10 år sedan · 16ad5784f9
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ The Freedombone system can be installed onto a Beaglebone Black, or any system c
 
				  - **Media**: Runs media services such as DLNA to play music or videos on your devices
			
 
				  - **Writer**: Host your blog and wiki
			
 
				  - **Chat**: Encrypted IRC and XMPP services for one-to-one and many-to-many chat
			
 
				- - **Notmailbox**: Installs eveything except for the email server
			
 
				+ - **Nonmailbox**: Installs eveything except for the email server
			
 
				 
			
 
				 Unlike certain other self-hosting projects Freedombone has more emphasis on security and privacy. When installed on a Beaglebone Black it uses the built-in hardware random number generator as an entropy source and all communications with the box are encrypted by default using the recommendations from https://bettercrypto.org. The firewall is configured to only allow communications on the necessary ports and to drop all other packets, icmp is disabled by default, emails are stored in encrypted form using your public key and time synchronisation occurs via TLS only.  Backups are also encrypted.
			
 
				 
			
--- a/install-freedombone.sh
+++ b/install-freedombone.sh
@@ -81,6 +81,9 @@ VARIANT_NONMAILBOX="nonmailbox"
 
				 VARIANT_SOCIAL="social"
			
 
				 VARIANT_MEDIA="media"
			
 
				 
			
 
				+# An optional configuration file which overrides some of these variables
			
 
				+CONFIGURATION_FILE="freedombone.cfg"
			
 
				+
			
 
				 SSH_PORT=2222
			
 
				 
			
 
				 # Why use Google as a time source?
			
@@ -308,6 +311,62 @@ function argument_checks {
 
				   fi
			
 
				 }
			
 
				 
			
 
				+function read_configuration {
			
 
				+  if [ -f $CONFIGURATION_FILE ]; then
			
 
				+      if grep -q "INSTALLING_ON_BBB" $CONFIGURATION_FILE; then
			
 
				+          INSTALLING_ON_BBB=$(grep "INSTALLING_ON_BBB" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "SSH_PORT" $CONFIGURATION_FILE; then
			
 
				+          SSH_PORT=$(grep "SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE; then
			
 
				+          INSTALLED_WITHIN_DOCKER=$(grep "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE; then
			
 
				+          PUBLIC_MAILING_LIST=$(grep "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
			
 
				+          MICROBLOG_DOMAIN_NAME=$(grep "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "MICROBLOG_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE; then
			
 
				+          MICROBLOG_FREEDNS_SUBDOMAIN_CODE=$(grep "MICROBLOG_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "REDMATRIX_DOMAIN_NAME" $CONFIGURATION_FILE; then
			
 
				+          REDMATRIX_DOMAIN_NAME=$(grep "REDMATRIX_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "REDMATRIX_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE; then
			
 
				+          REDMATRIX_FREEDNS_SUBDOMAIN_CODE=$(grep "REDMATRIX_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE; then
			
 
				+          OWNCLOUD_DOMAIN_NAME=$(grep "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "OWNCLOUD_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE; then
			
 
				+          OWNCLOUD_FREEDNS_SUBDOMAIN_CODE=$(grep "OWNCLOUD_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE; then
			
 
				+          WIKI_DOMAIN_NAME=$(grep "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "WIKI_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE; then
			
 
				+          WIKI_FREEDNS_SUBDOMAIN_CODE=$(grep "WIKI_FREEDNS_SUBDOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE; then
			
 
				+          GPG_ENCRYPT_STORED_EMAIL=$(grep "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE; then
			
 
				+          MY_GPG_PUBLIC_KEY=$(grep "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE; then
			
 
				+          MY_GPG_PRIVATE_KEY=$(grep "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "USB_DRIVE" $CONFIGURATION_FILE; then
			
 
				+          USB_DRIVE=$(grep "USB_DRIVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+      if grep -q "MAX_PHP_MEMORY" $CONFIGURATION_FILE; then
			
 
				+          MAX_PHP_MEMORY=$(grep "MAX_PHP_MEMORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
			
 
				+      fi
			
 
				+  fi
			
 
				+}
			
 
				+
			
 
				 function check_hwrng {
			
 
				   # If hardware random number generation was enabled then make sure that the device exists.
			
 
				   # if /dev/hwrng is not found then any subsequent cryptographic key generation would
			
@@ -4428,6 +4487,7 @@ function install_final {
 
				   reboot
			
 
				 }
			
 
				 
			
 
				+read_configuration
			
 
				 argument_checks
			
 
				 remove_default_user
			
 
				 configure_firewall