo "WORKINGDIR=/etc/gocode/src/github.com/gogits" >> /etc/init.d/gogs
echo 'DAEMON=$WORKINGDIR/$NAME' >> /etc/init.d/gogs
echo 'DAEMON_ARGS="web"' >> /etc/init.d/gogs
echo 'USER=git' >> /etc/init.d/gogs
echo '' >> /etc/init.d/gogs
echo '# Read configuration variable file if it is present' >> /etc/init.d/gogs
echo '[ -r /etc/default/$NAME ] && . /etc/default/$NAME' >> /etc/init.d/gogs
echo '# Exit if the package is not installed' >> /etc/init.d/gogs
echo '[ -x "$DAEMON" ] || exit 0' >> /etc/init.d/gogs
echo '# Load the VERBOSE setting and other rcS variables' >> /etc/init.d/gogs
echo '. /lib/init/vars.sh' >> /etc/init.d/gogs
echo '# Define LSB log_* functions. Depend on lsb-base (>= 3.2-14) to ensure that this file is present and status_of_proc is working.' >> /etc/init.d/gogs
echo '. /lib/lsb/init-functions' >> /etc/init.d/gogs
echo '' >> /etc/init.d/gogs
echo '# Function that starts the daemon/service' >> /etc/init.d/gogs
echo 'do_start() {' >> /etc/init.d/gogs
echo 'sh -c "start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile --test --exec /bin/sh -- - $USER -c \"cd \\\"$WORKINGDIR\\\" && $DAEMON -- $DAEMON_ARGS\" > /dev/null || return 1"' >> /etc/init.d/gogs
echo 'sh -c "start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile --background --exec /bin/su -- - $USER -c \"cd \\\"$WORKINGDIR\\\" && $DAEMON -- $DAEMON_ARGS\" || return 2"' >> /etc/init.d/gogs
echo '}' >> /etc/init.d/gogs
echo '' >> /etc/init.d/gogs
echo '# Function that stops the daemon/service' >> /etc/init.d/gogs
echo 'do_stop() {' >> /etc/init.d/gogs
echo ' start-stop-daemon --stop --quiet --retry=TERM/1/KILL/5 --pidfile $PIDFILE --name $NAME' >> /etc/init.d/gogs
echo ' RETVAL="$?"' >> /etc/init.d/gogs
echo ' [ "$RETVAL" = 2 ] && return 2' >> /etc/init.d/gogs
echo ' start-stop-daemon --stop --quiet --oknodo --retry=0/1/KILL/5 --exec $DAEMON' >> /etc/init.d/gogs
echo ' [ "$?" = 2 ] && return 2' >> /etc/init.d/gogs
echo ' # Many daemons dont delete their pidfiles when they exit.' >> /etc/init.d/gogs
echo ' rm -f $PIDFILE' >> /etc/init.d/gogs
echo ' return "$RETVAL"' >> /etc/init.d/gogs
echo '}' >> /etc/init.d/gogs
echo '' >> /etc/init.d/gogs
echo 'case "$1" in' >> /etc/init.d/gogs
echo ' start)' >> /etc/init.d/gogs
echo ' [ "$SERVICEVERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"' >> /etc/init.d/gogs
echo ' do_start' >> /etc/init.d/gogs
echo ' case "$?" in' >> /etc/init.d/gogs
echo ' 0|1) [ "$SERVICEVERBOSE" != no ] && log_end_msg 0 ;;' >> /etc/init.d/gogs
echo ' 2) [ "$SERVICEVERBOSE" != no ] && log_end_msg 1 ;;' >> /etc/init.d/gogs
echo ' esac' >> /etc/init.d/gogs
echo ' ;;' >> /etc/init.d/gogs
echo ' stop)' >> /etc/init.d/gogs
echo ' [ "$SERVICEVERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"' >> /etc/init.d/gogs
echo ' do_stop' >> /etc/init.d/gogs
echo ' case "$?" in' >> /etc/init.d/gogs
echo ' 0|1) [ "$SERVICEVERBOSE" != no ] && log_end_msg 0 ;;' >> /etc/init.d/gogs
echo ' 2) [ "$SERVICEVERBOSE" != no ] && log_end_msg 1 ;;' >> /etc/init.d/gogs
echo ' esac' >> /etc/init.d/gogs
echo ' ;;' >> /etc/init.d/gogs
echo ' status)' >> /etc/init.d/gogs
echo ' status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?' >> /etc/init.d/gogs
echo ' ;;' >> /etc/init.d/gogs
echo ' restart|force-reload)' >> /etc/init.d/gogs
echo ' log_daemon_msg "Restarting $DESC" "$NAME"' >> /etc/init.d/gogs
echo ' do_stop' >> /etc/init.d/gogs
echo ' case "$?" in' >> /etc/init.d/gogs
echo ' 0|1)' >> /etc/init.d/gogs
echo ' do_start' >> /etc/init.d/gogs
echo ' case "$?" in' >> /etc/init.d/gogs
echo ' 0) log_end_msg 0 ;;' >> /etc/init.d/gogs
echo ' *) log_end_msg 1 ;;' >> /etc/init.d/gogs
echo ' esac' >> /etc/init.d/gogs
echo ' ;;' >> /etc/init.d/gogs
echo ' *)' >> /etc/init.d/gogs
echo ' # Failed to stop' >> /etc/init.d/gogs
echo ' log_end_msg 1' >> /etc/init.d/gogs
echo ' ;;' >> /etc/init.d/gogs
echo ' esac' >> /etc/init.d/gogs
echo ' ;;' >> /etc/init.d/gogs
echo ' *)' >> /etc/init.d/gogs
echo ' echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2' >> /etc/init.d/gogs
echo ' exit 3' >> /etc/init.d/gogs
echo ' ;;' >> /etc/init.d/gogs
echo 'esac' >> /etc/init.d/gogs
echo ':' >> /etc/init.d/gogs
chmod +x /etc/init.d/gogs
update-rc.d gogs defaults
service gogs start
systemctl daemon-reload
if [ ! -d /var/www/$GIT_DOMAIN_NAME ]; then
mkdir /var/www/$GIT_DOMAIN_NAME
fi
if [ -d /var/www/$GIT_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$GIT_DOMAIN_NAME/htdocs
fi
ln -s $GOPATH/src/github.com/gogits/gogs /var/www/$GIT_DOMAIN_NAME/htdocs
echo 'server {' > /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " error_log /var/log/nginx/$GIT_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " error_log /var/log/nginx/$GIT_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$GIT_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$GIT_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' log_not_found off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
configure_php
if [ ! -f /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam ]; then
makecert $GIT_DOMAIN_NAME
check_certificates $GIT_DOMAIN_NAME
fi
nginx_ensite $GIT_DOMAIN_NAME
service php5-fpm restart
service nginx restart
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$GIT_DOMAIN_NAME
add_ddns_domain
echo 'install_gogs' >> $COMPLETION_FILE
}
function install_xmpp {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
return
fi
apt-get -y install lua-sec
apt-get -y install prosody
if [ ! -d /etc/prosody ]; then
echo "ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
exit 52
fi
if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
makecert xmpp
check_certificates xmpp
fi
chown prosody:prosody /etc/ssl/private/xmpp.key
chown prosody:prosody /etc/ssl/certs/xmpp.*
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
fi
sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
fi
if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
service prosody restart
touch /home/$MY_USERNAME/README
if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
XMPP_PASSWORD=$(openssl rand -base64 8)
prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'XMPP' >> /home/$MY_USERNAME/README
echo '====' >> /home/$MY_USERNAME/README
echo "Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
echo 'You can change it with: ' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo 'install_xmpp' >> $COMPLETION_FILE
}
function install_watchdog_script {
if grep -Fxq "install_watchdog_script" $COMPLETION_FILE; then
return
fi
echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
# application specific stuff is added later
chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME
if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then
echo "*/1 * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab
fi
echo 'install_watchdog_script' >> $COMPLETION_FILE
}
function install_irc_server {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
return
fi
apt-get -y install ngircd
if [ ! -d /etc/ngircd ]; then
echo "ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
exit 53
fi
if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
makecert ngircd
check_certificates ngircd
fi
echo '**************************************************' > /etc/ngircd/motd
echo '* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd
echo '* *' >> /etc/ngircd/motd
echo '* Freedom in the Cloud *' >> /etc/ngircd/motd
echo '**************************************************' >> /etc/ngircd/motd
sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
sed -i "s/irc.example.net/$DEFAULT_DOMAIN_NAME/g" /etc/ngircd/ngircd.conf
sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULT_DOMAIN_NAME|g" /etc/ngircd/ngircd.conf
sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
sed -i 's/;Ports = 6697, 9999/Ports = 6697, 9999/g' /etc/ngircd/ngircd.conf
sed -i 's/;Name = #ngircd/Name = #freedombone/g' /etc/ngircd/ngircd.conf
sed -i 's/;Topic = Our ngircd testing channel/Topic = Freedombone chat channel/g' /etc/ngircd/ngircd.conf
sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
sed -i 's|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#freedombone.key|g' /etc/ngircd/ngircd.conf
sed -i 's/;CloakHost = cloaked.host/CloakHost = freedombone/g' /etc/ngircd/ngircd.conf
IRC_SALT=$(openssl rand -base64 32)
IRC_OPERATOR_PASSWORD=$(openssl rand -base64 8)
sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
service ngircd start
# keep the daemon running
echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' service ngircd start' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
if ! grep -q "IRC Server" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'IRC Server' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo 'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " /server add -auto -ssl $DEFAULT_DOMAIN_NAME 6697" >> /home/$MY_USERNAME/README
echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
echo ' /join #freedombone' >> /home/$MY_USERNAME/README
fi
echo 'install_irc_server' >> $COMPLETION_FILE
}
function get_wiki_admin_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Wiki password" /home/$MY_USERNAME/README; then
WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
}
function install_wiki {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "install_wiki" $COMPLETION_FILE; then
return
fi
if [ ! $WIKI_DOMAIN_NAME ]; then
return
fi
apt-get -y install dokuwiki
apt-get -y remove --purge apache*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo 'Removed Apache installation after Dokuwiki install'
fi
if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
mkdir /var/www/$WIKI_DOMAIN_NAME
fi
if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
fi
if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then
makecert $WIKI_DOMAIN_NAME
check_certificates $WIKI_DOMAIN_NAME
fi
ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
mkdir /var/lib/dokuwiki/custom
cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
chown www-data /var/lib/dokuwiki/custom
chown www-data /var/lib/dokuwiki/custom/local.php
chown -R www-data /etc/dokuwiki
chown -R www-data /usr/share/dokuwiki/lib/
chmod 600 /var/lib/dokuwiki/custom/local.php
chmod -R 755 /usr/share/dokuwiki/lib
sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
# set the admin user
sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
# disallow registration of new users
if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
fi
if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
fi
if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
fi
if ! grep -q "authtype" /etc/dokuwiki/local.php; then
echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
fi
get_wiki_admin_password
if [ ! $WIKI_ADMIN_PASSWORD ]; then
WIKI_ADMIN_PASSWORD=$(openssl rand -base64 16)
fi
HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
chmod 640 /var/lib/dokuwiki/acl/users.auth.php
if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf
fi
if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf
fi
if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
echo 'webm video/webm' >> /etc/dokuwiki/mime.conf
fi
echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/$WIKI_DOMAIN_NAME_error.log;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/$WIKI_DOMAIN_NAME_error_ssl.log;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$WIKI_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$WIKI_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
configure_php
nginx_ensite $WIKI_DOMAIN_NAME
service php5-fpm restart
service nginx restart
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$WIKI_DOMAIN_NAME
add_ddns_domain
# add some post-install instructions
if ! grep -q "Wiki password" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Wiki' >> /home/$MY_USERNAME/README
echo '====' >> /home/$MY_USERNAME/README
echo "Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
echo "Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo 'install_wiki' >> $COMPLETION_FILE
}
function get_blog_admin_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Your blog password is" /home/$MY_USERNAME/README; then
FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
}
function install_blog {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "install_blog" $COMPLETION_FILE; then
return
fi
if [ ! $FULLBLOG_DOMAIN_NAME ]; then
echo 'The blog domain name was not specified'
exit 5062
fi
if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
mkdir /var/www/$FULLBLOG_DOMAIN_NAME
fi
cd /var/www/$FULLBLOG_DOMAIN_NAME
git clone https://github.com/danpros/htmly htdocs
chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then
makecert $FULLBLOG_DOMAIN_NAME
check_certificates $FULLBLOG_DOMAIN_NAME
fi
echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " error_log /var/log/nginx/$FULLBLOG_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " error_log /var/log/nginx/$FULLBLOG_DOMAIN_NAME_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
configure_php
# blog settings
cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|site.url.*|site.url = 'https://$FULLBLOG_DOMAIN_NAME'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
# create a user password
get_blog_admin_password
if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then
FULLBLOG_ADMIN_PASSWORD=$(openssl rand -base64 16)
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'HTMLy Blog' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo "Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README
echo "Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo "Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
echo 'Edit your blog title and time zone at:' >> /home/$MY_USERNAME/README
echo " /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
# create a user
cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/username.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
HASHED_BLOG_PASSWORD="$(echo -n $FULLBLOG_ADMIN_PASSWORD | sha256sum | awk -F ' ' '{print $1}')"
sed -i "s|yourpassword|$HASHED_BLOG_PASSWORD|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
sed -i 's/encryption = clear/encryption = "sha256"/g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
nginx_ensite $FULLBLOG_DOMAIN_NAME
service php5-fpm restart
service nginx restart
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$FULLBLOG_DOMAIN_NAME
add_ddns_domain
echo 'install_blog' >> $COMPLETION_FILE
}
function install_gnu_social {
if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if [ ! $MICROBLOG_DOMAIN_NAME ]; then
echo 'No domain name was given for the microblog'
exit 7359
fi
install_mariadb
get_mariadb_password
repair_databases_script
apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then
mkdir /var/www/$MICROBLOG_DOMAIN_NAME
fi
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
mkdir /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
fi
cd $INSTALL_DIR
git clone $MICROBLOG_REPO gnusocial
rm -rf /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
mv gnusocial /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/avatar
chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/background
chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/file
chmod +x /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php
get_mariadb_gnusocial_admin_password
if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then
MICROBLOG_ADMIN_PASSWORD=$(openssl rand -base64 32)
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'GNU Social' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo "Your MariaDB gnusocial admin password is: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo "create database gnusocial;
CREATE USER 'gnusocialadmin'@'localhost' IDENTIFIED BY '$MICROBLOG_ADMIN_PASSWORD';
GRANT ALL PRIVILEGES ON gnusocial.* TO 'gnusocialadmin'@'localhost';
quit" > $INSTALL_DIR/batch.sql
chmod 600 $INSTALL_DIR/batch.sql
mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
shred -zu $INSTALL_DIR/batch.sql
if [ ! -f "/etc/aliases" ]; then
touch /etc/aliases
fi
if grep -q "www-data: root" /etc/aliases; then
echo 'www-data: root' >> /etc/aliases
fi
if grep -q "/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" /etc/aliases; then
echo "*: /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" >> /etc/aliases
fi
newaliases
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$MICROBLOG_DOMAIN_NAME
add_ddns_domain
echo 'server {' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " error_log /var/log/nginx/$MICROBLOG_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' index index.php index.html index.htm;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' location ~* ^/(.*)\.(ico|css|js|gif|png|jpg|bmp|JPG|jpeg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*)$ /$1 break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' expires max;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo " error_log /var/log/nginx/$MICROBLOG_DOMAIN_NAME_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
configure_php
if [ ! -f /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam ]; then
makecert $MICROBLOG_DOMAIN_NAME
check_certificates $MICROBLOG_DOMAIN_NAME
fi
# Ensure that the database gets backed up locally, if remote
# backups are not being used
backup_databases_script_header
echo '' >> /usr/bin/backupdatabases
echo '# Backup the GNU Social database' >> /usr/bin/backupdatabases
echo 'TEMPFILE=/root/gnusocial.sql' >> /usr/bin/backupdatabases
echo 'DAILYFILE=/var/backups/gnusocial_daily.sql' >> /usr/bin/backupdatabases
echo 'mysqldump --password="$MYSQL_PASSWORD" gnusocial > $TEMPFILE' >> /usr/bin/backupdatabases
echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases
echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
echo ' mysql -u root --password="$MYSQL_PASSWORD" gnusocial -o < $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the GNU Social database. Attempted to restore from yesterdays backup" | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' else' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the GNU Social database." | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' fi' >> /usr/bin/backupdatabases
echo 'else' >> /usr/bin/backupdatabases
echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
echo '' >> /etc/cron.weekly/backupdatabasesweekly
echo '# GNU Social' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/gnusocial_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/gnusocial_daily.sql /var/backups/gnusocial_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
echo '' >> /etc/cron.monthly/backupdatabasesmonthly
echo '# GNU Social' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/gnusocial_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/gnusocial_monthly.sql /var/backups/gnusocial_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
echo '/usr/bin/repairdatabase gnusocial' >> /etc/cron.hourly/repair
nginx_ensite $MICROBLOG_DOMAIN_NAME
service php5-fpm restart
service nginx restart
# some post-install instructions for the user
if ! grep -q "To set up your microblog" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Microblog' >> /home/$MY_USERNAME/README
echo '=========' >> /home/$MY_USERNAME/README
echo "To set up your microblog go to" >> /home/$MY_USERNAME/README
echo "https://$MICROBLOG_DOMAIN_NAME/install.php" >> /home/$MY_USERNAME/README
echo 'and enter the following settings:' >> /home/$MY_USERNAME/README
echo ' - Set a name for the site' >> /home/$MY_USERNAME/README
echo ' - Server SSL: enable' >> /home/$MY_USERNAME/README
echo ' - Hostname: localhost' >> /home/$MY_USERNAME/README
echo ' - Type: MySql/MariaDB' >> /home/$MY_USERNAME/README
echo ' - Name: gnusocial' >> /home/$MY_USERNAME/README
echo ' - DB username: root' >> /home/$MY_USERNAME/README
echo " - DB Password; $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README
echo " - Administrator nickname: $MY_USERNAME" >> /home/$MY_USERNAME/README
echo " - Administrator password: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo ' - Subscribe to announcements: ticked' >> /home/$MY_USERNAME/README
echo ' - Site profile: Community' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'When the install is complete you will see a lot of warnings' >> /home/$MY_USERNAME/README
echo 'but just ignore those and navigate to ' >> /home/$MY_USERNAME/README
echo "https://$MICROBLOG_DOMAIN_NAME and you can then " >> /home/$MY_USERNAME/README
echo 'complete the configuration via the *Admin* section on the header' >> /home/$MY_USERNAME/README
echo 'bar. Some recommended admin settings are:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Under the *Site* settings:' >> /home/$MY_USERNAME/README
echo ' Text limit: 140' >> /home/$MY_USERNAME/README
echo ' Dupe Limit: 60000' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Under the *User* settings:' >> /home/$MY_USERNAME/README
echo ' Bio limit: 1000' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Under the *Access* settings:' >> /home/$MY_USERNAME/README
echo ' /Invite only/ ticked' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo 'install_gnu_social' >> $COMPLETION_FILE
}
function install_redmatrix {
if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if [ ! $REDMATRIX_DOMAIN_NAME ]; then
return
fi
install_mariadb
get_mariadb_password
repair_databases_script
apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME ]; then
mkdir /var/www/$REDMATRIX_DOMAIN_NAME
fi
if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs ]; then
mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs
fi
if [ ! -f /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/index.php ]; then
cd $INSTALL_DIR
git clone $REDMATRIX_REPO redmatrix
rm -rf /var/www/$REDMATRIX_DOMAIN_NAME/htdocs
mv redmatrix /var/www/$REDMATRIX_DOMAIN_NAME/htdocs
chown -R www-data:www-data /var/www/$REDMATRIX_DOMAIN_NAME/htdocs
git clone $REDMATRIX_ADDONS_REPO /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/addon
# some extra themes
git clone https://github.com/DeadSuperHero/redmatrix-themes /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/redmatrix-themes1
cp -r /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/redmatrix-themes1/* view/theme/
fi
get_mariadb_redmatrix_admin_password
if [ ! $REDMATRIX_ADMIN_PASSWORD ]; then
REDMATRIX_ADMIN_PASSWORD=$(openssl rand -base64 32)
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Red Matrix' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo "Your MariaDB Red Matrix admin password is: $REDMATRIX_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo "create database redmatrix;
CREATE USER 'redmatrixadmin'@'localhost' IDENTIFIED BY '$REDMATRIX_ADMIN_PASSWORD';
GRANT ALL PRIVILEGES ON redmatrix.* TO 'redmatrixadmin'@'localhost';
quit" > $INSTALL_DIR/batch.sql
chmod 600 $INSTALL_DIR/batch.sql
mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
shred -zu $INSTALL_DIR/batch.sql
if ! grep -q "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs" /etc/crontab; then
echo "12,22,32,42,52 * * * * root cd /var/www/$REDMATRIX_DOMAIN_NAME/htdocs; /usr/bin/timeout 240 /usr/bin/php include/poller.php" >> /etc/crontab
fi
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$REDMATRIX_DOMAIN_NAME
add_ddns_domain
echo 'server {' > /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " server_name $REDMATRIX_DOMAIN_NAME;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " root /var/www/$REDMATRIX_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " error_log /var/log/nginx/$REDMATRIX_DOMAIN_NAME_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " root /var/www/$REDMATRIX_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " server_name $REDMATRIX_DOMAIN_NAME;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " error_log /var/log/nginx/$REDMATRIX_DOMAIN_NAME_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' ssl on;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " ssl_certificate /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " ssl_certificate_key /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " ssl_dhparam /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
configure_php
if [ ! -f /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.dhparam ]; then
makecert $REDMATRIX_DOMAIN_NAME
check_certificates $REDMATRIX_DOMAIN_NAME
fi
if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3 ]; then
mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3
fi
if [ ! -d "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store" ]; then
mkdir "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store"
fi
if [ ! -d "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]" ]; then
mkdir "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]"
fi
if [ ! -d "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3" ]; then
mkdir "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3"
chmod 777 "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3"
fi
chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl
chown -R www-data:www-data "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store"
chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3
# Ensure that the database gets backed up locally, if remote
# backups are not being used
backup_databases_script_header
echo '' >> /usr/bin/backupdatabases
echo '# Backup the Red Matrix database' >> /usr/bin/backupdatabases
echo 'TEMPFILE=/root/redmatrix.sql' >> /usr/bin/backupdatabases
echo 'DAILYFILE=/var/backups/redmatrix_daily.sql' >> /usr/bin/backupdatabases
echo 'mysqldump --password="$MYSQL_PASSWORD" redmatrix > $TEMPFILE' >> /usr/bin/backupdatabases
echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases
echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
echo ' mysql -u root --password="$MYSQL_PASSWORD" redmatrix -o < $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the Red Matrix database. Attempted to restore from yesterdays backup" | mail -s "Red Matrix backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' else' >> /usr/bin/backupdatabases
echo ' # Send a warning email' >> /usr/bin/backupdatabases
echo ' echo "Unable to create a backup of the Red Matrix database." | mail -s "Red Matrix backup" $EMAIL' >> /usr/bin/backupdatabases
echo ' fi' >> /usr/bin/backupdatabases
echo 'else' >> /usr/bin/backupdatabases
echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
echo '' >> /usr/bin/backupdatabases
echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
echo 'fi' >> /usr/bin/backupdatabases
echo '' >> /etc/cron.weekly/backupdatabasesweekly
echo '# Red Matrix' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/redmatrix_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/redmatrix_weekly.sql /var/backups/redmatrix_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
echo 'if [ -f /var/backups/redmatrix_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
echo ' cp -f /var/backups/redmatrix_daily.sql /var/backups/redmatrix_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
echo '' >> /etc/cron.monthly/backupdatabasesmonthly
echo '# Red Matrix' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/redmatrix_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/redmatrix_monthly.sql /var/backups/redmatrix_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'if [ -f /var/backups/redmatrix_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
echo ' cp -f /var/backups/redmatrix_weekly.sql /var/backups/redmatrix_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
echo '/usr/bin/repairdatabase redmatrix' >> /etc/cron.hourly/repair
nginx_ensite $REDMATRIX_DOMAIN_NAME
service php5-fpm restart
service nginx restart
service cron restart
# some post-install instructions for the user
if ! grep -q "To set up your Red Matrix" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo "To set up your Red Matrix site go to" >> /home/$MY_USERNAME/README
echo "https://$REDMATRIX_DOMAIN_NAME" >> /home/$MY_USERNAME/README
echo 'You will need to have a non self-signed SSL certificate in order' >> /home/$MY_USERNAME/README
echo "to use Red Matrix. Put the public certificate in /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt" >> /home/$MY_USERNAME/README
echo "and the private certificate in /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key." >> /home/$MY_USERNAME/README
echo 'If there is an intermediate certificate needed (such as with StartSSL) then' >> /home/$MY_USERNAME/README
echo 'this will need to be concatenated onto the end of the crt file, like this:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo " cat /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.bundle.crt" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo "Then change ssl_certificate to /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.bundle.crt" >> /home/$MY_USERNAME/README
echo "within /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo 'install_redmatrix' >> $COMPLETION_FILE
}
function script_for_attaching_usb_drive {
if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
return
fi
echo '#!/bin/bash' > /usr/bin/attach-music
echo 'remove-music' >> /usr/bin/attach-music
echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music
echo 'fi' >> /usr/bin/attach-music
echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
echo 'service minidlna restart' >> /usr/bin/attach-music
echo 'minidlnad -R' >> /usr/bin/attach-music
chmod +x /usr/bin/attach-music
ln -s /usr/bin/attach-music /usr/bin/attach-usb
ln -s /usr/bin/attach-music /usr/bin/attach-videos
ln -s /usr/bin/attach-music /usr/bin/attach-pictures
ln -s /usr/bin/attach-music /usr/bin/attach-media
echo '#!/bin/bash' > /usr/bin/remove-music
echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
echo " umount $USB_MOUNT" >> /usr/bin/remove-music
echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music
echo 'fi' >> /usr/bin/remove-music
chmod +x /usr/bin/remove-music
ln -s /usr/bin/remove-music /usr/bin/detach-music
ln -s /usr/bin/remove-music /usr/bin/detach-usb
ln -s /usr/bin/remove-music /usr/bin/remove-usb
ln -s /usr/bin/remove-music /usr/bin/detach-media
ln -s /usr/bin/remove-music /usr/bin/remove-media
ln -s /usr/bin/remove-music /usr/bin/detach-videos
ln -s /usr/bin/remove-music /usr/bin/remove-videos
ln -s /usr/bin/remove-music /usr/bin/detach-pictures
ln -s /usr/bin/remove-music /usr/bin/remove-pictures
echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
}
function install_dlna_server {
if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
return
fi
apt-get -y install minidlna
if [ ! -f /etc/minidlna.conf ]; then
echo "ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
exit 55
fi
sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
fi
if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
fi
if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
fi
if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
fi
if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
fi
sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
sed -i 's/#friendly_name=/friendly_name="Freedombone Media"/g' /etc/minidlna.conf
sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
service minidlna force-reload
service minidlna reload
sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
if ! grep -q "max_user_watches" $COMPLETION_FILE; then
echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
fi
/sbin/sysctl -p
echo 'install_dlna_server' >> $COMPLETION_FILE
}
function install_mediagoblin {
# These instructions don't work and need fixing
return
if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
return
fi
if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
return
fi
apt-get -y install git-core python python-dev python-lxml python-imaging python-virtualenv
apt-get -y install python-gst-1.0 libjpeg8-dev sqlite3 libapache2-mod-fcgid gstreamer1.0-plugins-base gstreamer1.0-plugins-bad gstreamer1.0-plugins-good gstreamer1.0-plugins-ugly gstreamer1.0-libav python-numpy python-scipy libsndfile1-dev
apt-get -y install postgresql postgresql-client python-psycopg2 python-pip autotools-dev automake
sudo -u postgres createuser -A -D mediagoblin
sudo -u postgres createdb -E UNICODE -O mediagoblin mediagoblin
adduser --system mediagoblin
MEDIAGOBLIN_DOMAIN_ROOT="/srv/$MEDIAGOBLIN_DOMAIN_NAME"
MEDIAGOBLIN_PATH="$MEDIAGOBLIN_DOMAIN_ROOT/mediagoblin"
MEDIAGOBLIN_PATH_BIN="$MEDIAGOBLIN_PATH/mediagoblin/bin"
if [ ! -d $MEDIAGOBLIN_DOMAIN_ROOT ]; then
mkdir -p $MEDIAGOBLIN_DOMAIN_ROOT
fi
cd $MEDIAGOBLIN_DOMAIN_ROOT
chown -hR mediagoblin: $MEDIAGOBLIN_DOMAIN_ROOT
su -c "cd $MEDIAGOBLIN_DOMAIN_ROOT; git clone git://gitorious.org/mediagoblin/mediagoblin.git" - mediagoblin
su -c "cd $MEDIAGOBLIN_PATH; git submodule init" - mediagoblin
su -c "cd $MEDIAGOBLIN_PATH; git submodule update" - mediagoblin
#su -c 'cd $MEDIAGOBLIN_PATH; ./experimental-bootstrap.sh' - mediagoblin
#su -c 'cd $MEDIAGOBLIN_PATH; ./configure' - mediagoblin
#su -c 'cd $MEDIAGOBLIN_PATH; make' - mediagoblin
su -c "cd $MEDIAGOBLIN_PATH; virtualenv --system-site-packages ." - mediagoblin
su -c "cd $MEDIAGOBLIN_PATH_BIN; python setup.py develop" - mediagoblin
su -c "cp $MEDIAGOBLIN_PATH/mediagoblin.ini $MEDIAGOBLIN_PATH/mediagoblin_local.ini" - mediagoblin
su -c "cp $MEDIAGOBLIN_PATH/paste.ini $MEDIAGOBLIN_PATH/paste_local.ini" - mediagoblin
# update the dynamic DNS
CURRENT_DDNS_DOMAIN=$MEDIAGOBLIN_DOMAIN_NAME
add_ddns_domain
# see https://wiki.mediagoblin.org/Deployment / uwsgi with configs
apt-get -y install uwsgi uwsgi-plugin-python nginx-full supervisor
echo 'server {' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' default_type application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' # Gzip' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' gzip_types text/plain text/html application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' error_log /var/log/nginx/mg.error.log error;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' #include global/common.conf;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' client_max_body_size 100m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " root $MEDIAGOBLIN_PATH/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " alias $MEDIAGOBLIN_PATH/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo " alias $MEDIAGOBL_PATH/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' uwsgi_pass unix:///tmp/mg.uwsgi.sock;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' uwsgi_param SCRIPT_NAME "/";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' include uwsgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
echo 'uwsgi:' > /etc/uwsgi/apps-available/mg.yaml
echo ' uid: mediagoblin' >> /etc/uwsgi/apps-available/mg.yaml
echo ' gid: mediagoblin' >> /etc/uwsgi/apps-available/mg.yaml
echo ' socket: /tmp/mg.uwsgi.sock' >> /etc/uwsgi/apps-available/mg.yaml
echo ' chown-socket: www-data:www-data' >> /etc/uwsgi/apps-available/mg.yaml
echo ' plugins: python' >> /etc/uwsgi/apps-available/mg.yaml
echo " home: $MEDIAGOBLIN_PATH/" >> /etc/uwsgi/apps-available/mg.yaml
echo " chdir: $MEDIAGOBLIN_PATH/" >> /etc/uwsgi/apps-available/mg.yaml
echo " ini-paste: $MEDIAGOBLIN_PATH/paste_local.ini" >> /etc/uwsgi/apps-available/mg.yaml
echo '[program:celery]' > /etc/supervisor/conf.d/mediagoblin.conf
echo "command=$MEDIAGOBLIN_PATH_BIN/celery worker -l debug" >> /etc/supervisor/conf.d/mediagoblin.conf
echo '' >> /etc/supervisor/conf.d/mediagoblin.conf
echo '; Set PYTHONPATH to the directory containing celeryconfig.py' >> /etc/supervisor/conf.d/mediagoblin.conf
echo "environment=PYTHONPATH='$MEDIAGOBLIN_PATH',MEDIAGOBLIN_CONFIG='$MEDIAGOBLIN_PATH/mediagoblin_local.ini',CELERY_CONFIG_MODULE='mediagoblin.init.celery.from_celery'" >> /etc/supervisor/conf.d/mediagoblin.conf
echo '' >> /etc/supervisor/conf.d/mediagoblin.conf
echo "directory=$MEDIAGOBLIN_PATH/" >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'user=mediagoblin' >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'numprocs=1' >> /etc/supervisor/conf.d/mediagoblin.conf
echo '; uncomment below to enable logs saving' >> /etc/supervisor/conf.d/mediagoblin.conf
echo ";stdout_logfile=/var/log/nginx/celeryd_stdout.log" >> /etc/supervisor/conf.d/mediagoblin.conf
echo ";stderr_logfile=/var/log/nginx/celeryd_stderr.log" >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'autostart=true' >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'autorestart=false' >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'startsecs=10' >> /etc/supervisor/conf.d/mediagoblin.conf
echo '' >> /etc/supervisor/conf.d/mediagoblin.conf
echo '; Need to wait for currently executing tasks to finish at shutdown.' >> /etc/supervisor/conf.d/mediagoblin.conf
echo '; Increase this if you have very long running tasks.' >> /etc/supervisor/conf.d/mediagoblin.conf
echo 'stopwaitsecs = 600' >> /etc/supervisor/conf.d/mediagoblin.conf
ln -s /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME /etc/nginx/sites-enabled/
ln -s /etc/uwsgi/apps-available/mg.yaml /etc/uwsgi/apps-enabled/
# change settings
sed -i "s/notice@mediagoblin.example.org/$MY_EMAIL_ADDRESS/g" $MEDIAGOBLIN_PATH/mediagoblin_local.ini
sed -i 's/email_debug_mode = true/email_debug_mode = false/g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
sed -i 's|# sql_engine = postgresql:///mediagoblin|sql_engine = postgresql:///mediagoblin|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
# add extra media types
if grep -q "media_types.audio" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
echo '[[mediagoblin.media_types.audio]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
fi
if grep -q "media_types.video" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
echo '[[mediagoblin.media_types.video]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
fi
if grep -q "media_types.stl" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
echo '[[mediagoblin.media_types.stl]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
fi
su -c "cd $MEDIAGOBLIN_PATH_BIN; pip install scikits.audiolab" - mediagoblin
su -c "cd $MEDIAGOBLIN_PATH_BIN; gmg dbupdate" - mediagoblin
# systemd init scripts
echo '[Unit]' > /etc/systemd/system/gmg.service
echo 'Description=Mediagoblin' >> /etc/systemd/system/gmg.service
echo '' >> /etc/systemd/system/gmg.service
echo '[Service]' >> /etc/systemd/system/gmg.service
echo 'Type=forking' >> /etc/systemd/system/gmg.service
echo 'User=mediagoblin' >> /etc/systemd/system/gmg.service
echo 'Group=mediagoblin' >> /etc/systemd/system/gmg.service
echo '#Environment=CELERY_ALWAYS_EAGER=true' >> /etc/systemd/system/gmg.service
echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/gmg.service
echo "WorkingDirectory=$MEDIAGOBLIN_PATH" >> /etc/systemd/system/gmg.service
echo "ExecStart=$MEDIAGOBLIN_PATH_BIN/paster serve $MEDIAGOBLIN_PATH/paste_local.ini --pid-file=/var/run/mediagoblin/paster.pid --log-file=/var/log/nginx/mediagoblin_paster.log --daemon --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543" >> /etc/systemd/system/gmg.service
echo "ExecStop=$MEDIAGOBLIN_PATH_BIN/paster serve --pid-file=/var/run/mediagoblin/paster.pid $MEDIAGOBLIN_PATH/paste_local.ini stop" >> /etc/systemd/system/gmg.service
echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/gmg.service
echo '' >> /etc/systemd/system/gmg.service
echo '[Install]' >> /etc/systemd/system/gmg.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gmg.service
echo '[Unit]' > /etc/systemd/system/gmg-celeryd.service
echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/gmg-celeryd.service
echo '' >> /etc/systemd/system/gmg-celeryd.service
echo '[Service]' >> /etc/systemd/system/gmg-celeryd.service
echo 'User=mediagoblin' >> /etc/systemd/system/gmg-celeryd.service
echo 'Group=mediagoblin' >> /etc/systemd/system/gmg-celeryd.service
echo 'Type=simple' >> /etc/systemd/system/gmg-celeryd.service
echo "WorkingDirectory=$MEDIAGOBLIN_PATH" >> /etc/systemd/system/gmg-celeryd.service
echo "Environment='MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_PATH/mediagoblin_local.ini' CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery" >> /etc/systemd/system/gmg-celeryd.service
echo "ExecStart=$MEDIAGOBLIN_PATH_BIN/celeryd" >> /etc/systemd/system/gmg-celeryd.service
echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/gmg-celeryd.service
echo '' >> /etc/systemd/system/gmg-celeryd.service
echo '[Install]' >> /etc/systemd/system/gmg-celeryd.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gmg-celeryd.service
systemctl start gmg.service
systemctl start gmg-celeryd.service
echo 'install_mediagoblin' >> $COMPLETION_FILE
}
function create_upgrade_script {
if grep -Fxq "create_upgrade_script" $COMPLETION_FILE; then
return
fi
echo '#!/bin/bash' > /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'apt-get -y update' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'apt-get -y upgrade' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then
echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo '# Red Matrix' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo "cd /var/www/$REDMATRIX_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo "cd /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/addon" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo "chown -R www-data:www-data /var/www/$REDMATRIX_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
fi
if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo '# GNU Social' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo "cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo "chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
fi
if grep -Fxq "install_blog" $COMPLETION_FILE; then
echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo '# Blog' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo "cd /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo "chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
fi
if grep -Fxq "install_owncloud_music_app" $COMPLETION_FILE; then
echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo '# Owncloud music app' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo "cd /usr/share/owncloud/apps/music" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
fi
if grep -Fxq "install_cjdns" $COMPLETION_FILE; then
echo '' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo '# cjdns' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo "cd /etc/cjdns" >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git stash drop' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'git pull' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
fi
echo 'exit 0' >> /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
chmod +x /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
echo 'create_upgrade_script' >> $COMPLETION_FILE
}
function intrusion_detection {
if grep -Fxq "intrusion_detection" $COMPLETION_FILE; then
return
fi
apt-get -y install tripwire
apt-get -y autoremove
cd /etc/tripwire
cp site.key $DEFAULT_DOMAIN_NAME-site.key
echo ''
echo ''
echo '*** Installing intrusion detection. Press Enter when asked for the local and site passphrases. ***'
echo ''
echo ''
tripwire --init
# make a script for easy resetting of the tripwire
echo '#!/bin/sh' > /usr/bin/reset-tripwire
echo 'tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt' >> /usr/bin/reset-tripwire
chmod +x /usr/bin/reset-tripwire
reset-tripwire
sed -i 's/SYSLOGREPORTING.*/SYSLOGREPORTING =false/g' /etc/tripwire/twcfg.txt
sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt
sed -i 's|/etc/rc.boot.*||g' /etc/tripwire/twpol.txt
# Don't show any changes to /proc
sed -i 's|/proc.*||g' /etc/tripwire/twpol.txt
# Don't report log changes
sed -i 's|/var/log.*||g' /etc/tripwire/twpol.txt
# Ignore /etc/tripwire
if ! grep -q "!/etc/tripwire" /etc/tripwire/twpol.txt; then
sed -i '\|/etc\t\t->.*|a\ !/etc/tripwire;' /etc/tripwire/twpol.txt
fi
# Avoid logging the changed database
sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
reset-tripwire
echo 'intrusion_detection' >> $COMPLETION_FILE
}
# see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
# Local Redirection and Anonymizing Middlebox
function route_outgoing_traffic_through_tor {
if grep -Fxq "route_outgoing_traffic_through_tor" $COMPLETION_FILE; then
return
fi
if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
return
fi
apt-get -y install tor tor-arm
### set variables
# Destinations you don't want routed through Tor
_non_tor="192.168.1.0/24 192.168.0.0/24"
# The user that Tor runs as
_tor_uid="debian-tor"
# Tor's TransPort
_trans_port="9040"
# Your internal interface
_int_if="eth0"
### Set iptables *nat
iptables -t nat -A OUTPUT -o lo -j RETURN
iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
# Allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor; do
iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN
done
# Redirect all other pre-routing and output to Tor
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port
### set iptables *filter
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor 127.0.0.0/8; do
iptables -A OUTPUT -d $_clearnet -j ACCEPT
done
# Allow only Tor output
iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
iptables -A OUTPUT -j REJECT
save_firewall_settings
if ! grep -q "fs.file-max" /etc/sysctl.conf; then
echo "fs.file-max=100000" >> /etc/sysctl.conf
/sbin/sysctl -p
fi
echo 'domain localdomain' > /etc/resolv.conf
echo 'search localdomain' >> /etc/resolv.conf
echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
if ! grep -q "VirtualAddrNetworkIPv4" /etc/tor/torrc; then
echo 'VirtualAddrNetworkIPv4 10.192.0.0/10' >> /etc/tor/torrc
fi
if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
fi
if ! grep -q "TransPort" /etc/tor/torrc; then
echo 'TransPort 9040' >> /etc/tor/torrc
fi
if ! grep -q "TransListenAddress 127.0.0.1" /etc/tor/torrc; then
echo 'TransListenAddress 127.0.0.1' >> /etc/tor/torrc
fi
if ! grep -q "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
echo "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
fi
if ! grep -q "DNSPort" /etc/tor/torrc; then
echo 'DNSPort 53' >> /etc/tor/torrc
fi
if ! grep -q "DNSListenAddress 127.0.0.1" /etc/tor/torrc; then
echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
fi
if ! grep -q "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
fi
echo 'route_outgoing_traffic_through_tor' >> $COMPLETION_FILE
}
# A command to create a git repository for a project
function create_git_project {
if grep -Fxq "create_git_project" $COMPLETION_FILE; then
return
fi
apt-get -y install git
echo '#!/bin/bash' > /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'GIT_PROJECT_NAME=$1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'if [ ! $GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo ' echo "Please specify a project name, without any spaces"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo ' exit 1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'if [ ! -d /home/$USER/projects/$GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo ' mkdir -p /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'cd /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'git init --bare' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo -n 'echo "Your project has been created, ' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'use the following command to clone the repository"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo -n " git clone ssh://$MY_USERNAME@$DEFAULT_DOMAIN_NAME:$SSH_PORT" >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '/home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND
echo 'create_git_project' >> $COMPLETION_FILE
}
# Create daily backups of any projects on Github
# Then if Github goes away, turns evil, is censored or has
# outages then you still have access to your projects
function backup_github_projects {
if grep -Fxq "backup_github_projects" $COMPLETION_FILE; then
return
fi
if [ ! $GITHUB_USERNAME ]; then
return 731
fi
if [ ! $GITHUB_BACKUP_DIRECTORY ]; then
return 732
fi
apt-get -y install git
# create a github backups directory if needed
if [ ! -d $GITHUB_BACKUP_DIRECTORY ]; then
mkdir -p $GITHUB_BACKUP_DIRECTORY
fi
# get the backup utility
cd $INSTALL_DIR
git clone https://github.com/josegonzalez/python-github-backup
# install it
cd $INSTALL_DIR/python-github-backup
python setup.py install
# add a daily cron entry
echo '#!/bin/bash' > /etc/cron.daily/github
echo "github-backup $GITHUB_USERNAME -o $GITHUB_BACKUP_DIRECTORY --repositories" >> /etc/cron.daily/github
echo 'exit 0' >> /etc/cron.daily/github
chmod +x /etc/cron.daily/github
# do an initial backup
/etc/cron.daily/github
echo 'backup_github_projects' >> $COMPLETION_FILE
}
function install_dynamicdns {
if grep -Fxq "install_dynamicdns" $COMPLETION_FILE; then
return
fi
# Here we compile from source because the current package
# doesn't support https, which clould result in passwords
# being leaked
apt-get -y install build-essential curl libgnutls28-dev automake1.11
git clone https://github.com/bashrc/inadyn $INSTALL_DIR/inadyn
if [ ! -d $INSTALL_DIR/inadyn ]; then
echo 'inadyn repo not cloned'
exit 6785
fi
cd $INSTALL_DIR/inadyn
./configure
if [ ! "$?" = "0" ]; then
exit 74890
fi
USE_OPENSSL=1 make
if [ ! "$?" = "0" ]; then
exit 74858
fi
make install
if [ ! "$?" = "0" ]; then
exit 3785
fi
# create an unprivileged user
#useradd -r -s /bin/false debian-inadyn
# create a configuration file
echo 'background' > /etc/inadyn.conf
echo 'verbose 1' >> /etc/inadyn.conf
echo 'period 300' >> /etc/inadyn.conf
echo 'startup-delay 60' >> /etc/inadyn.conf
echo 'cache-dir /run/inadyn' >> /etc/inadyn.conf
chmod 600 /etc/inadyn.conf
if [ ! -d /etc/inadyn ]; then
mkdir /etc/inadyn
fi
# add an init script
echo '#!/bin/sh' > /etc/init.d/inadyn
echo '### BEGIN INIT INFO' >> /etc/init.d/inadyn
echo '# Provides: inadyn' >> /etc/init.d/inadyn
echo '# Required-Start: $network $local_fs $remote_fs $syslog' >> /etc/init.d/inadyn
echo '# Required-Stop: $network $local_fs $remote_fs $syslog' >> /etc/init.d/inadyn
echo '# Default-Start: 2 3 4 5' >> /etc/init.d/inadyn
echo '# Default-Stop: 0 1 6' >> /etc/init.d/inadyn
echo '# Short-Description: Dynamic DNS client' >> /etc/init.d/inadyn
echo '# Description: Register an Internet name with your IP address' >> /etc/init.d/inadyn
echo '### END INIT INFO' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo '# Author: Timur Birsh <taem@linukz.org>' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo 'PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/local/bin:/usr/bin' >> /etc/init.d/inadyn
echo 'DESC="Dynamic DNS client"' >> /etc/init.d/inadyn
echo 'NAME=inadyn' >> /etc/init.d/inadyn
echo 'DAEMON=/usr/local/sbin/inadyn' >> /etc/init.d/inadyn
echo 'CACHEDIR=/run/$NAME' >> /etc/init.d/inadyn
echo 'PIDFILE=$CACHEDIR/$NAME.pid' >> /etc/init.d/inadyn
echo 'SCRIPTNAME=/etc/init.d/$NAME' >> /etc/init.d/inadyn
echo 'DEFAULT=/etc/default/$NAME' >> /etc/init.d/inadyn
echo 'CONFIG=/etc/$NAME.conf' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo '[ -x $DAEMON ] || exit 0' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo '[ -r $DEFAULT ] && . $DEFAULT' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo '. /lib/lsb/init-functions' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo '# Set defaults values if no DEFAULT exist' >> /etc/init.d/inadyn
echo 'RUN_DAEMON="yes"' >> /etc/init.d/inadyn
echo 'USER=root' >> /etc/init.d/inadyn
echo 'GROUP=root' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo 'DAEMON_ARGS="--pidfile $PIDFILE \' >> /etc/init.d/inadyn
echo ' --config $CONFIG \' >> /etc/init.d/inadyn
echo ' --background \' >> /etc/init.d/inadyn
echo ' --drop-privs $USER:$GROUP"' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo 'create_cache_dir() {' >> /etc/init.d/inadyn
echo ' # Create the cache empty dir if necessary' >> /etc/init.d/inadyn
echo ' if [ ! -d $CACHEDIR ]; then' >> /etc/init.d/inadyn
echo ' mkdir $CACHEDIR' >> /etc/init.d/inadyn
echo ' chmod 0755 $CACHEDIR' >> /etc/init.d/inadyn
echo ' chown $USER:$GROUP $CACHEDIR' >> /etc/init.d/inadyn
echo ' fi' >> /etc/init.d/inadyn
echo '}' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo 'do_start()' >> /etc/init.d/inadyn
echo '{' >> /etc/init.d/inadyn
echo ' start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \' >> /etc/init.d/inadyn
echo ' || return 1' >> /etc/init.d/inadyn
echo ' start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \' >> /etc/init.d/inadyn
echo ' $DAEMON_ARGS \' >> /etc/init.d/inadyn
echo ' || return 2' >> /etc/init.d/inadyn
echo '}' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo 'do_stop()' >> /etc/init.d/inadyn
echo '{' >> /etc/init.d/inadyn
echo ' start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME' >> /etc/init.d/inadyn
echo ' RETVAL="$?"' >> /etc/init.d/inadyn
echo ' [ "$RETVAL" = 2 ] && return 2' >> /etc/init.d/inadyn
echo ' rm -f $PIDFILE' >> /etc/init.d/inadyn
echo ' return "$RETVAL"' >> /etc/init.d/inadyn
echo '}' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo 'do_reload() {' >> /etc/init.d/inadyn
echo ' start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME' >> /etc/init.d/inadyn
echo ' return 0' >> /etc/init.d/inadyn
echo '}' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo 'case "$1" in' >> /etc/init.d/inadyn
echo ' start)' >> /etc/init.d/inadyn
echo ' log_daemon_msg "Starting $DESC " "$NAME"' >> /etc/init.d/inadyn
echo ' create_cache_dir' >> /etc/init.d/inadyn
echo ' do_start' >> /etc/init.d/inadyn
echo ' case "$?" in' >> /etc/init.d/inadyn
echo ' 0|1) log_end_msg 0 ;;' >> /etc/init.d/inadyn
echo ' 2) log_end_msg 1 ;;' >> /etc/init.d/inadyn
echo ' esac' >> /etc/init.d/inadyn
echo ' ;;' >> /etc/init.d/inadyn
echo ' stop)' >> /etc/init.d/inadyn
echo ' log_daemon_msg "Stopping $DESC" "$NAME"' >> /etc/init.d/inadyn
echo ' do_stop' >> /etc/init.d/inadyn
echo ' case "$?" in' >> /etc/init.d/inadyn
echo ' 0|1) log_end_msg 0 ;;' >> /etc/init.d/inadyn
echo ' 2) log_end_msg 1 ;;' >> /etc/init.d/inadyn
echo ' esac' >> /etc/init.d/inadyn
echo ' ;;' >> /etc/init.d/inadyn
echo ' status)' >> /etc/init.d/inadyn
echo ' status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?' >> /etc/init.d/inadyn
echo ' ;;' >> /etc/init.d/inadyn
echo ' reload|force-reload)' >> /etc/init.d/inadyn
echo ' log_daemon_msg "Reloading $DESC" "$NAME"' >> /etc/init.d/inadyn
echo ' do_reload' >> /etc/init.d/inadyn
echo ' log_end_msg $?' >> /etc/init.d/inadyn
echo ' ;;' >> /etc/init.d/inadyn
echo ' restart)' >> /etc/init.d/inadyn
echo ' log_daemon_msg "Restarting $DESC" "$NAME"' >> /etc/init.d/inadyn
echo ' do_stop' >> /etc/init.d/inadyn
echo ' case "$?" in' >> /etc/init.d/inadyn
echo ' 0|1)' >> /etc/init.d/inadyn
echo ' do_start' >> /etc/init.d/inadyn
echo ' case "$?" in' >> /etc/init.d/inadyn
echo ' 0) log_end_msg 0 ;;' >> /etc/init.d/inadyn
echo ' 1) log_end_msg 1 ;; # Old process is still running' >> /etc/init.d/inadyn
echo ' *) log_end_msg 1 ;; # Failed to start' >> /etc/init.d/inadyn
echo ' esac' >> /etc/init.d/inadyn
echo ' ;;' >> /etc/init.d/inadyn
echo ' *)' >> /etc/init.d/inadyn
echo ' # Failed to stop' >> /etc/init.d/inadyn
echo ' log_end_msg 1' >> /etc/init.d/inadyn
echo ' ;;' >> /etc/init.d/inadyn
echo ' esac' >> /etc/init.d/inadyn
echo ' ;;' >> /etc/init.d/inadyn
echo ' *)' >> /etc/init.d/inadyn
echo ' echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2' >> /etc/init.d/inadyn
echo ' exit 3' >> /etc/init.d/inadyn
echo ' ;;' >> /etc/init.d/inadyn
echo 'esac' >> /etc/init.d/inadyn
echo '' >> /etc/init.d/inadyn
echo ':' >> /etc/init.d/inadyn
chmod +x /etc/init.d/inadyn
update-rc.d inadyn defaults
service inadyn start
systemctl daemon-reload
echo 'install_dynamicdns' >> $COMPLETION_FILE
}
function get_voip_server_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "VoIP server password" /home/$MY_USERNAME/README; then
if [ ! $VOIP_SERVER_PASSWORD ]; then
VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function install_voip {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "install_voip" $COMPLETION_FILE; then
return
fi
apt-get -y install mumble-server
get_voip_server_password
if [ ! $VOIP_SERVER_PASSWORD ]; then
VOIP_SERVER_PASSWORD=$(openssl rand -base64 16)
fi
if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
VOIP_SERVER_PASSWORD=$(openssl rand -base64 16)
fi
# Make an ssl cert for the server
if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
makecert mumble
check_certificates mumble
fi
# Check that the cert was created
if [ ! -f /etc/ssl/certs/mumble.crt ]; then
echo 'VoIP server certificate not created'
exit 57892
fi
if [ ! -f /etc/ssl/private/mumble.key ]; then
echo 'VoIP server key not created'
exit 57893
fi
sed -i "s|welcometext=.*|welcometext=\"<br />Welcome to $DEFAULT_DOMAIN_NAME <b>VoIP</b>.<br />Chat freely!<br />\"|g" /etc/mumble-server.ini
if [ $VOIP_SERVER_PASSWORD ]; then
sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini
fi
sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini
sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini
sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini
sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
if ! grep -q "allowping" /etc/mumble-server.ini; then
echo 'allowping=False' >> /etc/mumble-server.ini
fi
sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
sed -i 's|#sslCert=.*|sslCert=/etc/ssl/certs/mumble.crt|g' /etc/mumble-server.ini
sed -i 's|#sslKey=.*|sslKey=/etc/ssl/privare/mumble.key|g' /etc/mumble-server.ini
sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini
sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
sed -i "s|port=.*|port=$VOIP_PORT|g" /etc/mumble-server.ini
service mumble-server restart
if ! grep -q "VoIP Server" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'VoIP Server' >> /home/$MY_USERNAME/README
echo '===========' >> /home/$MY_USERNAME/README
echo 'VoIP server username: mumble-server' >> /home/$MY_USERNAME/README
echo "VoIP server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'To connect to the VoIP server use your username and the server password shown above.' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
fi
echo 'install_voip' >> $COMPLETION_FILE
}
function install_final {
if grep -Fxq "install_final" $COMPLETION_FILE; then
return
fi
# unmount any attached usb drive
if [ -d $USB_MOUNT ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
fi
echo 'install_final' >> $COMPLETION_FILE
echo ''
echo ' *** Freedombone installation is complete. Rebooting... ***'
echo ''
if [ -f "/home/$MY_USERNAME/README" ]; then
echo "See /home/$MY_USERNAME/README for post-installation instructions."
echo ''
fi
reboot
}
read_configuration
parse_args
check_domains
install_not_on_BBB
remove_default_user
configure_firewall
configure_firewall_for_ssh
configure_firewall_for_dns
configure_firewall_for_ftp
configure_firewall_for_web_access
configure_firewall_for_cjdns
configure_firewall_for_voip
remove_proprietary_repos
change_debian_repos
enable_backports
configure_dns
install_dynamicdns
randomize_cron
create_freedns_updater
initial_setup
enforce_good_passwords
install_editor
change_login_message
update_the_kernel
enable_zram
random_number_generator
set_your_domain_name
time_synchronisation
configure_internet_protocol
create_git_project
install_cjdns
install_cjdns_tools
backup_github_projects
configure_ssh
remove_instructions_from_motd
check_hwrng
search_for_attached_usb_drive
regenerate_ssh_keys
script_to_make_self_signed_certificates
create_upgrade_script
route_outgoing_traffic_through_tor
install_watchdog_script
configure_email
create_procmail
#spam_filtering
configure_imap
configure_gpg
encrypt_incoming_email
encrypt_outgoing_email
email_client
email_archiving
email_from_address
configure_firewall_for_email
folders_for_mailing_lists
folders_for_email_addresses
create_public_mailing_list
#create_private_mailing_list
encrypt_all_email
import_email
script_for_attaching_usb_drive
install_web_server
configure_firewall_for_web_server
install_owncloud
install_owncloud_music_app
install_gogs
install_xmpp
configure_firewall_for_xmpp
install_irc_server
configure_firewall_for_irc
install_voip
install_wiki
install_blog
install_gnu_social
install_redmatrix
install_dlna_server
configure_firewall_for_dlna
install_mediagoblin
repair_databases_script
create_backup_script
create_restore_script
backup_to_friends_servers
restore_from_friend
intrusion_detection
install_final
echo 'Freedombone installation is complete'
exit 0