Initial idea for deploying an image

src/freedombone-deploy

@@ -0,0 +1,160 @@
+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# An initialisation script which can be run after installing
+# a disk image
+#
+# License
+# =======
+#
+# Copyright (C) 2015 Bob Mottram <bob@robotics.uk.to>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Default username for disk images
+DEFAULT_IMAGE_USERNAME='freedom'
+
+MY_NAME='fbn'
+MY_USERNAME=$MY_NAME
+MY_EMAIL_ADDRESS=$MY_USERNAME@$(hostname)
+
+# various passwords
+CJDNS_PASSWORD=
+MARIADB_PASSWORD=
+MICROBLOG_ADMIN_PASSWORD=
+GIT_ADMIN_PASSWORD=
+HUBZILLA_ADMIN_PASSWORD=
+OWNCLOUD_ADMIN_PASSWORD=
+WIKI_ADMIN_PASSWORD=
+FULLBLOG_ADMIN_PASSWORD=
+VOIP_SERVER_PASSWORD=
+SIP_SERVER_PASSWORD=
+
+function create_backup_gpg_key {
+    echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
+    echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo "Name-Real:  $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
+    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
+    su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+    shred -zu /home/$MY_USERNAME/gpg-genkey.conf
+    BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME)
+    if [ ! "$?" = "0" ]; then
+        echo 'Backup key could not be created'
+        exit 43382
+    fi
+
+	MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+	echo "Backup key: $MY_BACKUP_KEY_ID"
+	MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
+	su -c "gpg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
+	su -c "gpg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
+	if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
+		echo 'Public backup key could not be exported'
+		exit 36829
+	fi
+	if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then
+		echo 'Private backup key could not be exported'
+		exit 29235
+	fi
+
+	# import backup key to root user
+	gpg --import --import ${MY_BACKUP_KEY}_public.asc
+	gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
+
+	shred -zu ${MY_BACKUP_KEY}_public.asc
+	shred -zu ${MY_BACKUP_KEY}_private.asc
+	echo 'New backup gpg key created'
+}
+
+function regenerate_ssh_host_keys {
+    rm -f /etc/ssh/ssh_host_*
+    dpkg-reconfigure openssh-server
+    echo 'ssh host keys regenerated'
+    # remove small moduli
+    awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
+    mv ~/moduli /etc/ssh/moduli
+    echo 'ssh small moduli removed'
+    systemctl restart ssh
+}
+
+function get_passwords_from_readme {
+	readme_file=$1
+	if [ ! -f $readme_file ]; then
+		return
+	fi
+
+    if grep -q "cjdns password" $readme_file; then
+        if [ ! $CJDNS_PASSWORD ]; then
+            CJDNS_PASSWORD=$(cat $readme_file | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+        fi
+    fi
+    if grep -q "MariaDB password" $readme_file; then
+        if [ -f $DATABASE_PASSWORD_FILE ]; then
+            MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE)
+        else
+            MARIADB_PASSWORD=$(cat $readme_file | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+            echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
+            chmod 600 $DATABASE_PASSWORD_FILE
+        fi
+    fi
+    if grep -q "MariaDB gnusocial admin password" $readme_file; then
+        MICROBLOG_ADMIN_PASSWORD=$(cat $readme_file | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+    fi
+    if grep -q "Gogs admin user password" $readme_file; then
+        GIT_ADMIN_PASSWORD=$(cat $readme_file | grep "Gogs admin user password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+    fi
+    if grep -q "MariaDB Hubzilla admin password" $readme_file; then
+        HUBZILLA_ADMIN_PASSWORD=$(cat $readme_file | grep "MariaDB Hubzilla admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+    fi
+    if grep -q "Owncloud database password" $readme_file; then
+        OWNCLOUD_ADMIN_PASSWORD=$(cat $readme_file | grep "Owncloud database password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+    fi
+    if grep -q "Wiki password" $readme_file; then
+        WIKI_ADMIN_PASSWORD=$(cat $readme_file | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
+    fi
+}
+
+function set_admin_user {
+    sed -i "s|Admin user:.*|Admin user:$MY_USERNAME|g" $COMPLETION_FILE
+}
+
+if [ ! -d /home/$DEFAULT_IMAGE_USERNAME ]; then
+	echo "User $DEFAULT_IMAGE_USERNAME not found"
+	exit 52372
+fi
+
+if [ -d /home/$MY_USERNAME ]; then
+	echo "User $MY_USERNAME already exists"
+	exit 73538
+fi
+
+get_passwords_from_readme /home/$DEFAULT_IMAGE_USERNAME/README
+#freedombone-adduser $MY_USERNAME > ~/setup.txt
+#set_admin_user
+#create_backup_gpg_key
+#regenerate_ssh_host_keys
+
+exit 0