|
|
@@ -267,6 +267,9 @@ SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2"
|
|
267
|
267
|
# list of ciphers to use. See bettercrypto.org recommendations
|
|
268
|
268
|
SSL_CIPHERS="EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
|
|
269
|
269
|
|
|
|
270
|
+# the default email address
|
|
|
271
|
+MY_EMAIL_ADDRESS=$MY_USERNAME@$DOMAIN_NAME
|
|
|
272
|
+
|
|
270
|
273
|
export DEBIAN_FRONTEND=noninteractive
|
|
271
|
274
|
|
|
272
|
275
|
# File which keeps track of what has already been installed
|
|
|
@@ -335,6 +338,9 @@ function argument_checks {
|
|
335
|
338
|
|
|
336
|
339
|
function read_configuration {
|
|
337
|
340
|
if [ -f $CONFIGURATION_FILE ]; then
|
|
|
341
|
+ if grep -q "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE; then
|
|
|
342
|
+ MY_EMAIL_ADDRESS=$(grep "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
|
|
|
343
|
+ fi
|
|
338
|
344
|
if grep -q "INSTALLING_ON_BBB" $CONFIGURATION_FILE; then
|
|
339
|
345
|
INSTALLING_ON_BBB=$(grep "INSTALLING_ON_BBB" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
|
|
340
|
346
|
fi
|
|
|
@@ -425,7 +431,7 @@ function import_gpg_key_to_root {
|
|
425
|
431
|
apt-get -y --force-yes install gnupg
|
|
426
|
432
|
|
|
427
|
433
|
if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
|
|
428
|
|
- MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
|
434
|
+ MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
429
|
435
|
fi
|
|
430
|
436
|
|
|
431
|
437
|
# if the above fails because the key has an unexpected email address
|
|
|
@@ -1518,7 +1524,7 @@ function time_synchronisation {
|
|
1518
|
1524
|
echo "TIMESOURCE2='TLS_TIME_SOURCE2'" >> /usr/bin/updatedate
|
|
1519
|
1525
|
echo 'LOGFILE=/var/log/tlsdate.log' >> /usr/bin/updatedate
|
|
1520
|
1526
|
echo 'TIMEOUT=5' >> /usr/bin/updatedate
|
|
1521
|
|
- echo "EMAIL=$MY_USERNAME@$DOMAIN_NAME" >> /usr/bin/updatedate
|
|
|
1527
|
+ echo "EMAIL=$MY_EMAIL_ADDRESS" >> /usr/bin/updatedate
|
|
1522
|
1528
|
echo '# File which contains the previous date as a number' >> /usr/bin/updatedate
|
|
1523
|
1529
|
echo 'BEFORE_DATE_FILE=/var/log/tlsdateprevious.txt' >> /usr/bin/updatedate
|
|
1524
|
1530
|
echo '# File which contains the previous date as a string' >> /usr/bin/updatedate
|
|
|
@@ -2130,7 +2136,7 @@ function configure_gpg {
|
|
2130
|
2136
|
# if gpg keys directory was previously imported from usb
|
|
2131
|
2137
|
if [[ $GPG_KEYS_IMPORTED == "yes" && -d /home/$MY_USERNAME/.gnupg ]]; then
|
|
2132
|
2138
|
sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf
|
|
2133
|
|
- MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
|
2139
|
+ MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
2134
|
2140
|
echo 'configure_gpg' >> $COMPLETION_FILE
|
|
2135
|
2141
|
return
|
|
2136
|
2142
|
fi
|
|
|
@@ -2167,20 +2173,20 @@ function configure_gpg {
|
|
2167
|
2173
|
su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
|
|
2168
|
2174
|
# for security ensure that the private key file doesn't linger around
|
|
2169
|
2175
|
shred -zu $MY_GPG_PRIVATE_KEY
|
|
2170
|
|
- MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
|
2176
|
+ MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
2171
|
2177
|
else
|
|
2172
|
2178
|
# Generate a GPG key
|
|
2173
|
2179
|
echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
|
|
2174
|
2180
|
echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
|
|
2175
|
2181
|
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
|
|
2176
|
2182
|
echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
|
|
2177
|
|
- echo "Name-Real: $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
|
|
2178
|
|
- echo "Name-Email: $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
|
|
|
2183
|
+ echo "Name-Real: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
|
|
|
2184
|
+ echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
|
|
2179
|
2185
|
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
|
|
2180
|
2186
|
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
|
|
2181
|
2187
|
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
|
|
2182
|
2188
|
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
|
|
2183
|
|
- MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
|
2189
|
+ MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
2184
|
2190
|
MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
|
|
2185
|
2191
|
su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
|
|
2186
|
2192
|
fi
|
|
|
@@ -2213,7 +2219,7 @@ function encrypt_incoming_email {
|
|
2213
|
2219
|
if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
|
|
2214
|
2220
|
echo '' >> /home/$MY_USERNAME/.procmailrc
|
|
2215
|
2221
|
echo ':0 f' >> /home/$MY_USERNAME/.procmailrc
|
|
2216
|
|
- echo "| /usr/bin/gpgit.pl $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/.procmailrc
|
|
|
2222
|
+ echo "| /usr/bin/gpgit.pl $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc
|
|
2217
|
2223
|
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
|
|
2218
|
2224
|
fi
|
|
2219
|
2225
|
echo 'encrypt_incoming_email' >> $COMPLETION_FILE
|
|
|
@@ -2304,7 +2310,7 @@ function encrypt_all_email {
|
|
2304
|
2310
|
echo 'fi' >> /usr/bin/encmaildir
|
|
2305
|
2311
|
echo '' >> /usr/bin/encmaildir
|
|
2306
|
2312
|
echo 'if [ ! $EMAIL_ADDRESS ]; then' >> /usr/bin/encmaildir
|
|
2307
|
|
- echo " EMAIL_ADDRESS='$MY_USERNAME@$DOMAIN_NAME'" >> /usr/bin/encmaildir
|
|
|
2313
|
+ echo " EMAIL_ADDRESS='$MY_EMAIL_ADDRESS'" >> /usr/bin/encmaildir
|
|
2308
|
2314
|
echo 'fi' >> /usr/bin/encmaildir
|
|
2309
|
2315
|
echo '' >> /usr/bin/encmaildir
|
|
2310
|
2316
|
echo 'if [ ! $USERNAME ]; then' >> /usr/bin/encmaildir
|
|
|
@@ -2760,7 +2766,7 @@ function create_private_mailing_list {
|
|
2760
|
2766
|
ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder
|
|
2761
|
2767
|
sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf
|
|
2762
|
2768
|
sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf
|
|
2763
|
|
- schleuder-newlist $PRIVATE_MAILING_LIST@$DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_USERNAME@$DOMAIN_NAME -initmember $MY_USERNAME@$DOMAIN_NAME -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
|
|
|
2769
|
+ schleuder-newlist $PRIVATE_MAILING_LIST@$DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
|
|
2764
|
2770
|
addemailtofolder $MY_USERNAME $PRIVATE_MAILING_LIST@$DOMAIN_NAME $PRIVATE_MAILING_LIST
|
|
2765
|
2771
|
|
|
2766
|
2772
|
echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder
|
|
|
@@ -3163,7 +3169,7 @@ function install_xmpp {
|
|
3163
|
3169
|
echo "Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
|
|
3164
|
3170
|
echo 'You can change it with: ' >> /home/$MY_USERNAME/README
|
|
3165
|
3171
|
echo '' >> /home/$MY_USERNAME/README
|
|
3166
|
|
- echo " prosodyctl passwd $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/README
|
|
|
3172
|
+ echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
|
|
3167
|
3173
|
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
|
|
3168
|
3174
|
fi
|
|
3169
|
3175
|
echo 'install_xmpp' >> $COMPLETION_FILE
|
|
|
@@ -3193,7 +3199,7 @@ function install_irc_server {
|
|
3193
|
3199
|
echo '* Freedom in the Cloud *' >> /etc/ngircd/motd
|
|
3194
|
3200
|
echo '**************************************************' >> /etc/ngircd/motd
|
|
3195
|
3201
|
sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
|
|
3196
|
|
- sed -i "s/irc@irc.example.com/$MY_USERNAME@$DOMAIN_NAME/g" /etc/ngircd/ngircd.conf
|
|
|
3202
|
+ sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
|
|
3197
|
3203
|
sed -i "s/irc.example.net/$DOMAIN_NAME/g" /etc/ngircd/ngircd.conf
|
|
3198
|
3204
|
sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DOMAIN_NAME|g" /etc/ngircd/ngircd.conf
|
|
3199
|
3205
|
sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
|
|
|
@@ -3627,7 +3633,7 @@ function backup_databases_script_header {
|
|
3627
|
3633
|
# daily
|
|
3628
|
3634
|
echo '#!/bin/sh' > /usr/bin/backupdatabases
|
|
3629
|
3635
|
echo '' >> /usr/bin/backupdatabases
|
|
3630
|
|
- echo "EMAIL='$MY_USERNAME@$DOMAIN_NAME'" >> /usr/bin/backupdatabases
|
|
|
3636
|
+ echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases
|
|
3631
|
3637
|
echo '' >> /usr/bin/backupdatabases
|
|
3632
|
3638
|
echo "MYSQL_PASSWORD='$MARIADB_PASSWORD'" >> /usr/bin/backupdatabases
|
|
3633
|
3639
|
echo 'umask 0077' >> /usr/bin/backupdatabases
|
|
|
@@ -3669,7 +3675,7 @@ function repair_databases_script {
|
|
3669
|
3675
|
echo '#!/bin/bash' > /usr/bin/repairdatabase
|
|
3670
|
3676
|
echo '' >> /usr/bin/repairdatabase
|
|
3671
|
3677
|
echo 'DATABASE=$1' >> /usr/bin/repairdatabase
|
|
3672
|
|
- echo "EMAIL=$MY_USERNAME@$DOMAIN_NAME" >> /usr/bin/repairdatabase
|
|
|
3678
|
+ echo "EMAIL=$MY_EMAIL_ADDRESS" >> /usr/bin/repairdatabase
|
|
3673
|
3679
|
echo '' >> /usr/bin/repairdatabase
|
|
3674
|
3680
|
echo "MYSQL_ROOT_PASSWORD='$MARIADB_PASSWORD'" >> /usr/bin/repairdatabase
|
|
3675
|
3681
|
echo 'TEMPFILE=/root/repairdatabase_$DATABASE' >> /usr/bin/repairdatabase
|
|
|
@@ -4445,7 +4451,7 @@ function install_mediagoblin {
|
|
4445
|
4451
|
ln -s /etc/uwsgi/apps-available/mg.yaml /etc/uwsgi/apps-enabled/
|
|
4446
|
4452
|
|
|
4447
|
4453
|
# change settings
|
|
4448
|
|
- sed -i "s/notice@mediagoblin.example.org/$MY_USERNAME@$DOMAIN_NAME/g" $MEDIAGOBLIN_PATH/mediagoblin_local.ini
|
|
|
4454
|
+ sed -i "s/notice@mediagoblin.example.org/$MY_EMAIL_ADDRESS/g" $MEDIAGOBLIN_PATH/mediagoblin_local.ini
|
|
4449
|
4455
|
sed -i 's/email_debug_mode = true/email_debug_mode = false/g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
|
|
4450
|
4456
|
sed -i 's|# sql_engine = postgresql:///mediagoblin|sql_engine = postgresql:///mediagoblin|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
|
|
4451
|
4457
|
|
Bob Mottram
10 年之前