#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # An initialisation script which can be run after installing # a disk image # # License # ======= # # Copyright (C) 2015 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . PROJECT_NAME='freedombone' export TEXTDOMAIN=${PROJECT_NAME}-deploy export TEXTDOMAINDIR="/usr/share/locale" # Default username for disk images DEFAULT_IMAGE_USERNAME='freedom' MY_NAME='fbn' MY_USERNAME=$MY_NAME MY_EMAIL_ADDRESS=$MY_USERNAME@$(hostname) # various passwords CJDNS_PASSWORD= MARIADB_PASSWORD= MICROBLOG_ADMIN_PASSWORD= GIT_ADMIN_PASSWORD= HUBZILLA_ADMIN_PASSWORD= OWNCLOUD_ADMIN_PASSWORD= WIKI_ADMIN_PASSWORD= FULLBLOG_ADMIN_PASSWORD= VOIP_SERVER_PASSWORD= SIP_SERVER_PASSWORD= function create_backup_gpg_key { echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME shred -zu /home/$MY_USERNAME/gpg-genkey.conf BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME) if [ ! "$?" = "0" ]; then echo 'Backup key could not be created' exit 43382 fi MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}') echo "Backup key: $MY_BACKUP_KEY_ID" MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key su -c "gpg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME su -c "gpg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then echo 'Public backup key could not be exported' exit 36829 fi if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then echo 'Private backup key could not be exported' exit 29235 fi # import backup key to root user gpg --import --import ${MY_BACKUP_KEY}_public.asc gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc shred -zu ${MY_BACKUP_KEY}_public.asc shred -zu ${MY_BACKUP_KEY}_private.asc echo 'New backup gpg key created' } function regenerate_ssh_host_keys { rm -f /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server echo 'ssh host keys regenerated' # remove small moduli awk '$5 > 2000' /etc/ssh/moduli > ~/moduli mv ~/moduli /etc/ssh/moduli echo 'ssh small moduli removed' systemctl restart ssh } function get_passwords_from_readme { readme_file=$1 if [ ! -f $readme_file ]; then return fi if grep -q "cjdns password" $readme_file; then if [ ! $CJDNS_PASSWORD ]; then CJDNS_PASSWORD=$(cat $readme_file | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi if grep -q "MariaDB password" $readme_file; then if [ -f $DATABASE_PASSWORD_FILE ]; then MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE) else MARIADB_PASSWORD=$(cat $readme_file | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//') echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE chmod 600 $DATABASE_PASSWORD_FILE fi fi if grep -q "MariaDB gnusocial admin password" $readme_file; then MICROBLOG_ADMIN_PASSWORD=$(cat $readme_file | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi if grep -q "Gogs admin user password" $readme_file; then GIT_ADMIN_PASSWORD=$(cat $readme_file | grep "Gogs admin user password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi if grep -q "MariaDB Hubzilla admin password" $readme_file; then HUBZILLA_ADMIN_PASSWORD=$(cat $readme_file | grep "MariaDB Hubzilla admin password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi if grep -q "Owncloud database password" $readme_file; then OWNCLOUD_ADMIN_PASSWORD=$(cat $readme_file | grep "Owncloud database password" | awk -F ':' '{print $2}' | sed 's/^ *//') fi if grep -q "Wiki password" $readme_file; then WIKI_ADMIN_PASSWORD=$(cat $readme_file | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//') fi } function set_admin_user { sed -i "s|Admin user:.*|Admin user:$MY_USERNAME|g" $COMPLETION_FILE } if [ ! -d /home/$DEFAULT_IMAGE_USERNAME ]; then echo "User $DEFAULT_IMAGE_USERNAME not found" exit 52372 fi if [ -d /home/$MY_USERNAME ]; then echo "User $MY_USERNAME already exists" exit 73538 fi get_passwords_from_readme /home/$DEFAULT_IMAGE_USERNAME/README #${PROJECT_NAME}-adduser $MY_USERNAME > ~/setup.txt #set_admin_user #create_backup_gpg_key #regenerate_ssh_host_keys exit 0