|
@@ -150,6 +150,9 @@ WIKI_SQLITE_ADDON_HASH="930335e647c7e62f3068689c256ee169fad2426b64f8360685d391ec
|
150
|
150
|
|
151
|
151
|
GPG_KEYSERVER="hkp://keys.gnupg.net"
|
152
|
152
|
|
|
153
|
+# whether to encrypt all incoming email with your public key
|
|
154
|
+GPG_ENCRYPT_STORED_EMAIL="yes"
|
|
155
|
+
|
153
|
156
|
# gets set to yes if gpg keys are imported from usb
|
154
|
157
|
GPG_KEYS_IMPORTED="no"
|
155
|
158
|
|
|
@@ -1339,6 +1342,37 @@ function configure_gpg {
|
1339
|
1342
|
echo 'configure_gpg' >> $COMPLETION_FILE
|
1340
|
1343
|
}
|
1341
|
1344
|
|
|
1345
|
+function encrypt_incoming_email {
|
|
1346
|
+ # encrypts incoming mail using your GPG public key
|
|
1347
|
+ # so even if an attacker gains access to the data at rest they still need
|
|
1348
|
+ # to know your GPG key password to be able to read anything
|
|
1349
|
+ if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
|
|
1350
|
+ return
|
|
1351
|
+ fi
|
|
1352
|
+ if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then
|
|
1353
|
+ return
|
|
1354
|
+ fi
|
|
1355
|
+ if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
|
|
1356
|
+ return
|
|
1357
|
+ fi
|
|
1358
|
+ if [ ! -f /usr/bin/gpgit.pl ]; then
|
|
1359
|
+ apt-get -y --force-yes install git
|
|
1360
|
+ cd $INSTALL_DIR
|
|
1361
|
+ git clone https://github.com/mikecardwell/gpgit
|
|
1362
|
+ cd gpgit
|
|
1363
|
+ cp gpgit.pl /usr/bin
|
|
1364
|
+ fi
|
|
1365
|
+
|
|
1366
|
+ # add a procmail rule
|
|
1367
|
+ if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
|
|
1368
|
+ echo ' :0 f' >> /home/$MY_USERNAME/.procmailrc
|
|
1369
|
+ echo " | /usr/bin/gpgit.pl $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/.procmailrc
|
|
1370
|
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
|
|
1371
|
+ fi
|
|
1372
|
+ echo 'encrypt_incoming_email' >> $COMPLETION_FILE
|
|
1373
|
+}
|
|
1374
|
+
|
|
1375
|
+
|
1342
|
1376
|
function email_client {
|
1343
|
1377
|
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
|
1344
|
1378
|
return
|
|
@@ -3198,7 +3232,7 @@ function create_backup_script {
|
3198
|
3232
|
echo " if [ ! -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3199
|
3233
|
echo " mkdir $USB_MOUNT/backup/owncloud" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3200
|
3234
|
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3201
|
|
- echo " rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$OWNCLOUD_DOMAIN_NAME $USB_MOUNT/backup/owncloud ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
3235
|
+ echo " rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$OWNCLOUD_DOMAIN_NAME $USB_MOUNT/backup/owncloud ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3202
|
3236
|
fi
|
3203
|
3237
|
fi
|
3204
|
3238
|
# prosody
|
|
@@ -3214,7 +3248,7 @@ function create_backup_script {
|
3214
|
3248
|
echo " if [ ! -d $USB_MOUNT/backup/wiki-blog ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3215
|
3249
|
echo " mkdir $USB_MOUNT/backup/wiki-blog" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3216
|
3250
|
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3217
|
|
- echo " rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$WIKI_DOMAIN_NAME $USB_MOUNT/backup/wiki-blog ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
3251
|
+ echo " rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/www/$WIKI_DOMAIN_NAME $USB_MOUNT/backup/wiki-blog ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3218
|
3252
|
fi
|
3219
|
3253
|
fi
|
3220
|
3254
|
# microblog
|
|
@@ -3240,7 +3274,7 @@ function create_backup_script {
|
3240
|
3274
|
echo " if [ ! -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3241
|
3275
|
echo " mkdir $USB_MOUNT/backup/dlna" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3242
|
3276
|
echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3243
|
|
- echo " rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/cache/minidlna $USB_MOUNT/backup/dlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
3277
|
+ echo " rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map -cvr /var/cache/minidlna $USB_MOUNT/backup/dlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3244
|
3278
|
fi
|
3245
|
3279
|
echo 'else' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
3246
|
3280
|
echo ' echo "Please insert a USB drive to create the backup."' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
@@ -3286,8 +3320,8 @@ function create_restore_script {
|
3286
|
3320
|
# email
|
3287
|
3321
|
if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
|
3288
|
3322
|
echo " if [ -d $USB_MOUNT/backup/Maildir ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3289
|
|
- echo " rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/Maildir /home/$MY_USERNAME/Maildir ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3290
|
|
- echo " rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/gpg /home/$MY_USERNAME/.gnupg ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3323
|
+ echo " rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/Maildir /home/$MY_USERNAME/Maildir ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3324
|
+ echo " rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/gpg /home/$MY_USERNAME/.gnupg ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3291
|
3325
|
echo " cp -f $USB_MOUNT/backup/gpg/.muttrc /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3292
|
3326
|
echo " cp -f $USB_MOUNT/backup/gpg/.procmailrc /home/$MY_USERNAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3293
|
3327
|
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
@@ -3314,7 +3348,7 @@ function create_restore_script {
|
3314
|
3348
|
if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
|
3315
|
3349
|
if [ $OWNCLOUD_DOMAIN_NAME ]; then
|
3316
|
3350
|
echo " if [ -d $USB_MOUNT/backup/owncloud ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3317
|
|
- echo " rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3351
|
+ echo " rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3318
|
3352
|
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3319
|
3353
|
fi
|
3320
|
3354
|
fi
|
|
@@ -3328,7 +3362,7 @@ function create_restore_script {
|
3328
|
3362
|
if ! [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
|
3329
|
3363
|
if [ $WIKI_DOMAIN_NAME ]; then
|
3330
|
3364
|
echo " if [ -d $USB_MOUNT/backup/wiki-blog ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3331
|
|
- echo " rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/wiki-blog /var/www/$WIKI_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3365
|
+ echo " rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/wiki-blog /var/www/$WIKI_DOMAIN_NAME ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3332
|
3366
|
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3333
|
3367
|
fi
|
3334
|
3368
|
fi
|
|
@@ -3353,7 +3387,7 @@ IPT_NAME
|
3353
|
3387
|
# dlna
|
3354
|
3388
|
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
|
3355
|
3389
|
echo " if [ -d $USB_MOUNT/backup/dlna ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3356
|
|
- echo " rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/minidlna /var/cache/minidlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3390
|
+ echo " rsyncrypto --trim=${DIR_TRIM} -vrd $USB_MOUNT/backup/minidlna /var/cache/minidlna ~/rr/keys /etc/ssl/private/rsync.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3357
|
3391
|
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3358
|
3392
|
fi
|
3359
|
3393
|
echo 'else' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
@@ -3420,6 +3454,7 @@ configure_email
|
3420
|
3454
|
#spam_filtering
|
3421
|
3455
|
configure_imap
|
3422
|
3456
|
configure_gpg
|
|
3457
|
+encrypt_incoming_email
|
3423
|
3458
|
email_client
|
3424
|
3459
|
configure_firewall_for_email
|
3425
|
3460
|
folders_for_mailing_lists
|