|
|
@@ -402,6 +402,9 @@ TOX_NODE=
|
|
402
|
402
|
|
|
403
|
403
|
ZERONET_REPO='https://github.com/HelloZeroNet/ZeroNet.git'
|
|
404
|
404
|
|
|
|
405
|
+# Default diffie-hellman key length in bits
|
|
|
406
|
+DH_KEYLENGTH=3072
|
|
|
407
|
+
|
|
405
|
408
|
function show_help {
|
|
406
|
409
|
echo ''
|
|
407
|
410
|
echo 'freedombone -c [configuration file]'
|
|
|
@@ -753,6 +756,9 @@ function read_configuration {
|
|
753
|
756
|
fi
|
|
754
|
757
|
|
|
755
|
758
|
if [ -f $CONFIGURATION_FILE ]; then
|
|
|
759
|
+ if grep -q "DH_KEYLENGTH" $CONFIGURATION_FILE; then
|
|
|
760
|
+ DH_KEYLENGTH=$(grep "DH_KEYLENGTH" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
|
|
|
761
|
+ fi
|
|
756
|
762
|
if grep -q "WIFI_INTERFACE" $CONFIGURATION_FILE; then
|
|
757
|
763
|
WIFI_INTERFACE=$(grep "WIFI_INTERFACE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
|
|
758
|
764
|
fi
|
|
|
@@ -1595,7 +1601,7 @@ function install_zeronet {
|
|
1595
|
1601
|
|
|
1596
|
1602
|
apt-get -y install python python-msgpack python-gevent python-pip
|
|
1597
|
1603
|
pip install msgpack-python --upgrade
|
|
1598
|
|
-
|
|
|
1604
|
+
|
|
1599
|
1605
|
adduser --home /opt/zeronet/ --shell /bin/false --no-create-home --ingroup daemon --disabled-password --disabled-login zeronet
|
|
1600
|
1606
|
git clone $ZERONET_REPO /opt/zeronet
|
|
1601
|
1607
|
sudo chown -R zeronet:zeronet /opt/zeronet
|
|
|
@@ -1615,10 +1621,10 @@ function install_zeronet {
|
|
1615
|
1621
|
echo '' >> /etc/systemd/system/zeronet.service
|
|
1616
|
1622
|
echo '[Install]' >> /etc/systemd/system/zeronet.service
|
|
1617
|
1623
|
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/zeronet.service
|
|
1618
|
|
-
|
|
|
1624
|
+
|
|
1619
|
1625
|
systemctl enable zeronet.service
|
|
1620
|
1626
|
systemctl start zeronet.service
|
|
1621
|
|
-
|
|
|
1627
|
+
|
|
1622
|
1628
|
echo 'mesh_zeronet' >> $COMPLETION_FILE
|
|
1623
|
1629
|
}
|
|
1624
|
1630
|
|
|
|
@@ -1830,7 +1836,7 @@ function mesh_babel {
|
|
1830
|
1836
|
echo 'RemainAfterExit=yes' >> /etc/systemd/system/babel.service
|
|
1831
|
1837
|
echo '' >> /etc/systemd/system/babel.service
|
|
1832
|
1838
|
echo '# Allow time for the server to start/stop' >> /etc/systemd/system/babel.service
|
|
1833
|
|
- echo 'TimeoutSec=300' >> /etc/systemd/system/babel.service
|
|
|
1839
|
+ echo 'TimeoutSec=300' >> /etc/systemd/system/babel.service
|
|
1834
|
1840
|
echo '' >> /etc/systemd/system/babel.service
|
|
1835
|
1841
|
echo '[Install]' >> /etc/systemd/system/babel.service
|
|
1836
|
1842
|
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/babel.service
|
|
|
@@ -2048,7 +2054,7 @@ function mesh_batman_bridge {
|
|
2048
|
2054
|
echo 'RemainAfterExit=yes' >> /etc/systemd/system/batman.service
|
|
2049
|
2055
|
echo '' >> /etc/systemd/system/batman.service
|
|
2050
|
2056
|
echo '# Allow time for the server to start/stop' >> /etc/systemd/system/batman.service
|
|
2051
|
|
- echo 'TimeoutSec=300' >> /etc/systemd/system/batman.service
|
|
|
2057
|
+ echo 'TimeoutSec=300' >> /etc/systemd/system/batman.service
|
|
2052
|
2058
|
echo '' >> /etc/systemd/system/batman.service
|
|
2053
|
2059
|
echo '[Install]' >> /etc/systemd/system/batman.service
|
|
2054
|
2060
|
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/batman.service
|
|
|
@@ -2199,7 +2205,7 @@ function create_backup_script {
|
|
2199
|
2205
|
|
|
2200
|
2206
|
echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2201
|
2207
|
echo ' echo "Creating backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2202
|
|
- echo ' freedombone-addcert -h backup' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2208
|
+ echo " freedombone-addcert -h backup --dhkey $DH_KEYLENGTH" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2203
|
2209
|
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2204
|
2210
|
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2205
|
2211
|
|
|
|
@@ -3644,7 +3650,7 @@ function backup_to_friends_servers {
|
|
3644
|
3650
|
|
|
3645
|
3651
|
echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
|
|
3646
|
3652
|
echo ' echo "Creating backup key"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
|
|
3647
|
|
- echo ' freedombone-addcert -h backup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
|
|
|
3653
|
+ echo " freedombone-addcert -h backup --dhkey $DH_KEYLENGTH" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
|
|
3648
|
3654
|
echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
|
|
3649
|
3655
|
echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
|
|
3650
|
3656
|
|
|
|
@@ -6202,7 +6208,7 @@ function configure_email {
|
|
6202
|
6208
|
|
|
6203
|
6209
|
# make a tls certificate for email
|
|
6204
|
6210
|
if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
|
|
6205
|
|
- freedombone-addcert -h exim
|
|
|
6211
|
+ freedombone-addcert -h exim --dhkey $DH_KEYLENGTH
|
|
6206
|
6212
|
check_certificates exim
|
|
6207
|
6213
|
fi
|
|
6208
|
6214
|
cp /etc/ssl/private/exim.key /etc/exim4
|
|
|
@@ -6431,7 +6437,7 @@ function configure_imap {
|
|
6431
|
6437
|
fi
|
|
6432
|
6438
|
|
|
6433
|
6439
|
if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then
|
|
6434
|
|
- freedombone-addcert -h dovecot
|
|
|
6440
|
+ freedombone-addcert -h dovecot --dhkey $DH_KEYLENGTH
|
|
6435
|
6441
|
check_certificates dovecot
|
|
6436
|
6442
|
fi
|
|
6437
|
6443
|
chown root:dovecot /etc/ssl/certs/dovecot.*
|
|
|
@@ -6518,7 +6524,7 @@ function configure_imap_client_certs {
|
|
6518
|
6524
|
fi
|
|
6519
|
6525
|
# make a CA cert
|
|
6520
|
6526
|
if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
|
|
6521
|
|
- freedombone-addcert -h $DEFAULT_DOMAIN_NAME --ca ""
|
|
|
6527
|
+ freedombone-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
|
|
6522
|
6528
|
fi
|
|
6523
|
6529
|
# CA configuration
|
|
6524
|
6530
|
echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
|
|
|
@@ -7820,7 +7826,7 @@ quit" > $INSTALL_DIR/batch.sql
|
|
7820
|
7826
|
configure_php
|
|
7821
|
7827
|
|
|
7822
|
7828
|
if [ ! -f /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam ]; then
|
|
7823
|
|
- freedombone-addcert -h $OWNCLOUD_DOMAIN_NAME
|
|
|
7829
|
+ freedombone-addcert -h $OWNCLOUD_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
7824
|
7830
|
check_certificates $OWNCLOUD_DOMAIN_NAME
|
|
7825
|
7831
|
fi
|
|
7826
|
7832
|
|
|
|
@@ -8069,7 +8075,7 @@ quit" > $INSTALL_DIR/batch.sql
|
|
8069
|
8075
|
configure_php
|
|
8070
|
8076
|
|
|
8071
|
8077
|
if [ ! -f /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam ]; then
|
|
8072
|
|
- freedombone-addcert -h $GIT_DOMAIN_NAME
|
|
|
8078
|
+ freedombone-addcert -h $GIT_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
8073
|
8079
|
check_certificates $GIT_DOMAIN_NAME
|
|
8074
|
8080
|
fi
|
|
8075
|
8081
|
|
|
|
@@ -8242,7 +8248,7 @@ function install_xmpp {
|
|
8242
|
8248
|
fi
|
|
8243
|
8249
|
|
|
8244
|
8250
|
if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
|
|
8245
|
|
- freedombone-addcert -h xmpp
|
|
|
8251
|
+ freedombone-addcert -h xmpp --dhkey $DH_KEYLENGTH
|
|
8246
|
8252
|
check_certificates xmpp
|
|
8247
|
8253
|
fi
|
|
8248
|
8254
|
chown prosody:prosody /etc/ssl/private/xmpp.key
|
|
|
@@ -8367,7 +8373,7 @@ function install_irc_server {
|
|
8367
|
8373
|
fi
|
|
8368
|
8374
|
|
|
8369
|
8375
|
if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
|
|
8370
|
|
- freedombone-addcert -h ngircd
|
|
|
8376
|
+ freedombone-addcert -h ngircd --dhkey $DH_KEYLENGTH
|
|
8371
|
8377
|
check_certificates ngircd
|
|
8372
|
8378
|
fi
|
|
8373
|
8379
|
|
|
|
@@ -8464,7 +8470,7 @@ function install_wiki {
|
|
8464
|
8470
|
rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
|
|
8465
|
8471
|
fi
|
|
8466
|
8472
|
if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then
|
|
8467
|
|
- freedombone-addcert -h $WIKI_DOMAIN_NAME
|
|
|
8473
|
+ freedombone-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
8468
|
8474
|
check_certificates $WIKI_DOMAIN_NAME
|
|
8469
|
8475
|
fi
|
|
8470
|
8476
|
|
|
|
@@ -8750,7 +8756,7 @@ function install_blog {
|
|
8750
|
8756
|
chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
|
|
8751
|
8757
|
|
|
8752
|
8758
|
if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then
|
|
8753
|
|
- freedombone-addcert -h $FULLBLOG_DOMAIN_NAME
|
|
|
8759
|
+ freedombone-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
8754
|
8760
|
check_certificates $FULLBLOG_DOMAIN_NAME
|
|
8755
|
8761
|
fi
|
|
8756
|
8762
|
|
|
|
@@ -9115,7 +9121,7 @@ quit" > $INSTALL_DIR/batch.sql
|
|
9115
|
9121
|
configure_php
|
|
9116
|
9122
|
|
|
9117
|
9123
|
if [ ! -f /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam ]; then
|
|
9118
|
|
- freedombone-addcert -h $MICROBLOG_DOMAIN_NAME
|
|
|
9124
|
+ freedombone-addcert -h $MICROBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
9119
|
9125
|
check_certificates $MICROBLOG_DOMAIN_NAME
|
|
9120
|
9126
|
fi
|
|
9121
|
9127
|
|
|
|
@@ -9384,7 +9390,7 @@ quit" > $INSTALL_DIR/batch.sql
|
|
9384
|
9390
|
configure_php
|
|
9385
|
9391
|
|
|
9386
|
9392
|
if [ ! -f /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.dhparam ]; then
|
|
9387
|
|
- freedombone-addcert -h $REDMATRIX_DOMAIN_NAME
|
|
|
9393
|
+ freedombone-addcert -h $REDMATRIX_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
9388
|
9394
|
check_certificates $REDMATRIX_DOMAIN_NAME
|
|
9389
|
9395
|
fi
|
|
9390
|
9396
|
|
|
|
@@ -9702,7 +9708,7 @@ function install_mediagoblin {
|
|
9702
|
9708
|
echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
|
9703
|
9709
|
|
|
9704
|
9710
|
if [ ! -f /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam ]; then
|
|
9705
|
|
- freedombone-addcert -h $MEDIAGOBLIN_DOMAIN_NAME
|
|
|
9711
|
+ freedombone-addcert -h $MEDIAGOBLIN_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
9706
|
9712
|
check_certificates $MEDIAGOBLIN_DOMAIN_NAME
|
|
9707
|
9713
|
fi
|
|
9708
|
9714
|
|
|
|
@@ -10141,7 +10147,7 @@ function install_voip {
|
|
10141
|
10147
|
|
|
10142
|
10148
|
# Make an ssl cert for the server
|
|
10143
|
10149
|
if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
|
|
10144
|
|
- freedombone-addcert -h mumble
|
|
|
10150
|
+ freedombone-addcert -h mumble --dhkey $DH_KEYLENGTH
|
|
10145
|
10151
|
check_certificates mumble
|
|
10146
|
10152
|
fi
|
|
10147
|
10153
|
|
Bob Mottram
10 年前