freedombone-restore-local 36KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006
  1. #!/bin/bash
  2. # _____ _ _
  3. # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
  4. # | __| _| -_| -_| . | . | | . | . | | -_|
  5. # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
  6. #
  7. # Freedom in the Cloud
  8. #
  9. # Restore from local storage - typically a USB drive
  10. #
  11. # License
  12. # =======
  13. #
  14. # Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
  15. #
  16. # This program is free software: you can redistribute it and/or modify
  17. # it under the terms of the GNU Affero General Public License as published by
  18. # the Free Software Foundation, either version 3 of the License, or
  19. # (at your option) any later version.
  20. #
  21. # This program is distributed in the hope that it will be useful,
  22. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  23. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  24. # GNU Affero General Public License for more details.
  25. #
  26. # You should have received a copy of the GNU Affero General Public License
  27. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  28. PROJECT_NAME='freedombone'
  29. COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
  30. MONGODB_APPS_FILE=$HOME/.mongodbapps
  31. CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
  32. BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
  33. # whether to restore everything or just a specific application
  34. RESTORE_APP='all'
  35. export TEXTDOMAIN=${PROJECT_NAME}-restore-local
  36. export TEXTDOMAINDIR="/usr/share/locale"
  37. PROJECT_INSTALL_DIR=/usr/local/bin
  38. if [ -f /usr/bin/${PROJECT_NAME} ]; then
  39. PROJECT_INSTALL_DIR=/usr/bin
  40. fi
  41. # MariaDB password
  42. DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
  43. function please_wait {
  44. local str width height length
  45. width=$(tput cols)
  46. height=$(tput lines)
  47. str="Standby to restore from USB"
  48. length=${#str}
  49. clear
  50. tput cup $((height / 2)) $(((width / 2) - (length / 2)))
  51. echo "$str"
  52. tput cup $((height * 3 / 5)) $(((width / 2)))
  53. echo -n ''
  54. }
  55. please_wait
  56. source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
  57. # include utils which allow function_check, go and drive mount
  58. UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
  59. for f in $UTILS_FILES
  60. do
  61. source "$f"
  62. done
  63. clear
  64. USB_DRIVE=/dev/sdb1
  65. USB_MOUNT=/mnt/usb
  66. ADMIN_USERNAME=''
  67. ADMIN_NAME=
  68. read_config_param USB_DRIVE
  69. if [ -f "$COMPLETION_FILE" ]; then
  70. ADMIN_USERNAME=$(get_completion_param "Admin user")
  71. fi
  72. function check_backup_exists {
  73. if [ ! -d $USB_MOUNT/backup ]; then
  74. echo $"No backup directory found on the USB drive."
  75. set_user_permissions
  76. backup_unmount_drive
  77. exit 2
  78. fi
  79. }
  80. function check_admin_user {
  81. echo $"Checking that admin user exists"
  82. if [ ! -d "/home/$ADMIN_USERNAME" ]; then
  83. echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username."
  84. set_user_permissions
  85. backup_unmount_drive
  86. exit 295
  87. fi
  88. }
  89. function copy_gpg_keys {
  90. echo $"Copying GPG keys from admin user to root"
  91. cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
  92. gpg_set_permissions root
  93. }
  94. function restore_blocklist {
  95. if [[ $RESTORE_APP != 'all' ]]; then
  96. if [[ $RESTORE_APP != 'blocklist' ]]; then
  97. return
  98. fi
  99. fi
  100. if [ -d $USB_MOUNT/backup/blocklist ]; then
  101. echo $"Restoring blocklist"
  102. temp_restore_dir=/root/tempblocklist
  103. restore_directory_from_usb $temp_restore_dir blocklist
  104. if [ -d $temp_restore_dir/root/tempbackupblocklist ]; then
  105. cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
  106. else
  107. cp -f $temp_restore_dir/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
  108. fi
  109. rm -rf $temp_restore_dir
  110. firewall_refresh_blocklist
  111. fi
  112. }
  113. function restore_configfiles {
  114. if [[ $RESTORE_APP != 'all' ]]; then
  115. if [[ $RESTORE_APP != 'configfiles' ]]; then
  116. return
  117. fi
  118. fi
  119. # this restores *.cfg and COMPLETION_FILE
  120. if [ -d $USB_MOUNT/backup/configfiles ]; then
  121. echo $"Restoring configuration files"
  122. temp_restore_dir=/root/tempconfigfiles
  123. restore_directory_from_usb $temp_restore_dir configfiles
  124. if [ -d $temp_restore_dir/root ]; then
  125. if [ -f $temp_restore_dir/root/.nostore ]; then
  126. if [ ! -f /root/.nostore ]; then
  127. touch /root/.nostore
  128. fi
  129. else
  130. if [ -f /root/.nostore ]; then
  131. rm /root/.nostore
  132. fi
  133. fi
  134. else
  135. if [ -f $temp_restore_dir/.nostore ]; then
  136. if [ ! -f /root/.nostore ]; then
  137. touch /root/.nostore
  138. fi
  139. else
  140. if [ -f /root/.nostore ]; then
  141. rm /root/.nostore
  142. fi
  143. fi
  144. fi
  145. #if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
  146. # cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
  147. #fi
  148. #if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
  149. # cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
  150. # if [ ! "$?" = "0" ]; then
  151. # set_user_permissions
  152. # backup_unmount_drive
  153. # rm -rf $temp_restore_dir
  154. # exit 5294
  155. # fi
  156. #fi
  157. if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
  158. if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
  159. set_user_permissions
  160. backup_unmount_drive
  161. rm -rf "$temp_restore_dir"
  162. exit 859034853
  163. fi
  164. fi
  165. #if [ -f $CONFIGURATION_FILE ]; then
  166. # # install according to the config file
  167. # freedombone -c $CONFIGURATION_FILE
  168. #fi
  169. #if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
  170. # cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
  171. # if [ ! "$?" = "0" ]; then
  172. # set_user_permissions
  173. # backup_unmount_drive
  174. # rm -rf $temp_restore_dir
  175. # exit 6382
  176. # fi
  177. #fi
  178. if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
  179. if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
  180. set_user_permissions
  181. backup_unmount_drive
  182. rm -rf "$temp_restore_dir"
  183. exit 62121
  184. fi
  185. fi
  186. # restore nginx password hashes
  187. if [ -d $temp_restore_dir/root ]; then
  188. if [ -f $temp_restore_dir/root/htpasswd ]; then
  189. cp -f $temp_restore_dir/root/htpasswd /etc/nginx/.htpasswd
  190. fi
  191. else
  192. if [ -f $temp_restore_dir/htpasswd ]; then
  193. cp -f $temp_restore_dir/htpasswd /etc/nginx/.htpasswd
  194. fi
  195. fi
  196. rm -rf $temp_restore_dir
  197. fi
  198. }
  199. function same_admin_user {
  200. PREV_ADMIN_USERNAME=$(get_completion_param "Admin user")
  201. if [[ "$PREV_ADMIN_USERNAME" != "$ADMIN_USERNAME" ]]; then
  202. echo $"The admin username has changed from $PREV_ADMIN_USERNAME to $ADMIN_USERNAME. To restore you will first need to install a new ${PROJECT_NAME} system with an initial admin user named $PREV_ADMIN_USERNAME"
  203. set_user_permissions
  204. backup_unmount_drive
  205. exit 73265
  206. fi
  207. }
  208. function restore_mariadb {
  209. if [[ $RESTORE_APP != 'all' ]]; then
  210. if [[ $RESTORE_APP != 'mariadb' ]]; then
  211. return
  212. fi
  213. fi
  214. if [[ $(is_completed install_mariadb) == "0" ]]; then
  215. function_check install_mariadb
  216. install_mariadb
  217. fi
  218. if [ -d $USB_MOUNT/backup/mariadb ]; then
  219. echo $"Restoring mysql settings"
  220. keep_database_running
  221. temp_restore_dir=/root/tempmariadb
  222. restore_directory_from_usb $temp_restore_dir mariadb
  223. store_original_mariadb_password
  224. echo $'Obtaining original MariaDB password'
  225. db_pass=$(cat /root/.mariadboriginal)
  226. if [ ${#db_pass} -gt 0 ]; then
  227. echo $"Restore the MariaDB user table"
  228. if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
  229. mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
  230. else
  231. mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
  232. fi
  233. # shellcheck disable=SC2181
  234. if [ ! "$?" = "0" ]; then
  235. echo $"Try again using the password obtained from backup"
  236. db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
  237. if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
  238. mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
  239. else
  240. mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
  241. fi
  242. fi
  243. # shellcheck disable=SC2181
  244. if [ ! "$?" = "0" ]; then
  245. echo "$mysqlsuccess"
  246. set_user_permissions
  247. backup_unmount_drive
  248. exit 962
  249. fi
  250. echo $"Restarting database"
  251. systemctl restart mariadb
  252. echo $"Ensure MariaDB handles authentication"
  253. MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
  254. mariadb_fix_authentication
  255. DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
  256. fi
  257. rm -rf $temp_restore_dir
  258. fi
  259. }
  260. function restore_postgresql {
  261. if [[ $RESTORE_APP != 'all' ]]; then
  262. if [[ $RESTORE_APP != 'postgresql' ]]; then
  263. return
  264. fi
  265. fi
  266. if [[ $(is_completed install_postgresql) == "0" ]]; then
  267. function_check install_postgresql
  268. install_postgresql
  269. fi
  270. if [ -d $USB_MOUNT/backup/postgresql ]; then
  271. echo $"Restoring postgresql settings"
  272. temp_restore_dir=/root/temppostgresql
  273. restore_directory_from_usb $temp_restore_dir postgresql
  274. store_original_postgresql_password
  275. echo $'Obtaining original postgresql password'
  276. db_pass=$(cat /root/.postgresqloriginal)
  277. if [ ${#db_pass} -gt 0 ]; then
  278. echo $"Restore the postgresql user table"
  279. if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
  280. mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
  281. else
  282. mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
  283. fi
  284. # shellcheck disable=SC2181
  285. if [ ! "$?" = "0" ]; then
  286. echo $"Try again using the password obtained from backup"
  287. db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
  288. if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
  289. mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
  290. else
  291. mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
  292. fi
  293. fi
  294. # shellcheck disable=SC2181
  295. if [ ! "$?" = "0" ]; then
  296. echo "$mysqlsuccess"
  297. set_user_permissions
  298. backup_unmount_drive
  299. exit 73825
  300. fi
  301. echo $"Restarting database"
  302. systemctl restart postgresql
  303. echo $"Ensure postgresql handles authentication"
  304. POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
  305. DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
  306. fi
  307. rm -rf $temp_restore_dir
  308. fi
  309. }
  310. function restore_letsencrypt {
  311. if [[ $RESTORE_APP != 'all' ]]; then
  312. if [[ $RESTORE_APP != 'letsencrypt' ]]; then
  313. return
  314. fi
  315. fi
  316. if [ -d $USB_MOUNT/backup/letsencrypt ]; then
  317. echo $"Restoring Lets Encrypt settings"
  318. #restore_directory_from_usb / letsencrypt
  319. restore_directory_from_usb /etc/letsencrypt letsencrypt
  320. chgrp -R ssl-cert /etc/letsencrypt
  321. chmod -R g=rX /etc/letsencrypt
  322. fi
  323. }
  324. function restore_passwordstore {
  325. if [[ $RESTORE_APP != 'all' ]]; then
  326. if [[ $RESTORE_APP != 'passwords' ]]; then
  327. return
  328. fi
  329. fi
  330. if [ -d $USB_MOUNT/backup/passwordstore ]; then
  331. store_original_mariadb_password
  332. echo $"Restoring password store"
  333. #restore_directory_from_usb / passwordstore
  334. restore_directory_from_usb /root/.passwords passwordstore
  335. fi
  336. }
  337. function restore_tor {
  338. if [[ $RESTORE_APP != 'all' ]]; then
  339. if [[ $RESTORE_APP != 'tor' ]]; then
  340. return
  341. fi
  342. fi
  343. if [ -d $USB_MOUNT/backup/tor ]; then
  344. echo $"Restoring Tor settings"
  345. #restore_directory_from_usb / tor
  346. restore_directory_from_usb /var/lib/tor tor
  347. fi
  348. }
  349. function restore_mutt_settings {
  350. if [[ $RESTORE_APP != 'all' ]]; then
  351. if [[ $RESTORE_APP != 'mutt' ]]; then
  352. return
  353. fi
  354. fi
  355. if [ -d $USB_MOUNT/backup/mutt ]; then
  356. for d in $USB_MOUNT/backup/mutt/*/ ; do
  357. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  358. # skip over configurations
  359. if [[ "$USERNAME" == *'configs' ]]; then
  360. continue
  361. fi
  362. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  363. if [ ! -d "/home/$USERNAME" ]; then
  364. "${PROJECT_NAME}-adduser" "$USERNAME"
  365. fi
  366. echo $"Restoring Mutt configurations for $USERNAME"
  367. restore_directory_from_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
  368. echo $"Restoring Mutt settings for $USERNAME"
  369. temp_restore_dir=/root/tempmutt
  370. restore_directory_from_usb "$temp_restore_dir" "mutt/$USERNAME"
  371. if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
  372. if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" ]; then
  373. cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
  374. sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
  375. sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
  376. fi
  377. if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" ]; then
  378. cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
  379. sed -i '/set sidebar_delim/d' /etc/Muttrc
  380. sed -i '/set sidebar_sort/d' /etc/Muttrc
  381. fi
  382. else
  383. if [ -f $temp_restore_dir/.muttrc ]; then
  384. cp -f "$temp_restore_dir/.muttrc" "/home/$USERNAME/.muttrc"
  385. sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
  386. sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
  387. fi
  388. if [ -f $temp_restore_dir/Muttrc ]; then
  389. cp -f $temp_restore_dir/Muttrc /etc/Muttrc
  390. sed -i '/set sidebar_delim/d' /etc/Muttrc
  391. sed -i '/set sidebar_sort/d' /etc/Muttrc
  392. fi
  393. fi
  394. # shellcheck disable=SC2181
  395. if [ ! "$?" = "0" ]; then
  396. rm -rf $temp_restore_dir
  397. set_user_permissions
  398. backup_unmount_drive
  399. exit 276
  400. fi
  401. rm -rf $temp_restore_dir
  402. fi
  403. done
  404. fi
  405. }
  406. function restore_gpg {
  407. if [[ $RESTORE_APP != 'gpg' ]]; then
  408. return
  409. fi
  410. if [ -d $USB_MOUNT/backup/gnupg ]; then
  411. for d in $USB_MOUNT/backup/gnupg/*/ ; do
  412. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  413. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  414. if [ ! -d "/home/$USERNAME" ]; then
  415. "${PROJECT_NAME}-adduser" "$USERNAME"
  416. fi
  417. echo $"Restoring gnupg settings for $USERNAME"
  418. temp_restore_dir=/root/tempgnupg
  419. restore_directory_from_usb $temp_restore_dir "gnupg/$USERNAME"
  420. if [ -d "$temp_restore_dir/home/$USERNAME/.gnupg" ]; then
  421. cp -r "$temp_restore_dir/home/$USERNAME/.gnupg" "/home/$USERNAME/"
  422. else
  423. if [ ! -d "/home/$USERNAME/.gnupg" ]; then
  424. mkdir "/home/$USERNAME/.gnupg"
  425. fi
  426. cp -r $temp_restore_dir/* "/home/$USERNAME/.gnupg/"
  427. fi
  428. # shellcheck disable=SC2181
  429. if [ ! "$?" = "0" ]; then
  430. rm -rf $temp_restore_dir
  431. set_user_permissions
  432. backup_unmount_drive
  433. exit 276
  434. fi
  435. rm -rf $temp_restore_dir
  436. gpg_set_permissions "$USERNAME"
  437. if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
  438. if ! cp -r "/home/$USERNAME/.gnupg" /root; then
  439. set_user_permissions
  440. backup_unmount_drive
  441. exit 283
  442. fi
  443. gpg_set_permissions root
  444. fi
  445. fi
  446. done
  447. fi
  448. }
  449. function restore_procmail {
  450. if [[ $RESTORE_APP != 'all' ]]; then
  451. if [[ $RESTORE_APP != 'procmail' ]]; then
  452. return
  453. fi
  454. fi
  455. if [ -d $USB_MOUNT/backup/procmail ]; then
  456. for d in $USB_MOUNT/backup/procmail/*/ ; do
  457. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  458. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  459. if [ ! -d "/home/$USERNAME" ]; then
  460. ${PROJECT_NAME}-adduser "$USERNAME"
  461. fi
  462. echo $"Restoring procmail settings for $USERNAME"
  463. temp_restore_dir=/root/tempprocmail
  464. restore_directory_from_usb $temp_restore_dir "procmail/$USERNAME"
  465. if [ -d $temp_restore_dir ]; then
  466. if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
  467. cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
  468. else
  469. cp -f "$temp_restore_dir/.procmailrc" "/home/$USERNAME/.procmailrc"
  470. fi
  471. # shellcheck disable=SC2181
  472. if [ ! "$?" = "0" ]; then
  473. rm -rf $temp_restore_dir
  474. set_user_permissions
  475. backup_unmount_drive
  476. exit 276
  477. fi
  478. rm -rf $temp_restore_dir
  479. fi
  480. fi
  481. done
  482. fi
  483. }
  484. function restore_spamassassin {
  485. if [[ $RESTORE_APP != 'all' ]]; then
  486. if [[ $RESTORE_APP != 'spamassassin' ]]; then
  487. return
  488. fi
  489. fi
  490. if [ -d $USB_MOUNT/backup/spamassassin ]; then
  491. for d in $USB_MOUNT/backup/spamassassin/*/ ; do
  492. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  493. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  494. if [ -d "$USB_MOUNT/backup/spamassassin/$USERNAME" ]; then
  495. if [ ! -d "/home/$USERNAME" ]; then
  496. ${PROJECT_NAME}-adduser "$USERNAME"
  497. fi
  498. echo $"Restoring spamassassin settings for $USERNAME"
  499. temp_restore_dir=/root/tempspamassassin
  500. restore_directory_from_usb $temp_restore_dir "spamassassin/$USERNAME"
  501. if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
  502. cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
  503. else
  504. if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
  505. mkdir "/home/$USERNAME/.spamassassin"
  506. fi
  507. cp -rf "$temp_restore_dir/"* "/home/$USERNAME/.spamassassin/"
  508. fi
  509. # shellcheck disable=SC2181
  510. if [ ! "$?" = "0" ]; then
  511. rm -rf $temp_restore_dir
  512. set_user_permissions
  513. backup_unmount_drive
  514. exit 276
  515. fi
  516. rm -rf $temp_restore_dir
  517. fi
  518. fi
  519. done
  520. fi
  521. }
  522. function restore_admin_readme {
  523. if [[ $RESTORE_APP != 'all' ]]; then
  524. if [[ $RESTORE_APP != 'readme' ]]; then
  525. return
  526. fi
  527. fi
  528. if [ -d $USB_MOUNT/backup/readme ]; then
  529. echo $"Restoring admin user README"
  530. # Make a backup of the original README file
  531. # incase old passwords need to be used
  532. if [ -f "/home/$ADMIN_USERNAME/README" ]; then
  533. if [ ! -f "/home/$ADMIN_USERNAME/README_original" ]; then
  534. cp "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/README_original"
  535. fi
  536. fi
  537. temp_restore_dir=/root/tempreadme
  538. restore_directory_from_usb $temp_restore_dir readme
  539. if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
  540. cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
  541. else
  542. cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
  543. fi
  544. # shellcheck disable=SC2181
  545. if [ ! "$?" = "0" ]; then
  546. rm -rf $temp_restore_dir
  547. set_user_permissions
  548. backup_unmount_drive
  549. exit 276
  550. fi
  551. rm -rf $temp_restore_dir
  552. fi
  553. }
  554. function restore_user_ssh_keys {
  555. if [[ $RESTORE_APP != 'all' ]]; then
  556. if [[ $RESTORE_APP != 'ssh' ]]; then
  557. return
  558. fi
  559. fi
  560. if [ -d $USB_MOUNT/backup/ssh ]; then
  561. for d in $USB_MOUNT/backup/ssh/*/ ; do
  562. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  563. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  564. if [ ! -d "/home/$USERNAME" ]; then
  565. ${PROJECT_NAME}-adduser "$USERNAME"
  566. fi
  567. echo $"Restoring ssh keys for $USERNAME"
  568. temp_restore_dir=/root/tempssh
  569. restore_directory_from_usb $temp_restore_dir "ssh/$USERNAME"
  570. if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
  571. cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
  572. else
  573. if [ ! -d "/home/$USERNAME/.ssh" ]; then
  574. mkdir "/home/$USERNAME/.ssh"
  575. fi
  576. cp -r "$temp_restore_dir/"* "/home/$USERNAME/.ssh/"
  577. fi
  578. # shellcheck disable=SC2181
  579. if [ ! "$?" = "0" ]; then
  580. rm -rf $temp_restore_dir
  581. set_user_permissions
  582. backup_unmount_drive
  583. exit 664
  584. fi
  585. rm -rf $temp_restore_dir
  586. fi
  587. done
  588. fi
  589. }
  590. function restore_user_config {
  591. if [[ $RESTORE_APP != 'all' ]]; then
  592. if [[ $RESTORE_APP != 'userconfig' ]]; then
  593. return
  594. fi
  595. fi
  596. if [ -d $USB_MOUNT/backup/config ]; then
  597. for d in $USB_MOUNT/backup/config/*/ ; do
  598. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  599. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  600. if [ ! -d "/home/$USERNAME" ]; then
  601. ${PROJECT_NAME}-adduser "$USERNAME"
  602. fi
  603. echo $"Restoring config files for $USERNAME"
  604. temp_restore_dir=/root/tempconfig
  605. restore_directory_from_usb $temp_restore_dir "config/$USERNAME"
  606. if [ -d "$temp_restore_dir/home/$USERNAME/.config" ]; then
  607. cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
  608. else
  609. if [ ! -d "/home/$USERNAME/.config" ]; then
  610. mkdir "/home/$USERNAME/.config"
  611. fi
  612. cp -r $temp_restore_dir/* "/home/$USERNAME/.config/"
  613. fi
  614. # shellcheck disable=SC2181
  615. if [ ! "$?" = "0" ]; then
  616. rm -rf $temp_restore_dir
  617. set_user_permissions
  618. backup_unmount_drive
  619. exit 664
  620. fi
  621. rm -rf $temp_restore_dir
  622. fi
  623. done
  624. fi
  625. }
  626. function restore_user_monkeysphere {
  627. if [[ $RESTORE_APP != 'all' ]]; then
  628. if [[ $RESTORE_APP != 'usermonkeysphere' ]]; then
  629. return
  630. fi
  631. fi
  632. if [ -d $USB_MOUNT/backup/monkeysphere ]; then
  633. for d in $USB_MOUNT/backup/monkeysphere/*/ ; do
  634. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  635. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  636. if [ ! -d "/home/$USERNAME" ]; then
  637. ${PROJECT_NAME}-adduser "$USERNAME"
  638. fi
  639. echo $"Restoring monkeysphere ids for $USERNAME"
  640. temp_restore_dir=/root/tempmonkeysphere
  641. restore_directory_from_usb $temp_restore_dir "monkeysphere/$USERNAME"
  642. if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
  643. cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
  644. else
  645. if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
  646. mkdir "/home/$USERNAME/.monkeysphere"
  647. fi
  648. cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere"
  649. fi
  650. # shellcheck disable=SC2181
  651. if [ ! "$?" = "0" ]; then
  652. rm -rf $temp_restore_dir
  653. set_user_permissions
  654. backup_unmount_drive
  655. exit 664
  656. fi
  657. rm -rf $temp_restore_dir
  658. fi
  659. done
  660. # The admin user is the identity certifier
  661. MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
  662. read_config_param MY_EMAIL_ADDRESS
  663. MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
  664. fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
  665. monkeysphere-authentication add-identity-certifier "$fpr"
  666. monkeysphere-authentication update-users
  667. fi
  668. }
  669. function restore_user_fin {
  670. if [[ $RESTORE_APP != 'all' ]]; then
  671. if [[ $RESTORE_APP != 'userfin' ]]; then
  672. return
  673. fi
  674. fi
  675. if [ -d $USB_MOUNT/backup/fin ]; then
  676. for d in $USB_MOUNT/backup/fin/*/ ; do
  677. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  678. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  679. if [ ! -d "/home/$USERNAME" ]; then
  680. ${PROJECT_NAME}-adduser "$USERNAME"
  681. fi
  682. echo $"Restoring fin files for $USERNAME"
  683. temp_restore_dir=/root/tempfin
  684. restore_directory_from_usb $temp_restore_dir "fin/$USERNAME"
  685. if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
  686. cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
  687. else
  688. if [ ! -d "/home/$USERNAME/.fin" ]; then
  689. mkdir "/home/$USERNAME/.fin"
  690. fi
  691. cp -r "$temp_restore_dir/"* "/home/$USERNAME/.fin/"
  692. fi
  693. # shellcheck disable=SC2181
  694. if [ ! "$?" = "0" ]; then
  695. rm -rf $temp_restore_dir
  696. set_user_permissions
  697. backup_unmount_drive
  698. exit 664
  699. fi
  700. rm -rf $temp_restore_dir
  701. fi
  702. done
  703. fi
  704. }
  705. function restore_user_local {
  706. if [[ $RESTORE_APP != 'all' ]]; then
  707. if [[ $RESTORE_APP != 'userlocal' ]]; then
  708. return
  709. fi
  710. fi
  711. if [ -d $USB_MOUNT/backup/local ]; then
  712. for d in $USB_MOUNT/backup/local/*/ ; do
  713. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  714. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  715. if [ ! -d "/home/$USERNAME" ]; then
  716. ${PROJECT_NAME}-adduser "$USERNAME"
  717. fi
  718. echo $"Restoring local files for $USERNAME"
  719. temp_restore_dir=/root/templocal
  720. restore_directory_from_usb $temp_restore_dir "local/$USERNAME"
  721. if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
  722. cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
  723. else
  724. if [ ! -d "/home/$USERNAME/.local" ]; then
  725. mkdir "/home/$USERNAME/.local"
  726. fi
  727. cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
  728. fi
  729. # shellcheck disable=SC2181
  730. if [ ! "$?" = "0" ]; then
  731. rm -rf $temp_restore_dir
  732. set_user_permissions
  733. backup_unmount_drive
  734. exit 664
  735. fi
  736. rm -rf $temp_restore_dir
  737. fi
  738. done
  739. fi
  740. }
  741. function restore_certs {
  742. if [[ $RESTORE_APP != 'all' ]]; then
  743. if [[ $RESTORE_APP != 'certs' ]]; then
  744. return
  745. fi
  746. fi
  747. if [ -d $USB_MOUNT/backup/ssl ]; then
  748. echo $"Restoring certificates"
  749. mkdir /root/tempssl
  750. restore_directory_from_usb /root/tempssl ssl
  751. if [ -d /root/tempssl/etc/ssl ]; then
  752. cp -r /root/tempssl/etc/ssl/* /etc/ssl
  753. else
  754. cp -r /root/tempssl/* /etc/ssl/
  755. fi
  756. # shellcheck disable=SC2181
  757. if [ ! "$?" = "0" ]; then
  758. set_user_permissions
  759. backup_unmount_drive
  760. exit 276
  761. fi
  762. rm -rf /root/tempssl
  763. update-ca-certificates
  764. # restore ownership
  765. if [ -f /etc/ssl/private/xmpp.key ]; then
  766. chown prosody:prosody /etc/ssl/private/xmpp.key
  767. chown prosody:prosody /etc/ssl/certs/xmpp.*
  768. fi
  769. if [ -d /etc/dovecot ]; then
  770. chown root:dovecot /etc/ssl/private/dovecot.*
  771. chown root:dovecot /etc/ssl/certs/dovecot.*
  772. fi
  773. if [ -f /etc/ssl/private/exim.key ]; then
  774. cp /etc/ssl/private/exim.key /etc/exim4
  775. cp /etc/ssl/certs/exim.crt /etc/exim4
  776. cp /etc/ssl/certs/exim.dhparam /etc/exim4
  777. chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
  778. chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
  779. fi
  780. if [ -f /etc/ssl/private/mumble.key ]; then
  781. if [ -d /var/lib/mumble-server ]; then
  782. cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
  783. cp /etc/ssl/private/mumble.key /var/lib/mumble-server
  784. chown -R mumble-server:mumble-server /var/lib/mumble-server
  785. fi
  786. fi
  787. fi
  788. }
  789. function restore_personal_settings {
  790. if [[ $RESTORE_APP != 'all' ]]; then
  791. if [[ $RESTORE_APP != 'personal' ]]; then
  792. return
  793. fi
  794. fi
  795. if [ -d $USB_MOUNT/backup/personal ]; then
  796. for d in $USB_MOUNT/backup/personal/*/ ; do
  797. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  798. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  799. if [ -d "$USB_MOUNT/backup/personal/$USERNAME" ]; then
  800. if [ ! -d "/home/$USERNAME" ]; then
  801. ${PROJECT_NAME}-adduser "$USERNAME"
  802. fi
  803. echo $"Restoring personal settings for $USERNAME"
  804. temp_restore_dir=/root/temppersonal
  805. restore_directory_from_usb $temp_restore_dir "personal/$USERNAME"
  806. if [ -d "/home/$USERNAME/personal" ]; then
  807. rm -rf "/home/$USERNAME/personal"
  808. fi
  809. if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
  810. # shellcheck disable=SC2086
  811. mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
  812. else
  813. if [ ! -d "/home/$USERNAME/personal" ]; then
  814. mkdir "/home/$USERNAME/personal"
  815. fi
  816. cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
  817. fi
  818. # shellcheck disable=SC2181
  819. if [ ! "$?" = "0" ]; then
  820. set_user_permissions
  821. backup_unmount_drive
  822. exit 184
  823. fi
  824. rm -rf $temp_restore_dir
  825. fi
  826. fi
  827. done
  828. fi
  829. }
  830. function restore_mailing_list {
  831. if [[ $RESTORE_APP != 'all' ]]; then
  832. if [[ $RESTORE_APP != 'mailinglist' ]]; then
  833. return
  834. fi
  835. fi
  836. if [ -d /var/spool/mlmmj ]; then
  837. echo $"Restoring public mailing list"
  838. temp_restore_dir=/root/tempmailinglist
  839. restore_directory_from_usb $temp_restore_dir mailinglist
  840. if [ -d $temp_restore_dir/root/spool/mlmmj ]; then
  841. cp -r $temp_restore_dir/root/spool/mlmmj/* /var/spool/mlmmj
  842. else
  843. cp -r $temp_restore_dir/* /var/spool/mlmmj/
  844. fi
  845. # shellcheck disable=SC2181
  846. if [ ! "$?" = "0" ]; then
  847. set_user_permissions
  848. backup_unmount_drive
  849. exit 526
  850. fi
  851. rm -rf $temp_restore_dir
  852. fi
  853. }
  854. function restore_email {
  855. if [[ $RESTORE_APP != 'all' ]]; then
  856. if [[ $RESTORE_APP != 'email' ]]; then
  857. return
  858. fi
  859. fi
  860. if [ -d $USB_MOUNT/backup/mail ]; then
  861. for d in $USB_MOUNT/backup/mail/*/ ; do
  862. USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
  863. if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
  864. if [ ! -d "/home/$USERNAME" ]; then
  865. ${PROJECT_NAME}-adduser "$USERNAME"
  866. fi
  867. echo $"Restoring emails for $USERNAME"
  868. temp_restore_dir=/root/tempmail
  869. restore_directory_from_usb $temp_restore_dir "mail/$USERNAME"
  870. if [ ! -d "/home/$USERNAME/Maildir" ]; then
  871. mkdir "/home/$USERNAME/Maildir"
  872. fi
  873. if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
  874. tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
  875. else
  876. tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
  877. fi
  878. # shellcheck disable=SC2181
  879. if [ ! "$?" = "0" ]; then
  880. set_user_permissions
  881. backup_unmount_drive
  882. exit 9276382
  883. fi
  884. rm -rf $temp_restore_dir
  885. fi
  886. done
  887. fi
  888. }
  889. function get_restore_app {
  890. if [ "${1}" ]; then
  891. if [ ! -d "/home/${1}" ]; then
  892. RESTORE_APP="${1}"
  893. echo $"Restore $RESTORE_APP"
  894. fi
  895. fi
  896. }
  897. get_restore_app "${2}"
  898. backup_mount_drive "${1}" "${ADMIN_USERNAME}" "${2}"
  899. check_backup_exists
  900. check_admin_user
  901. copy_gpg_keys
  902. gpg_agent_setup root
  903. restore_blocklist
  904. restore_configfiles
  905. same_admin_user
  906. restore_passwordstore
  907. restore_mariadb
  908. restore_postgresql
  909. restore_letsencrypt
  910. restore_tor
  911. restore_mutt_settings
  912. restore_gpg
  913. restore_procmail
  914. restore_spamassassin
  915. restore_admin_readme
  916. restore_user_ssh_keys
  917. restore_user_config
  918. restore_user_monkeysphere
  919. restore_user_fin
  920. restore_user_local
  921. restore_certs
  922. restore_personal_settings
  923. restore_mailing_list
  924. restore_email
  925. restore_apps local "$RESTORE_APP"
  926. set_user_permissions
  927. update_default_domain
  928. backup_unmount_drive
  929. # ensure that all TLS certificates are pinned
  930. #${PROJECT_NAME}-pin-cert all
  931. echo $"Restore from USB drive is complete. You can now unplug it."
  932. exit 0