freedombone/src/freedombone-restore-local

#!/bin/bash
#  _____               _           _
# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
#                              Freedom in the Cloud
#
# Restore from local storage - typically a USB drive
#
# License
# =======
#
# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
MONGODB_APPS_FILE=$HOME/.mongodbapps
CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv

# whether to restore everything or just a specific application
RESTORE_APP='all'

export TEXTDOMAIN=${PROJECT_NAME}-restore-local
export TEXTDOMAINDIR="/usr/share/locale"

PROJECT_INSTALL_DIR=/usr/local/bin
if [ -f /usr/bin/${PROJECT_NAME} ]; then
    PROJECT_INSTALL_DIR=/usr/bin
fi

# MariaDB password
DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)

function please_wait {
        local str width height length

        width=$(tput cols)
        height=$(tput lines)
        str="Standby to restore from USB"
        length=${#str}
        clear
        tput cup $((height / 2)) $(((width / 2) - (length / 2)))
        echo "$str"
        tput cup $((height * 3 / 5)) $(((width / 2)))
        echo -n ''
}

please_wait

source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars

# include utils which allow function_check, go and drive mount
UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
for f in $UTILS_FILES
do
    source "$f"
done

clear

USB_DRIVE=/dev/sdb1
USB_MOUNT=/mnt/usb

ADMIN_USERNAME=''
ADMIN_NAME=

read_config_param USB_DRIVE

if [ -f "$COMPLETION_FILE" ]; then
    ADMIN_USERNAME=$(get_completion_param "Admin user")
fi

function check_backup_exists {
    if [ ! -d $USB_MOUNT/backup ]; then
        echo $"No backup directory found on the USB drive."
        set_user_permissions
        backup_unmount_drive
        exit 2
    fi
}

function check_admin_user {
    echo $"Checking that admin user exists"
    if [ ! -d "/home/$ADMIN_USERNAME" ]; then
        echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username."
        set_user_permissions
        backup_unmount_drive
        exit 295
    fi
}

function copy_gpg_keys {
    echo $"Copying GPG keys from admin user to root"
    cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
    gpg_set_permissions root
}

function restore_blocklist {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'blocklist' ]]; then
            return
        fi
    fi

    if [ -d $USB_MOUNT/backup/blocklist ]; then
        echo $"Restoring blocklist"
        temp_restore_dir=/root/tempblocklist
        restore_directory_from_usb $temp_restore_dir blocklist

        if [ -d $temp_restore_dir/root/tempbackupblocklist ]; then
            cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
        else
            cp -f $temp_restore_dir/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
        fi

        rm -rf $temp_restore_dir

        firewall_refresh_blocklist
    fi
}

function restore_configfiles {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'configfiles' ]]; then
            return
        fi
    fi

    # this restores *.cfg and COMPLETION_FILE
    if [ -d $USB_MOUNT/backup/configfiles ]; then
        echo $"Restoring configuration files"
        temp_restore_dir=/root/tempconfigfiles
        restore_directory_from_usb $temp_restore_dir configfiles

        if [ -d $temp_restore_dir/root ]; then
            if [ -f $temp_restore_dir/root/.nostore ]; then
                if [ ! -f /root/.nostore ]; then
                    touch /root/.nostore
                fi
            else
                if [ -f /root/.nostore ]; then
                    rm /root/.nostore
                fi
            fi
        else
            if [ -f $temp_restore_dir/.nostore ]; then
                if [ ! -f /root/.nostore ]; then
                    touch /root/.nostore
                fi
            else
                if [ -f /root/.nostore ]; then
                    rm /root/.nostore
                fi
            fi
        fi

        #if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
        #    cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
        #fi

        #if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
        #    cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
        #    if [ ! "$?" = "0" ]; then
        #        set_user_permissions
        #        backup_unmount_drive
        #        rm -rf $temp_restore_dir
        #        exit 5294
        #    fi
        #fi

        if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
            if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
                set_user_permissions
                backup_unmount_drive
                rm -rf "$temp_restore_dir"
                exit 859034853
            fi
        fi

        #if [ -f $CONFIGURATION_FILE ]; then
        #    # install according to the config file
        #    freedombone -c $CONFIGURATION_FILE
        #fi

        #if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
        #    cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
        #    if [ ! "$?" = "0" ]; then
        #        set_user_permissions
        #        backup_unmount_drive
        #        rm -rf $temp_restore_dir
        #        exit 6382
        #    fi
        #fi

        if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
            if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
                set_user_permissions
                backup_unmount_drive
                rm -rf "$temp_restore_dir"
                exit 62121
            fi
        fi

        # restore nginx password hashes
        if [ -d $temp_restore_dir/root ]; then
            if [ -f $temp_restore_dir/root/htpasswd ]; then
                cp -f $temp_restore_dir/root/htpasswd /etc/nginx/.htpasswd
            fi
        else
            if [ -f $temp_restore_dir/htpasswd ]; then
                cp -f $temp_restore_dir/htpasswd /etc/nginx/.htpasswd
            fi
        fi

        rm -rf $temp_restore_dir
    fi
}

function same_admin_user {
    PREV_ADMIN_USERNAME=$(get_completion_param "Admin user")
    if [[ "$PREV_ADMIN_USERNAME" != "$ADMIN_USERNAME" ]]; then
        echo $"The admin username has changed from $PREV_ADMIN_USERNAME to $ADMIN_USERNAME. To restore you will first need to install a new ${PROJECT_NAME} system with an initial admin user named $PREV_ADMIN_USERNAME"
        set_user_permissions
        backup_unmount_drive
        exit 73265
    fi
}

function restore_mariadb {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'mariadb' ]]; then
            return
        fi
    fi

    if [[ $(is_completed install_mariadb) == "0" ]]; then
        function_check install_mariadb
        install_mariadb
    fi

    if [ -d $USB_MOUNT/backup/mariadb ]; then
        echo $"Restoring mysql settings"
        keep_database_running
        temp_restore_dir=/root/tempmariadb
        restore_directory_from_usb $temp_restore_dir mariadb

        store_original_mariadb_password

        echo $'Obtaining original MariaDB password'
        db_pass=$(cat /root/.mariadboriginal)
        if [ ${#db_pass} -gt 0 ]; then
            echo $"Restore the MariaDB user table"
            if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
                mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
            else
                mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
            fi
            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                echo $"Try again using the password obtained from backup"
                db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
                if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
                    mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
                else
                    mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
                fi
            fi
            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                echo "$mysqlsuccess"
                set_user_permissions
                backup_unmount_drive
                exit 962
            fi
            echo $"Restarting database"
            systemctl restart mariadb
            echo $"Ensure MariaDB handles authentication"
            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
            mariadb_fix_authentication
            DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
        fi
        rm -rf $temp_restore_dir
    fi
}

function restore_postgresql {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'postgresql' ]]; then
            return
        fi
    fi

    if [[ $(is_completed install_postgresql) == "0" ]]; then
        function_check install_postgresql
        install_postgresql
    fi

    if [ -d $USB_MOUNT/backup/postgresql ]; then
        echo $"Restoring postgresql settings"
        temp_restore_dir=/root/temppostgresql
        restore_directory_from_usb $temp_restore_dir postgresql

        store_original_postgresql_password

        echo $'Obtaining original postgresql password'
        db_pass=$(cat /root/.postgresqloriginal)
        if [ ${#db_pass} -gt 0 ]; then
            echo $"Restore the postgresql user table"
            if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
                mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
            else
                mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
            fi
            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                echo $"Try again using the password obtained from backup"
                db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
                if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
                    mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
                else
                    mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
                fi
            fi
            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                echo "$mysqlsuccess"
                set_user_permissions
                backup_unmount_drive
                exit 73825
            fi
            echo $"Restarting database"
            systemctl restart postgresql
            echo $"Ensure postgresql handles authentication"
            POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
            DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
        fi
        rm -rf $temp_restore_dir
    fi
}

function restore_letsencrypt {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'letsencrypt' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/letsencrypt ]; then
        echo $"Restoring Lets Encrypt settings"
        #restore_directory_from_usb / letsencrypt
        restore_directory_from_usb /etc/letsencrypt letsencrypt
        chgrp -R ssl-cert /etc/letsencrypt
        chmod -R g=rX /etc/letsencrypt
    fi
}

function restore_passwordstore {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'passwords' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/passwordstore ]; then
        store_original_mariadb_password
        echo $"Restoring password store"
        #restore_directory_from_usb / passwordstore
        restore_directory_from_usb /root/.passwords passwordstore
    fi
}

function restore_tor {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'tor' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/tor ]; then
        echo $"Restoring Tor settings"
        #restore_directory_from_usb / tor
        restore_directory_from_usb /var/lib/tor tor
    fi
}

function restore_mutt_settings {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'mutt' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/mutt ]; then
        for d in $USB_MOUNT/backup/mutt/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')

            # skip over configurations
            if [[ "$USERNAME" == *'configs' ]]; then
                continue
            fi

            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ ! -d "/home/$USERNAME" ]; then
                    "${PROJECT_NAME}-adduser" "$USERNAME"
                fi
                echo $"Restoring Mutt configurations for $USERNAME"
                restore_directory_from_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
                echo $"Restoring Mutt settings for $USERNAME"
                temp_restore_dir=/root/tempmutt
                restore_directory_from_usb "$temp_restore_dir" "mutt/$USERNAME"
                if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
                    if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" ]; then
                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                    fi
                    if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" ]; then
                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
                        sed -i '/set sidebar_delim/d' /etc/Muttrc
                        sed -i '/set sidebar_sort/d' /etc/Muttrc
                    fi
                else
                    if [ -f $temp_restore_dir/.muttrc ]; then
                        cp -f "$temp_restore_dir/.muttrc" "/home/$USERNAME/.muttrc"
                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                    fi
                    if [ -f $temp_restore_dir/Muttrc ]; then
                        cp -f $temp_restore_dir/Muttrc /etc/Muttrc
                        sed -i '/set sidebar_delim/d' /etc/Muttrc
                        sed -i '/set sidebar_sort/d' /etc/Muttrc
                    fi
                fi
                # shellcheck disable=SC2181
                if [ ! "$?" = "0" ]; then
                    rm -rf $temp_restore_dir
                    set_user_permissions
                    backup_unmount_drive
                    exit 276
                fi
                rm -rf $temp_restore_dir
            fi
        done
    fi
}

function restore_gpg {
    if [[ $RESTORE_APP != 'gpg' ]]; then
        return
    fi

    if [ -d $USB_MOUNT/backup/gnupg ]; then
        for d in $USB_MOUNT/backup/gnupg/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ ! -d "/home/$USERNAME" ]; then
                    "${PROJECT_NAME}-adduser" "$USERNAME"
                fi
                echo $"Restoring gnupg settings for $USERNAME"
                temp_restore_dir=/root/tempgnupg
                restore_directory_from_usb $temp_restore_dir "gnupg/$USERNAME"
                if [ -d "$temp_restore_dir/home/$USERNAME/.gnupg" ]; then
                    cp -r "$temp_restore_dir/home/$USERNAME/.gnupg" "/home/$USERNAME/"
                else
                    if [ ! -d "/home/$USERNAME/.gnupg" ]; then
                        mkdir "/home/$USERNAME/.gnupg"
                    fi
                    cp -r $temp_restore_dir/* "/home/$USERNAME/.gnupg/"
                fi
                # shellcheck disable=SC2181
                if [ ! "$?" = "0" ]; then
                    rm -rf $temp_restore_dir
                    set_user_permissions
                    backup_unmount_drive
                    exit 276
                fi
                rm -rf $temp_restore_dir
                gpg_set_permissions "$USERNAME"
                if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
                    if ! cp -r "/home/$USERNAME/.gnupg" /root; then
                        set_user_permissions
                        backup_unmount_drive
                        exit 283
                    fi
                    gpg_set_permissions root
                fi
            fi
        done
    fi
}

function restore_procmail {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'procmail' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/procmail ]; then
        for d in $USB_MOUNT/backup/procmail/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ ! -d "/home/$USERNAME" ]; then
                    ${PROJECT_NAME}-adduser "$USERNAME"
                fi
                echo $"Restoring procmail settings for $USERNAME"
                temp_restore_dir=/root/tempprocmail
                restore_directory_from_usb $temp_restore_dir "procmail/$USERNAME"
                if [ -d $temp_restore_dir ]; then
                    if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
                    else
                        cp -f "$temp_restore_dir/.procmailrc" "/home/$USERNAME/.procmailrc"
                    fi
                    # shellcheck disable=SC2181
                    if [ ! "$?" = "0" ]; then
                        rm -rf $temp_restore_dir
                        set_user_permissions
                        backup_unmount_drive
                        exit 276
                    fi
                    rm -rf $temp_restore_dir
                fi
            fi
        done
    fi
}

function restore_spamassassin {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'spamassassin' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/spamassassin ]; then
        for d in $USB_MOUNT/backup/spamassassin/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ -d "$USB_MOUNT/backup/spamassassin/$USERNAME" ]; then
                    if [ ! -d "/home/$USERNAME" ]; then
                        ${PROJECT_NAME}-adduser "$USERNAME"
                    fi
                    echo $"Restoring spamassassin settings for $USERNAME"
                    temp_restore_dir=/root/tempspamassassin
                    restore_directory_from_usb $temp_restore_dir "spamassassin/$USERNAME"
                    if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
                        cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
                    else
                    if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
                        mkdir "/home/$USERNAME/.spamassassin"
                    fi
                        cp -rf "$temp_restore_dir/"* "/home/$USERNAME/.spamassassin/"
                    fi
                    # shellcheck disable=SC2181
                    if [ ! "$?" = "0" ]; then
                        rm -rf $temp_restore_dir
                        set_user_permissions
                        backup_unmount_drive
                        exit 276
                    fi
                    rm -rf $temp_restore_dir
                fi
            fi
        done
    fi
}

function restore_admin_readme {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'readme' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/readme ]; then
        echo $"Restoring admin user README"

        # Make a backup of the original README file
        # incase old passwords need to be used
        if [ -f "/home/$ADMIN_USERNAME/README" ]; then
            if [ ! -f "/home/$ADMIN_USERNAME/README_original" ]; then
                cp "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/README_original"
            fi
        fi

        temp_restore_dir=/root/tempreadme
        restore_directory_from_usb $temp_restore_dir readme
        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
        else
            cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
        fi
        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            rm -rf $temp_restore_dir
            set_user_permissions
            backup_unmount_drive
            exit 276
        fi
        rm -rf $temp_restore_dir
    fi
}

function restore_user_ssh_keys {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'ssh' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/ssh ]; then
        for d in $USB_MOUNT/backup/ssh/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ ! -d "/home/$USERNAME" ]; then
                    ${PROJECT_NAME}-adduser "$USERNAME"
                fi
                echo $"Restoring ssh keys for $USERNAME"
                temp_restore_dir=/root/tempssh
                restore_directory_from_usb $temp_restore_dir "ssh/$USERNAME"
                if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
                    cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
                else
                    if [ ! -d "/home/$USERNAME/.ssh" ]; then
                        mkdir "/home/$USERNAME/.ssh"
                    fi
                    cp -r "$temp_restore_dir/"* "/home/$USERNAME/.ssh/"
                fi
                # shellcheck disable=SC2181
                if [ ! "$?" = "0" ]; then
                    rm -rf $temp_restore_dir
                    set_user_permissions
                    backup_unmount_drive
                    exit 664
                fi
                rm -rf $temp_restore_dir
            fi
        done
    fi
}

function restore_user_config {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'userconfig' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/config ]; then
        for d in $USB_MOUNT/backup/config/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ ! -d "/home/$USERNAME" ]; then
                    ${PROJECT_NAME}-adduser "$USERNAME"
                fi
                echo $"Restoring config files for $USERNAME"
                temp_restore_dir=/root/tempconfig
                restore_directory_from_usb $temp_restore_dir "config/$USERNAME"
                if [ -d "$temp_restore_dir/home/$USERNAME/.config" ]; then
                    cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
                else
                    if [ ! -d "/home/$USERNAME/.config" ]; then
                        mkdir "/home/$USERNAME/.config"
                    fi
                    cp -r $temp_restore_dir/* "/home/$USERNAME/.config/"
                fi
                # shellcheck disable=SC2181
                if [ ! "$?" = "0" ]; then
                    rm -rf $temp_restore_dir
                    set_user_permissions
                    backup_unmount_drive
                    exit 664
                fi
                rm -rf $temp_restore_dir
            fi
        done
    fi
}

function restore_user_monkeysphere {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'usermonkeysphere' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/monkeysphere ]; then
        for d in $USB_MOUNT/backup/monkeysphere/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ ! -d "/home/$USERNAME" ]; then
                    ${PROJECT_NAME}-adduser "$USERNAME"
                fi
                echo $"Restoring monkeysphere ids for $USERNAME"
                temp_restore_dir=/root/tempmonkeysphere
                restore_directory_from_usb $temp_restore_dir "monkeysphere/$USERNAME"
                if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
                    cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
                else
                    if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
                        mkdir "/home/$USERNAME/.monkeysphere"
                    fi
                    cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere"
                fi
                # shellcheck disable=SC2181
                if [ ! "$?" = "0" ]; then
                    rm -rf $temp_restore_dir
                    set_user_permissions
                    backup_unmount_drive
                    exit 664
                fi
                rm -rf $temp_restore_dir
            fi
        done

        # The admin user is the identity certifier
        MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
        read_config_param MY_EMAIL_ADDRESS
        MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
        fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
        monkeysphere-authentication add-identity-certifier "$fpr"
        monkeysphere-authentication update-users
    fi
}

function restore_user_fin {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'userfin' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/fin ]; then
        for d in $USB_MOUNT/backup/fin/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ ! -d "/home/$USERNAME" ]; then
                    ${PROJECT_NAME}-adduser "$USERNAME"
                fi
                echo $"Restoring fin files for $USERNAME"
                temp_restore_dir=/root/tempfin
                restore_directory_from_usb $temp_restore_dir "fin/$USERNAME"
                if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
                    cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
                else
                    if [ ! -d "/home/$USERNAME/.fin" ]; then
                        mkdir "/home/$USERNAME/.fin"
                    fi
                    cp -r "$temp_restore_dir/"* "/home/$USERNAME/.fin/"
                fi
                # shellcheck disable=SC2181
                if [ ! "$?" = "0" ]; then
                    rm -rf $temp_restore_dir
                    set_user_permissions
                    backup_unmount_drive
                    exit 664
                fi
                rm -rf $temp_restore_dir
            fi
        done
    fi
}

function restore_user_local {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'userlocal' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/local ]; then
        for d in $USB_MOUNT/backup/local/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ ! -d "/home/$USERNAME" ]; then
                    ${PROJECT_NAME}-adduser "$USERNAME"
                fi
                echo $"Restoring local files for $USERNAME"
                temp_restore_dir=/root/templocal
                restore_directory_from_usb $temp_restore_dir "local/$USERNAME"
                if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
                    cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
                else
                    if [ ! -d "/home/$USERNAME/.local" ]; then
                        mkdir "/home/$USERNAME/.local"
                    fi
                    cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
                fi
                # shellcheck disable=SC2181
                if [ ! "$?" = "0" ]; then
                    rm -rf $temp_restore_dir
                    set_user_permissions
                    backup_unmount_drive
                    exit 664
                fi
                rm -rf $temp_restore_dir
            fi
        done
    fi
}

function restore_certs {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'certs' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/ssl ]; then
        echo $"Restoring certificates"
        mkdir /root/tempssl
        restore_directory_from_usb /root/tempssl ssl
        if [ -d /root/tempssl/etc/ssl ]; then
            cp -r /root/tempssl/etc/ssl/* /etc/ssl
        else
            cp -r /root/tempssl/* /etc/ssl/
        fi
        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            set_user_permissions
            backup_unmount_drive
            exit 276
        fi
        rm -rf /root/tempssl
        update-ca-certificates

        # restore ownership
        if [ -f /etc/ssl/private/xmpp.key ]; then
            chown prosody:prosody /etc/ssl/private/xmpp.key
            chown prosody:prosody /etc/ssl/certs/xmpp.*
        fi
        if [ -d /etc/dovecot ]; then
            chown root:dovecot /etc/ssl/private/dovecot.*
            chown root:dovecot /etc/ssl/certs/dovecot.*
        fi
        if [ -f /etc/ssl/private/exim.key ]; then
            cp /etc/ssl/private/exim.key /etc/exim4
            cp /etc/ssl/certs/exim.crt /etc/exim4
            cp /etc/ssl/certs/exim.dhparam /etc/exim4
            chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
            chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
        fi
        if [ -f /etc/ssl/private/mumble.key ]; then
            if [ -d /var/lib/mumble-server ]; then
                cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
                cp /etc/ssl/private/mumble.key /var/lib/mumble-server
                chown -R mumble-server:mumble-server /var/lib/mumble-server
            fi
        fi
    fi
}

function restore_personal_settings {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'personal' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/personal ]; then
        for d in $USB_MOUNT/backup/personal/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ -d "$USB_MOUNT/backup/personal/$USERNAME" ]; then
                    if [ ! -d "/home/$USERNAME" ]; then
                        ${PROJECT_NAME}-adduser "$USERNAME"
                    fi
                    echo $"Restoring personal settings for $USERNAME"
                    temp_restore_dir=/root/temppersonal
                    restore_directory_from_usb $temp_restore_dir "personal/$USERNAME"
                    if [ -d "/home/$USERNAME/personal" ]; then
                        rm -rf "/home/$USERNAME/personal"
                    fi
                    if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
                        # shellcheck disable=SC2086
                        mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
                    else
                        if [ ! -d "/home/$USERNAME/personal" ]; then
                            mkdir "/home/$USERNAME/personal"
                        fi
                        cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
                    fi
                    # shellcheck disable=SC2181
                    if [ ! "$?" = "0" ]; then
                        set_user_permissions
                        backup_unmount_drive
                        exit 184
                    fi
                    rm -rf $temp_restore_dir
                fi
            fi
        done
    fi
}

function restore_mailing_list {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'mailinglist' ]]; then
            return
        fi
    fi
    if [ -d /var/spool/mlmmj ]; then
        echo $"Restoring public mailing list"
        temp_restore_dir=/root/tempmailinglist
        restore_directory_from_usb $temp_restore_dir mailinglist
        if [ -d $temp_restore_dir/root/spool/mlmmj ]; then
            cp -r $temp_restore_dir/root/spool/mlmmj/* /var/spool/mlmmj
        else
            cp -r $temp_restore_dir/* /var/spool/mlmmj/
        fi
        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            set_user_permissions
            backup_unmount_drive
            exit 526
        fi
        rm -rf $temp_restore_dir
    fi
}

function restore_email {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'email' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/mail ]; then
        for d in $USB_MOUNT/backup/mail/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                if [ ! -d "/home/$USERNAME" ]; then
                    ${PROJECT_NAME}-adduser "$USERNAME"
                fi
                echo $"Restoring emails for $USERNAME"
                temp_restore_dir=/root/tempmail
                restore_directory_from_usb $temp_restore_dir "mail/$USERNAME"
                if [ ! -d "/home/$USERNAME/Maildir" ]; then
                    mkdir "/home/$USERNAME/Maildir"
                fi
                if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
                    tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
                else
                    tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
                fi
                # shellcheck disable=SC2181
                if [ ! "$?" = "0" ]; then
                    set_user_permissions
                    backup_unmount_drive
                    exit 9276382
                fi
                rm -rf $temp_restore_dir
            fi
        done
    fi
}

function get_restore_app {
    if [ "${1}" ]; then
        if [ ! -d "/home/${1}" ]; then
            RESTORE_APP="${1}"
            echo $"Restore $RESTORE_APP"
        fi
    fi
}

get_restore_app "${2}"
backup_mount_drive "${1}" "${ADMIN_USERNAME}" "${2}"
check_backup_exists
check_admin_user
copy_gpg_keys
gpg_agent_setup root
restore_blocklist
restore_configfiles
same_admin_user
restore_passwordstore
restore_mariadb
restore_postgresql
restore_letsencrypt
restore_tor
restore_mutt_settings
restore_gpg
restore_procmail
restore_spamassassin
restore_admin_readme
restore_user_ssh_keys
restore_user_config
restore_user_monkeysphere
restore_user_fin
restore_user_local
restore_certs
restore_personal_settings
restore_mailing_list
restore_email
restore_apps local "$RESTORE_APP"
set_user_permissions
update_default_domain
backup_unmount_drive

# ensure that all TLS certificates are pinned
#${PROJECT_NAME}-pin-cert all

echo $"Restore from USB drive is complete. You can now unplug it."

exit 0