freedombone 488KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415841684178418841984208421842284238424842584268427842884298430843184328433843484358436843784388439844084418442844384448445844684478448844984508451845284538454845584568457845884598460846184628463846484658466846784688469847084718472847384748475847684778478847984808481848284838484848584868487848884898490849184928493849484958496849784988499850085018502850385048505850685078508850985108511851285138514851585168517851885198520852185228523852485258526852785288529853085318532853385348535853685378538853985408541854285438544854585468547854885498550855185528553855485558556855785588559856085618562856385648565856685678568856985708571857285738574857585768577857885798580858185828583858485858586858785888589859085918592859385948595859685978598859986008601860286038604860586068607860886098610861186128613861486158616861786188619862086218622862386248625862686278628862986308631863286338634863586368637863886398640864186428643864486458646864786488649865086518652865386548655865686578658865986608661866286638664866586668667866886698670867186728673867486758676867786788679868086818682868386848685868686878688868986908691869286938694869586968697869886998700870187028703870487058706870787088709871087118712871387148715871687178718871987208721872287238724872587268727872887298730873187328733873487358736873787388739874087418742874387448745874687478748874987508751875287538754875587568757875887598760876187628763876487658766876787688769877087718772877387748775877687778778877987808781878287838784878587868787878887898790879187928793879487958796879787988799880088018802880388048805880688078808880988108811881288138814881588168817881888198820882188228823882488258826882788288829883088318832883388348835883688378838883988408841884288438844884588468847884888498850885188528853885488558856885788588859886088618862886388648865886688678868886988708871887288738874887588768877887888798880888188828883888488858886888788888889889088918892889388948895889688978898889989008901890289038904890589068907890889098910891189128913891489158916891789188919892089218922892389248925892689278928892989308931893289338934893589368937893889398940894189428943894489458946894789488949895089518952895389548955895689578958895989608961896289638964896589668967896889698970897189728973897489758976897789788979898089818982898389848985898689878988898989908991899289938994899589968997899889999000900190029003900490059006900790089009901090119012901390149015901690179018901990209021902290239024902590269027902890299030903190329033903490359036903790389039904090419042904390449045904690479048904990509051905290539054905590569057905890599060906190629063906490659066906790689069907090719072907390749075907690779078907990809081908290839084908590869087908890899090909190929093909490959096909790989099910091019102910391049105910691079108910991109111911291139114911591169117911891199120912191229123912491259126912791289129913091319132913391349135913691379138913991409141914291439144914591469147914891499150915191529153915491559156915791589159916091619162916391649165916691679168916991709171917291739174917591769177917891799180918191829183918491859186918791889189919091919192919391949195919691979198919992009201920292039204920592069207920892099210921192129213921492159216921792189219922092219222922392249225922692279228922992309231923292339234923592369237923892399240924192429243924492459246924792489249925092519252925392549255925692579258925992609261926292639264926592669267926892699270927192729273927492759276927792789279928092819282928392849285928692879288928992909291929292939294929592969297929892999300930193029303930493059306930793089309931093119312931393149315931693179318931993209321932293239324932593269327932893299330933193329333933493359336933793389339934093419342934393449345934693479348934993509351935293539354935593569357935893599360936193629363936493659366936793689369937093719372937393749375937693779378937993809381938293839384938593869387938893899390939193929393939493959396939793989399940094019402940394049405940694079408940994109411941294139414941594169417941894199420942194229423942494259426942794289429943094319432943394349435943694379438943994409441944294439444944594469447944894499450945194529453945494559456945794589459946094619462946394649465946694679468946994709471947294739474947594769477947894799480948194829483948494859486948794889489949094919492949394949495949694979498949995009501950295039504950595069507950895099510951195129513951495159516951795189519952095219522952395249525952695279528952995309531953295339534953595369537953895399540954195429543954495459546954795489549955095519552955395549555955695579558955995609561956295639564956595669567956895699570957195729573957495759576957795789579958095819582958395849585958695879588958995909591959295939594959595969597959895999600960196029603960496059606960796089609961096119612961396149615961696179618961996209621962296239624962596269627962896299630963196329633963496359636963796389639964096419642964396449645964696479648964996509651965296539654965596569657965896599660966196629663966496659666966796689669967096719672967396749675967696779678967996809681968296839684968596869687968896899690969196929693969496959696969796989699970097019702970397049705970697079708970997109711971297139714971597169717971897199720972197229723972497259726972797289729973097319732973397349735973697379738973997409741974297439744974597469747974897499750975197529753975497559756975797589759976097619762976397649765976697679768976997709771977297739774977597769777977897799780978197829783978497859786978797889789979097919792979397949795979697979798979998009801980298039804980598069807980898099810981198129813981498159816981798189819982098219822982398249825982698279828982998309831983298339834983598369837983898399840984198429843984498459846984798489849985098519852985398549855985698579858985998609861986298639864986598669867986898699870987198729873987498759876987798789879988098819882988398849885988698879888988998909891989298939894989598969897989898999900990199029903990499059906990799089909991099119912991399149915991699179918991999209921992299239924992599269927992899299930993199329933993499359936993799389939994099419942994399449945994699479948994999509951995299539954995599569957995899599960996199629963996499659966996799689969997099719972997399749975997699779978997999809981998299839984998599869987998899899990999199929993999499959996999799989999100001000110002100031000410005100061000710008100091001010011100121001310014100151001610017100181001910020100211002210023100241002510026100271002810029100301003110032100331003410035100361003710038100391004010041100421004310044100451004610047100481004910050100511005210053100541005510056100571005810059100601006110062100631006410065100661006710068100691007010071100721007310074100751007610077100781007910080100811008210083
  1. #!/bin/bash
  2. #
  3. # .---. . .
  4. # | | |
  5. # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
  6. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
  7. # ' ' --' --' -' - -' ' ' -' -' -' ' - --'
  8. #
  9. # Freedom in the Cloud
  10. #
  11. # This install script is intended for use with Debian Jessie
  12. #
  13. # License
  14. # =======
  15. #
  16. # Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
  17. #
  18. # This program is free software: you can redistribute it and/or modify
  19. # it under the terms of the GNU General Public License as published by
  20. # the Free Software Foundation, either version 3 of the License, or
  21. # (at your option) any later version.
  22. #
  23. # This program is distributed in the hope that it will be useful,
  24. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  25. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  26. # GNU General Public License for more details.
  27. #
  28. # You should have received a copy of the GNU General Public License
  29. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  30. NO_OF_ARGS=$#
  31. PROJECT_NAME='freedombone'
  32. export TEXTDOMAIN=$PROJECT_NAME
  33. export TEXTDOMAINDIR="/usr/share/locale"
  34. DEFAULT_LANGUAGE=$(echo $LANG)
  35. # username created by default within a debian image
  36. GENERIC_IMAGE_USERNAME='fbone'
  37. # Web site
  38. PROJECT_WEBSITE="http://${PROJECT_NAME}.uk.to"
  39. # Repo
  40. PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}"
  41. # Contact details
  42. PROJECT_BITMESSAGE="BM-2cWuhmBvVdfrHhLoZTdspCkKeiTorUesSL"
  43. # Are we installing on a Beaglebone Black (BBB) or some other system?
  44. INSTALLING_ON_BBB="no"
  45. # Version number of this script
  46. VERSION="1.01"
  47. # if yes then this minimises the number of descisions presented during install
  48. MINIMAL_INSTALL="yes"
  49. # Whether web sites will be .onion addresses only
  50. ONION_ONLY="no"
  51. # Different system variants which may be specified within
  52. # the SYSTEM_TYPE option
  53. VARIANT_FULL="full"
  54. VARIANT_WRITER="writer"
  55. VARIANT_CLOUD="cloud"
  56. VARIANT_CHAT="chat"
  57. VARIANT_MAILBOX="mailbox"
  58. VARIANT_NONMAILBOX="nonmailbox"
  59. VARIANT_SOCIAL="social"
  60. VARIANT_MEDIA="media"
  61. VARIANT_DEVELOPER="developer"
  62. VARIANT_MESH="mesh"
  63. DEFAULT_DOMAIN_NAME=
  64. DEFAULT_DOMAIN_CODE=
  65. MY_USERNAME=
  66. SYSTEM_TYPE=$VARIANT_FULL
  67. # whether the system is being installed from a pre-created configuration file
  68. INSTALLING_FROM_CONFIGURATION_FILE="no"
  69. # An optional configuration file which overrides some of these variables
  70. CONFIGURATION_FILE="${PROJECT_NAME}.cfg"
  71. SSH_PORT=2222
  72. IRC_PORT=6697
  73. # password used for accessing your repo mirrors
  74. MY_MIRRORS_PASSWORD=
  75. # friend's repo mirrors
  76. FRIENDS_MIRRORS_PASSWORD=
  77. FRIENDS_MIRRORS_SERVER=
  78. FRIENDS_MIRRORS_SSH_PORT=2222
  79. # This isn't used here, but is included for mirrors creation purposes
  80. LETSENCRYPT_REPO="https://github.com/letsencrypt/letsencrypt"
  81. # An optional password to log into IRC. This applies to all users
  82. IRC_PASSWORD=
  83. # If this file exists it contains a global password used with
  84. # disk image installs. This simplifies password management for
  85. # deployment at scale
  86. IMAGE_PASSWORD_FILE=/root/login.txt
  87. # parameters used when adding a new domain
  88. DDNS_PROVIDER="default@freedns.afraid.org"
  89. DDNS_USERNAME=
  90. DDNS_PASSWORD=
  91. CURRENT_DDNS_DOMAIN=
  92. EXIM_ONION_REPO="https://github.com/petterreinholdtsen/exim4-smtorp"
  93. NGINX_ENSITE_REPO="https://github.com/perusio/nginx_ensite"
  94. NGINX_ENSITE_COMMIT='fa4d72ce1c0a490442c8474e9c8dc21ed52c93d0'
  95. CLEANUP_MAILDIR_REPO="https://github.com/bashrc/cleanup-maildir"
  96. CLEANUP_MAILDIR_COMMIT='33241d2e3861f901ba17f5c77ada007e1ec06a86'
  97. INADYN_REPO="https://github.com/bashrc/inadyn"
  98. INADYN_COMMIT='fadbe17f520d337dfb8d69ee4bf1fcaa23fce0d6'
  99. # Minimum number of characters in a password
  100. MINIMUM_PASSWORD_LENGTH=10
  101. # number of CPU cores
  102. CPU_CORES=1
  103. # If the system is on an IPv6 network
  104. IPV6_NETWORK='2001:470:26:307'
  105. # The static IP address of the system within the local network
  106. # By default the IP address is dynamic within your LAN
  107. LOCAL_NETWORK_STATIC_IP_ADDRESS=
  108. # IP address of the router (gateway)
  109. ROUTER_IP_ADDRESS="192.168.1.254"
  110. # DNS
  111. NAMESERVER1='213.73.91.35'
  112. NAMESERVER2='85.214.20.141'
  113. # whether to route outgoing traffic through Tor
  114. ROUTE_THROUGH_TOR="no"
  115. # Why use Google as a time source?
  116. # The thinking here is that it's likely to be reliable and fast.
  117. # The ping doesn't reveal any information other than that the server
  118. # is running, and if anyone maliciously alters the time on Google's
  119. # servers then that would certainly be newsworthy and they'd be
  120. # likely to do something about it quickly.
  121. # If you have better time sources then change them here.
  122. TLS_TIME_SOURCE1="google.com"
  123. TLS_TIME_SOURCE2="www.ptb.de"
  124. # The type of hardware random number generator being used
  125. # This can be empty, "beaglebone" or "onerng"
  126. HWRNG_TYPE=
  127. # Download location for OneRNG driver
  128. ONERNG_PACKAGE="onerng_3.4-1_all.deb"
  129. ONERNG_PACKAGE_DOWNLOAD="https://github.com/OneRNG/onerng.github.io/blob/master/sw/$ONERNG_PACKAGE?raw=true"
  130. # Hash for OneRNG driver
  131. ONERNG_PACKAGE_HASH='78f1c2f52ae573e3b398a695ece7ab9f41868252657ea269f0d5cf0bd4f2eb59'
  132. # device name for OneRNG
  133. ONERNG_DEVICE='ttyACM0'
  134. # Whether this system is being installed within a docker container
  135. INSTALLED_WITHIN_DOCKER="no"
  136. # If you want to run a public mailing list specify its name here.
  137. # There should be no spaces in the name
  138. PUBLIC_MAILING_LIST=
  139. # Optional different domain name for the public mailing list
  140. PUBLIC_MAILING_LIST_DOMAIN_NAME=
  141. # Directory where the public mailing list data is stored
  142. PUBLIC_MAILING_LIST_DIRECTORY="/var/spool/mlmmj"
  143. # If you want to run an encrypted mailing list specify its name here.
  144. # There should be no spaces in the name
  145. PRIVATE_MAILING_LIST=
  146. # Domain name for mediagoblin installation
  147. MEDIAGOBLIN_DOMAIN_NAME=
  148. MEDIAGOBLIN_CODE=
  149. MEDIAGOBLIN_REPO="https://gitorious.org/mediagoblin/mediagoblin.git"
  150. MEDIAGOBLIN_ADMIN_PASSWORD=
  151. # Domain name for microblog installation
  152. MICROBLOG_DOMAIN_NAME=
  153. MICROBLOG_CODE=
  154. MICROBLOG_ONION_PORT=8087
  155. MICROBLOG_REPO="https://git.gnu.io/gnu/gnu-social.git"
  156. MICROBLOG_ADMIN_PASSWORD=
  157. GNUSOCIAL_COMMIT='94392ab00ceefec6105ac7d6e6846fb644bbd0f1'
  158. MICROBLOG_THEME_REPO="https://git.gnu.io/h2p/Qvitter.git"
  159. MICROBLOG_THEME_COMMIT='8abbdeb3c0a6a34754411452ae832d2f19cef7ab'
  160. # Domain name for hubzilla installation
  161. HUBZILLA_DOMAIN_NAME=
  162. HUBZILLA_CODE=
  163. HUBZILLA_ONION_PORT=8085
  164. HUBZILLA_REPO="https://github.com/redmatrix/hubzilla.git"
  165. HUBZILLA_THEMES_REPO="https://github.com/DeadSuperHero/redmatrix-themes"
  166. HUBZILLA_ADDONS_REPO="https://github.com/redmatrix/hubzilla-addons.git"
  167. HUBZILLA_ADMIN_PASSWORD=
  168. HUBZILLA_COMMIT='761afd029d97703f2f7609d546b7b5f3d257c601'
  169. HUBZILLA_ADDONS_COMMIT='e32f98d65850a8681e8242f3db8b6484abb35c67'
  170. # Domain name for git hosting installation
  171. GIT_DOMAIN_NAME=
  172. GIT_CODE=
  173. GIT_ONION_PORT=8090
  174. GIT_DOMAIN_REPO="https://github.com/gogits/gogs"
  175. GIT_ADMIN_PASSWORD=
  176. GOGS_COMMIT='efea642d6cf419c9587d44b95ff2bc04e89f7bfe'
  177. GO_PACKAGE_MANAGER_REPO="https://github.com/gpmgo/gopm"
  178. # Domain name for Owncloud installation
  179. OWNCLOUD_DOMAIN_NAME=
  180. OWNCLOUD_CODE=
  181. OWNCLOUD_ONION_PORT=8088
  182. OWNCLOUD_ADMIN_PASSWORD=
  183. OWNCLOUD_MUSIC_APP_REPO="https://github.com/owncloud/music"
  184. OWNCLOUD_MUSIC_APP_COMMIT='7f79afb4ae9a6ecd8f530d87106f960306c0a15a'
  185. # Domain name for your wiki
  186. WIKI_DOMAIN_NAME=
  187. WIKI_ADMIN_PASSWORD=
  188. WIKI_TITLE="${PROJECT_NAME} Wiki"
  189. WIKI_CODE=
  190. WIKI_ONION_PORT=8089
  191. # Domain name for your blog
  192. FULLBLOG_DOMAIN_NAME=
  193. FULLBLOG_CODE=
  194. FULLBLOG_ONION_PORT=8086
  195. FULLBLOG_REPO="https://github.com/danpros/htmly"
  196. FULLBLOG_COMMIT='5f271a2370cc1bfde15f2a0d5ed6928cc74b0efa'
  197. MY_BLOG_TITLE="My Blog"
  198. MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog"
  199. GPG_KEYSERVER="hkp://keys.gnupg.net"
  200. # whether to encrypt all incoming email with your public key
  201. GPG_ENCRYPT_STORED_EMAIL="yes"
  202. # gets set to yes if gpg keys are imported from usb
  203. GPG_KEYS_IMPORTED="no"
  204. # optionally you can provide your exported GPG key pair here
  205. # Note that the private key file will be deleted after use
  206. # If these are unspecified then a new GPG key will be created
  207. MY_GPG_PUBLIC_KEY=
  208. MY_GPG_PRIVATE_KEY=
  209. # optionally specify your public key ID
  210. MY_GPG_PUBLIC_KEY_ID=
  211. # If you have existing mail within a Maildir
  212. # you can specify the directory here and the files
  213. # will be imported
  214. IMPORT_MAILDIR=
  215. # The Debian package repository to use.
  216. DEBIAN_REPO="ftp.us.debian.org"
  217. DEBIAN_VERSION="jessie"
  218. # Directory where source code is downloaded and compiled
  219. INSTALL_DIR=$HOME/build
  220. # device name for an attached usb drive
  221. USB_DRIVE=/dev/sda1
  222. # Location where the USB drive is mounted to
  223. USB_MOUNT=/mnt/usb
  224. # name of a script used to upgrade the system
  225. UPGRADE_SCRIPT_NAME="${PROJECT_NAME}-upgrade"
  226. # name of a script which keeps running processes going even if they crash
  227. WATCHDOG_SCRIPT_NAME="keepon"
  228. # Number of days to keep backups for
  229. BACKUP_MAX_DAYS=30
  230. # memory limit for php in MB
  231. MAX_PHP_MEMORY=64
  232. # default MariaDB password
  233. MARIADB_PASSWORD=
  234. # Directory where XMPP settings are stored
  235. XMPP_DIRECTORY="/var/lib/prosody"
  236. # file containing a list of remote locations to backup to
  237. # Format: [username@friendsdomain//home/username] [ssh_password]
  238. # With the only space character being between the server and the password
  239. FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
  240. # list of encryption protocols
  241. SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2"
  242. # list of ciphers to use. See bettercrypto.org recommendations
  243. SSL_CIPHERS="EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"
  244. # ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
  245. SSH_CIPHERS="chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr"
  246. SSH_MACS="hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com"
  247. SSH_KEX="curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256"
  248. SSH_HOST_KEY_ALGORITHMS="ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-ed25519,ssh-rsa"
  249. # xmpp ciphers and curve
  250. XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"'
  251. XMPP_ECC_CURVE='"secp384r1"'
  252. # the default email address
  253. MY_EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
  254. # optionally specify your name to appear on the blog
  255. MY_NAME=$DEFAULT_DOMAIN_NAME
  256. export DEBIAN_FRONTEND=noninteractive
  257. # logging level for Nginx
  258. WEBSERVER_LOG_LEVEL='warn'
  259. # used to limit CPU usage
  260. CPULIMIT='/usr/bin/cpulimit -l 20 -e'
  261. # command to create a git repository
  262. CREATE_GIT_PROJECT_COMMAND='create-project'
  263. # File which keeps track of what has already been installed
  264. COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
  265. # Used to indicate whether the backup contains MariaDB databases or not
  266. BACKUP_INCLUDES_DATABASES="no"
  267. # contains the mysql root password which
  268. # is used for backups and repair
  269. DATABASE_PASSWORD_FILE=/root/dbpass
  270. # log file where details of remote backups are stored
  271. REMOTE_BACKUPS_LOG=/var/log/remotebackups.log
  272. # message if something fails to install
  273. CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
  274. # web site used to obtain the external IP address of the system
  275. GET_IP_ADDRESS_URL="checkip.two-dns.de"
  276. # Password used for VoIP server
  277. VOIP_SERVER_PASSWORD=
  278. # Port on which VoIP server listens
  279. VOIP_PORT=64738
  280. SIP_SERVER_PASSWORD=
  281. SIP_PORT=5060
  282. # Location of VoIP database and configuration
  283. VOIP_DATABASE="mumble-server.sqlite"
  284. VOIP_CONFIG_FILE="mumble-server.ini"
  285. # other possible services to obtain the external IP address
  286. EXTERNAL_IP_SERVICES=( \
  287. 'https://check.torproject.org/' \
  288. 'https://www.whatsmydns.net/whats-my-ip-address.html' \
  289. 'https://www.privateinternetaccess.com/pages/whats-my-ip/' \
  290. 'http://checkip.two-dns.de' \
  291. 'http://ip.dnsexit.com' \
  292. 'http://ifconfig.me/ip' \
  293. 'http://ipecho.net/plain' \
  294. 'http://checkip.dyndns.org/plain' \
  295. 'http://ipogre.com/linux.php' \
  296. 'http://whatismyipaddress.com/' \
  297. 'http://ip.my-proxy.com/' \
  298. 'http://websiteipaddress.com/WhatIsMyIp' \
  299. 'http://getmyipaddress.org/' \
  300. 'http://www.my-ip-address.net/' \
  301. 'http://myexternalip.com/raw' \
  302. 'http://www.canyouseeme.org/' \
  303. 'http://www.trackip.net/' \
  304. 'http://icanhazip.com/' \
  305. 'http://www.iplocation.net/' \
  306. 'http://www.howtofindmyipaddress.com/' \
  307. 'http://www.ipchicken.com/' \
  308. 'http://whatsmyip.net/' \
  309. 'http://www.ip-adress.com/' \
  310. 'http://checkmyip.com/' \
  311. 'http://www.tracemyip.org/' \
  312. 'http://checkmyip.net/' \
  313. 'http://www.lawrencegoetz.com/programs/ipinfo/' \
  314. 'http://www.findmyip.co/' \
  315. 'http://ip-lookup.net/' \
  316. 'http://www.dslreports.com/whois' \
  317. 'http://www.mon-ip.com/en/my-ip/' \
  318. 'http://www.myip.ru' \
  319. 'http://ipgoat.com/' \
  320. 'http://www.myipnumber.com/my-ip-address.asp' \
  321. 'http://www.whatsmyipaddress.net/' \
  322. 'http://formyip.com/' \
  323. 'http://www.displaymyip.com/' \
  324. 'http://www.bobborst.com/tools/whatsmyip/' \
  325. 'http://www.geoiptool.com/' \
  326. 'http://checkip.dyndns.com/' \
  327. 'http://myexternalip.com/' \
  328. 'http://www.ip-adress.eu/' \
  329. 'http://www.infosniper.net/' \
  330. 'http://wtfismyip.com/' \
  331. 'http://ipinfo.io/' \
  332. 'http://httpbin.org/ip')
  333. WIFI_CHANNEL=2
  334. WIFI_INTERFACE=wlan0
  335. # cjdns settings
  336. ENABLE_CJDNS="no"
  337. CJDNS_PRIVATE_KEY=
  338. CJDNS_PUBLIC_KEY=
  339. CJDNS_IPV6=
  340. CJDNS_PASSWORD=
  341. CJDNS_PORT=
  342. CJDNS_REPO="https://github.com/cjdelisle/cjdns.git"
  343. CJDNS_COMMIT='13189fde111d0500427a7a0ce06a970753527bca'
  344. CJDCMD_REPO="https://github.com/inhies/cjdcmd"
  345. CJDCMD_COMMIT='973cca6ed0eecf9041c3403a40193c0b1291b808'
  346. # B.A.T.M.A.N settings
  347. ENABLE_BATMAN="no"
  348. BATMAN_CELLID='any'
  349. ESSID='mesh'
  350. # Babel mesh
  351. ENABLE_BABEL="no"
  352. BABEL_PORT=6696
  353. # social key management
  354. ENABLE_SOCIAL_KEY_MANAGEMENT="no"
  355. TOX_PORT=33445
  356. TOX_REPO="git://github.com/irungentoo/toxcore.git"
  357. TOXID_REPO="https://github.com/bashrc/toxid"
  358. TOX_COMMIT='73b2144edcfd1ca617e9054479b66ab0c0361a14'
  359. TOX_BOOTSTRAP_ID_FILE=/var/lib/tox-bootstrapd/pubkey.txt
  360. # These are some default nodes, but you can replace them with trusted nodes
  361. # as you prefer. See https://wiki.tox.im/Nodes
  362. TOX_NODES=
  363. #TOX_NODES=(
  364. # '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
  365. # '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
  366. #)
  367. TOXIC_REPO="https://github.com/Tox/toxic"
  368. TOXIC_COMMIT='88270827a96b2082e254677f35585ed24581a42c'
  369. #ZERONET_REPO='https://github.com/HelloZeroNet/ZeroNet.git'
  370. ZERONET_REPO="https://github.com/HelloZeroNet/ZeroNet.git"
  371. ZERONET_COMMIT='675bd462556c541d65e2d95f91f899146a373aad'
  372. ZERONET_BLOG_REPO="https://github.com/HelloZeroNet/ZeroBlog"
  373. ZERONET_BLOG_COMMIT='bbb0d6c36465fed2e6df71f1aab45fcc9c6ad609'
  374. ZERONET_MAIL_REPO="https://github.com/HelloZeroNet/ZeroMail"
  375. ZERONET_MAIL_COMMIT='955af09d643c72b02e4983d71eca5c0c93a6c131'
  376. ZERONET_FORUM_REPO="https://github.com/HelloZeroNet/ZeroTalk"
  377. ZERONET_FORUM_COMMIT='e2d2c9cb1cfbfef91b244935efb5c14c2ad95faa'
  378. ZERONET_URL=http://127.0.0.1:43110
  379. ZERONET_PORT=15441
  380. TRACKER_PORT=6969
  381. ZERONET_DEFAULT_BLOG_TAGLINE="Blogging on the Mesh"
  382. ZERONET_DEFAULT_FORUM_TAGLINE="A decentralized discussion group"
  383. ZERONET_DEFAULT_MAIL_TAGLINE="Mail for the Mesh"
  384. # https://github.com/ipfs/go-ipfs
  385. IPFS_GO_REPO="https://github.com/ipfs/go-ipfs"
  386. IPFS_COMMIT='20b06a4cbce8884f5b194da6e98cb11f2c77f166'
  387. IPFS_PORT=4001
  388. GPGIT_REPO="https://github.com/mikecardwell/gpgit"
  389. GPGIT_COMMIT='583dc76119f19420f8a33f606744faa7c8922738'
  390. # Default diffie-hellman key length in bits
  391. DH_KEYLENGTH=2048
  392. # repo for atheros AR9271 wifi driver
  393. ATHEROS_WIFI_REPO="https://github.com/qca/open-ath9k-htc-firmware.git"
  394. # Whether Let's Encrypt is enabled for all sites
  395. LETSENCRYPT_ENABLED="no"
  396. LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
  397. function show_help {
  398. echo ''
  399. echo $"${PROJECT_NAME} -c [configuration file]"
  400. echo ''
  401. echo $' -h --help Show help'
  402. echo $' menuconfig Easy interactive installation'
  403. echo $' menuconfig-full Full interactive installation'
  404. echo $' menuconfig-onion Interactive installation for onion-only sites'
  405. echo $' -c --config Installing from a configuration file'
  406. echo $' --bbb Installing on Beaglebone Black'
  407. echo $' -u --user User to install the system as'
  408. echo $' -d --domain Default domain name'
  409. echo $' -s --system System type'
  410. echo $' --ip Static LAN IP address of the system'
  411. echo $' --iprouter LAN IP address of the internet router'
  412. echo $' --ddns Dynamic DNS provider domain'
  413. echo $' --ddnsuser Dynamic DNS provider username'
  414. echo $' --ddnspass Dynamic DNS provider password'
  415. echo ''
  416. echo $' --microblogdomain Microblog domain name'
  417. echo $' --wikidomain Wiki domain name'
  418. echo $' --blogdomain Blog domain name'
  419. echo $' --ownclouddomain Owncloud domain name'
  420. echo $' --hubzilladomain Hubzilla domain name'
  421. echo $' --gitdomain Git hosting domain name'
  422. echo $' -t --time Domain used as a TLS time source'
  423. echo $' --ssh ssh port number'
  424. echo $' --list Public mailing list name'
  425. echo $' --cores Number of CPU cores'
  426. echo $' --name Your name'
  427. echo $' --email Your email address'
  428. echo $' --usb Path for the USB drive (eg. /dev/sdb1)'
  429. echo $' --cjdns Enable CJDNS'
  430. echo $' --vpass VoIP server password'
  431. echo $' --vport VoIP server port'
  432. echo $' --ns1 First DNS nameserver'
  433. echo $' --ns2 Second DNS nameserver'
  434. echo $' --repo Debian repository'
  435. echo ''
  436. echo $'system types'
  437. echo '------------'
  438. echo $'This can either be blank if you wish to install the full system,'
  439. echo $"or for more specialised variants you can specify '$VARIANT_MAILBOX', '$VARIANT_CLOUD',"
  440. echo $"'$VARIANT_CHAT', '$VARIANT_SOCIAL', '$VARIANT_MEDIA', '$VARIANT_WRITER', '$VARIANT_DEVELOPER'"
  441. echo $"or '$VARIANT_MESH'."
  442. echo ''
  443. echo $"If you wish to install everything except email then use the '$VARIANT_NONMAILBOX' variaint."
  444. echo ''
  445. exit 0
  446. }
  447. function git_clone {
  448. repo_url="$1"
  449. destination_dir="$2"
  450. if [[ "$repo_url" == "ssh:"* ]]; then
  451. if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
  452. if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
  453. if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
  454. if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
  455. sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir"
  456. return
  457. fi
  458. fi
  459. fi
  460. fi
  461. fi
  462. git clone "$repo_url" "$destination_dir"
  463. }
  464. function git_pull {
  465. if [ ! $1 ]; then
  466. echo $'git_pull no repo specified'
  467. fi
  468. git stash
  469. git remote set-url origin $1
  470. git checkout master
  471. if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
  472. if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
  473. if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
  474. if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
  475. sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git pull
  476. if [ $2 ]; then
  477. git checkout $2 -b $2
  478. fi
  479. return
  480. fi
  481. fi
  482. fi
  483. fi
  484. git pull
  485. if [ $2 ]; then
  486. git checkout $2 -b $2
  487. fi
  488. }
  489. function create_database {
  490. app_name="$1"
  491. app_admin_password="$2"
  492. app_admin_username=$3
  493. if [ ! -d $INSTALL_DIR ]; then
  494. mkdir $INSTALL_DIR
  495. fi
  496. if [ ! $app_admin_username ]; then
  497. app_admin_username=${app_name}admin
  498. fi
  499. echo "create database ${app_name};
  500. CREATE USER '$app_admin_username@localhost' IDENTIFIED BY '${app_admin_password}';
  501. GRANT ALL PRIVILEGES ON ${app_name}.* TO '$app_admin_username@localhost';
  502. quit" > $INSTALL_DIR/batch.sql
  503. chmod 600 $INSTALL_DIR/batch.sql
  504. mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
  505. shred -zu $INSTALL_DIR/batch.sql
  506. }
  507. function locale_setup {
  508. if grep -Fxq "locale_setup" $COMPLETION_FILE; then
  509. return
  510. fi
  511. apt-get -y install locales locales-all debconf
  512. if [ ! "$DEFAULT_LANGUAGE" ]; then
  513. DEFAULT_LANGUAGE='en_GB.UTF-8'
  514. fi
  515. if [ ${#DEFAULT_LANGUAGE} -lt 2 ]; then
  516. DEFAULT_LANGUAGE='en_GB.UTF-8'
  517. fi
  518. update-locale LANG=${DEFAULT_LANGUAGE}
  519. update-locale LANGUAGE=${DEFAULT_LANGUAGE}
  520. update-locale LC_MESSAGES=${DEFAULT_LANGUAGE}
  521. update-locale LC_ALL=${DEFAULT_LANGUAGE}
  522. update-locale LC_CTYPE=${DEFAULT_LANGUAGE}
  523. echo 'locale_setup' >> $COMPLETION_FILE
  524. }
  525. function interactive_configuration_remote_backups {
  526. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  527. return
  528. fi
  529. if [ ! -f /usr/local/bin/${PROJECT_NAME}-remote ]; then
  530. if [ ! -f /usr/bin/${PROJECT_NAME}-remote ]; then
  531. echo $"The command ${PROJECT_NAME}-remote was not found"
  532. exit 87354
  533. fi
  534. fi
  535. ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes
  536. if [ ! "$?" = "0" ]; then
  537. echo $'Command failed:'
  538. echo ''
  539. echo $" ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes"
  540. echo ''
  541. exit 65892
  542. fi
  543. }
  544. # test a domain name to see if it's valid
  545. function validate_domain_name {
  546. # count the number of dots in the domain name
  547. dots=${TEST_DOMAIN_NAME//[^.]}
  548. no_of_dots=${#dots}
  549. if (( $no_of_dots > 3 )); then
  550. TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has too many subdomains. It should be of the type w.x.y.z, x.y.z or y.z"
  551. fi
  552. if (( $no_of_dots == 0 )); then
  553. TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has no top level domain. It should be of the type w.x.y.z, x.y.z or y.z"
  554. fi
  555. }
  556. function interactive_configuration {
  557. if [ ! -f /usr/local/bin/${PROJECT_NAME}-config ]; then
  558. if [ ! -f /usr/bin/${PROJECT_NAME}-config ]; then
  559. echo $"The command ${PROJECT_NAME}-config was not found"
  560. exit 63935
  561. fi
  562. fi
  563. if [ -f /tmp/meshuserdevice ]; then
  564. rm -f /tmp/meshuserdevice
  565. fi
  566. if [[ $ONION_ONLY == "no" ]]; then
  567. if [[ $MINIMAL_INSTALL == "no" ]]; then
  568. ${PROJECT_NAME}-config \
  569. -f $CONFIGURATION_FILE \
  570. -w $PROJECT_WEBSITE \
  571. -b $PROJECT_BITMESSAGE \
  572. -m $MINIMUM_PASSWORD_LENGTH
  573. else
  574. ${PROJECT_NAME}-config \
  575. -f $CONFIGURATION_FILE \
  576. -w $PROJECT_WEBSITE \
  577. -b $PROJECT_BITMESSAGE \
  578. -m $MINIMUM_PASSWORD_LENGTH \
  579. --minimal "yes"
  580. fi
  581. else
  582. ${PROJECT_NAME}-config \
  583. -f $CONFIGURATION_FILE \
  584. -w $PROJECT_WEBSITE \
  585. -b $PROJECT_BITMESSAGE \
  586. -m $MINIMUM_PASSWORD_LENGTH \
  587. --onion "yes"
  588. fi
  589. if [ -f /tmp/meshuserdevice ]; then
  590. # mesh network user device installation
  591. rm -f /tmp/meshuserdevice
  592. exit 0
  593. fi
  594. if [ ! "$?" = "0" ]; then
  595. echo $'Command failed:'
  596. echo ''
  597. echo $" ${PROJECT_NAME}-config -u $MY_USERNAME -f $CONFIGURATION_FILE -w $PROJECT_WEBSITE -b $PROJECT_BITMESSAGE -m $MINIMUM_PASSWORD_LENGTH --minimal [yes|no]"
  598. echo ''
  599. exit 73594
  600. fi
  601. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  602. FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
  603. dialog --title $"Encrypted backup to other servers" \
  604. --backtitle $"${PROJECT_NAME} Configuration" \
  605. --defaultno \
  606. --yesno $"\nDo you wish to configure some remote backup locations?" 7 60
  607. sel=$?
  608. case $sel in
  609. 0) interactive_configuration_remote_backups;;
  610. esac
  611. fi
  612. }
  613. command_options=$1
  614. if [[ $command_options == "menuconfig-full" ]]; then
  615. MINIMAL_INSTALL="no"
  616. command_options="menuconfig"
  617. fi
  618. if [[ $command_options == "menuconfig-onion" ]]; then
  619. MINIMAL_INSTALL="yes"
  620. ONION_ONLY="yes"
  621. command_options="menuconfig"
  622. fi
  623. if [[ $command_options == "menuconfig" ]]; then
  624. interactive_configuration
  625. else
  626. while [[ $# > 1 ]]
  627. do
  628. key="$1"
  629. case $key in
  630. -h|--help)
  631. show_help
  632. ;;
  633. # load a configuration file
  634. -c|--config)
  635. shift
  636. CONFIGURATION_FILE="$1"
  637. INSTALLING_FROM_CONFIGURATION_FILE="yes"
  638. break
  639. ;;
  640. # username within /home
  641. -u|--user)
  642. shift
  643. MY_USERNAME="$1"
  644. ;;
  645. # microblog domain name
  646. --microblogdomain)
  647. shift
  648. MICROBLOG_DOMAIN_NAME="$1"
  649. ;;
  650. # wiki domain name
  651. --wikidomain)
  652. shift
  653. WIKI_DOMAIN_NAME="$1"
  654. ;;
  655. # blog domain name
  656. --blogdomain)
  657. shift
  658. FULLBLOG_DOMAIN_NAME="$1"
  659. ;;
  660. # owncloud domain name
  661. --ownclouddomain)
  662. shift
  663. OWNCLOUD_DOMAIN_NAME="$1"
  664. ;;
  665. # hubzilla domain name
  666. --hubzilladomain)
  667. shift
  668. HUBZILLA_DOMAIN_NAME="$1"
  669. ;;
  670. # git hosting domain name
  671. --gitdomain)
  672. shift
  673. GIT_DOMAIN_NAME="$1"
  674. ;;
  675. # default domain name
  676. -d|--domain)
  677. shift
  678. DEFAULT_DOMAIN_NAME="$1"
  679. ;;
  680. # The type of system
  681. -s|--system)
  682. shift
  683. SYSTEM_TYPE="$1"
  684. ;;
  685. # The dynamic DNS provider
  686. --ddns)
  687. shift
  688. DDNS_PROVIDER="$1"
  689. ;;
  690. # Username for the synamic DNS provider
  691. --ddnsuser)
  692. shift
  693. DDNS_USERNAME="$1"
  694. ;;
  695. # Password for the synamic DNS provider
  696. --ddnspass)
  697. shift
  698. DDNS_PASSWORD="$1"
  699. ;;
  700. # Whether this installation is on a Beaglebone Black
  701. --bbb)
  702. INSTALLING_ON_BBB="yes"
  703. ;;
  704. # Domain name to use as a TLS time source
  705. -t|--time)
  706. shift
  707. TLS_TIME_SOURCE1="$1"
  708. ;;
  709. # Static IP address for the system
  710. --ip)
  711. shift
  712. LOCAL_NETWORK_STATIC_IP_ADDRESS=$1
  713. ;;
  714. # IP address for the internet router
  715. --iprouter)
  716. shift
  717. ROUTER_IP_ADDRESS=$1
  718. ;;
  719. # ssh port
  720. --ssh)
  721. shift
  722. SSH_PORT=$1
  723. ;;
  724. # public mailing list name
  725. --list)
  726. shift
  727. PUBLIC_MAILING_LIST="$1"
  728. ;;
  729. # Number of CPU cores
  730. --cores)
  731. shift
  732. CPU_CORES=$1
  733. ;;
  734. # my name
  735. --name)
  736. shift
  737. MY_NAME="$1"
  738. ;;
  739. # my email address
  740. --email)
  741. shift
  742. MY_EMAIL_ADDRESS="$1"
  743. ;;
  744. # USB drive
  745. --usb)
  746. shift
  747. USB_DRIVE=$1
  748. ;;
  749. # Enable CJDNS
  750. --cjdns)
  751. shift
  752. ENABLE_CJDNS="yes"
  753. ;;
  754. # Enable B.A.T.M.A.N
  755. --batman)
  756. shift
  757. ENABLE_BATMAN="yes"
  758. ;;
  759. # Enable Babel
  760. --babel)
  761. shift
  762. ENABLE_BABEL="yes"
  763. ;;
  764. # VoIP server password
  765. --vpass)
  766. shift
  767. VOIP_SERVER_PASSWORD=$1
  768. ;;
  769. # VoIP server port
  770. --vport)
  771. shift
  772. VOIP_PORT=$1
  773. ;;
  774. # DNS Nameserver 1
  775. --ns1)
  776. shift
  777. NAMESERVER1=$1
  778. ;;
  779. # DNS Nameserver 2
  780. --ns2)
  781. shift
  782. NAMESERVER2=$1
  783. ;;
  784. # Debian repository
  785. --repo)
  786. shift
  787. DEBIAN_REPO=$1
  788. ;;
  789. # minimal install
  790. --minimal)
  791. shift
  792. MINIMAL_INSTALL=$1
  793. ;;
  794. *)
  795. # unknown option
  796. ;;
  797. esac
  798. shift
  799. done
  800. fi
  801. function parse_args {
  802. if [[ $NO_OF_ARGS == 0 ]]; then
  803. echo 'no_of_args = 0'
  804. show_help
  805. exit 0
  806. fi
  807. if [ ! -d /home/$MY_USERNAME ]; then
  808. echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
  809. exit 1
  810. fi
  811. if [ ! "$DEFAULT_DOMAIN_NAME" ]; then
  812. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  813. echo 'No default domain specified'
  814. show_help
  815. exit 2
  816. fi
  817. fi
  818. if [ ! $MY_USERNAME ]; then
  819. echo 'No username specified'
  820. show_help
  821. exit 3
  822. fi
  823. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  824. if [[ $ONION_ONLY == "no" ]]; then
  825. if [ ! $DDNS_USERNAME ]; then
  826. echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
  827. exit 7823
  828. fi
  829. if [ ! $DDNS_PASSWORD ]; then
  830. echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option'
  831. exit 6382
  832. fi
  833. fi
  834. fi
  835. if [ ! $SYSTEM_TYPE ]; then
  836. SYSTEM_TYPE=$VARIANT_FULL
  837. fi
  838. if [[ $SYSTEM_TYPE != $VARIANT_WRITER && $SYSTEM_TYPE != $VARIANT_CLOUD && $SYSTEM_TYPE != $VARIANT_CHAT && $SYSTEM_TYPE != $VARIANT_MAILBOX && $SYSTEM_TYPE != $VARIANT_NONMAILBOX && $SYSTEM_TYPE != $VARIANT_SOCIAL && $SYSTEM_TYPE != $VARIANT_MEDIA && $SYSTEM_TYPE != $VARIANT_DEVELOPER && $SYSTEM_TYPE != $VARIANT_MESH && $SYSTEM_TYPE != $VARIANT_FULL ]]; then
  839. echo $"'$SYSTEM_TYPE' is an unrecognised ${PROJECT_NAME} variant."
  840. exit 30
  841. fi
  842. }
  843. function read_repo_servers {
  844. if [ -f $CONFIGURATION_FILE ]; then
  845. if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
  846. FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  847. fi
  848. if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
  849. FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  850. fi
  851. if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
  852. MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  853. fi
  854. if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
  855. FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  856. fi
  857. fi
  858. if [ ! $FRIENDS_MIRRORS_SERVER ]; then
  859. return
  860. fi
  861. if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
  862. return
  863. fi
  864. MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
  865. if [ ! -f $MAIN_COMMAND ]; then
  866. MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
  867. fi
  868. REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
  869. for line in "${REPOS[@]}"
  870. do
  871. repo_name=$(echo "$line" | awk -F '=' '{print $1}')
  872. mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
  873. friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
  874. ${repo_name}="${friends_repo_url}"
  875. done
  876. }
  877. function read_configuration {
  878. # if not installing on a Beaglebone then use sdb as the USB drive by default
  879. if [ ! $INSTALLING_ON_BBB ]; then
  880. if [[ $USB_DRIVE == /dev/sda1 ]]; then
  881. USB_DRIVE=/dev/sdb1
  882. fi
  883. fi
  884. if [[ $INSTALLING_FROM_CONFIGURATION_FILE == "yes" ]]; then
  885. if [ ! -f $CONFIGURATION_FILE ]; then
  886. echo $"The configuration file $CONFIGURATION_FILE was not found"
  887. exit 8935
  888. fi
  889. fi
  890. if [ -f $CONFIGURATION_FILE ]; then
  891. read_repo_servers
  892. # Ensure that a copy of the config exists for upgrade purposes
  893. if [[ $CONFIGURATION_FILE != "/root/${PROJECT_NAME}.cfg" ]]; then
  894. cp $CONFIGURATION_FILE /root/${PROJECT_NAME}.cfg
  895. fi
  896. if grep -q "PROJECT_WEBSITE" $CONFIGURATION_FILE; then
  897. PROJECT_WEBSITE=$(grep "PROJECT_WEBSITE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  898. fi
  899. if grep -q "PROJECT_REPO" $CONFIGURATION_FILE; then
  900. PROJECT_REPO=$(grep "PROJECT_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  901. fi
  902. if grep -q "ONION_ONLY" $CONFIGURATION_FILE; then
  903. ONION_ONLY=$(grep "ONION_ONLY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  904. fi
  905. if grep -q "IRC_PASSWORD" $CONFIGURATION_FILE; then
  906. IRC_PASSWORD=$(grep "IRC_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  907. fi
  908. if grep -q "DEFAULT_LANGUAGE" $CONFIGURATION_FILE; then
  909. DEFAULT_LANGUAGE=$(grep "DEFAULT_LANGUAGE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  910. fi
  911. if grep -q "MINIMAL_INSTALL" $CONFIGURATION_FILE; then
  912. MINIMAL_INSTALL=$(grep "MINIMAL_INSTALL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  913. fi
  914. if grep -q "LETSENCRYPT_SERVER" $CONFIGURATION_FILE; then
  915. LETSENCRYPT_SERVER=$(grep "LETSENCRYPT_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  916. fi
  917. if grep -q "FULLBLOG_REPO" $CONFIGURATION_FILE; then
  918. FULLBLOG_REPO=$(grep "FULLBLOG_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  919. fi
  920. if grep -q "FULLBLOG_COMMIT" $CONFIGURATION_FILE; then
  921. FULLBLOG_COMMIT=$(grep "FULLBLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  922. fi
  923. if grep -q "GOGS_COMMIT" $CONFIGURATION_FILE; then
  924. GOGS_COMMIT=$(grep "GOGS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  925. fi
  926. if grep -q "TOX_COMMIT" $CONFIGURATION_FILE; then
  927. TOX_COMMIT=$(grep "TOX_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  928. fi
  929. if grep -q "TOXIC_COMMIT" $CONFIGURATION_FILE; then
  930. TOXIC_COMMIT=$(grep "TOXIC_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  931. fi
  932. if grep -q "GPGIT_REPO" $CONFIGURATION_FILE; then
  933. GPGIT_REPO=$(grep "GPGIT_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  934. fi
  935. if grep -q "GPGIT_COMMIT" $CONFIGURATION_FILE; then
  936. GPGIT_COMMIT=$(grep "GPGIT_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  937. fi
  938. if grep -q "OWNCLOUD_MUSIC_APP_COMMIT" $CONFIGURATION_FILE; then
  939. OWNCLOUD_MUSIC_APP_COMMIT=$(grep "OWNCLOUD_MUSIC_APP_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  940. fi
  941. if grep -q "HUBZILLA_REPO" $CONFIGURATION_FILE; then
  942. HUBZILLA_REPO=$(grep "HUBZILLA_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  943. fi
  944. if grep -q "HUBZILLA_COMMIT" $CONFIGURATION_FILE; then
  945. HUBZILLA_COMMIT=$(grep "HUBZILLA_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  946. fi
  947. if grep -q "IPFS_COMMIT" $CONFIGURATION_FILE; then
  948. IPFS_COMMIT=$(grep "IPFS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  949. fi
  950. if grep -q "ZERONET_BLOG_COMMIT" $CONFIGURATION_FILE; then
  951. ZERONET_BLOG_COMMIT=$(grep "ZERONET_BLOG_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  952. fi
  953. if grep -q "ZERONET_MAIL_COMMIT" $CONFIGURATION_FILE; then
  954. ZERONET_MAIL_COMMIT=$(grep "ZERONET_MAIL_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  955. fi
  956. if grep -q "ZERONET_FORUM_COMMIT" $CONFIGURATION_FILE; then
  957. ZERONET_FORUM_COMMIT=$(grep "ZERONET_FORUM_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  958. fi
  959. if grep -q "GNUSOCIAL_COMMIT" $CONFIGURATION_FILE; then
  960. GNUSOCIAL_COMMIT=$(grep "GNUSOCIAL_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  961. fi
  962. if grep -q "NGINX_ENSITE_REPO" $CONFIGURATION_FILE; then
  963. NGINX_ENSITE_REPO=$(grep "NGINX_ENSITE_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  964. fi
  965. if grep -q "NGINX_ENSITE_COMMIT" $CONFIGURATION_FILE; then
  966. NGINX_ENSITE_COMMIT=$(grep "NGINX_ENSITE_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  967. fi
  968. if grep -q "CLEANUP_MAILDIR_COMMIT" $CONFIGURATION_FILE; then
  969. CLEANUP_MAILDIR_COMMIT=$(grep "CLEANUP_MAILDIR_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  970. fi
  971. if grep -q "CLEANUP_MAILDIR_REPO" $CONFIGURATION_FILE; then
  972. CLEANUP_MAILDIR_REPO=$(grep "CLEANUP_MAILDIR_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  973. fi
  974. if grep -q "ZERONET_COMMIT" $CONFIGURATION_FILE; then
  975. ZERONET_COMMIT=$(grep "ZERONET_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  976. fi
  977. if grep -q "INADYN_REPO" $CONFIGURATION_FILE; then
  978. INADYN_REPO=$(grep "INADYN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  979. fi
  980. if grep -q "INADYN_COMMIT" $CONFIGURATION_FILE; then
  981. INADYN_COMMIT=$(grep "INADYN_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  982. fi
  983. if grep -q "GPG_KEYSERVER" $CONFIGURATION_FILE; then
  984. GPG_KEYSERVER=$(grep "GPG_KEYSERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  985. fi
  986. if grep -q "IPFS_PORT" $CONFIGURATION_FILE; then
  987. IPFS_PORT=$(grep "IPFS_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  988. fi
  989. if grep -q "TRACKER_PORT" $CONFIGURATION_FILE; then
  990. TRACKER_PORT=$(grep "TRACKER_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  991. fi
  992. if grep -q "ZERONET_PORT" $CONFIGURATION_FILE; then
  993. ZERONET_PORT=$(grep "ZERONET_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  994. fi
  995. if grep -q "DH_KEYLENGTH" $CONFIGURATION_FILE; then
  996. DH_KEYLENGTH=$(grep "DH_KEYLENGTH" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  997. fi
  998. if grep -q "WIFI_INTERFACE" $CONFIGURATION_FILE; then
  999. WIFI_INTERFACE=$(grep "WIFI_INTERFACE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1000. fi
  1001. if grep -q "IRC_PORT" $CONFIGURATION_FILE; then
  1002. IRC_PORT=$(grep "IRC_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1003. fi
  1004. if grep -q "WIFI_CHANNEL" $CONFIGURATION_FILE; then
  1005. WIFI_CHANNEL=$(grep "WIFI_CHANNEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1006. fi
  1007. if grep -q "BATMAN_CELLID" $CONFIGURATION_FILE; then
  1008. BATMAN_CELLID=$(grep "BATMAN_CELLID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1009. fi
  1010. if grep -q "ESSID" $CONFIGURATION_FILE; then
  1011. ESSID=$(grep "ESSID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1012. fi
  1013. if grep -q "TOX_PORT" $CONFIGURATION_FILE; then
  1014. TOX_PORT=$(grep "TOX_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1015. fi
  1016. if grep -q "TOX_NODES" $CONFIGURATION_FILE; then
  1017. TOX_NODES=$(grep "TOX_NODES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1018. fi
  1019. if grep -q "TOX_REPO" $CONFIGURATION_FILE; then
  1020. TOX_REPO=$(grep "TOX_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1021. fi
  1022. if grep -q "ENABLE_SOCIAL_KEY_MANAGEMENT" $CONFIGURATION_FILE; then
  1023. ENABLE_SOCIAL_KEY_MANAGEMENT=$(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1024. fi
  1025. if grep -q "IPV6_NETWORK" $CONFIGURATION_FILE; then
  1026. IPV6_NETWORK=$(grep "IPV6_NETWORK" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1027. fi
  1028. if grep -q "HWRNG_TYPE" $CONFIGURATION_FILE; then
  1029. HWRNG_TYPE=$(grep "HWRNG_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1030. fi
  1031. if grep -q "MEDIAGOBLIN_DOMAIN_NAME" $CONFIGURATION_FILE; then
  1032. MEDIAGOBLIN_DOMAIN_NAME=$(grep "MEDIAGOBLIN_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1033. fi
  1034. if grep -q "MEDIAGOBLIN_CODE" $CONFIGURATION_FILE; then
  1035. MEDIAGOBLIN_CODE=$(grep "MEDIAGOBLIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1036. fi
  1037. if grep -q "GIT_ADMIN_PASSWORD" $CONFIGURATION_FILE; then
  1038. GIT_ADMIN_PASSWORD=$(grep "GIT_ADMIN_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1039. fi
  1040. if grep -q "GIT_DOMAIN_NAME" $CONFIGURATION_FILE; then
  1041. GIT_DOMAIN_NAME=$(grep "GIT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1042. fi
  1043. if grep -q "GIT_CODE" $CONFIGURATION_FILE; then
  1044. GIT_CODE=$(grep "GIT_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1045. fi
  1046. if grep -q "SYSTEM_TYPE" $CONFIGURATION_FILE; then
  1047. SYSTEM_TYPE=$(grep "SYSTEM_TYPE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1048. fi
  1049. if grep -q "SSL_PROTOCOLS" $CONFIGURATION_FILE; then
  1050. SSL_PROTOCOLS=$(grep "SSL_PROTOCOLS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1051. fi
  1052. if grep -q "SSL_CIPHERS" $CONFIGURATION_FILE; then
  1053. SSL_CIPHERS=$(grep "SSL_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1054. fi
  1055. if grep -q "SSH_CIPHERS" $CONFIGURATION_FILE; then
  1056. SSH_CIPHERS=$(grep "SSH_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1057. fi
  1058. if grep -q "SSH_MACS" $CONFIGURATION_FILE; then
  1059. SSH_MACS=$(grep "SSH_MACS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1060. fi
  1061. if grep -q "SSH_KEX" $CONFIGURATION_FILE; then
  1062. SSH_KEX=$(grep "SSH_KEX" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1063. fi
  1064. if grep -q "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE; then
  1065. SSH_HOST_KEY_ALGORITHMS=$(grep "SSH_HOST_KEY_ALGORITHMS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1066. fi
  1067. if grep -q "SSH_PASSWORDS" $CONFIGURATION_FILE; then
  1068. SSH_PASSWORDS=$(grep "SSH_PASSWORDS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1069. fi
  1070. if grep -q "XMPP_CIPHERS" $CONFIGURATION_FILE; then
  1071. XMPP_CIPHERS=$(grep "XMPP_CIPHERS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1072. fi
  1073. if grep -q "XMPP_ECC_CURVE" $CONFIGURATION_FILE; then
  1074. XMPP_ECC_CURVE=$(grep "XMPP_ECC_CURVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1075. fi
  1076. if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then
  1077. MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1078. fi
  1079. if grep -q "DOMAIN_NAME" $CONFIGURATION_FILE; then
  1080. # for backwards compatability
  1081. DEFAULT_DOMAIN_NAME=$(grep "DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1082. fi
  1083. if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
  1084. DEFAULT_DOMAIN_NAME=$(grep "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1085. fi
  1086. if grep -q "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE; then
  1087. DEFAULT_DOMAIN_CODE=$(grep "DEFAULT_DOMAIN_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1088. fi
  1089. if grep -q "NAMESERVER1" $CONFIGURATION_FILE; then
  1090. NAMESERVER1=$(grep "NAMESERVER1" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1091. fi
  1092. if grep -q "NAMESERVER2" $CONFIGURATION_FILE; then
  1093. NAMESERVER2=$(grep "NAMESERVER2" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1094. fi
  1095. if grep -q "DEBIAN_REPO" $CONFIGURATION_FILE; then
  1096. DEBIAN_REPO=$(grep "DEBIAN_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1097. CHECK_MESSAGE=$"Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
  1098. fi
  1099. if grep -q "VOIP_PORT" $CONFIGURATION_FILE; then
  1100. VOIP_PORT=$(grep "VOIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1101. fi
  1102. if grep -q "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then
  1103. VOIP_SERVER_PASSWORD=$(grep "VOIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1104. fi
  1105. if grep -q "SIP_PORT" $CONFIGURATION_FILE; then
  1106. SIP_PORT=$(grep "SIP_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1107. fi
  1108. if grep -q "SIP_SERVER_PASSWORD" $CONFIGURATION_FILE; then
  1109. SIP_SERVER_PASSWORD=$(grep "SIP_SERVER_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1110. fi
  1111. if grep -q "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE; then
  1112. GET_IP_ADDRESS_URL=$(grep "GET_IP_ADDRESS_URL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1113. fi
  1114. if grep -q "DDNS_PROVIDER" $CONFIGURATION_FILE; then
  1115. DDNS_PROVIDER=$(grep "DDNS_PROVIDER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1116. fi
  1117. if grep -q "DDNS_USERNAME" $CONFIGURATION_FILE; then
  1118. DDNS_USERNAME=$(grep "DDNS_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1119. fi
  1120. if grep -q "DDNS_PASSWORD" $CONFIGURATION_FILE; then
  1121. DDNS_PASSWORD=$(grep "DDNS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1122. fi
  1123. if grep -q "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE; then
  1124. LOCAL_NETWORK_STATIC_IP_ADDRESS=$(grep "LOCAL_NETWORK_STATIC_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1125. fi
  1126. if grep -q "ENABLE_BABEL" $CONFIGURATION_FILE; then
  1127. ENABLE_BABEL=$(grep "ENABLE_BABEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1128. fi
  1129. if grep -q "ENABLE_BATMAN" $CONFIGURATION_FILE; then
  1130. ENABLE_BATMAN=$(grep "ENABLE_BATMAN" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1131. fi
  1132. if grep -q "ENABLE_CJDNS" $CONFIGURATION_FILE; then
  1133. ENABLE_CJDNS=$(grep "ENABLE_CJDNS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1134. fi
  1135. if grep -q "CJDNS_COMMIT" $CONFIGURATION_FILE; then
  1136. CJDNS_COMMIT=$(grep "CJDNS_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1137. fi
  1138. if grep -q "CJDNS_IPV6" $CONFIGURATION_FILE; then
  1139. CJDNS_IPV6=$(grep "CJDNS_IPV6" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1140. fi
  1141. if grep -q "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE; then
  1142. CJDNS_PUBLIC_KEY=$(grep "CJDNS_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1143. fi
  1144. if grep -q "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE; then
  1145. CJDNS_PRIVATE_KEY=$(grep "CJDNS_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1146. fi
  1147. if grep -q "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE; then
  1148. ROUTER_IP_ADDRESS=$(grep "ROUTER_IP_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1149. fi
  1150. if grep -q "CPU_CORES" $CONFIGURATION_FILE; then
  1151. CPU_CORES=$(grep "CPU_CORES" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1152. fi
  1153. if grep -q "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE; then
  1154. WEBSERVER_LOG_LEVEL=$(grep "WEBSERVER_LOG_LEVEL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1155. fi
  1156. if grep -q "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE; then
  1157. ROUTE_THROUGH_TOR=$(grep "ROUTE_THROUGH_TOR" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1158. fi
  1159. if grep -q "WIKI_TITLE" $CONFIGURATION_FILE; then
  1160. WIKI_TITLE=$(grep "WIKI_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1161. fi
  1162. if grep -q "MY_NAME" $CONFIGURATION_FILE; then
  1163. MY_NAME=$(grep "MY_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1164. fi
  1165. if grep -q "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE; then
  1166. MY_EMAIL_ADDRESS=$(grep "MY_EMAIL_ADDRESS" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1167. fi
  1168. if grep -q "INSTALLING_ON_BBB" $CONFIGURATION_FILE; then
  1169. INSTALLING_ON_BBB=$(grep "INSTALLING_ON_BBB" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1170. fi
  1171. if grep -q "SSH_PORT" $CONFIGURATION_FILE; then
  1172. SSH_PORT=$(grep "SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1173. fi
  1174. if grep -q "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE; then
  1175. INSTALLED_WITHIN_DOCKER=$(grep "INSTALLED_WITHIN_DOCKER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1176. fi
  1177. if grep -q "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE; then
  1178. PUBLIC_MAILING_LIST=$(grep "PUBLIC_MAILING_LIST" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1179. fi
  1180. if grep -q "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
  1181. MICROBLOG_DOMAIN_NAME=$(grep "MICROBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1182. fi
  1183. if grep -q "MICROBLOG_CODE" $CONFIGURATION_FILE; then
  1184. MICROBLOG_CODE=$(grep "MICROBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1185. fi
  1186. if grep -q "HUBZILLA_DOMAIN_NAME" $CONFIGURATION_FILE; then
  1187. HUBZILLA_DOMAIN_NAME=$(grep "HUBZILLA_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1188. fi
  1189. if grep -q "HUBZILLA_CODE" $CONFIGURATION_FILE; then
  1190. HUBZILLA_CODE=$(grep "HUBZILLA_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1191. fi
  1192. if grep -q "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE; then
  1193. OWNCLOUD_DOMAIN_NAME=$(grep "OWNCLOUD_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1194. fi
  1195. if grep -q "OWNCLOUD_CODE" $CONFIGURATION_FILE; then
  1196. OWNCLOUD_CODE=$(grep "OWNCLOUD_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1197. fi
  1198. if grep -q "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE; then
  1199. WIKI_DOMAIN_NAME=$(grep "WIKI_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1200. fi
  1201. if grep -q "WIKI_CODE" $CONFIGURATION_FILE; then
  1202. WIKI_CODE=$(grep "WIKI_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1203. fi
  1204. if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then
  1205. FULLBLOG_DOMAIN_NAME=$(grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1206. fi
  1207. if grep -q "FULLBLOG_CODE" $CONFIGURATION_FILE; then
  1208. FULLBLOG_CODE=$(grep "FULLBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1209. fi
  1210. if grep -q "MY_BLOG_TITLE" $CONFIGURATION_FILE; then
  1211. MY_BLOG_TITLE=$(grep "MY_BLOG_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1212. fi
  1213. if grep -q "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE; then
  1214. MY_BLOG_SUBTITLE=$(grep "MY_BLOG_SUBTITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1215. fi
  1216. if grep -q "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE; then
  1217. GPG_ENCRYPT_STORED_EMAIL=$(grep "GPG_ENCRYPT_STORED_EMAIL" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1218. fi
  1219. if grep -q "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE; then
  1220. MY_GPG_PUBLIC_KEY=$(grep "MY_GPG_PUBLIC_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1221. fi
  1222. if grep -q "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE; then
  1223. MY_GPG_PRIVATE_KEY=$(grep "MY_GPG_PRIVATE_KEY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1224. fi
  1225. if grep -q "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE; then
  1226. MY_GPG_PUBLIC_KEY_ID=$(grep "MY_GPG_PUBLIC_KEY_ID" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1227. fi
  1228. if grep -q "USB_DRIVE" $CONFIGURATION_FILE; then
  1229. USB_DRIVE=$(grep "USB_DRIVE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1230. fi
  1231. if grep -q "MAX_PHP_MEMORY" $CONFIGURATION_FILE; then
  1232. MAX_PHP_MEMORY=$(grep "MAX_PHP_MEMORY" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1233. fi
  1234. if grep -q "TLS_TIME_SOURCE1" $CONFIGURATION_FILE; then
  1235. TLS_TIME_SOURCE1=$(grep "TLS_TIME_SOURCE1" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1236. fi
  1237. if grep -q "TLS_TIME_SOURCE2" $CONFIGURATION_FILE; then
  1238. TLS_TIME_SOURCE2=$(grep "TLS_TIME_SOURCE2" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
  1239. fi
  1240. fi
  1241. echo "System type: $SYSTEM_TYPE"
  1242. }
  1243. function set_default_onion_domains {
  1244. # If sites are only visible via Tor then for installation
  1245. # purposes assign them some default domain names
  1246. if [[ $ONION_ONLY == "no" ]]; then
  1247. return
  1248. fi
  1249. if [ $OWNCLOUD_DOMAIN_NAME ]; then
  1250. OWNCLOUD_DOMAIN_NAME='owncloud.local'
  1251. fi
  1252. if [ $MICROBLOG_DOMAIN_NAME ]; then
  1253. MICROBLOG_DOMAIN_NAME='microblog.local'
  1254. fi
  1255. if [ $FULLBLOG_DOMAIN_NAME ]; then
  1256. FULLBLOG_DOMAIN_NAME='blog.local'
  1257. fi
  1258. if [ $GIT_DOMAIN_NAME ]; then
  1259. GIT_DOMAIN_NAME='git.local'
  1260. fi
  1261. if [ $WIKI_DOMAIN_NAME ]; then
  1262. WIKI_DOMAIN_NAME='wiki.local'
  1263. fi
  1264. if [ $DEFAULT_DOMAIN_NAME ]; then
  1265. DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
  1266. fi
  1267. }
  1268. function wait_for_onion_service {
  1269. onion_service_name="$1"
  1270. sleep_ctr=0
  1271. while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
  1272. sleep 1
  1273. sleep_ctr=$((sleep_ctr + 1))
  1274. if [ $sleep_ctr -gt 10 ]; then
  1275. break
  1276. fi
  1277. done
  1278. if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
  1279. # restart and try a second time
  1280. systemctl restart tor
  1281. sleep_ctr=0
  1282. while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
  1283. sleep 1
  1284. sleep_ctr=$((sleep_ctr + 1))
  1285. if [ $sleep_ctr -gt 10 ]; then
  1286. break
  1287. fi
  1288. done
  1289. fi
  1290. }
  1291. function add_onion_service {
  1292. onion_service_name="$1"
  1293. onion_service_port_from=$2
  1294. onion_service_port_to=$3
  1295. if [ -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
  1296. echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
  1297. return
  1298. fi
  1299. if [ ! -d /var/lib/tor ]; then
  1300. echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured."
  1301. exit 877367
  1302. fi
  1303. if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
  1304. echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc
  1305. echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
  1306. fi
  1307. systemctl restart tor
  1308. wait_for_onion_service ${onion_service_name}
  1309. if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
  1310. echo $"${onion_service_name} onion site hostname not found"
  1311. exit 76362
  1312. fi
  1313. echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
  1314. }
  1315. function create_avahi_onion_domains {
  1316. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  1317. return
  1318. fi
  1319. if [ ! -d /etc/avahi/services ]; then
  1320. return
  1321. fi
  1322. if [ $OWNCLOUD_DOMAIN_NAME ]; then
  1323. echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/owncloud.service
  1324. echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/owncloud.service
  1325. echo '<service-group>' >> /etc/avahi/services/owncloud.service
  1326. echo ' <name replace-wildcards="yes">%h HTTP</name>' >> /etc/avahi/services/owncloud.service
  1327. echo ' <service>' >> /etc/avahi/services/owncloud.service
  1328. echo ' <type>_http._tcp</type>' >> /etc/avahi/services/owncloud.service
  1329. echo " <port>$OWNCLOUD_ONION_PORT</port>" >> /etc/avahi/services/owncloud.service
  1330. echo ' </service>' >> /etc/avahi/services/owncloud.service
  1331. echo '</service-group>' >> /etc/avahi/services/owncloud.service
  1332. fi
  1333. if [ $MICROBLOG_DOMAIN_NAME ]; then
  1334. echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/microblog.service
  1335. echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/microblog.service
  1336. echo '<service-group>' >> /etc/avahi/services/microblog.service
  1337. echo ' <name replace-wildcards="yes">%h HTTP</name>' >> /etc/avahi/services/microblog.service
  1338. echo ' <service>' >> /etc/avahi/services/microblog.service
  1339. echo ' <type>_http._tcp</type>' >> /etc/avahi/services/microblog.service
  1340. echo " <port>$MICROBLOG_ONION_PORT</port>" >> /etc/avahi/services/microblog.service
  1341. echo ' </service>' >> /etc/avahi/services/microblog.service
  1342. echo '</service-group>' >> /etc/avahi/services/microblog.service
  1343. fi
  1344. if [ $FULLBLOG_DOMAIN_NAME ]; then
  1345. echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/blog.service
  1346. echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/blog.service
  1347. echo '<service-group>' >> /etc/avahi/services/blog.service
  1348. echo ' <name replace-wildcards="yes">%h HTTP</name>' >> /etc/avahi/services/blog.service
  1349. echo ' <service>' >> /etc/avahi/services/blog.service
  1350. echo ' <type>_http._tcp</type>' >> /etc/avahi/services/blog.service
  1351. echo " <port>$BLOG_ONION_PORT</port>" >> /etc/avahi/services/blog.service
  1352. echo ' </service>' >> /etc/avahi/services/blog.service
  1353. echo '</service-group>' >> /etc/avahi/services/blog.service
  1354. fi
  1355. if [ $GIT_DOMAIN_NAME ]; then
  1356. echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/git.service
  1357. echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/git.service
  1358. echo '<service-group>' >> /etc/avahi/services/git.service
  1359. echo ' <name replace-wildcards="yes">%h HTTP</name>' >> /etc/avahi/services/git.service
  1360. echo ' <service>' >> /etc/avahi/services/git.service
  1361. echo ' <type>_http._tcp</type>' >> /etc/avahi/services/git.service
  1362. echo " <port>$GIT_ONION_PORT</port>" >> /etc/avahi/services/git.service
  1363. echo ' </service>' >> /etc/avahi/services/git.service
  1364. echo '</service-group>' >> /etc/avahi/services/git.service
  1365. fi
  1366. if [ $WIKI_DOMAIN_NAME ]; then
  1367. echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/wiki.service
  1368. echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/wiki.service
  1369. echo '<service-group>' >> /etc/avahi/services/wiki.service
  1370. echo ' <name replace-wildcards="yes">%h HTTP</name>' >> /etc/avahi/services/wiki.service
  1371. echo ' <service>' >> /etc/avahi/services/wiki.service
  1372. echo ' <type>_http._tcp</type>' >> /etc/avahi/services/wiki.service
  1373. echo " <port>$WIKI_ONION_PORT</port>" >> /etc/avahi/services/wiki.service
  1374. echo ' </service>' >> /etc/avahi/services/wiki.service
  1375. echo '</service-group>' >> /etc/avahi/services/wiki.service
  1376. fi
  1377. }
  1378. # check an individual domain name
  1379. function test_domain_name {
  1380. if [ $1 ]; then
  1381. TEST_DOMAIN_NAME=$1
  1382. validate_domain_name
  1383. if [[ $TEST_DOMAIN_NAME != $1 ]]; then
  1384. echo $TEST_DOMAIN_NAME
  1385. exit 8528
  1386. fi
  1387. fi
  1388. }
  1389. # check that domain names are sensible
  1390. function check_domains {
  1391. if [ $WIKI_DOMAIN_NAME ]; then
  1392. test_domain_name "$WIKI_DOMAIN_NAME"
  1393. if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
  1394. echo $'Wiki domain name is the same as Owncloud domain name. They must be different'
  1395. exit 73863
  1396. fi
  1397. if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
  1398. echo $'Wiki domain name is the same as blog domain name. They must be different'
  1399. exit 97326
  1400. fi
  1401. if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
  1402. echo $'Wiki domain name is the same as microblog domain name. They must be different'
  1403. exit 36827
  1404. fi
  1405. if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
  1406. echo $'Wiki domain name is the same as hubzilla domain name. They must be different'
  1407. exit 65848
  1408. fi
  1409. if [ $GIT_DOMAIN_NAME ]; then
  1410. if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
  1411. echo $'Wiki domain name is the same as Gogs domain name. They must be different'
  1412. exit 73529
  1413. fi
  1414. fi
  1415. fi
  1416. if [ $OWNCLOUD_DOMAIN_NAME ]; then
  1417. test_domain_name "$OWNCLOUD_DOMAIN_NAME"
  1418. if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
  1419. echo $'Owncloud domain name is the same as wiki domain name. They must be different'
  1420. exit 37994
  1421. fi
  1422. if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
  1423. echo $'Owncloud domain name is the same as blog domain name. They must be different'
  1424. exit 37936
  1425. fi
  1426. if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
  1427. echo $'Owncloud domain name is the same as microblog domain name. They must be different'
  1428. exit 36896
  1429. fi
  1430. if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
  1431. echo $'Owncloud domain name is the same as hubzilla domain name. They must be different'
  1432. exit 68365
  1433. fi
  1434. if [ $GIT_DOMAIN_NAME ]; then
  1435. if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
  1436. echo $'Owncloud domain name is the same as Gogs domain name. They must be different'
  1437. exit 27692
  1438. fi
  1439. fi
  1440. fi
  1441. if [ $FULLBLOG_DOMAIN_NAME ]; then
  1442. test_domain_name "$FULLBLOG_DOMAIN_NAME"
  1443. if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
  1444. echo $'Blog domain name is the same as wiki domain name. They must be different'
  1445. exit 62348
  1446. fi
  1447. if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
  1448. echo $'Blog domain name is the same as Owncloud domain name. They must be different'
  1449. exit 84682
  1450. fi
  1451. if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
  1452. echo $'Blog domain name is the same as microblog domain name. They must be different'
  1453. exit 38236
  1454. fi
  1455. if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
  1456. echo $'Blog domain name is the same as hubzilla domain name. They must be different'
  1457. exit 35483
  1458. fi
  1459. if [ $GIT_DOMAIN_NAME ]; then
  1460. if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
  1461. echo $'Blog domain name is the same as Gogs domain name. They must be different'
  1462. exit 84695
  1463. fi
  1464. fi
  1465. fi
  1466. if [ $MICROBLOG_DOMAIN_NAME ]; then
  1467. test_domain_name "$MICROBLOG_DOMAIN_NAME"
  1468. if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
  1469. echo $'Microblog domain name is the same as wiki domain name. They must be different'
  1470. exit 73924
  1471. fi
  1472. if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
  1473. echo $'Microblog domain name is the same as Owncloud domain name. They must be different'
  1474. exit 73683
  1475. fi
  1476. if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
  1477. echo $'Microblog domain name is the same as blog domain name. They must be different'
  1478. exit 26832
  1479. fi
  1480. if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
  1481. echo $'Microblog domain name is the same as hubzilla domain name. They must be different'
  1482. exit 678382
  1483. fi
  1484. if [ $GIT_DOMAIN_NAME ]; then
  1485. if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
  1486. echo $'Microblog domain name is the same as Gogs domain name. They must be different'
  1487. exit 684325
  1488. fi
  1489. fi
  1490. fi
  1491. if [ $HUBZILLA_DOMAIN_NAME ]; then
  1492. test_domain_name "$HUBZILLA_DOMAIN_NAME"
  1493. if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
  1494. echo $'Hubzilla domain name is the same as wiki domain name. They must be different'
  1495. exit 83682
  1496. fi
  1497. if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
  1498. echo $'Hubzilla domain name is the same as Owncloud domain name. They must be different'
  1499. exit 65192
  1500. fi
  1501. if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
  1502. echo $'Hubzilla domain name is the same as blog domain name. They must be different'
  1503. exit 74817
  1504. fi
  1505. if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
  1506. echo $'Hubzilla domain name is the same as microblog domain name. They must be different'
  1507. exit 83683
  1508. fi
  1509. if [ $GIT_DOMAIN_NAME ]; then
  1510. if [[ "$test_domain_name" == "$GIT_DOMAIN_NAME" ]]; then
  1511. echo $'Hubzilla domain name is the same as Gogs domain name. They must be different'
  1512. exit 135523
  1513. fi
  1514. fi
  1515. fi
  1516. if [ $GIT_DOMAIN_NAME ]; then
  1517. test_domain_name "$GIT_DOMAIN_NAME"
  1518. if [[ "$test_domain_name" == "$WIKI_DOMAIN_NAME" ]]; then
  1519. echo $'Hubzilla domain name is the same as wiki domain name. They must be different'
  1520. exit 83682
  1521. fi
  1522. if [[ "$test_domain_name" == "$OWNCLOUD_DOMAIN_NAME" ]]; then
  1523. echo $'Hubzilla domain name is the same as Owncloud domain name. They must be different'
  1524. exit 65192
  1525. fi
  1526. if [[ "$test_domain_name" == "$FULLBLOG_DOMAIN_NAME" ]]; then
  1527. echo $'Hubzilla domain name is the same as blog domain name. They must be different'
  1528. exit 74817
  1529. fi
  1530. if [[ "$test_domain_name" == "$MICROBLOG_DOMAIN_NAME" ]]; then
  1531. echo $'Hubzilla domain name is the same as microblog domain name. They must be different'
  1532. exit 83683
  1533. fi
  1534. if [[ "$test_domain_name" == "$HUBZILLA_DOMAIN_NAME" ]]; then
  1535. echo $'Microblog domain name is the same as hubzilla domain name. They must be different'
  1536. exit 678382
  1537. fi
  1538. fi
  1539. }
  1540. # Checks whether certificates were generated for the given hostname
  1541. function check_certificates {
  1542. if [ ! $1 ]; then
  1543. return
  1544. fi
  1545. if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
  1546. if [ ! -f /etc/ssl/private/$1.key ]; then
  1547. echo $"Private certificate for $CHECK_HOSTNAME was not created"
  1548. exit 63959
  1549. fi
  1550. if [ ! -f /etc/ssl/certs/$1.crt ]; then
  1551. echo $"Public certificate for $CHECK_HOSTNAME was not created"
  1552. exit 7679
  1553. fi
  1554. else
  1555. if [ ! -f /etc/letsencrypt/live/${1}/privkey.pem ]; then
  1556. echo $"Private certificate for $CHECK_HOSTNAME was not created"
  1557. exit 6282
  1558. fi
  1559. if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ]; then
  1560. echo $"Public certificate for $CHECK_HOSTNAME was not created"
  1561. exit 5328
  1562. fi
  1563. fi
  1564. if [ ! -f /etc/ssl/certs/$1.dhparam ]; then
  1565. echo $"Diffie–Hellman parameters for $CHECK_HOSTNAME were not created"
  1566. exit 5989
  1567. fi
  1568. }
  1569. function install_not_on_BBB {
  1570. if grep -Fxq "install_not_on_BBB" $COMPLETION_FILE; then
  1571. return
  1572. fi
  1573. if [[ INSTALLING_ON_BBB == "yes" ]]; then
  1574. return
  1575. fi
  1576. if [ ! $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
  1577. return
  1578. fi
  1579. echo '# The loopback network interface' > /etc/network/interfaces
  1580. echo 'auto lo' >> /etc/network/interfaces
  1581. echo 'iface lo inet loopback' >> /etc/network/interfaces
  1582. echo '' >> /etc/network/interfaces
  1583. echo '# The primary network interface' >> /etc/network/interfaces
  1584. echo 'auto eth0' >> /etc/network/interfaces
  1585. echo 'iface eth0 inet static' >> /etc/network/interfaces
  1586. echo " address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces
  1587. echo ' netmask 255.255.255.0' >> /etc/network/interfaces
  1588. echo " gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces
  1589. echo " dns-nameservers $NAMESERVER1 $NAMESERVER2" >> /etc/network/interfaces
  1590. echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces
  1591. echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces
  1592. echo '' >> /etc/network/interfaces
  1593. echo '# The secondary network interface' >> /etc/network/interfaces
  1594. echo '#auto eth1' >> /etc/network/interfaces
  1595. echo '#iface eth1 inet dhcp' >> /etc/network/interfaces
  1596. echo '' >> /etc/network/interfaces
  1597. echo '# WiFi Example' >> /etc/network/interfaces
  1598. echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces
  1599. echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces
  1600. echo '# wpa-ssid "essid"' >> /etc/network/interfaces
  1601. echo '# wpa-psk "password"' >> /etc/network/interfaces
  1602. echo '' >> /etc/network/interfaces
  1603. echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces
  1604. echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces
  1605. echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces
  1606. echo '#iface usb0 inet static' >> /etc/network/interfaces
  1607. echo '# address 192.168.7.2' >> /etc/network/interfaces
  1608. echo '# netmask 255.255.255.0' >> /etc/network/interfaces
  1609. echo '# network 192.168.7.0' >> /etc/network/interfaces
  1610. echo '# gateway 192.168.7.1' >> /etc/network/interfaces
  1611. echo 'install_not_on_BBB' >> $COMPLETION_FILE
  1612. }
  1613. function mark_admin_user_account {
  1614. if ! grep -q "Admin user:" $COMPLETION_FILE; then
  1615. echo "Admin user:$MY_USERNAME" >> $COMPLETION_FILE
  1616. fi
  1617. }
  1618. function mark_blog_domain {
  1619. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  1620. return
  1621. fi
  1622. if ! grep -q "Blog domain:" $COMPLETION_FILE; then
  1623. echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
  1624. fi
  1625. }
  1626. function randomize_cron {
  1627. # The predictable default timing of Debian cron jobs might
  1628. # be exploitable knowledge. Avoid too much predictability
  1629. # by randomizing the times when cron jobs run
  1630. if grep -Fxq "randomize_cron" $COMPLETION_FILE; then
  1631. return
  1632. fi
  1633. # randomize the day on which the weekly cron job runs
  1634. randdow=$(($RANDOM%6+1))
  1635. sed -i "s|\* \* 7|* * $randdow|g" /etc/crontab
  1636. # randomize the time when the weekly cron job runs
  1637. randmin=$(($RANDOM%60))
  1638. randhr=$(($RANDOM%3+1))
  1639. sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
  1640. # randomize the time when the daily cron job runs
  1641. randmin=$(($RANDOM%60))
  1642. randhr=$(($RANDOM%3+4))
  1643. sed -i "s|25 6\t\* \* \*|$randmin $randhr\t* * *|g" /etc/crontab
  1644. # randomize the time when the hourly cron job runs
  1645. randmin=$(($RANDOM%60))
  1646. sed -i "s|17 \*\t|$randmin *\t|g" /etc/crontab
  1647. # randomize monthly cron job time and day
  1648. randmin=$(($RANDOM%60))
  1649. randhr=$(($RANDOM%22+1))
  1650. randdom=$(($RANDOM%27+1))
  1651. sed -i "s|52 6\t|$randmin $randhr\t|g" /etc/crontab
  1652. sed -i "s|\t1 \* \*|\t$randdom * *|g" /etc/crontab
  1653. systemctl restart cron
  1654. echo 'randomize_cron' >> $COMPLETION_FILE
  1655. }
  1656. function get_cjdns_public_key {
  1657. if [ -f /home/$MY_USERNAME/README ]; then
  1658. if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
  1659. if [ ! $CJDNS_PUBLIC_KEY ]; then
  1660. CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
  1661. fi
  1662. fi
  1663. fi
  1664. }
  1665. function get_cjdns_private_key {
  1666. if [ -f /home/$MY_USERNAME/README ]; then
  1667. if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
  1668. if [ ! $CJDNS_PRIVATE_KEY ]; then
  1669. CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
  1670. fi
  1671. fi
  1672. fi
  1673. }
  1674. function get_cjdns_ipv6_address {
  1675. if [ -f /home/$MY_USERNAME/README ]; then
  1676. if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
  1677. if [ ! $CJDNS_IPV6 ]; then
  1678. CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
  1679. fi
  1680. fi
  1681. fi
  1682. }
  1683. function get_cjdns_port {
  1684. if [ -f /home/$MY_USERNAME/README ]; then
  1685. if grep -q "cjdns port" /home/$MY_USERNAME/README; then
  1686. if [ ! $CJDNS_PORT ]; then
  1687. CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
  1688. fi
  1689. fi
  1690. fi
  1691. }
  1692. function get_cjdns_password {
  1693. if [ -f /home/$MY_USERNAME/README ]; then
  1694. if grep -q "cjdns password" /home/$MY_USERNAME/README; then
  1695. if [ ! $CJDNS_PASSWORD ]; then
  1696. CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  1697. fi
  1698. fi
  1699. fi
  1700. }
  1701. # script to automatically renew any Let's Encrypt certificates
  1702. function letsencrypt_renewals {
  1703. if [[ $ONION_ONLY != "no" ]]; then
  1704. return
  1705. fi
  1706. renewals_script=/etc/cron.monthly/letsencrypt
  1707. renewals_retry_script=/etc/cron.daily/letsencrypt
  1708. renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed'
  1709. renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal'
  1710. # the main script tries to renew once per month
  1711. echo '#!/bin/bash' > $renewals_script
  1712. echo '' >> $renewals_script
  1713. echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_script
  1714. echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script
  1715. echo '' >> $renewals_script
  1716. echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script
  1717. echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_script
  1718. echo ' rm ~/letsencrypt_failed' >> $renewals_script
  1719. echo ' fi' >> $renewals_script
  1720. echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script
  1721. echo -n "awk -F ':' '{print " >> $renewals_script
  1722. echo -n '$2' >> $renewals_script
  1723. echo "}')" >> $renewals_script
  1724. echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_script
  1725. echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_script
  1726. echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_script
  1727. echo -n "awk -F '/' '{print " >> $renewals_script
  1728. echo -n '$5' >> $renewals_script
  1729. echo "}')" >> $renewals_script
  1730. echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_script
  1731. echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_script
  1732. echo ' if [ ! "$?" = "0" ]; then' >> $renewals_script
  1733. echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_script
  1734. echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_script
  1735. echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_script
  1736. echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_script
  1737. echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script
  1738. echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_script
  1739. echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_script
  1740. echo ' touch ~/letsencrypt_failed' >> $renewals_script
  1741. echo ' fi' >> $renewals_script
  1742. echo ' fi' >> $renewals_script
  1743. echo ' fi' >> $renewals_script
  1744. echo ' done' >> $renewals_script
  1745. echo 'fi' >> $renewals_script
  1746. chmod +x $renewals_script
  1747. # a secondary script keeps trying to renew after a failure
  1748. echo '#!/bin/bash' > $renewals_retry_script
  1749. echo '' >> $renewals_retry_script
  1750. echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_retry_script
  1751. echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_retry_script
  1752. echo '' >> $renewals_retry_script
  1753. echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_retry_script
  1754. echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
  1755. echo ' rm ~/letsencrypt_failed' >> $renewals_retry_script
  1756. echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_retry_script
  1757. echo -n "awk -F ':' '{print " >> $renewals_retry_script
  1758. echo -n '$2' >> $renewals_retry_script
  1759. echo "}')" >> $renewals_retry_script
  1760. echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_retry_script
  1761. echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_retry_script
  1762. echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_retry_script
  1763. echo -n "awk -F '/' '{print " >> $renewals_retry_script
  1764. echo -n '$5' >> $renewals_retry_script
  1765. echo "}')" >> $renewals_retry_script
  1766. echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_retry_script
  1767. echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_retry_script
  1768. echo ' if [ ! "$?" = "0" ]; then' >> $renewals_retry_script
  1769. echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_retry_script
  1770. echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
  1771. echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
  1772. echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_retry_script
  1773. echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_retry_script
  1774. echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
  1775. echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
  1776. echo ' touch ~/letsencrypt_failed' >> $renewals_retry_script
  1777. echo ' fi' >> $renewals_retry_script
  1778. echo ' fi' >> $renewals_retry_script
  1779. echo ' fi' >> $renewals_retry_script
  1780. echo ' done' >> $renewals_retry_script
  1781. echo ' fi' >> $renewals_retry_script
  1782. echo 'fi' >> $renewals_retry_script
  1783. chmod +x $renewals_retry_script
  1784. }
  1785. function save_firewall_settings {
  1786. iptables-save > /etc/firewall.conf
  1787. ip6tables-save > /etc/firewall6.conf
  1788. printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
  1789. printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
  1790. printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
  1791. chmod +x /etc/network/if-up.d/iptables
  1792. }
  1793. function enable_ipv6 {
  1794. # endure that ipv6 is enabled and can route
  1795. sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf
  1796. #sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf
  1797. #sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf
  1798. sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf
  1799. echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
  1800. }
  1801. function mesh_cjdns {
  1802. if [[ $ENABLE_CJDNS != "yes" ]]; then
  1803. return
  1804. fi
  1805. # update to the next commit
  1806. if [ -d /etc/cjdns ]; then
  1807. if grep -q "cjdns commit" $COMPLETION_FILE; then
  1808. CURRENT_CJDNS_COMMIT=$(grep "cjdns commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  1809. if [[ "$CURRENT_CJDNS_COMMIT" != "$CJDNS_COMMIT" ]]; then
  1810. cd /etc/cjdns
  1811. git_pull $CJDNS_REPO $CJDNS_COMMIT
  1812. sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
  1813. ./do
  1814. fi
  1815. fi
  1816. fi
  1817. if grep -Fxq "mesh_cjdns" $COMPLETION_FILE; then
  1818. return
  1819. fi
  1820. apt-get -y install nodejs git build-essential nmap
  1821. # if a README exists then obtain the cjdns parameters
  1822. get_cjdns_ipv6_address
  1823. get_cjdns_public_key
  1824. get_cjdns_private_key
  1825. get_cjdns_port
  1826. get_cjdns_password
  1827. # special compile settings for running ./do on the Beaglebone Black
  1828. if [[ $INSTALLING_ON_BBB == "yes" ]]; then
  1829. CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
  1830. export LDFLAGS="$CFLAGS"
  1831. fi
  1832. if [ ! -d /etc/cjdns ]; then
  1833. git_clone $CJDNS_REPO /etc/cjdns
  1834. cd /etc/cjdns
  1835. git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
  1836. if ! grep -q "cjdns commit" $COMPLETION_FILE; then
  1837. echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
  1838. else
  1839. sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
  1840. fi
  1841. ./do
  1842. if [ ! "$?" = "0" ]; then
  1843. exit 7439
  1844. fi
  1845. # create a configuration
  1846. if [ ! -f /etc/cjdns/cjdroute.conf ]; then
  1847. ./cjdroute --genconf > /etc/cjdns/cjdroute.conf
  1848. if [ ! "$?" = "0" ]; then
  1849. exit 5922
  1850. fi
  1851. fi
  1852. # create a user to run as
  1853. useradd cjdns
  1854. else
  1855. cd /etc/cjdns
  1856. git_pull $CJDNS_REPO
  1857. ./do
  1858. if [ ! "$?" = "0" ]; then
  1859. exit 9926
  1860. fi
  1861. fi
  1862. # set permissions
  1863. chown -R cjdns:cjdns /etc/cjdns
  1864. chmod 600 /etc/cjdns/cjdroute.conf
  1865. /sbin/ip tuntap add mode tun user cjdns dev cjdroute0
  1866. # insert values into the configuration file
  1867. if [ $CJDNS_PRIVATE_KEY ]; then
  1868. sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
  1869. else
  1870. CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
  1871. fi
  1872. if [ $CJDNS_PUBLIC_KEY ]; then
  1873. sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
  1874. else
  1875. CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
  1876. fi
  1877. if [ $CJDNS_IPV6 ]; then
  1878. sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
  1879. else
  1880. CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
  1881. fi
  1882. if [ $CJDNS_PASSWORD ]; then
  1883. sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
  1884. else
  1885. CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
  1886. fi
  1887. if [ $CJDNS_PORT ]; then
  1888. sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
  1889. else
  1890. CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
  1891. fi
  1892. enable_ipv6
  1893. echo '#!/bin/sh -e' > /etc/init.d/cjdns
  1894. echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
  1895. echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
  1896. echo '# Provides: cjdroute' >> /etc/init.d/cjdns
  1897. echo '# Required-Start: $remote_fs $network' >> /etc/init.d/cjdns
  1898. echo '# Required-Stop: $remote_fs $network' >> /etc/init.d/cjdns
  1899. echo '# Default-Start: 2 3 4 5' >> /etc/init.d/cjdns
  1900. echo '# Default-Stop: 0 1 6' >> /etc/init.d/cjdns
  1901. echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
  1902. echo '# Description: A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
  1903. echo '# cjdns git repo: https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
  1904. echo '### END INIT INFO' >> /etc/init.d/cjdns
  1905. echo '' >> /etc/init.d/cjdns
  1906. echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
  1907. echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
  1908. echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
  1909. echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
  1910. echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
  1911. echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
  1912. echo '' >> /etc/init.d/cjdns
  1913. echo 'start() {' >> /etc/init.d/cjdns
  1914. echo ' # Start it up with the user cjdns' >> /etc/init.d/cjdns
  1915. echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
  1916. echo ' then' >> /etc/init.d/cjdns
  1917. echo ' echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
  1918. echo ' else' >> /etc/init.d/cjdns
  1919. echo ' echo " * Starting cjdroute"' >> /etc/init.d/cjdns
  1920. echo ' su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
  1921. echo ' /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
  1922. echo ' /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
  1923. echo ' /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
  1924. echo ' /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
  1925. echo ' fi' >> /etc/init.d/cjdns
  1926. echo '}' >> /etc/init.d/cjdns
  1927. echo '' >> /etc/init.d/cjdns
  1928. echo 'stop() {' >> /etc/init.d/cjdns
  1929. echo '' >> /etc/init.d/cjdns
  1930. echo ' if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
  1931. echo ' then' >> /etc/init.d/cjdns
  1932. echo ' echo "cjdns isnt running."' >> /etc/init.d/cjdns
  1933. echo ' else' >> /etc/init.d/cjdns
  1934. echo ' echo "Killing cjdroute"' >> /etc/init.d/cjdns
  1935. echo ' killall cjdroute' >> /etc/init.d/cjdns
  1936. echo ' fi' >> /etc/init.d/cjdns
  1937. echo '}' >> /etc/init.d/cjdns
  1938. echo '' >> /etc/init.d/cjdns
  1939. echo 'status() {' >> /etc/init.d/cjdns
  1940. echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
  1941. echo ' then' >> /etc/init.d/cjdns
  1942. echo ' echo "Cjdns is running"' >> /etc/init.d/cjdns
  1943. echo ' else' >> /etc/init.d/cjdns
  1944. echo ' echo "Cjdns is not running"' >> /etc/init.d/cjdns
  1945. echo ' fi' >> /etc/init.d/cjdns
  1946. echo '}' >> /etc/init.d/cjdns
  1947. echo '' >> /etc/init.d/cjdns
  1948. echo ' update() {' >> /etc/init.d/cjdns
  1949. echo ' cd $GIT_PATH' >> /etc/init.d/cjdns
  1950. echo ' echo "Updating..."' >> /etc/init.d/cjdns
  1951. echo ' git pull' >> /etc/init.d/cjdns
  1952. echo ' ./do' >> /etc/init.d/cjdns
  1953. echo '}' >> /etc/init.d/cjdns
  1954. echo '' >> /etc/init.d/cjdns
  1955. echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
  1956. echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
  1957. echo ' echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
  1958. echo ' exit 1' >> /etc/init.d/cjdns
  1959. echo 'fi' >> /etc/init.d/cjdns
  1960. echo '' >> /etc/init.d/cjdns
  1961. echo 'case $1 in' >> /etc/init.d/cjdns
  1962. echo ' start)' >> /etc/init.d/cjdns
  1963. echo ' start' >> /etc/init.d/cjdns
  1964. echo ' exit 0' >> /etc/init.d/cjdns
  1965. echo ' ;;' >> /etc/init.d/cjdns
  1966. echo ' stop)' >> /etc/init.d/cjdns
  1967. echo ' stop' >> /etc/init.d/cjdns
  1968. echo ' exit 0' >> /etc/init.d/cjdns
  1969. echo ' ;;' >> /etc/init.d/cjdns
  1970. echo ' reload|restart|force-reload)' >> /etc/init.d/cjdns
  1971. echo ' stop' >> /etc/init.d/cjdns
  1972. echo ' sleep 1' >> /etc/init.d/cjdns
  1973. echo ' start' >> /etc/init.d/cjdns
  1974. echo ' exit 0' >> /etc/init.d/cjdns
  1975. echo ' ;;' >> /etc/init.d/cjdns
  1976. echo ' status)' >> /etc/init.d/cjdns
  1977. echo ' status' >> /etc/init.d/cjdns
  1978. echo ' exit 0' >> /etc/init.d/cjdns
  1979. echo ' ;;' >> /etc/init.d/cjdns
  1980. echo ' update|upgrade)' >> /etc/init.d/cjdns
  1981. echo ' update' >> /etc/init.d/cjdns
  1982. echo ' stop' >> /etc/init.d/cjdns
  1983. echo ' sleep 2' >> /etc/init.d/cjdns
  1984. echo ' start' >> /etc/init.d/cjdns
  1985. echo ' exit 0' >> /etc/init.d/cjdns
  1986. echo ' ;;' >> /etc/init.d/cjdns
  1987. echo ' **)' >> /etc/init.d/cjdns
  1988. echo ' echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
  1989. echo ' exit 1' >> /etc/init.d/cjdns
  1990. echo ' ;;' >> /etc/init.d/cjdns
  1991. echo 'esac' >> /etc/init.d/cjdns
  1992. chmod +x /etc/init.d/cjdns
  1993. update-rc.d cjdns defaults
  1994. service cjdns start
  1995. if [ ! "$?" = "0" ]; then
  1996. systemctl status cjdns.service
  1997. exit 8260
  1998. fi
  1999. apt-get -y install radvd
  2000. echo 'interface eth0' > /etc/radvd.conf
  2001. echo '{' >> /etc/radvd.conf
  2002. echo ' AdvSendAdvert on;' >> /etc/radvd.conf
  2003. echo ' prefix fdfc::1/64' >> /etc/radvd.conf
  2004. echo ' {' >> /etc/radvd.conf
  2005. echo ' AdvRouterAddr on;' >> /etc/radvd.conf
  2006. echo ' };' >> /etc/radvd.conf
  2007. echo '};' >> /etc/radvd.conf
  2008. systemctl restart radvd
  2009. if [ ! "$?" = "0" ]; then
  2010. systemctl status radvd.service
  2011. exit 4395
  2012. fi
  2013. if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
  2014. echo '' >> /etc/network/interfaces
  2015. echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
  2016. echo 'iface eth0 inet6 static' >> /etc/network/interfaces
  2017. echo ' pre-up modprobe ipv6' >> /etc/network/interfaces
  2018. echo ' address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
  2019. echo ' netmask 64' >> /etc/network/interfaces
  2020. service network-manager restart
  2021. if [ ! "$?" = "0" ]; then
  2022. systemctl status networking.service
  2023. exit 6949
  2024. fi
  2025. fi
  2026. ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
  2027. ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
  2028. save_firewall_settings
  2029. if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
  2030. CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
  2031. echo '' >> /home/$MY_USERNAME/README
  2032. echo '' >> /home/$MY_USERNAME/README
  2033. echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
  2034. echo '=======================' >> /home/$MY_USERNAME/README
  2035. echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
  2036. echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
  2037. echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
  2038. echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
  2039. echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
  2040. echo '' >> /home/$MY_USERNAME/README
  2041. echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
  2042. echo '' >> /home/$MY_USERNAME/README
  2043. echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
  2044. echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
  2045. echo $'to you using your default password' >> /home/$MY_USERNAME/README
  2046. echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
  2047. echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
  2048. echo '' >> /home/$MY_USERNAME/README
  2049. echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
  2050. echo '' >> /home/$MY_USERNAME/README
  2051. echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
  2052. echo '' >> /home/$MY_USERNAME/README
  2053. echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
  2054. echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
  2055. echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
  2056. echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
  2057. echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
  2058. echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
  2059. echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
  2060. echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
  2061. echo $'each password is for.' >> /home/$MY_USERNAME/README
  2062. echo '' >> /home/$MY_USERNAME/README
  2063. echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
  2064. echo ' http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
  2065. echo ' http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
  2066. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  2067. chmod 600 /home/$MY_USERNAME/README
  2068. fi
  2069. echo 'mesh_cjdns' >> $COMPLETION_FILE
  2070. }
  2071. function create_mirrors {
  2072. if [ -d /home/trove ]; then
  2073. userdel -r trove
  2074. fi
  2075. if grep -Fxq "create_mirrors" $COMPLETION_FILE; then
  2076. return
  2077. fi
  2078. ${PROJECT_NAME}-mirrors
  2079. echo 'create_mirrors' >> $COMPLETION_FILE
  2080. }
  2081. function mesh_cjdns_tools {
  2082. if grep -Fxq "mesh_cjdns_tools" $COMPLETION_FILE; then
  2083. return
  2084. fi
  2085. if [[ $ENABLE_CJDNS != "yes" ]]; then
  2086. return
  2087. fi
  2088. if [ ! -d /etc/cjdns ]; then
  2089. mesh_cjdns
  2090. fi
  2091. apt-get -y install golang mercurial
  2092. if [ ! -f ~/.bashrc ]; then
  2093. touch ~/.bashrc
  2094. fi
  2095. export GOPATH=/home/git/go
  2096. if [ ! -d /home/git ]; then
  2097. # add a gogs user account
  2098. adduser --disabled-login --gecos 'Gogs' git
  2099. # install Go
  2100. if ! grep -q "export GOPATH=/home/git/go" ~/.bashrc; then
  2101. echo 'export GOPATH=/home/git/go' >> ~/.bashrc
  2102. echo 'systemctl set-environment GOPATH=/home/git/go' >> ~/.bashrc
  2103. fi
  2104. if [ ! -d $GOPATH ]; then
  2105. mkdir -p $GOPATH
  2106. fi
  2107. fi
  2108. if ! grep -q "export GOPATH=" ~/.bashrc; then
  2109. echo "export GOPATH=$GOPATH" >> ~/.bashrc
  2110. fi
  2111. expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
  2112. if ! grep -q "$expected_go_path" ~/.bashrc; then
  2113. export PATH=$PATH:${GOPATH}/bin
  2114. echo "$expected_go_path" >> ~/.bashrc
  2115. fi
  2116. export PATH=$PATH:$GOPATH/bin
  2117. CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
  2118. go get $CJDCMD_REPO2
  2119. if [ ! -f $GOPATH/bin/cjdcmd ]; then
  2120. echo $'cjdcmd was not compiled. Check your golang installation'
  2121. exit 7439
  2122. fi
  2123. cp $GOPATH/bin/cjdcmd /usr/bin
  2124. # initialise from the cjdns config
  2125. /usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
  2126. echo 'mesh_cjdns_tools' >> $COMPLETION_FILE
  2127. }
  2128. function install_zeronet_blog {
  2129. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  2130. return
  2131. fi
  2132. if [ -d /opt/zeronet/ZeroBlog ]; then
  2133. if grep -q "ZeroNet Blog commit" $COMPLETION_FILE; then
  2134. CURRENT_ZERONET_BLOG_COMMIT=$(grep "ZeroNet Blog commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  2135. if [[ "$CURRENT_ZERONET_BLOG_COMMIT" != "$ZERONET_BLOG_COMMIT" ]]; then
  2136. cd /opt/zeronet/ZeroBlog
  2137. git_pull $ZERONET_BLOG_REPO $ZERONET_BLOG_COMMIT
  2138. sed -i "s/ZeroNet Blog commit.*/ZeroNet Blog commit:$ZERONET_BLOG_COMMIT/g" $COMPLETION_FILE
  2139. fi
  2140. else
  2141. echo "ZeroNet Blog commit:$ZERONET_BLOG_COMMIT" >> $COMPLETION_FILE
  2142. fi
  2143. fi
  2144. if grep -Fxq "install_zeronet_blog" $COMPLETION_FILE; then
  2145. return
  2146. fi
  2147. if [ ! -f /home/$MY_USERNAME/README ]; then
  2148. touch /home/$MY_USERNAME/README
  2149. fi
  2150. if grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then
  2151. return
  2152. fi
  2153. if [ ! -d /etc/avahi ]; then
  2154. echo $'Avahi is not installed'
  2155. exit 736
  2156. fi
  2157. ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog"
  2158. cd /opt/zeronet
  2159. python zeronet.py --batch siteCreate 2> /opt/zeronet/blog.txt
  2160. if [ ! -f /opt/zeronet/blog.txt ]; then
  2161. echo $'Unable to create blog'
  2162. exit 479
  2163. fi
  2164. blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}')
  2165. blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}')
  2166. ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/}
  2167. ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/}
  2168. if [ ${#ZERONET_BLOG_ADDRESS} -lt 20 ]; then
  2169. echo $"Address: $ZERONET_BLOG_ADDRESS"
  2170. echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY"
  2171. echo $'Unable to create zeronet blog address'
  2172. exit 7358
  2173. fi
  2174. if [ ${#ZERONET_BLOG_PRIVATE_KEY} -lt 20 ]; then
  2175. echo $"Address: $ZERONET_BLOG_ADDRESS"
  2176. echo $"Public key: $ZERONET_BLOG_PRIVATE_KEY"
  2177. echo $'Unable to create zeronet blog private key'
  2178. exit 1639
  2179. fi
  2180. if [ ! -d "/opt/zeronet/data/$ZERONET_BLOG_ADDRESS" ]; then
  2181. echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_BLOG_ADDRESS"
  2182. exit 7638
  2183. fi
  2184. git_clone $ZERONET_BLOG_REPO ZeroBlog
  2185. if [ ! -d /opt/zeronet/ZeroBlog ]; then
  2186. echo $'ZeroBlog repo could not be cloned'
  2187. exit 6739
  2188. fi
  2189. cd /opt/zeronet/ZeroBlog
  2190. git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
  2191. if ! grep -q "ZeroNet Blog commit" $COMPLETION_FILE; then
  2192. echo "ZeroNet Blog commit:$ZERONET_BLOG_COMMIT" >> $COMPLETION_FILE
  2193. else
  2194. sed -i "s/ZeroNet Blog commit.*/ZeroNet Blog commit:$ZERONET_BLOG_COMMIT/g" $COMPLETION_FILE
  2195. fi
  2196. echo $"ZeroNet Blog address: $ZERONET_BLOG_ADDRESS"
  2197. echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY"
  2198. cp -r /opt/zeronet/ZeroBlog/* /opt/zeronet/data/$ZERONET_BLOG_ADDRESS
  2199. if [ ! -d /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then
  2200. mkdir /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data
  2201. fi
  2202. cp /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data
  2203. sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
  2204. sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
  2205. sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
  2206. sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
  2207. sed -i "s/Blogging platform Demo/Blogging platform/g" /opt/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json
  2208. python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY
  2209. # Add an avahi service
  2210. echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /tmp/zeronet-blog.service
  2211. echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /tmp/zeronet-blog.service
  2212. echo '<service-group>' >> /tmp/zeronet-blog.service
  2213. echo ' <name replace-wildcards="yes">%h ZeroNet Blog</name>' >> /tmp/zeronet-blog.service
  2214. echo ' <service>' >> /tmp/zeronet-blog.service
  2215. echo ' <type>_zeronet._udp</type>' >> /tmp/zeronet-blog.service
  2216. echo " <port>$ZERONET_PORT</port>" >> /tmp/zeronet-blog.service
  2217. echo " <txt-record>$ZERONET_URL/$ZERONET_BLOG_ADDRESS</txt-record>" >> /tmp/zeronet-blog.service
  2218. echo ' </service>' >> /tmp/zeronet-blog.service
  2219. echo '</service-group>' >> /tmp/zeronet-blog.service
  2220. cp /tmp/zeronet-blog.service /etc/avahi/services/zeronet-blog.service
  2221. if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
  2222. mkdir -p /home/$MY_USERNAME/.config/zeronet
  2223. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
  2224. fi
  2225. echo "$ZERONET_URL/$ZERONET_BLOG_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/myblog
  2226. if ! grep -q "ZeroNet Blog address" /home/$MY_USERNAME/README; then
  2227. echo '' >> /home/$MY_USERNAME/README
  2228. echo "ZeroNet Blog address: $ZERONET_BLOG_ADDRESS" >> /home/$MY_USERNAME/README
  2229. echo "ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY" >> /home/$MY_USERNAME/README
  2230. fi
  2231. echo 'install_zeronet_blog' >> $COMPLETION_FILE
  2232. }
  2233. function install_zeronet_mail {
  2234. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  2235. return
  2236. fi
  2237. if [ -d /opt/zeronet/ZeroMail ]; then
  2238. if grep -q "ZeroNet Mail commit" $COMPLETION_FILE; then
  2239. CURRENT_ZERONET_MAIL_COMMIT=$(grep "ZeroNet Mail commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  2240. if [[ "$CURRENT_ZERONET_MAIL_COMMIT" != "$ZERONET_MAIL_COMMIT" ]]; then
  2241. cd /opt/zeronet/ZeroMail
  2242. git_pull $ZERONET_MAIL_REPO $ZERONET_MAIL_COMMIT
  2243. sed -i "s/ZeroNet Mail commit.*/ZeroNet Mail commit:$ZERONET_MAIL_COMMIT/g" $COMPLETION_FILE
  2244. fi
  2245. else
  2246. echo "ZeroNet Mail commit:$ZERONET_MAIL_COMMIT" >> $COMPLETION_FILE
  2247. fi
  2248. fi
  2249. if grep -Fxq "install_zeronet_mail" $COMPLETION_FILE; then
  2250. return
  2251. fi
  2252. if [ ! -f /home/$MY_USERNAME/README ]; then
  2253. touch /home/$MY_USERNAME/README
  2254. fi
  2255. if grep -q "ZeroNet Mail address" /home/$MY_USERNAME/README; then
  2256. return
  2257. fi
  2258. if [ ! -d /etc/avahi ]; then
  2259. echo 'Avahi is not installed'
  2260. exit 736
  2261. fi
  2262. ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail"
  2263. cd /opt/zeronet
  2264. python zeronet.py --batch siteCreate 2> /opt/zeronet/mail.txt
  2265. if [ ! -f /opt/zeronet/mail.txt ]; then
  2266. echo $'Unable to create mail'
  2267. exit 479
  2268. fi
  2269. mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}')
  2270. mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}')
  2271. ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/}
  2272. ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/}
  2273. if [ ${#ZERONET_MAIL_ADDRESS} -lt 20 ]; then
  2274. echo $"Address: $ZERONET_MAIL_ADDRESS"
  2275. echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY"
  2276. echo $'Unable to create zeronet mail address'
  2277. exit 7358
  2278. fi
  2279. if [ ${#ZERONET_MAIL_PRIVATE_KEY} -lt 20 ]; then
  2280. echo $"Address: $ZERONET_MAIL_ADDRESS"
  2281. echo $"Public key: $ZERONET_MAIL_PRIVATE_KEY"
  2282. echo $'Unable to create zeronet mail private key'
  2283. exit 1639
  2284. fi
  2285. if [ ! -d "/opt/zeronet/data/$ZERONET_MAIL_ADDRESS" ]; then
  2286. echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_MAIL_ADDRESS"
  2287. exit 7638
  2288. fi
  2289. git_clone $ZERONET_MAIL_REPO ZeroMail
  2290. if [ ! -d /opt/zeronet/ZeroMail ]; then
  2291. echo $'ZeroMail repo could not be cloned'
  2292. exit 6739
  2293. fi
  2294. cd /opt/zeronet/ZeroMail
  2295. git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
  2296. if ! grep -q "ZeroNet Mail commit" $COMPLETION_FILE; then
  2297. echo "ZeroNet Mail commit:$ZERONET_MAIL_COMMIT" >> $COMPLETION_FILE
  2298. else
  2299. sed -i "s/ZeroNet Mail commit.*/ZeroNet Mail commit:$ZERONET_MAIL_COMMIT/g" $COMPLETION_FILE
  2300. fi
  2301. echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS"
  2302. echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY"
  2303. cp -r /opt/zeronet/ZeroMail/* /opt/zeronet/data/$ZERONET_MAIL_ADDRESS
  2304. if [ ! -d /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then
  2305. mkdir /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data
  2306. fi
  2307. cp /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data
  2308. sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
  2309. sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
  2310. sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
  2311. sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
  2312. sed -i "s/Mailging platform Demo/Mailging platform/g" /opt/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json
  2313. python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY
  2314. # Add an avahi service
  2315. echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /tmp/zeronet-mail.service
  2316. echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /tmp/zeronet-mail.service
  2317. echo '<service-group>' >> /tmp/zeronet-mail.service
  2318. echo ' <name replace-wildcards="yes">%h ZeroNet Mail</name>' >> /tmp/zeronet-mail.service
  2319. echo ' <service>' >> /tmp/zeronet-mail.service
  2320. echo ' <type>_zeronet._udp</type>' >> /tmp/zeronet-mail.service
  2321. echo " <port>$ZERONET_PORT</port>" >> /tmp/zeronet-mail.service
  2322. echo " <txt-record>$ZERONET_URL/$ZERONET_MAIL_ADDRESS</txt-record>" >> /tmp/zeronet-mail.service
  2323. echo ' </service>' >> /tmp/zeronet-mail.service
  2324. echo '</service-group>' >> /tmp/zeronet-mail.service
  2325. cp /tmp/zeronet-mail.service /etc/avahi/services/zeronet-mail.service
  2326. if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
  2327. mkdir -p /home/$MY_USERNAME/.config/zeronet
  2328. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
  2329. fi
  2330. echo "$ZERONET_URL/$ZERONET_MAIL_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/mymail
  2331. if ! grep -q $"ZeroNet Mail address" /home/$MY_USERNAME/README; then
  2332. echo '' >> /home/$MY_USERNAME/README
  2333. echo $"ZeroNet Mail address: $ZERONET_MAIL_ADDRESS" >> /home/$MY_USERNAME/README
  2334. echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY" >> /home/$MY_USERNAME/README
  2335. fi
  2336. echo 'install_zeronet_mail' >> $COMPLETION_FILE
  2337. }
  2338. function install_zeronet_forum {
  2339. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  2340. return
  2341. fi
  2342. # update to the next commit
  2343. if [ -d /opt/zeronet/ZeroTalk ]; then
  2344. if grep -q "ZeroNet Forum commit" $COMPLETION_FILE; then
  2345. CURRENT_ZERONET_FORUM_COMMIT=$(grep "ZeroNet Forum commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  2346. if [[ "$CURRENT_ZERONET_FORUM_COMMIT" != "$ZERONET_FORUM_COMMIT" ]]; then
  2347. cd /opt/zeronet/ZeroTalk
  2348. git_pull $ZERONET_FORUM_REPO $ZERONET_FORUM_COMMIT
  2349. sed -i "s/ZeroNet Forum commit.*/ZeroNet Forum commit:$ZERONET_FORUM_COMMIT/g" $COMPLETION_FILE
  2350. fi
  2351. else
  2352. echo "ZeroNet Forum commit:$ZERONET_FORUM_COMMIT" >> $COMPLETION_FILE
  2353. fi
  2354. fi
  2355. if grep -Fxq "install_zeronet_forum" $COMPLETION_FILE; then
  2356. return
  2357. fi
  2358. if [ ! -f /home/$MY_USERNAME/README ]; then
  2359. touch /home/$MY_USERNAME/README
  2360. fi
  2361. if grep -q "ZeroNet Forum address" /home/$MY_USERNAME/README; then
  2362. return
  2363. fi
  2364. if [ ! -d /etc/avahi ]; then
  2365. echo $'Avahi is not installed'
  2366. exit 736
  2367. fi
  2368. ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum"
  2369. cd /opt/zeronet
  2370. python zeronet.py --batch siteCreate 2> /opt/zeronet/forum.txt
  2371. if [ ! -f /opt/zeronet/forum.txt ]; then
  2372. echo $'Unable to create forum'
  2373. exit 479
  2374. fi
  2375. forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}')
  2376. forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}')
  2377. ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/}
  2378. ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/}
  2379. if [ ${#ZERONET_FORUM_ADDRESS} -lt 20 ]; then
  2380. echo $"Address: $ZERONET_FORUM_ADDRESS"
  2381. echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY"
  2382. echo $'Unable to create zeronet forum address'
  2383. exit 76352
  2384. fi
  2385. if [ ${#ZERONET_FORUM_PRIVATE_KEY} -lt 20 ]; then
  2386. echo $"Address: $ZERONET_FORUM_ADDRESS"
  2387. echo $"Public key: $ZERONET_FORUM_PRIVATE_KEY"
  2388. echo $'Unable to create zeronet forum private key'
  2389. exit 87356
  2390. fi
  2391. if [ ! -d "/opt/zeronet/data/$ZERONET_FORUM_ADDRESS" ]; then
  2392. echo $"Unable to find site directory: /opt/zeronet/data/$ZERONET_FORUM_ADDRESS"
  2393. exit 7638
  2394. fi
  2395. git_clone $ZERONET_FORUM_REPO ZeroTalk
  2396. if [ ! -d /opt/zeronet/ZeroTalk ]; then
  2397. echo $'ZeroTalk repo could not be cloned'
  2398. exit 6739
  2399. fi
  2400. git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
  2401. if ! grep -q "ZeroNet Forum commit" $COMPLETION_FILE; then
  2402. echo "ZeroNet Forum commit:$ZERONET_FORUM_COMMIT" >> $COMPLETION_FILE
  2403. else
  2404. sed -i "s/ZeroNet Forum commit.*/ZeroNet Forum commit:$ZERONET_FORUM_COMMIT/g" $COMPLETION_FILE
  2405. fi
  2406. echo $"Forum address: $ZERONET_FORUM_ADDRESS"
  2407. echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY"
  2408. cp -r /opt/zeronet/ZeroTalk/* /opt/zeronet/data/$ZERONET_FORUM_ADDRESS
  2409. sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
  2410. sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
  2411. sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
  2412. sed -i 's/Messaging Board Demo/Messaging Board/g' /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
  2413. sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" /opt/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
  2414. python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json
  2415. # Add an avahi service
  2416. echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /tmp/zeronet-forum.service
  2417. echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /tmp/zeronet-forum.service
  2418. echo '<service-group>' >> /tmp/zeronet-forum.service
  2419. echo ' <name replace-wildcards="yes">%h ZeroNet Forum</name>' >> /tmp/zeronet-forum.service
  2420. echo ' <service>' >> /tmp/zeronet-forum.service
  2421. echo ' <type>_zeronet._udp</type>' >> /tmp/zeronet-forum.service
  2422. echo " <port>$ZERONET_PORT</port>" >> /tmp/zeronet-forum.service
  2423. echo " <txt-record>$ZERONET_URL/$ZERONET_FORUM_ADDRESS</txt-record>" >> /tmp/zeronet-forum.service
  2424. echo ' </service>' >> /tmp/zeronet-forum.service
  2425. echo '</service-group>' >> /tmp/zeronet-forum.service
  2426. sudo cp /tmp/zeronet-forum.service /etc/avahi/services/zeronet-forum.service
  2427. if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
  2428. mkdir -p /home/$MY_USERNAME/.config/zeronet
  2429. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
  2430. fi
  2431. echo "$ZERONET_URL/$ZERONET_FORUM_ADDRESS" > /home/$MY_USERNAME/.config/zeronet/myforum
  2432. if ! grep -q $"ZeroNet Forum address" /home/$MY_USERNAME/README; then
  2433. echo '' >> /home/$MY_USERNAME/README
  2434. echo $"ZeroNet Forum address: $ZERONET_FORUM_ADDRESS" >> /home/$MY_USERNAME/README
  2435. echo $"ZeroNet Forum private key: $ZERONET_FORUM_PRIVATE_KEY" >> /home/$MY_USERNAME/README
  2436. fi
  2437. echo 'install_zeronet_forum' >> $COMPLETION_FILE
  2438. }
  2439. function install_zeronet {
  2440. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  2441. return
  2442. fi
  2443. # update to the next commit
  2444. if [ -d /opt/zeronet ]; then
  2445. if grep -q "ZeroNet commit" $COMPLETION_FILE; then
  2446. CURRENT_ZERONET_COMMIT=$(grep "ZeroNet commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  2447. if [[ "$CURRENT_ZERONET_COMMIT" != "$ZERONET_COMMIT" ]]; then
  2448. cd /opt/zeronet
  2449. git_pull $ZERONET_REPO $ZERONET_COMMIT
  2450. sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
  2451. systemctl restart zeronet.service
  2452. fi
  2453. else
  2454. echo "ZeroNet commit:$ZERONET_COMMIT" >> $COMPLETION_FILE
  2455. fi
  2456. fi
  2457. if grep -Fxq "install_zeronet" $COMPLETION_FILE; then
  2458. return
  2459. fi
  2460. apt-get -y install python python-msgpack python-gevent
  2461. apt-get -y install python-pip bittornado
  2462. pip install msgpack-python --upgrade
  2463. useradd -d /opt/zeronet/ -s /bin/false zeronet
  2464. git_clone $ZERONET_REPO /opt/zeronet
  2465. if [ ! -d /opt/zeronet ]; then
  2466. exit 56823
  2467. fi
  2468. cd /opt/zeronet
  2469. git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
  2470. if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
  2471. echo "ZeroNet commit:$ZERONET_COMMIT" >> $COMPLETION_FILE
  2472. else
  2473. sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
  2474. fi
  2475. sudo chown -R zeronet:zeronet /opt/zeronet
  2476. #git checkout bashrc/bootstrap-file
  2477. # Hack to ensure that the file access port is opened
  2478. # This is because zeronet normally relies on an internet site
  2479. # to do this, but on a purely local mesh the internet isn't available
  2480. sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' /opt/zeronet/src/Site/Site.py
  2481. echo '[Unit]' > /etc/systemd/system/zeronet.service
  2482. echo 'Description=Zeronet Server' >> /etc/systemd/system/zeronet.service
  2483. echo 'After=syslog.target' >> /etc/systemd/system/zeronet.service
  2484. echo 'After=network.target' >> /etc/systemd/system/zeronet.service
  2485. echo '[Service]' >> /etc/systemd/system/zeronet.service
  2486. echo 'Type=simple' >> /etc/systemd/system/zeronet.service
  2487. echo 'User=zeronet' >> /etc/systemd/system/zeronet.service
  2488. echo 'Group=zeronet' >> /etc/systemd/system/zeronet.service
  2489. echo 'WorkingDirectory=/opt/zeronet' >> /etc/systemd/system/zeronet.service
  2490. echo "ExecStart=/usr/bin/python zeronet.py --ip_external ${DEFAULT_DOMAIN_NAME}.local --trackers_file /opt/zeronet/bootstrap" >> /etc/systemd/system/zeronet.service
  2491. echo '' >> /etc/systemd/system/zeronet.service
  2492. echo 'TimeoutSec=300' >> /etc/systemd/system/zeronet.service
  2493. echo '' >> /etc/systemd/system/zeronet.service
  2494. echo '[Install]' >> /etc/systemd/system/zeronet.service
  2495. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/zeronet.service
  2496. echo '[Unit]' > /etc/systemd/system/tracker.service
  2497. echo 'Description=Torrent Tracker' >> /etc/systemd/system/tracker.service
  2498. echo 'After=syslog.target' >> /etc/systemd/system/tracker.service
  2499. echo 'After=network.target' >> /etc/systemd/system/tracker.service
  2500. echo '[Service]' >> /etc/systemd/system/tracker.service
  2501. echo 'Type=simple' >> /etc/systemd/system/tracker.service
  2502. echo 'User=tracker' >> /etc/systemd/system/tracker.service
  2503. echo 'Group=tracker' >> /etc/systemd/system/tracker.service
  2504. echo 'WorkingDirectory=/opt/tracker' >> /etc/systemd/system/tracker.service
  2505. echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /opt/tracker/dstate --logfile /opt/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> /etc/systemd/system/tracker.service
  2506. echo '' >> /etc/systemd/system/tracker.service
  2507. echo 'TimeoutSec=300' >> /etc/systemd/system/tracker.service
  2508. echo '' >> /etc/systemd/system/tracker.service
  2509. echo '[Install]' >> /etc/systemd/system/tracker.service
  2510. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/tracker.service
  2511. useradd -d /opt/tracker/ -s /bin/false tracker
  2512. if [ ! -d /opt/tracker ]; then
  2513. mkdir /opt/tracker
  2514. fi
  2515. chown -R tracker:tracker /opt/tracker
  2516. # publish regularly
  2517. if ! grep -q "zeronetavahi" /etc/crontab; then
  2518. echo "* * * * * root zeronetavahi > /dev/null" >> /etc/crontab
  2519. fi
  2520. systemctl enable tracker.service
  2521. systemctl enable zeronet.service
  2522. systemctl daemon-reload
  2523. systemctl start tracker.service
  2524. systemctl start zeronet.service
  2525. echo 'mesh_zeronet' >> $COMPLETION_FILE
  2526. }
  2527. function install_vpn_tunnel {
  2528. if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then
  2529. echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list
  2530. gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C
  2531. if [ ! "$?" = "0" ]; then
  2532. exit 76272
  2533. fi
  2534. gpg -a --export 16EF3F64CB201D9C | sudo apt-key add -
  2535. apt-get update
  2536. apt-get -y install fastd
  2537. if [ ! "$?" = "0" ]; then
  2538. exit 52026
  2539. fi
  2540. fi
  2541. }
  2542. # ath9k_htc driver
  2543. function install_atheros_wifi {
  2544. if grep -Fxq "install_atheros_wifi" $COMPLETION_FILE; then
  2545. return
  2546. fi
  2547. if [ $INSTALLING_ON_BBB != "yes" ]; then
  2548. return
  2549. fi
  2550. if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then
  2551. return
  2552. fi
  2553. if [ -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
  2554. return
  2555. fi
  2556. # have drivers already been installed ?
  2557. if [ -f /lib/firmware/htc_9271.fw ]; then
  2558. return
  2559. fi
  2560. apt-get -y install build-essential cmake git m4 texinfo
  2561. if [ ! -d $INSTALL_DIR ]; then
  2562. mkdir -p $INSTALL_DIR
  2563. fi
  2564. cd $INSTALL_DIR
  2565. if [ ! -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
  2566. git_clone $ATHEROS_WIFI_REPO $INSTALL_DIR/open-ath9k-htc-firmware
  2567. if [ ! "$?" = "0" ]; then
  2568. rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
  2569. exit 74283
  2570. fi
  2571. fi
  2572. cd $INSTALL_DIR/open-ath9k-htc-firmware
  2573. git checkout 1.4.0
  2574. make toolchain
  2575. if [ ! "$?" = "0" ]; then
  2576. rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
  2577. exit 24820
  2578. fi
  2579. make firmware
  2580. if [ ! "$?" = "0" ]; then
  2581. rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
  2582. exit 63412
  2583. fi
  2584. cp target_firmware/*.fw /lib/firmware/
  2585. if [ ! "$?" = "0" ]; then
  2586. exit 74681
  2587. fi
  2588. echo 'install_atheros_wifi' >> $COMPLETION_FILE
  2589. }
  2590. function configure_avahi {
  2591. if grep -Fxq "configure_avahi" $COMPLETION_FILE; then
  2592. return
  2593. fi
  2594. # only enable avahi if we're doing mesh networking
  2595. if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then
  2596. return
  2597. fi
  2598. apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
  2599. if [ $DEFAULT_DOMAIN_NAME ]; then
  2600. sed -i "s|#host-name=.*|host-name=$DEFAULT_DOMAIN_NAME|g" /etc/avahi/avahi-daemon.conf
  2601. else
  2602. decarray=( 1 2 3 4 5 6 7 8 9 0 )
  2603. PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
  2604. sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
  2605. fi
  2606. if [ ! -d /etc/avahi/services ]; then
  2607. mkdir -p /etc/avahi/services
  2608. fi
  2609. # remove an avahi service which isn't used
  2610. if [ -f /etc/avahi/services/udisks.service ]; then
  2611. rm /etc/avahi/services/udisks.service
  2612. fi
  2613. # Add an ssh service
  2614. echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/ssh.service
  2615. echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/ssh.service
  2616. echo '<service-group>' >> /etc/avahi/services/ssh.service
  2617. echo ' <name replace-wildcards="yes">%h SSH</name>' >> /etc/avahi/services/ssh.service
  2618. echo ' <service>' >> /etc/avahi/services/ssh.service
  2619. echo ' <type>_ssh._tcp</type>' >> /etc/avahi/services/ssh.service
  2620. echo " <port>$SSH_PORT</port>" >> /etc/avahi/services/ssh.service
  2621. echo ' </service>' >> /etc/avahi/services/ssh.service
  2622. echo '</service-group>' >> /etc/avahi/services/ssh.service
  2623. # keep the daemon running
  2624. echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  2625. echo '# keep avahi daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  2626. echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  2627. echo 'if [ ! $AVAHI_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  2628. echo ' systemctl start avahi-daemon' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  2629. echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  2630. echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  2631. echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  2632. systemctl restart avahi-daemon
  2633. echo 'configure_avahi' >> $COMPLETION_FILE
  2634. }
  2635. function mesh_babel {
  2636. if grep -Fxq "mesh_babel" $COMPLETION_FILE; then
  2637. return
  2638. fi
  2639. if [[ $ENABLE_BABEL != "yes" ]]; then
  2640. return
  2641. fi
  2642. apt-get -y install babeld
  2643. babel_script=/var/lib/babel
  2644. echo '#!/bin/bash' > $babel_script
  2645. echo '' >> $babel_script
  2646. echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script
  2647. echo ' avahi-browse -atl' >> $babel_script
  2648. echo ' exit 0' >> $babel_script
  2649. echo 'fi' >> $babel_script
  2650. echo '' >> $babel_script
  2651. echo 'if [[ $1 == "start" ]]; then' >> $babel_script
  2652. echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
  2653. echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
  2654. echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
  2655. echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
  2656. echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $babel_script
  2657. echo ' systemctl restart avahi-daemon' >> $babel_script
  2658. echo 'fi' >> $babel_script
  2659. echo '' >> $babel_script
  2660. echo "IFACE=$WIFI_INTERFACE" >> $babel_script
  2661. echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
  2662. echo ' if grep -q "wlan1" /proc/net/dev; then' >> $babel_script
  2663. echo ' IFACE=wlan1' >> $babel_script
  2664. echo ' fi' >> $babel_script
  2665. echo 'fi' >> $babel_script
  2666. echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
  2667. echo ' if grep -q "wlan2" /proc/net/dev; then' >> $babel_script
  2668. echo ' IFACE=wlan2' >> $babel_script
  2669. echo ' fi' >> $babel_script
  2670. echo 'fi' >> $babel_script
  2671. echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
  2672. echo ' if grep -q "wlan3" /proc/net/dev; then' >> $babel_script
  2673. echo ' IFACE=wlan3' >> $babel_script
  2674. echo ' fi' >> $babel_script
  2675. echo 'fi' >> $babel_script
  2676. echo '' >> $babel_script
  2677. echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script
  2678. echo ' if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script
  2679. echo ' echo "Interface $IFACE was not found"' >> $babel_script
  2680. echo ' else' >> $babel_script
  2681. echo ' echo "Stopping"' >> $babel_script
  2682. echo ' fi' >> $babel_script
  2683. echo ' ifconfig $IFACE down' >> $babel_script
  2684. echo ' pkill babeld' >> $babel_script
  2685. echo ' systemctl restart network-manager' >> $babel_script
  2686. echo ' exit 1' >> $babel_script
  2687. echo 'fi' >> $babel_script
  2688. echo '' >> $babel_script
  2689. echo 'systemctl stop network-manager' >> $babel_script
  2690. echo 'ifconfig $IFACE down' >> $babel_script
  2691. echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script
  2692. echo "$WIFI_CHANNEL essid \"$ESSID\"" >> $babel_script
  2693. echo 'ifconfig $IFACE up' >> $babel_script
  2694. echo -n 'ifconfig $IFACE:avahi ' >> $babel_script
  2695. echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script
  2696. echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script
  2697. echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script
  2698. echo -n "$BABEL_PORT -d 5 " >> $babel_script
  2699. echo '$IFACE' >> $babel_script
  2700. echo 'exit 0' >> $babel_script
  2701. chmod +x $babel_script
  2702. echo '[Unit]' > /etc/systemd/system/babel.service
  2703. echo 'Description=Babel Mesh' >> /etc/systemd/system/babel.service
  2704. echo '' >> /etc/systemd/system/babel.service
  2705. echo '[Service]' >> /etc/systemd/system/babel.service
  2706. echo 'Type=oneshot' >> /etc/systemd/system/babel.service
  2707. echo "ExecStart=$babel_script start" >> /etc/systemd/system/babel.service
  2708. echo "ExecStop=$babel_script stop" >> /etc/systemd/system/babel.service
  2709. echo 'RemainAfterExit=yes' >> /etc/systemd/system/babel.service
  2710. echo '' >> /etc/systemd/system/babel.service
  2711. echo '# Allow time for the server to start/stop' >> /etc/systemd/system/babel.service
  2712. echo 'TimeoutSec=300' >> /etc/systemd/system/babel.service
  2713. echo '' >> /etc/systemd/system/babel.service
  2714. echo '[Install]' >> /etc/systemd/system/babel.service
  2715. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/babel.service
  2716. systemctl enable babel
  2717. echo 'mesh_babel' >> $COMPLETION_FILE
  2718. }
  2719. function mesh_batman_bridge {
  2720. # https://sudoroom.org/wiki/Mesh/Relay_setup
  2721. # also see http://www.netlore.co.uk/airmesh/
  2722. # https://www.youtube.com/watch?v=CLKHWfQlFqQ
  2723. # http://pastebin.com/4U9vdFFm
  2724. # http://pastebin.com/eeTmL5XL
  2725. if grep -Fxq "mesh_batman_bridge" $COMPLETION_FILE; then
  2726. return
  2727. fi
  2728. if [[ $ENABLE_BATMAN != "yes" ]]; then
  2729. return
  2730. fi
  2731. apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
  2732. apt-get -y install python-dev libevent-dev ebtables python-pip git
  2733. apt-get -y install wireless-tools rfkill
  2734. #install_vpn_tunnel
  2735. modprobe batman-adv
  2736. [ $? -ne 0 ] && echo "B.A.T.M.A.N module not available" && exit 76482
  2737. if ! grep -q "batman_adv" /etc/modules; then
  2738. echo 'batman_adv' >> /etc/modules
  2739. fi
  2740. batman_script=/var/lib/batman
  2741. echo '#!/bin/bash' > $batman_script
  2742. echo '' >> $batman_script
  2743. echo 'if [[ $1 == "start" ]]; then' >> $batman_script
  2744. echo ' # install avahi' >> $batman_script
  2745. echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
  2746. echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
  2747. echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
  2748. echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
  2749. echo ' sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
  2750. echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $batman_script
  2751. echo 'fi' >> $batman_script
  2752. echo '' >> $batman_script
  2753. echo '# Mesh definition' >> $batman_script
  2754. echo "ESSID=$ESSID" >> $batman_script
  2755. echo "CELLID=$BATMAN_CELLID" >> $batman_script
  2756. echo "CHANNEL=$WIFI_CHANNEL" >> $batman_script
  2757. echo '' >> $batman_script
  2758. echo '# Ethernet bridge definition (bridged to bat0)' >> $batman_script
  2759. echo 'BRIDGE=br-mesh' >> $batman_script
  2760. echo "IFACE=$WIFI_INTERFACE" >> $batman_script
  2761. echo 'EIFACE=eth0' >> $batman_script
  2762. echo '' >> $batman_script
  2763. echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
  2764. echo ' if grep -q "wlan1" /proc/net/dev; then' >> $batman_script
  2765. echo ' IFACE=wlan1' >> $batman_script
  2766. echo ' fi' >> $batman_script
  2767. echo 'fi' >> $batman_script
  2768. echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
  2769. echo ' if grep -q "wlan2" /proc/net/dev; then' >> $batman_script
  2770. echo ' IFACE=wlan2' >> $batman_script
  2771. echo ' fi' >> $batman_script
  2772. echo 'fi' >> $batman_script
  2773. echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
  2774. echo ' if grep -q "wlan3" /proc/net/dev; then' >> $batman_script
  2775. echo ' IFACE=wlan3' >> $batman_script
  2776. echo ' fi' >> $batman_script
  2777. echo 'fi' >> $batman_script
  2778. echo '' >> $batman_script
  2779. echo 'if [ -e /etc/default/batctl ]; then' >> $batman_script
  2780. echo ' . /etc/default/batctl' >> $batman_script
  2781. echo 'fi' >> $batman_script
  2782. echo '' >> $batman_script
  2783. echo 'start() {' >> $batman_script
  2784. echo ' if [ -z "$IFACE" ] ; then' >> $batman_script
  2785. echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $batman_script
  2786. echo ' return' >> $batman_script
  2787. echo ' fi' >> $batman_script
  2788. echo ' echo "info: enabling batman-adv mesh network $ESSID on $IFACE"' >> $batman_script
  2789. echo ' systemctl stop network-manager' >> $batman_script
  2790. echo ' sleep 5' >> $batman_script
  2791. echo '' >> $batman_script
  2792. echo " # remove an avahi service which isn't used" >> $batman_script
  2793. echo ' if [ -f /etc/avahi/services/udisks.service ]; then' >> $batman_script
  2794. echo ' sudo rm /etc/avahi/services/udisks.service' >> $batman_script
  2795. echo ' fi' >> $batman_script
  2796. echo '' >> $batman_script
  2797. echo ' # Might have to re-enable wifi' >> $batman_script
  2798. echo ' rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true' >> $batman_script
  2799. echo '' >> $batman_script
  2800. echo ' ifconfig $IFACE down' >> $batman_script
  2801. echo ' ifconfig $IFACE mtu 1532' >> $batman_script
  2802. echo ' iwconfig $IFACE enc off' >> $batman_script
  2803. echo ' iwconfig $IFACE mode ad-hoc essid $ESSID channel $CHANNEL' >> $batman_script
  2804. echo ' sleep 1' >> $batman_script
  2805. echo ' iwconfig $IFACE ap $CELLID' >> $batman_script
  2806. echo '' >> $batman_script
  2807. echo ' modprobe batman-adv' >> $batman_script
  2808. echo ' batctl if add $IFACE' >> $batman_script
  2809. echo ' ifconfig $IFACE up' >> $batman_script
  2810. echo ' avahi-autoipd --force-bind --daemonize --wait $BRIDGE' >> $batman_script
  2811. echo ' avahi-autoipd --force-bind --daemonize --wait $IFACE' >> $batman_script
  2812. echo ' ifconfig bat0 up promisc' >> $batman_script
  2813. echo '' >> $batman_script
  2814. echo ' #Use persistent HWAddr' >> $batman_script
  2815. echo ' ether_new=$(ifconfig eth0 | grep HWaddr | sed -e "s/.*HWaddr //")' >> $batman_script
  2816. echo ' if [ ! -f /var/lib/mesh-node/bat0 ]; then' >> $batman_script
  2817. echo ' mkdir /var/lib/mesh-node' >> $batman_script
  2818. echo ' echo "${ether_new}" > /var/lib/mesh-node/bat0' >> $batman_script
  2819. echo ' else' >> $batman_script
  2820. echo ' ether=$(cat /var/lib/mesh-node/bat0)' >> $batman_script
  2821. echo ' ifconfig bat0 hw ether ${ether}' >> $batman_script
  2822. echo ' fi' >> $batman_script
  2823. echo '' >> $batman_script
  2824. echo ' if [ "$EIFACE" ] ; then' >> $batman_script
  2825. echo ' brctl addbr $BRIDGE' >> $batman_script
  2826. echo ' brctl addif $BRIDGE bat0' >> $batman_script
  2827. echo ' brctl addif $BRIDGE $EIFACE' >> $batman_script
  2828. echo ' ifconfig bat0 0.0.0.0' >> $batman_script
  2829. echo ' ifconfig $EIFACE 0.0.0.0' >> $batman_script
  2830. echo ' ifconfig $EIFACE up promisc' >> $batman_script
  2831. echo ' ifconfig $BRIDGE up' >> $batman_script
  2832. echo ' fi' >> $batman_script
  2833. echo '' >> $batman_script
  2834. echo ' iptables -A INPUT -p tcp --dport 548 -j ACCEPT' >> $batman_script
  2835. echo ' iptables -A INPUT -p udp --dport 548 -j ACCEPT' >> $batman_script
  2836. echo ' iptables -A INPUT -p tcp --dport 5353 -j ACCEPT' >> $batman_script
  2837. echo ' iptables -A INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script
  2838. echo ' iptables -A INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script
  2839. echo ' iptables -A INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script
  2840. echo " iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
  2841. echo " iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
  2842. echo " iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $batman_script
  2843. echo '' >> $batman_script
  2844. echo ' systemctl restart avahi-daemon' >> $batman_script
  2845. echo '}' >> $batman_script
  2846. echo '' >> $batman_script
  2847. echo 'stop() {' >> $batman_script
  2848. echo ' if [ -z "$IFACE" ]; then' >> $batman_script
  2849. echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $batman_script
  2850. echo ' return' >> $batman_script
  2851. echo ' fi' >> $batman_script
  2852. echo ' if [ "$EIFACE" ]; then' >> $batman_script
  2853. echo ' brctl delif $BRIDGE bat0' >> $batman_script
  2854. echo ' brctl delif $BRIDGE $EIFACE' >> $batman_script
  2855. echo ' ifconfig $BRIDGE down || true' >> $batman_script
  2856. echo ' brctl delbr $BRIDGE' >> $batman_script
  2857. echo ' ifconfig $EIFACE down -promisc' >> $batman_script
  2858. echo ' fi' >> $batman_script
  2859. echo '' >> $batman_script
  2860. echo ' avahi-autoipd -k $BRIDGE' >> $batman_script
  2861. echo ' avahi-autoipd -k $IFACE' >> $batman_script
  2862. echo ' ifconfig bat0 down -promisc' >> $batman_script
  2863. echo '' >> $batman_script
  2864. echo ' batctl if del $IFACE' >> $batman_script
  2865. echo ' rmmod batman-adv' >> $batman_script
  2866. echo ' ifconfig $IFACE mtu 1500' >> $batman_script
  2867. echo ' ifconfig $IFACE down' >> $batman_script
  2868. echo ' iwconfig $IFACE mode managed' >> $batman_script
  2869. echo '' >> $batman_script
  2870. echo ' iptables -D INPUT -p tcp --dport 548 -j ACCEPT' >> $batman_script
  2871. echo ' iptables -D INPUT -p udp --dport 548 -j ACCEPT' >> $batman_script
  2872. echo ' iptables -D INPUT -p tcp --dport 5353 -j ACCEPT' >> $batman_script
  2873. echo ' iptables -D INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script
  2874. echo ' iptables -D INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script
  2875. echo ' iptables -D INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script
  2876. echo " iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
  2877. echo " iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
  2878. echo " iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $batman_script
  2879. echo '' >> $batman_script
  2880. echo ' systemctl restart network-manager' >> $batman_script
  2881. echo '}' >> $batman_script
  2882. echo '' >> $batman_script
  2883. echo 'if ! grep -q "$IFACE" /proc/net/dev; then' >> $batman_script
  2884. echo ' echo "Interface $IFACE was not found"' >> $batman_script
  2885. echo ' stop' >> $batman_script
  2886. echo ' exit 1' >> $batman_script
  2887. echo 'fi' >> $batman_script
  2888. echo '' >> $batman_script
  2889. echo 'case "$1" in' >> $batman_script
  2890. echo ' start|stop)' >> $batman_script
  2891. echo ' $1' >> $batman_script
  2892. echo ' ;;' >> $batman_script
  2893. echo ' restart)' >> $batman_script
  2894. echo ' stop' >> $batman_script
  2895. echo ' sleep 10' >> $batman_script
  2896. echo ' start' >> $batman_script
  2897. echo ' ;;' >> $batman_script
  2898. echo ' status)' >> $batman_script
  2899. echo ' batctl o' >> $batman_script
  2900. echo ' ;;' >> $batman_script
  2901. echo ' ping)' >> $batman_script
  2902. echo ' batctl ping $2' >> $batman_script
  2903. echo ' ;;' >> $batman_script
  2904. echo ' ls|list)' >> $batman_script
  2905. echo ' avahi-browse -atl' >> $batman_script
  2906. echo ' ;;' >> $batman_script
  2907. echo ' *)' >> $batman_script
  2908. echo ' echo "error: invalid parameter $1"' >> $batman_script
  2909. echo ' echo "usage: $0 {start|stop|restart|status|ping|ls|list}"' >> $batman_script
  2910. echo ' exit 2' >> $batman_script
  2911. echo ' ;;' >> $batman_script
  2912. echo 'esac' >> $batman_script
  2913. echo 'exit 0' >> $batman_script
  2914. chmod +x $batman_script
  2915. echo '[Unit]' > /etc/systemd/system/batman.service
  2916. echo 'Description=B.A.T.M.A.N. Advanced' >> /etc/systemd/system/batman.service
  2917. echo '' >> /etc/systemd/system/batman.service
  2918. echo '[Service]' >> /etc/systemd/system/batman.service
  2919. echo 'Type=oneshot' >> /etc/systemd/system/batman.service
  2920. echo "ExecStart=$batman_script start" >> /etc/systemd/system/batman.service
  2921. echo "ExecStop=$batman_script stop" >> /etc/systemd/system/batman.service
  2922. echo 'RemainAfterExit=yes' >> /etc/systemd/system/batman.service
  2923. echo '' >> /etc/systemd/system/batman.service
  2924. echo '# Allow time for the server to start/stop' >> /etc/systemd/system/batman.service
  2925. echo 'TimeoutSec=300' >> /etc/systemd/system/batman.service
  2926. echo '' >> /etc/systemd/system/batman.service
  2927. echo '[Install]' >> /etc/systemd/system/batman.service
  2928. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/batman.service
  2929. systemctl enable batman
  2930. if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then
  2931. echo '' >> /home/$MY_USERNAME/README
  2932. echo '' >> /home/$MY_USERNAME/README
  2933. echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
  2934. echo '=============================' >> /home/$MY_USERNAME/README
  2935. echo "Mesh ESSID: $ESSID" >> /home/$MY_USERNAME/README
  2936. echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
  2937. echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
  2938. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  2939. chmod 600 /home/$MY_USERNAME/README
  2940. fi
  2941. echo 'mesh_batman_bridge' >> $COMPLETION_FILE
  2942. }
  2943. function remove_instructions_from_motd {
  2944. sed -i '/## /d' /etc/motd
  2945. }
  2946. function check_hwrng {
  2947. if [[ $HWRNG_TYPE == "beaglebone" ]]; then
  2948. # If hardware random number generation was enabled then make sure that the device exists.
  2949. # if /dev/hwrng is not found then any subsequent cryptographic key generation would
  2950. # suffer from low entropy and might be insecure
  2951. if [ ! -e /dev/hwrng ]; then
  2952. ls /dev/hw*
  2953. echo $'The hardware random number generator is enabled but could not be detected on'
  2954. echo $'/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.'
  2955. exit 75
  2956. fi
  2957. fi
  2958. # If a OneRNG device was installed then verify its firmware
  2959. #check_onerng_verification
  2960. }
  2961. function get_mariadb_password {
  2962. if [ -f /home/$MY_USERNAME/README ]; then
  2963. if grep -q "MariaDB password" /home/$MY_USERNAME/README; then
  2964. if [ -f $DATABASE_PASSWORD_FILE ]; then
  2965. MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE)
  2966. else
  2967. MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  2968. echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
  2969. chmod 600 $DATABASE_PASSWORD_FILE
  2970. fi
  2971. fi
  2972. fi
  2973. }
  2974. function get_mariadb_gnusocial_admin_password {
  2975. if [ -f /home/$MY_USERNAME/README ]; then
  2976. if grep -q "MariaDB gnusocial admin password" /home/$MY_USERNAME/README; then
  2977. MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  2978. fi
  2979. if grep -q "Microblog administrator password" /home/$MY_USERNAME/README; then
  2980. MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Microblog administrator password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  2981. fi
  2982. fi
  2983. }
  2984. function get_mariadb_git_admin_password {
  2985. if [ -f /home/$MY_USERNAME/README ]; then
  2986. if grep -q "Gogs admin user password" /home/$MY_USERNAME/README; then
  2987. GIT_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Gogs admin user password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  2988. fi
  2989. fi
  2990. }
  2991. function get_mariadb_hubzilla_admin_password {
  2992. if [ -f /home/$MY_USERNAME/README ]; then
  2993. if grep -q "MariaDB Hubzilla admin password" /home/$MY_USERNAME/README; then
  2994. HUBZILLA_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB Hubzilla admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  2995. fi
  2996. fi
  2997. }
  2998. function get_mariadb_owncloud_admin_password {
  2999. if [ -f /home/$MY_USERNAME/README ]; then
  3000. if grep -q "Owncloud database password" /home/$MY_USERNAME/README; then
  3001. OWNCLOUD_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Owncloud database password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  3002. fi
  3003. fi
  3004. }
  3005. function create_freedns_updater {
  3006. if [[ $ONION_ONLY != "no" ]]; then
  3007. return
  3008. fi
  3009. # currently inadyn doesn't work as expected with freeDNS, so this is a workaround
  3010. if grep -Fxq "create_freedns_updater" $COMPLETION_FILE; then
  3011. return
  3012. fi
  3013. if [[ $DDNS_PROVIDER != "default@freedns.afraid.org" ]]; then
  3014. return
  3015. fi
  3016. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  3017. return
  3018. fi
  3019. FREEDNS_WGET='wget -q --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
  3020. echo '#!/bin/bash' > /usr/bin/dynamicdns
  3021. echo 'cd /tmp' >> /usr/bin/dynamicdns
  3022. if [ $DEFAULT_DOMAIN_CODE ]; then
  3023. echo "# $DEFAULT_DOMAIN_NAME" >> /usr/bin/dynamicdns
  3024. echo "$FREEDNS_WGET$DEFAULT_DOMAIN_CODE=" >> /usr/bin/dynamicdns
  3025. fi
  3026. if [ $WIKI_CODE ]; then
  3027. if [[ $WIKI_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
  3028. echo "# $WIKI_DOMAIN_NAME" >> /usr/bin/dynamicdns
  3029. echo "$FREEDNS_WGET$WIKI_CODE=" >> /usr/bin/dynamicdns
  3030. fi
  3031. fi
  3032. if [ $FULLBLOG_CODE ]; then
  3033. if [[ $FULLBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
  3034. echo "# $FULLBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
  3035. echo "$FREEDNS_WGET$FULLBLOG_CODE=" >> /usr/bin/dynamicdns
  3036. fi
  3037. fi
  3038. if [ $HUBZILLA_CODE ]; then
  3039. if [[ $HUBZILLA_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
  3040. echo "# $HUBZILLA_DOMAIN_NAME" >> /usr/bin/dynamicdns
  3041. echo "$FREEDNS_WGET$HUBZILLA_CODE=" >> /usr/bin/dynamicdns
  3042. fi
  3043. fi
  3044. if [ $OWNCLOUD_CODE ]; then
  3045. if [[ $OWNCLOUD_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
  3046. echo "# $OWNCLOUD_DOMAIN_NAME" >> /usr/bin/dynamicdns
  3047. echo "$FREEDNS_WGET$OWNCLOUD_CODE=" >> /usr/bin/dynamicdns
  3048. fi
  3049. fi
  3050. if [ $MICROBLOG_CODE ]; then
  3051. if [[ $MICROBLOG_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
  3052. echo "# $MICROBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
  3053. echo "$FREEDNS_WGET$MICROBLOG_CODE=" >> /usr/bin/dynamicdns
  3054. fi
  3055. fi
  3056. if [ $GIT_CODE ]; then
  3057. if [[ $GIT_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
  3058. echo "# $GIT_DOMAIN_NAME" >> /usr/bin/dynamicdns
  3059. echo "$FREEDNS_WGET$GIT_CODE=" >> /usr/bin/dynamicdns
  3060. fi
  3061. fi
  3062. if [ $MEDIAGOBLIN_CODE ]; then
  3063. if [[ $MEDIAGOBLIN_CODE != "$DEFAULT_DOMAIN_CODE" ]]; then
  3064. echo "# $MEDIAGOBLIN_DOMAIN_NAME" >> /usr/bin/dynamicdns
  3065. echo "$FREEDNS_WGET$MEDIAGOBLIN_CODE=" >> /usr/bin/dynamicdns
  3066. fi
  3067. fi
  3068. echo 'exit 0' >> /usr/bin/dynamicdns
  3069. chmod 600 /usr/bin/dynamicdns
  3070. chmod +x /usr/bin/dynamicdns
  3071. if ! grep -q "/usr/bin/dynamicdns" /etc/crontab; then
  3072. echo '*/3 * * * * root /usr/bin/dynamicdns' >> /etc/crontab
  3073. systemctl restart cron
  3074. fi
  3075. echo 'create_freedns_updater' >> $COMPLETION_FILE
  3076. }
  3077. function backup_to_friends_servers {
  3078. # update crontab
  3079. echo '#!/bin/bash' > /etc/cron.daily/backuptofriends
  3080. echo "if [ -f /usr/local/bin/${PROJECT_NAME}-backup-remote ]; then" >> /etc/cron.daily/backuptofriends
  3081. echo " /usr/local/bin/${PROJECT_NAME}-backup-remote" >> /etc/cron.daily/backuptofriends
  3082. echo 'else' >> /etc/cron.daily/backuptofriends
  3083. echo " /usr/bin/${PROJECT_NAME}-backup-remote" >> /etc/cron.daily/backuptofriends
  3084. echo 'fi' >> /etc/cron.daily/backuptofriends
  3085. chmod +x /etc/cron.daily/backuptofriends
  3086. }
  3087. function remove_default_user {
  3088. # make sure you don't use the default user account
  3089. if [[ $MY_USERNAME == "debian" ]]; then
  3090. echo 'Do not use the default debian user account. Create a different user with: adduser [username]'
  3091. exit 68
  3092. fi
  3093. # remove the default debian user to prevent it from becoming an attack vector
  3094. if [ -d /home/debian ]; then
  3095. userdel -r debian
  3096. echo 'Default debian user account removed'
  3097. fi
  3098. }
  3099. function enforce_good_passwords {
  3100. # because humans are generally bad at choosing passwords
  3101. if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
  3102. return
  3103. fi
  3104. apt-get -y install libpam-cracklib
  3105. sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
  3106. echo 'enforce_good_passwords' >> $COMPLETION_FILE
  3107. }
  3108. function change_login_message {
  3109. if grep -Fxq "change_login_message" $COMPLETION_FILE; then
  3110. return
  3111. fi
  3112. # remove automatic motd creator if it exists
  3113. if [ -f /etc/init.d/motd ]; then
  3114. rm -f /etc/init.d/motd
  3115. fi
  3116. echo '' > /etc/motd
  3117. echo ".---. . . " >> /etc/motd
  3118. echo "| | | " >> /etc/motd
  3119. echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd
  3120. echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd
  3121. echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd
  3122. if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
  3123. echo $' M A I L B O X E D I T I O N' >> /etc/motd
  3124. fi
  3125. if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
  3126. echo $' S O C I A L E D I T I O N' >> /etc/motd
  3127. fi
  3128. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
  3129. echo $' C H A T E D I T I O N' >> /etc/motd
  3130. fi
  3131. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
  3132. echo $' C L O U D E D I T I O N' >> /etc/motd
  3133. fi
  3134. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then
  3135. echo $' W R I T E R E D I T I O N ' >> /etc/motd
  3136. fi
  3137. if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
  3138. echo $' M E D I A E D I T I O N' >> /etc/motd
  3139. fi
  3140. if [[ $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
  3141. echo $' D E V E L O P E R E D I T I O N' >> /etc/motd
  3142. fi
  3143. echo '' >> /etc/motd
  3144. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  3145. echo $' Freedom in the Cloud' >> /etc/motd
  3146. else
  3147. echo $' Freedom in the Mesh' >> /etc/motd
  3148. fi
  3149. echo '' >> /etc/motd
  3150. echo 'change_login_message' >> $COMPLETION_FILE
  3151. }
  3152. function search_for_attached_usb_drive {
  3153. # If a USB drive is attached then search for email,
  3154. # gpg, ssh keys and emacs configuration
  3155. if grep -Fxq "search_for_attached_usb_drive" $COMPLETION_FILE; then
  3156. return
  3157. fi
  3158. if [ -b $USB_DRIVE ]; then
  3159. if [ ! -d $USB_MOUNT ]; then
  3160. echo $'Mounting USB drive'
  3161. mkdir $USB_MOUNT
  3162. mount $USB_DRIVE $USB_MOUNT
  3163. fi
  3164. if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  3165. if [ -d $USB_MOUNT/Maildir ]; then
  3166. echo $'Maildir found on USB drive'
  3167. IMPORT_MAILDIR=$USB_MOUNT/Maildir
  3168. fi
  3169. if [ -d $USB_MOUNT/.gnupg ]; then
  3170. echo $'Importing GPG keyring'
  3171. cp -r $USB_MOUNT/.gnupg /home/$MY_USERNAME
  3172. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
  3173. GPG_KEYS_IMPORTED="yes"
  3174. if [ ! -f /home/$MY_USERNAME/.gnupg/secring.gpg ]; then
  3175. echo $'GPG files did not copy'
  3176. exit 73529
  3177. fi
  3178. fi
  3179. if [ -f $USB_MOUNT/.procmailrc ]; then
  3180. echo $'Importing procmail settings'
  3181. cp $USB_MOUNT/.procmailrc /home/$MY_USERNAME
  3182. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
  3183. fi
  3184. if [ -f $USB_MOUNT/private_key.gpg ]; then
  3185. echo $'GPG private key found on USB drive'
  3186. MY_GPG_PRIVATE_KEY=$USB_MOUNT/private_key.gpg
  3187. fi
  3188. if [ -f $USB_MOUNT/public_key.gpg ]; then
  3189. echo $'GPG public key found on USB drive'
  3190. MY_GPG_PUBLIC_KEY=$USB_MOUNT/public_key.gpg
  3191. fi
  3192. fi
  3193. if [ -d $USB_MOUNT/prosody ]; then
  3194. if [ ! -d $XMPP_DIRECTORY ]; then
  3195. mkdir $XMPP_DIRECTORY
  3196. fi
  3197. cp -r $USB_MOUNT/prosody/* $XMPP_DIRECTORY
  3198. chown -R prosody:prosody $XMPP_DIRECTORY
  3199. fi
  3200. if [ -d $USB_MOUNT/.ssh ]; then
  3201. echo $'Importing ssh keys'
  3202. cp -r $USB_MOUNT/.ssh /home/$MY_USERNAME
  3203. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
  3204. # for security delete the ssh keys from the usb drive
  3205. if [ ! -f /home/$MY_USERNAME/.ssh/id_rsa ]; then
  3206. echo $'ssh files did not copy'
  3207. exit 8
  3208. fi
  3209. fi
  3210. if [ -f $USB_MOUNT/.emacs ]; then
  3211. echo $'Importing .emacs file'
  3212. cp -f $USB_MOUNT/.emacs /home/$MY_USERNAME/.emacs
  3213. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
  3214. fi
  3215. if [ -d $USB_MOUNT/.emacs.d ]; then
  3216. echo $'Importing .emacs.d directory'
  3217. cp -r $USB_MOUNT/.emacs.d /home/$MY_USERNAME
  3218. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs.d
  3219. fi
  3220. if [ -d $USB_MOUNT/ssl ]; then
  3221. echo $'Importing SSL certificates'
  3222. cp -r $USB_MOUNT/ssl/* /etc/ssl
  3223. chmod 640 /etc/ssl/certs/*
  3224. chmod 400 /etc/ssl/private/*
  3225. # change ownership of some certificates
  3226. if [ -d /etc/prosody ]; then
  3227. chown prosody:prosody /etc/ssl/private/xmpp.*
  3228. chown prosody:prosody /etc/ssl/certs/xmpp.*
  3229. fi
  3230. if [ -d /etc/dovecot ]; then
  3231. chown root:dovecot /etc/ssl/certs/dovecot.*
  3232. chown root:dovecot /etc/ssl/private/dovecot.*
  3233. fi
  3234. if [ -f /etc/ssl/private/exim.key ]; then
  3235. cp /etc/ssl/private/exim.key /etc/exim4
  3236. cp /etc/ssl/certs/exim.crt /etc/exim4
  3237. cp /etc/ssl/certs/exim.dhparam /etc/exim4
  3238. chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
  3239. chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
  3240. fi
  3241. fi
  3242. if [ -d $USB_MOUNT/personal ]; then
  3243. echo $'Importing personal directory'
  3244. cp -r $USB_MOUNT/personal /home/$MY_USERNAME
  3245. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/personal
  3246. fi
  3247. else
  3248. if [ -d $USB_MOUNT ]; then
  3249. umount $USB_MOUNT
  3250. rm -rf $USB_MOUNT
  3251. fi
  3252. echo $'No USB drive attached'
  3253. fi
  3254. echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE
  3255. }
  3256. function remove_proprietary_repos {
  3257. if grep -Fxq "remove_proprietary_repos" $COMPLETION_FILE; then
  3258. return
  3259. fi
  3260. sed -i 's/ non-free//g' /etc/apt/sources.list
  3261. echo 'remove_proprietary_repos' >> $COMPLETION_FILE
  3262. }
  3263. function change_debian_repos {
  3264. if grep -Fxq "change_debian_repos" $COMPLETION_FILE; then
  3265. return
  3266. fi
  3267. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  3268. return
  3269. fi
  3270. rm -rf /var/lib/apt/lists/*
  3271. apt-get clean
  3272. sed -i "s/ftp.us.debian.org/$DEBIAN_REPO/g" /etc/apt/sources.list
  3273. # ensure that there is a security repo
  3274. if ! grep -q "security" /etc/apt/sources.list; then
  3275. echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib" >> /etc/apt/sources.list
  3276. echo "#deb-src http://security.debian.org/ $DEBIAN_VERSION/updates main contrib" >> /etc/apt/sources.list
  3277. fi
  3278. apt-get update
  3279. apt-get -y install apt-transport-https
  3280. echo 'change_debian_repos' >> $COMPLETION_FILE
  3281. }
  3282. function initial_setup {
  3283. if grep -Fxq "initial_setup" $COMPLETION_FILE; then
  3284. return
  3285. fi
  3286. apt-get -y remove --purge apache*
  3287. apt-get -y dist-upgrade
  3288. apt-get -y install ca-certificates emacs24 cpulimit
  3289. apt-get -y install cryptsetup libgfshare-bin obnam sshpass wget
  3290. apt-get -y install avahi-daemon avahi-utils avahi-discover
  3291. apt-get -y install connect-proxy
  3292. if [ ! -d $INSTALL_DIR ]; then
  3293. mkdir -p $INSTALL_DIR
  3294. fi
  3295. echo 'initial_setup' >> $COMPLETION_FILE
  3296. }
  3297. function allow_ssh_to_onion_address {
  3298. if [ ! -d /home/$MY_USERNAME/.ssh ]; then
  3299. mkdir /home/$MY_USERNAME/.ssh
  3300. fi
  3301. if [ ! -d /etc/tor ]; then
  3302. echo $'Tor not found when updating ssh'
  3303. exit 528257
  3304. fi
  3305. if ! grep -q "onion" /home/$MY_USERNAME/.ssh/config; then
  3306. echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
  3307. echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
  3308. fi
  3309. }
  3310. function install_tor {
  3311. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  3312. return
  3313. fi
  3314. if grep -Fxq "install_tor" $COMPLETION_FILE; then
  3315. return
  3316. fi
  3317. apt-get -y install tor
  3318. echo 'install_tor' >> $COMPLETION_FILE
  3319. }
  3320. function enable_ssh_via_onion {
  3321. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  3322. return
  3323. fi
  3324. if grep -Fxq "enable_ssh_via_onion" $COMPLETION_FILE; then
  3325. return
  3326. fi
  3327. apt-get -y install tor connect-proxy
  3328. if ! grep -q 'Host *.onion' /home/$MY_USERNAME/.ssh/config; then
  3329. if [ ! -d /home/$MY_USERNAME/.ssh ]; then
  3330. mkdir /home/$MY_USERNAME/.ssh
  3331. fi
  3332. echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
  3333. echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
  3334. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
  3335. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh/config
  3336. fi
  3337. if ! grep -q 'Host *.onion' /root/.ssh/config; then
  3338. if [ ! -d /root/.ssh ]; then
  3339. mkdir /root/.ssh
  3340. fi
  3341. echo 'Host *.onion' >> /root/.ssh/config
  3342. echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /root/.ssh/config
  3343. fi
  3344. echo 'enable_ssh_via_onion' >> $COMPLETION_FILE
  3345. }
  3346. function install_editor {
  3347. if grep -Fxq "install_editor" $COMPLETION_FILE; then
  3348. return
  3349. fi
  3350. update-alternatives --set editor /usr/bin/emacs24
  3351. # A minimal emacs configuration
  3352. #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
  3353. #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
  3354. #echo '' >> /home/$MY_USERNAME/.emacs
  3355. echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
  3356. echo '' >> /home/$MY_USERNAME/.emacs
  3357. echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
  3358. echo '' >> /home/$MY_USERNAME/.emacs
  3359. echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
  3360. echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
  3361. echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
  3362. echo '' >> /home/$MY_USERNAME/.emacs
  3363. echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
  3364. echo '' >> /home/$MY_USERNAME/.emacs
  3365. echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
  3366. echo '' >> /home/$MY_USERNAME/.emacs
  3367. echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
  3368. echo '' >> /home/$MY_USERNAME/.emacs
  3369. echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
  3370. echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs
  3371. echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
  3372. echo '' >> /home/$MY_USERNAME/.emacs
  3373. echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
  3374. echo '' >> /home/$MY_USERNAME/.emacs
  3375. echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
  3376. echo '' >> /home/$MY_USERNAME/.emacs
  3377. echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
  3378. echo '' >> /home/$MY_USERNAME/.emacs
  3379. echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
  3380. echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
  3381. echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
  3382. echo '' >> /home/$MY_USERNAME/.emacs
  3383. echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
  3384. echo '' >> /home/$MY_USERNAME/.emacs
  3385. echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
  3386. echo '' >> /home/$MY_USERNAME/.emacs
  3387. echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
  3388. echo '' >> /home/$MY_USERNAME/.emacs
  3389. echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
  3390. echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
  3391. echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
  3392. echo '' >> /home/$MY_USERNAME/.emacs
  3393. echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
  3394. echo '' >> /home/$MY_USERNAME/.emacs
  3395. echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
  3396. echo '' >> /home/$MY_USERNAME/.emacs
  3397. echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
  3398. echo '' >> /home/$MY_USERNAME/.emacs
  3399. echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
  3400. echo '' >> /home/$MY_USERNAME/.emacs
  3401. echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
  3402. echo '' >> /home/$MY_USERNAME/.emacs
  3403. echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
  3404. echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
  3405. echo '' >> /home/$MY_USERNAME/.emacs
  3406. echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
  3407. echo '' >> /home/$MY_USERNAME/.emacs
  3408. echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
  3409. echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
  3410. echo '' >> /home/$MY_USERNAME/.emacs
  3411. echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
  3412. echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
  3413. echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
  3414. echo '' >> /home/$MY_USERNAME/.emacs
  3415. echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
  3416. echo '' >> /home/$MY_USERNAME/.emacs
  3417. echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
  3418. echo '' >> /home/$MY_USERNAME/.emacs
  3419. echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
  3420. echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
  3421. cp /home/$MY_USERNAME/.emacs /root/.emacs
  3422. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
  3423. echo 'install_editor' >> $COMPLETION_FILE
  3424. }
  3425. function enable_backports {
  3426. if grep -Fxq "enable_backports" $COMPLETION_FILE; then
  3427. return
  3428. fi
  3429. if ! grep -Fxq "deb http://$DEBIAN_REPO/debian $DEBIAN_VERSION-backports main" /etc/apt/sources.list; then
  3430. echo "deb http://$DEBIAN_REPO/debian $DEBIAN_VERSION-backports main" >> /etc/apt/sources.list
  3431. fi
  3432. echo 'enable_backports' >> $COMPLETION_FILE
  3433. }
  3434. function enable_zram {
  3435. if grep -Fxq "enable_zram" $COMPLETION_FILE; then
  3436. return
  3437. fi
  3438. if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
  3439. ${PROJECT_NAME}-zram off
  3440. return
  3441. fi
  3442. ${PROJECT_NAME}-zram on
  3443. echo 'enable_zram' >> $COMPLETION_FILE
  3444. }
  3445. function check_onerng_verification {
  3446. if grep -Fxq "check_onerng_verification" $COMPLETION_FILE; then
  3447. return
  3448. fi
  3449. if [[ $HWRNG_TYPE != "onerng" ]]; then
  3450. return
  3451. fi
  3452. echo $'Checking OneRNG firmware verification'
  3453. last_onerng_validation=$(cat /var/log/syslog.1 | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
  3454. if [[ $last_onerng_validation != *"passed OK"* ]]; then
  3455. last_onerng_validation=$(cat /var/log/syslog | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
  3456. if [[ $last_onerng_validation != *"passed OK"* ]]; then
  3457. echo $last_onerng_validation
  3458. echo $'OneRNG firmware verification failed'
  3459. exit 735026
  3460. fi
  3461. fi
  3462. echo $'OneRNG firmware verification passed'
  3463. # if haveged was previously installed then remove it
  3464. apt-get -y remove haveged
  3465. echo 'check_onerng_verification' >> $COMPLETION_FILE
  3466. }
  3467. function install_onerng {
  3468. apt-get -y install rng-tools at python-gnupg
  3469. # Move to the installation directory
  3470. if [ ! -d $INSTALL_DIR ]; then
  3471. mkdir $INSTALL_DIR
  3472. fi
  3473. cd $INSTALL_DIR
  3474. # Download the package
  3475. if [ ! -f $ONERNG_PACKAGE ]; then
  3476. wget $ONERNG_PACKAGE_DOWNLOAD
  3477. mv "$ONERNG_PACKAGE?raw=true" $ONERNG_PACKAGE
  3478. fi
  3479. if [ ! -f $ONERNG_PACKAGE ]; then
  3480. echo $"OneRNG package could not be downloaded"
  3481. exit 59249
  3482. fi
  3483. # Check the hash
  3484. hash=$(sha256sum $ONERNG_PACKAGE | awk -F ' ' '{print $1}')
  3485. if [[ $hash != $ONERNG_PACKAGE_HASH ]]; then
  3486. echo $"OneRNG package: $ONERNG_PACKAGE"
  3487. echo $"Hash does not match. This could indicate that the package has been tampered with."
  3488. echo $"OneRNG expected package hash: $ONERNG_PACKAGE_HASH"
  3489. echo $"OneRNG actual hash: $hash"
  3490. exit 25934
  3491. fi
  3492. # install the package
  3493. dpkg -i $ONERNG_PACKAGE
  3494. # Check that the install worked
  3495. if [ ! -f /etc/onerng.conf ]; then
  3496. echo $'OneRNG configuration file not found. The package may not have installed successfully.'
  3497. exit 42904
  3498. fi
  3499. dialog --title $"OneRNG Device" \
  3500. --msgbox $"Please plug in the OneRNG device" 6 40
  3501. # check rng-tools configuration
  3502. if ! grep -q "/dev/$ONERNG_DEVICE" /etc/default/rng-tools; then
  3503. echo "HRNGDEVICE=/dev/$ONERNG_DEVICE" >> /etc/default/rng-tools
  3504. fi
  3505. systemctl restart rng-tools
  3506. }
  3507. function random_number_generator {
  3508. if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
  3509. return
  3510. fi
  3511. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3512. # it is assumed that docker uses the random number
  3513. # generator of the host system
  3514. return
  3515. fi
  3516. # if the hrng type has not been set but /dev/hwrng is detected
  3517. if [[ $HWRNG_TYPE != "beaglebone" ]]; then
  3518. if [ -e /dev/hwrng ]; then
  3519. HWRNG_TYPE="beaglebone"
  3520. fi
  3521. fi
  3522. case $HWRNG_TYPE in
  3523. beaglebone)
  3524. apt-get -y install rng-tools
  3525. sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
  3526. ;;
  3527. onerng)
  3528. install_onerng
  3529. ;;
  3530. *)
  3531. apt-get -y install haveged
  3532. ;;
  3533. esac
  3534. echo 'random_number_generator' >> $COMPLETION_FILE
  3535. }
  3536. function configure_ssh {
  3537. if grep -Fxq "configure_ssh" $COMPLETION_FILE; then
  3538. return
  3539. fi
  3540. sed -i "s/Port .*/Port $SSH_PORT/g" /etc/ssh/sshd_config
  3541. sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
  3542. sed -i 's/X11Forwarding.*/X11Forwarding no/g' /etc/ssh/sshd_config
  3543. sed -i 's/ServerKeyBits.*/ServerKeyBits 4096/g' /etc/ssh/sshd_config
  3544. sed -i 's/TCPKeepAlive.*/TCPKeepAlive no/g' /etc/ssh/sshd_config
  3545. sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config
  3546. sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config
  3547. if ! grep -q 'DebianBanner' /etc/ssh/sshd_config; then
  3548. echo 'DebianBanner no' >> /etc/ssh/sshd_config
  3549. else
  3550. sed -i 's|DebianBanner.*|DebianBanner no|g' /etc/ssh/sshd_config
  3551. fi
  3552. if grep -q 'ClientAliveInterval' /etc/ssh/sshd_config; then
  3553. sed -i 's/ClientAliveInterval.*/ClientAliveInterval 60/g' /etc/ssh/sshd_config
  3554. else
  3555. echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config
  3556. fi
  3557. if grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config; then
  3558. sed -i 's/ClientAliveCountMax.*/ClientAliveCountMax 3/g' /etc/ssh/sshd_config
  3559. else
  3560. echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config
  3561. fi
  3562. if grep -q 'Ciphers' /etc/ssh/sshd_config; then
  3563. sed -i "s|Ciphers.*|Ciphers $SSH_CIPHERS|g" /etc/ssh/sshd_config
  3564. else
  3565. echo "Ciphers $SSH_CIPHERS" >> /etc/ssh/sshd_config
  3566. fi
  3567. if grep -q 'MACs' /etc/ssh/sshd_config; then
  3568. sed -i "s|MACs.*|MACs $SSH_MACS|g" /etc/ssh/sshd_config
  3569. else
  3570. echo "MACs $SSH_MACS" >> /etc/ssh/sshd_config
  3571. fi
  3572. if grep -q 'KexAlgorithms' /etc/ssh/sshd_config; then
  3573. sed -i "s|KexAlgorithms.*|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config
  3574. else
  3575. echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config
  3576. fi
  3577. apt-get -y install fail2ban
  3578. echo 'configure_ssh' >> $COMPLETION_FILE
  3579. }
  3580. function configure_ssh_onion {
  3581. if grep -Fxq "configure_ssh_onion" $COMPLETION_FILE; then
  3582. return
  3583. fi
  3584. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  3585. return
  3586. fi
  3587. SSH_ONION_HOSTNAME=$(add_onion_service ssh ${SSH_PORT} ${SSH_PORT})
  3588. if ! grep -q "ssh onion domain" $COMPLETION_FILE; then
  3589. echo "ssh onion domain:${SSH_ONION_HOSTNAME}" >> $COMPLETION_FILE
  3590. else
  3591. sed -i "s|ssh onion domain.*|ssh onion domain:${SSH_ONION_HOSTNAME}|g" $COMPLETION_FILE
  3592. fi
  3593. echo 'configure_ssh_onion' >> $COMPLETION_FILE
  3594. }
  3595. # see https://stribika.github.io/2015/01/04/secure-secure-shell.html
  3596. function ssh_remove_small_moduli {
  3597. awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
  3598. mv ~/moduli /etc/ssh/moduli
  3599. }
  3600. function configure_ssh_client {
  3601. if grep -Fxq "configure_ssh_client" $COMPLETION_FILE; then
  3602. return
  3603. fi
  3604. #sed -i 's/# PasswordAuthentication.*/ PasswordAuthentication no/g' /etc/ssh/ssh_config
  3605. #sed -i 's/# ChallengeResponseAuthentication.*/ ChallengeResponseAuthentication no/g' /etc/ssh/ssh_config
  3606. sed -i "s/# HostKeyAlgorithms.*/ HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
  3607. sed -i "s/# Ciphers.*/ Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
  3608. sed -i "s/# MACs.*/ MACs $SSH_MACS/g" /etc/ssh/ssh_config
  3609. if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
  3610. echo " HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> /etc/ssh/ssh_config
  3611. fi
  3612. sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
  3613. if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
  3614. echo " Ciphers $SSH_CIPHERS" >> /etc/ssh/ssh_config
  3615. fi
  3616. sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
  3617. if ! grep -q "MACs " /etc/ssh/ssh_config; then
  3618. echo " MACs $SSH_MACS" >> /etc/ssh/ssh_config
  3619. fi
  3620. # Create ssh keys
  3621. if [ ! -f ~/.ssh/id_ed25519 ]; then
  3622. ssh-keygen -t ed25519 -o -a 100
  3623. fi
  3624. if [ ! -f ~/.ssh/id_rsa ]; then
  3625. ssh-keygen -t rsa -b 4096 -o -a 100
  3626. fi
  3627. ssh_remove_small_moduli
  3628. echo 'configure_ssh_client' >> $COMPLETION_FILE
  3629. }
  3630. function regenerate_ssh_keys {
  3631. if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE; then
  3632. return
  3633. fi
  3634. rm -f /etc/ssh/ssh_host_*
  3635. dpkg-reconfigure openssh-server
  3636. ssh_remove_small_moduli
  3637. systemctl restart ssh
  3638. echo 'regenerate_ssh_keys' >> $COMPLETION_FILE
  3639. }
  3640. function configure_dns {
  3641. if grep -Fxq "configure_dns" $COMPLETION_FILE; then
  3642. return
  3643. fi
  3644. echo 'domain localdomain' > /etc/resolv.conf
  3645. echo 'search localdomain' >> /etc/resolv.conf
  3646. echo "nameserver $NAMESERVER1" >> /etc/resolv.conf
  3647. echo "nameserver $NAMESERVER2" >> /etc/resolv.conf
  3648. echo 'configure_dns' >> $COMPLETION_FILE
  3649. }
  3650. function set_hostname {
  3651. DEFAULT_DOMAIN_NAME="$1"
  3652. echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
  3653. hostname $DEFAULT_DOMAIN_NAME
  3654. if grep -q "127.0.1.1" /etc/hosts; then
  3655. sed -i "s/127.0.1.1.*/127.0.1.1 $DEFAULT_DOMAIN_NAME/g" /etc/hosts
  3656. else
  3657. echo "127.0.1.1 $DEFAULT_DOMAIN_NAME" >> /etc/hosts
  3658. fi
  3659. }
  3660. function set_your_domain_name {
  3661. if grep -Fxq "set_your_domain_name" $COMPLETION_FILE; then
  3662. return
  3663. fi
  3664. set_hostname $DEFAULT_DOMAIN_NAME
  3665. echo 'set_your_domain_name' >> $COMPLETION_FILE
  3666. }
  3667. function time_synchronisation {
  3668. # mesh peers typically don't sync over the internet
  3669. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  3670. return
  3671. fi
  3672. if [ -f /usr/local/bin/${PROJECT_NAME}-update-date ]; then
  3673. cp /usr/local/bin/${PROJECT_NAME}-update-date /usr/bin/updatedate
  3674. else
  3675. cp /usr/bin/${PROJECT_NAME}-update-date /usr/bin/updatedate
  3676. fi
  3677. chmod +x /usr/bin/updatedate
  3678. if grep -Fxq "time_synchronisation" $COMPLETION_FILE; then
  3679. return
  3680. fi
  3681. apt-get -y install tlsdate
  3682. apt-get -y remove ntpdate
  3683. echo '*/15 * * * * root /usr/bin/updatedate' >> /etc/crontab
  3684. systemctl restart cron
  3685. echo 'time_synchronisation' >> $COMPLETION_FILE
  3686. }
  3687. function configure_firewall {
  3688. if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
  3689. return
  3690. fi
  3691. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3692. # docker does its own firewalling
  3693. return
  3694. fi
  3695. iptables -P INPUT ACCEPT
  3696. ip6tables -P INPUT ACCEPT
  3697. iptables -F
  3698. ip6tables -F
  3699. iptables -t nat -F
  3700. ip6tables -t nat -F
  3701. iptables -X
  3702. ip6tables -X
  3703. iptables -P INPUT DROP
  3704. ip6tables -P INPUT DROP
  3705. iptables -A INPUT -i lo -j ACCEPT
  3706. iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  3707. # Make sure incoming tcp connections are SYN packets
  3708. iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
  3709. # Drop packets with incoming fragments
  3710. iptables -A INPUT -f -j DROP
  3711. # Drop bogons
  3712. iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
  3713. iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
  3714. iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
  3715. # Incoming malformed NULL packets:
  3716. iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
  3717. echo 'configure_firewall' >> $COMPLETION_FILE
  3718. }
  3719. function configure_firewall_ping {
  3720. if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then
  3721. return
  3722. fi
  3723. # Only allow ping for mesh installs
  3724. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  3725. return
  3726. fi
  3727. iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
  3728. iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
  3729. save_firewall_settings
  3730. echo 'configure_firewall_ping' >> $COMPLETION_FILE
  3731. }
  3732. function configure_firewall_for_voip {
  3733. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
  3734. return
  3735. fi
  3736. if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
  3737. return
  3738. fi
  3739. if [[ $ONION_ONLY != "no" ]]; then
  3740. return
  3741. fi
  3742. iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
  3743. iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
  3744. save_firewall_settings
  3745. echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
  3746. }
  3747. function configure_firewall_for_sip {
  3748. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
  3749. return
  3750. fi
  3751. if grep -Fxq "configure_firewall_for_sip" $COMPLETION_FILE; then
  3752. return
  3753. fi
  3754. if [[ $ONION_ONLY != "no" ]]; then
  3755. return
  3756. fi
  3757. iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
  3758. iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
  3759. save_firewall_settings
  3760. echo 'configure_firewall_for_sip' >> $COMPLETION_FILE
  3761. }
  3762. function configure_firewall_for_ipfs {
  3763. if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
  3764. return
  3765. fi
  3766. if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
  3767. return
  3768. fi
  3769. if [[ $ONION_ONLY != "no" ]]; then
  3770. return
  3771. fi
  3772. iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
  3773. save_firewall_settings
  3774. echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
  3775. }
  3776. function configure_firewall_for_avahi {
  3777. if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
  3778. return
  3779. fi
  3780. iptables -A INPUT -p tcp --dport 548 -j ACCEPT
  3781. iptables -A INPUT -p udp --dport 548 -j ACCEPT
  3782. iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
  3783. iptables -A INPUT -p udp --dport 5353 -j ACCEPT
  3784. iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
  3785. iptables -A INPUT -p udp --dport 5354 -j ACCEPT
  3786. save_firewall_settings
  3787. echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
  3788. }
  3789. function configure_firewall_for_cjdns {
  3790. if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
  3791. return
  3792. fi
  3793. if [[ $ENABLE_CJDNS != "yes" ]]; then
  3794. return
  3795. fi
  3796. ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
  3797. ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  3798. save_firewall_settings
  3799. echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
  3800. }
  3801. function configure_firewall_for_batman {
  3802. if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
  3803. return
  3804. fi
  3805. if [[ $ENABLE_BATMAN != "yes" ]]; then
  3806. return
  3807. fi
  3808. save_firewall_settings
  3809. echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
  3810. }
  3811. function configure_firewall_for_babel {
  3812. if grep -Fxq "configure_firewall_for_babel" $COMPLETION_FILE; then
  3813. return
  3814. fi
  3815. if [[ $ENABLE_BABEL != "yes" ]]; then
  3816. return
  3817. fi
  3818. iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $BABEL_PORT -j ACCEPT
  3819. save_firewall_settings
  3820. echo 'configure_firewall_for_babel' >> $COMPLETION_FILE
  3821. }
  3822. function configure_firewall_for_zeronet {
  3823. if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then
  3824. return
  3825. fi
  3826. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  3827. return
  3828. fi
  3829. iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT
  3830. iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT
  3831. iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT
  3832. iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT
  3833. iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT
  3834. save_firewall_settings
  3835. echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE
  3836. }
  3837. function configure_firewall_for_dlna {
  3838. if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
  3839. return
  3840. fi
  3841. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3842. # docker does its own firewalling
  3843. return
  3844. fi
  3845. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
  3846. return
  3847. fi
  3848. iptables -A INPUT -p udp --dport 1900 -j ACCEPT
  3849. iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
  3850. save_firewall_settings
  3851. echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
  3852. }
  3853. function configure_firewall_for_dns {
  3854. if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
  3855. return
  3856. fi
  3857. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3858. # docker does its own firewalling
  3859. return
  3860. fi
  3861. iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
  3862. save_firewall_settings
  3863. echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
  3864. }
  3865. function configure_firewall_for_xmpp {
  3866. if [ ! -d /etc/prosody ]; then
  3867. return
  3868. fi
  3869. if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
  3870. return
  3871. fi
  3872. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3873. # docker does its own firewalling
  3874. return
  3875. fi
  3876. if [[ $ONION_ONLY != "no" ]]; then
  3877. return
  3878. fi
  3879. iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
  3880. iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
  3881. iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
  3882. save_firewall_settings
  3883. echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
  3884. }
  3885. function configure_firewall_for_irc {
  3886. if [ ! -d /etc/ngircd ]; then
  3887. return
  3888. fi
  3889. if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
  3890. return
  3891. fi
  3892. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3893. # docker does its own firewalling
  3894. return
  3895. fi
  3896. if [[ $ONION_ONLY != "no" ]]; then
  3897. return
  3898. fi
  3899. iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT
  3900. iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
  3901. save_firewall_settings
  3902. echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
  3903. }
  3904. function configure_firewall_for_ftp {
  3905. if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
  3906. return
  3907. fi
  3908. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3909. # docker does its own firewalling
  3910. return
  3911. fi
  3912. if [[ $ONION_ONLY != "no" ]]; then
  3913. return
  3914. fi
  3915. iptables -I INPUT -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
  3916. save_firewall_settings
  3917. echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
  3918. }
  3919. function configure_firewall_for_web_access {
  3920. if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
  3921. return
  3922. fi
  3923. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3924. # docker does its own firewalling
  3925. return
  3926. fi
  3927. if [[ $ONION_ONLY != "no" ]]; then
  3928. return
  3929. fi
  3930. iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
  3931. iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
  3932. save_firewall_settings
  3933. echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
  3934. }
  3935. function configure_firewall_for_web_server {
  3936. if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
  3937. return
  3938. fi
  3939. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3940. # docker does its own firewalling
  3941. return
  3942. fi
  3943. if [[ $ONION_ONLY != "no" ]]; then
  3944. return
  3945. fi
  3946. iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  3947. iptables -A INPUT -p tcp --dport 443 -j ACCEPT
  3948. save_firewall_settings
  3949. echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
  3950. }
  3951. function configure_firewall_for_tox {
  3952. if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then
  3953. return
  3954. fi
  3955. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3956. # docker does its own firewalling
  3957. return
  3958. fi
  3959. if [[ $ONION_ONLY != "no" ]]; then
  3960. return
  3961. fi
  3962. iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
  3963. save_firewall_settings
  3964. echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
  3965. }
  3966. function configure_firewall_for_ssh {
  3967. if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
  3968. return
  3969. fi
  3970. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3971. # docker does its own firewalling
  3972. return
  3973. fi
  3974. iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  3975. iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
  3976. save_firewall_settings
  3977. echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
  3978. }
  3979. function configure_firewall_for_git {
  3980. if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
  3981. return
  3982. fi
  3983. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  3984. # docker does its own firewalling
  3985. return
  3986. fi
  3987. if [[ $ONION_ONLY != "no" ]]; then
  3988. return
  3989. fi
  3990. iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
  3991. save_firewall_settings
  3992. echo 'configure_firewall_for_git' >> $COMPLETION_FILE
  3993. }
  3994. function configure_firewall_for_email {
  3995. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  3996. return
  3997. fi
  3998. if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
  3999. return
  4000. fi
  4001. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  4002. # docker does its own firewalling
  4003. return
  4004. fi
  4005. if [[ $ONION_ONLY != "no" ]]; then
  4006. return
  4007. fi
  4008. iptables -A INPUT -p tcp --dport 25 -j ACCEPT
  4009. iptables -A INPUT -p tcp --dport 587 -j ACCEPT
  4010. iptables -A INPUT -p tcp --dport 465 -j ACCEPT
  4011. iptables -A INPUT -p tcp --dport 993 -j ACCEPT
  4012. save_firewall_settings
  4013. echo 'configure_firewall_for_email' >> $COMPLETION_FILE
  4014. }
  4015. function configure_internet_protocol {
  4016. if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
  4017. return
  4018. fi
  4019. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4020. return
  4021. fi
  4022. sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
  4023. sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
  4024. sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
  4025. sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
  4026. sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
  4027. sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
  4028. sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
  4029. sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
  4030. sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
  4031. sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
  4032. if ! grep -q "ignore pings" /etc/sysctl.conf; then
  4033. echo '# ignore pings' >> /etc/sysctl.conf
  4034. echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
  4035. echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
  4036. fi
  4037. if ! grep -q "disable ipv6" /etc/sysctl.conf; then
  4038. echo '# disable ipv6' >> /etc/sysctl.conf
  4039. echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
  4040. fi
  4041. if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then
  4042. echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
  4043. echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
  4044. fi
  4045. if ! grep -q "keepalive" /etc/sysctl.conf; then
  4046. echo '# keepalive' >> /etc/sysctl.conf
  4047. echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
  4048. echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
  4049. echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
  4050. fi
  4051. echo 'configure_internet_protocol' >> $COMPLETION_FILE
  4052. }
  4053. function configure_email {
  4054. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4055. return
  4056. fi
  4057. if grep -Fxq "configure_email" $COMPLETION_FILE; then
  4058. return
  4059. fi
  4060. apt-get -y remove postfix
  4061. apt-get -y install exim4 sasl2-bin swaks libnet-ssleay-perl procmail xinetd
  4062. if [ ! -d /etc/exim4 ]; then
  4063. echo $"ERROR: Exim does not appear to have installed. $CHECK_MESSAGE"
  4064. exit 48
  4065. fi
  4066. onion_service_name='email'
  4067. if [ ! -d /var/lib/tor ]; then
  4068. echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured."
  4069. exit 877367
  4070. fi
  4071. if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
  4072. echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc
  4073. echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
  4074. echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
  4075. echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
  4076. echo 'HiddenServicePort 993 127.0.0.1:993' >> /etc/tor/torrc
  4077. echo $"Added onion site for ${onion_service_name}"
  4078. fi
  4079. systemctl restart tor
  4080. wait_for_onion_service ${onion_service_name}
  4081. if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
  4082. echo $"${onion_service_name} onion site hostname not found"
  4083. exit 76362
  4084. fi
  4085. EMAIL_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
  4086. if [[ $ONION_ONLY != "no" ]]; then
  4087. set_hostname ${EMAIL_ONION_HOSTNAME}
  4088. MY_EMAIL_ADDRESS=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}
  4089. fi
  4090. if ! grep -q "Email onion domain" $COMPLETION_FILE; then
  4091. echo "Email onion domain:${EMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
  4092. else
  4093. sed -i "s|Email onion domain.*|Email onion domain:${EMAIL_ONION_HOSTNAME}|g" $COMPLETION_FILE
  4094. fi
  4095. # see https://github.com/petterreinholdtsen/exim4-smtorp
  4096. echo '# tor stuff first' > /etc/exim4/conf.d/router/100_exim4-smtorp
  4097. echo '#' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4098. echo '# if were submitting mail *from* a .tor/.onion address,' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4099. echo '# make sure any header lines that may give us away is' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4100. echo '# stripped out, and add a new, cryptic Message-ID.' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4101. echo '# In address_data we store the name we should HELO as.' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4102. echo 'tor_to_any:' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4103. echo ' debug_print = "R: manualroute from .onion to $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4104. echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4105. echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4106. echo ' condition = ${if match {$sender_address_domain}{\N.*\.(onion|tor)$\N}}' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4107. echo ' address_data = $sender_address_domain' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4108. echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4109. echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4110. echo ' route_list = * localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4111. echo ' headers_remove = Received:Message-ID:X-Mailer:User-Agent' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4112. echo ' headers_add = Message-ID: <${lc:${sha1:$message_id}}@$sender_address_domain>' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4113. echo '' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4114. echo '# this catches the case where were submitting mail' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4115. echo '# from a regular email address where we dont need to' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4116. echo '# rewrite any headers' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4117. echo 'any_to_tor:' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4118. echo ' debug_print = "R: manualroute for $local_part@$domain"' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4119. echo ' driver = manualroute' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4120. echo ' domains = ! +local_domains' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4121. echo ' transport = remote_smtp_onion' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4122. echo ' self = send' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4123. echo ' route_list = *.onion localhost ; *.tor localhost' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4124. echo ' address_data = $smtp_active_hostname' >> /etc/exim4/conf.d/router/100_exim4-smtorp
  4125. echo 'remote_smtp_onion:' > /etc/exim4/conf.d/transport/100_exim4-smtorp
  4126. echo ' debug_print = "T: remote_smtp_onion for $local_part@$original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4127. echo ' driver = smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4128. echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4129. echo ' # set helo_data to where we want to connect to,' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4130. echo ' # for the proxy program tor-smtp' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4131. echo ' helo_data = "$address_data $original_domain"' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4132. echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4133. echo ' # wherever we configured our script at' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4134. echo ' port = 12668' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4135. echo '' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4136. echo ' # cannot use TLS otherwise it will EHLO again!!' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4137. echo ' hosts_avoid_tls = *' >> /etc/exim4/conf.d/transport/100_exim4-smtorp
  4138. if [ ! -d $INSTALL_DIR ]; then
  4139. mkdir -p $INSTALL_DIR
  4140. fi
  4141. cd $INSTALL_DIR
  4142. git_clone $EXIM_ONION_REPO $INSTALL_DIR/exim4-smtorp
  4143. cd $INSTALL_DIR/exim4-smtorp/tor-smtp
  4144. make
  4145. if [ ! -f $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp ]; then
  4146. echo $'Unable to make tor smtp transport'
  4147. exit 52629
  4148. fi
  4149. if [ ! -d /usr/lib/exim4-smtorp ]; then
  4150. mkdir /usr/lib/exim4-smtorp
  4151. fi
  4152. cp $INSTALL_DIR/exim4-smtorp/tor-smtp/tor-smtp /usr/lib/exim4-smtorp/tor-smtp
  4153. if [ ! -f /usr/lib/exim4-smtorp/tor-smtp ]; then
  4154. echo $'Unable to copy tor-smtp'
  4155. exit 83503
  4156. fi
  4157. cp $INSTALL_DIR/exim4-smtorp/xinetd /etc/xinetd.d/tor-smtp
  4158. if [ ! -f /etc/xinetd.d/tor-smtp ]; then
  4159. echo $'Unable to copy to xinetd.d'
  4160. exit 835954
  4161. fi
  4162. systemctl restart xinetd
  4163. # configure for Maildir format
  4164. sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs
  4165. sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs
  4166. if ! grep -q "export MAIL" /etc/profile; then
  4167. echo 'export MAIL=~/Maildir' >> /etc/profile
  4168. fi
  4169. sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login
  4170. sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd
  4171. sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su
  4172. echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf
  4173. if [[ $ONION_ONLY == "no" ]]; then
  4174. # both ICANN and onion domains
  4175. echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf
  4176. else
  4177. echo "dc_other_hostnames='${EMAIL_ONION_HOSTNAME}'" >> /etc/exim4/update-exim4.conf.conf
  4178. fi
  4179. echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf
  4180. echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf
  4181. echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf
  4182. echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf
  4183. RELAY_NETS='192.168.1.0/24'
  4184. if [ $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
  4185. RELAY_NETS=$(echo $LOCAL_NETWORK_STATIC_IP_ADDRESS | awk -F '.' '{print $1 "." $2 "." $3 ".0/24"}')
  4186. fi
  4187. echo "dc_relay_nets='$RELAY_NETS'" >> /etc/exim4/update-exim4.conf.conf
  4188. echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf
  4189. echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf
  4190. echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf
  4191. echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf
  4192. echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf
  4193. echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf
  4194. update-exim4.conf
  4195. sed -i "s/START=no/START=yes/g" /etc/default/saslauthd
  4196. systemctl start saslauthd
  4197. # make a tls certificate for email
  4198. if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
  4199. ${PROJECT_NAME}-addcert -h exim --dhkey $DH_KEYLENGTH
  4200. check_certificates exim
  4201. fi
  4202. cp /etc/ssl/private/exim.key /etc/exim4
  4203. cp /etc/ssl/certs/exim.crt /etc/exim4
  4204. cp /etc/ssl/certs/exim.dhparam /etc/exim4
  4205. chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
  4206. chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
  4207. sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template
  4208. sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DEFAULT_DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template
  4209. sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4
  4210. if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then
  4211. sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template
  4212. fi
  4213. adduser $MY_USERNAME sasl
  4214. addgroup Debian-exim sasl
  4215. systemctl restart exim4
  4216. if [ ! -d /etc/skel/Maildir ]; then
  4217. mkdir -m 700 /etc/skel/.mutt
  4218. mkdir -m 700 /etc/skel/Maildir
  4219. mkdir -m 700 /etc/skel/Maildir/new
  4220. mkdir -m 700 /etc/skel/Maildir/cur
  4221. mkdir -m 700 /etc/skel/Maildir/Sent
  4222. mkdir -m 700 /etc/skel/Maildir/Sent/tmp
  4223. mkdir -m 700 /etc/skel/Maildir/Sent/cur
  4224. mkdir -m 700 /etc/skel/Maildir/Sent/new
  4225. mkdir -m 700 /etc/skel/Maildir/.learn-spam
  4226. mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur
  4227. mkdir -m 700 /etc/skel/Maildir/.learn-spam/new
  4228. mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp
  4229. mkdir -m 700 /etc/skel/Maildir/.learn-ham
  4230. mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur
  4231. mkdir -m 700 /etc/skel/Maildir/.learn-ham/new
  4232. mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp
  4233. ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam
  4234. ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham
  4235. fi
  4236. if [ ! -d /home/$MY_USERNAME/Maildir ]; then
  4237. mkdir -m 700 /home/$MY_USERNAME/.mutt
  4238. mkdir -m 700 /home/$MY_USERNAME/Maildir
  4239. mkdir -m 700 /home/$MY_USERNAME/Maildir/cur
  4240. mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp
  4241. mkdir -m 700 /home/$MY_USERNAME/Maildir/new
  4242. mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent
  4243. mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur
  4244. mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp
  4245. mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new
  4246. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam
  4247. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur
  4248. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new
  4249. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp
  4250. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham
  4251. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur
  4252. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new
  4253. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp
  4254. ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam
  4255. ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham
  4256. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
  4257. fi
  4258. echo 'configure_email' >> $COMPLETION_FILE
  4259. }
  4260. function create_procmail {
  4261. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4262. return
  4263. fi
  4264. if grep -Fxq "create_procmail" $COMPLETION_FILE; then
  4265. return
  4266. fi
  4267. if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then
  4268. echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc
  4269. echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc
  4270. echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc
  4271. echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc
  4272. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
  4273. fi
  4274. if [ ! -f /etc/skel/.procmailrc ]; then
  4275. cp /home/$MY_USERNAME/.procmailrc /etc/skel/.procmailrc
  4276. chown root:root /etc/skel/.procmailrc
  4277. fi
  4278. echo 'create_procmail' >> $COMPLETION_FILE
  4279. }
  4280. function spam_filtering {
  4281. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4282. return
  4283. fi
  4284. if grep -Fxq "spam_filtering" $COMPLETION_FILE; then
  4285. return
  4286. fi
  4287. apt-get -y install exim4-daemon-heavy
  4288. apt-get -y install spamassassin
  4289. if [ ! -f /etc/default/spamassassin ]; then
  4290. echo 'Spamassassin was not installed'
  4291. exit 72570
  4292. fi
  4293. sa-update -v
  4294. sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin
  4295. sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template
  4296. # This configuration is based on https://wiki.debian.org/DebianSpamAssassin
  4297. sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
  4298. sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
  4299. sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4300. echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4301. echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4302. echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4303. echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4304. echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4305. echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4306. echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4307. echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4308. echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4309. echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  4310. # procmail configuration
  4311. echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc
  4312. echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc
  4313. echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc
  4314. echo '| spamc' >> /home/$MY_USERNAME/.procmailrc
  4315. echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc
  4316. echo ':0' >> /home/$MY_USERNAME/.procmailrc
  4317. echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
  4318. echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
  4319. echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc
  4320. echo ':0' >> /home/$MY_USERNAME/.procmailrc
  4321. echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
  4322. echo 'maybe-spam/' >> /home/$MY_USERNAME/.procmailrc
  4323. echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc
  4324. echo ':0' >> /home/$MY_USERNAME/.procmailrc
  4325. echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc
  4326. echo 'spam/' >> /home/$MY_USERNAME/.procmailrc
  4327. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
  4328. echo '# get spamassassin to check emails' >> /etc/skel/.procmailrc
  4329. echo ':0fw: .spamassassin.lock' >> /etc/skel/.procmailrc
  4330. echo ' * < 256000' >> /etc/skel/.procmailrc
  4331. echo '| spamc' >> /etc/skel/.procmailrc
  4332. echo '# strong spam are discarded' >> /etc/skel/.procmailrc
  4333. echo ':0' >> /etc/skel/.procmailrc
  4334. echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /etc/skel/.procmailrc
  4335. echo '/dev/null' >> /etc/skel/.procmailrc
  4336. echo '# weak spam are kept just in case - clear this out every now and then' >> /etc/skel/.procmailrc
  4337. echo ':0' >> /etc/skel/.procmailrc
  4338. echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /etc/skel/.procmailrc
  4339. echo 'maybe-spam/' >> /etc/skel/.procmailrc
  4340. echo '# otherwise, marginal spam goes here for revision' >> /etc/skel/.procmailrc
  4341. echo ':0' >> /etc/skel/.procmailrc
  4342. echo ' * ^X-Spam-Level: \*\*' >> /etc/skel/.procmailrc
  4343. echo 'spam/' >> /etc/skel/.procmailrc
  4344. # filtering scripts
  4345. echo '#!/bin/bash' > /usr/bin/filterspam
  4346. echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam
  4347. echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam
  4348. echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" ]]; then' >> /usr/bin/filterspam
  4349. echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
  4350. echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
  4351. echo ' exit' >> /usr/bin/filterspam
  4352. echo ' fi' >> /usr/bin/filterspam
  4353. echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam
  4354. echo ' do' >> /usr/bin/filterspam
  4355. echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam
  4356. echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam
  4357. echo ' done' >> /usr/bin/filterspam
  4358. echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam
  4359. echo ' do' >> /usr/bin/filterspam
  4360. echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam
  4361. echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam
  4362. echo ' done' >> /usr/bin/filterspam
  4363. echo ' fi' >> /usr/bin/filterspam
  4364. echo 'done' >> /usr/bin/filterspam
  4365. echo 'exit 0' >> /usr/bin/filterspam
  4366. echo '#!/bin/bash' > /usr/bin/filterham
  4367. echo 'for d in /home/*/ ; do' >> /usr/bin/filterham
  4368. echo ' USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham
  4369. echo ' if [[ $USERNAME != "git" && $USERNAME != "mirrors" ]]; then' >> /usr/bin/filterham
  4370. echo ' MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
  4371. echo ' if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
  4372. echo ' exit' >> /usr/bin/filterham
  4373. echo ' fi' >> /usr/bin/filterham
  4374. echo ' for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham
  4375. echo ' do' >> /usr/bin/filterham
  4376. echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham
  4377. echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham
  4378. echo ' done' >> /usr/bin/filterham
  4379. echo ' for f in `ls $MAILDIR/new`' >> /usr/bin/filterham
  4380. echo ' do' >> /usr/bin/filterham
  4381. echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham
  4382. echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham
  4383. echo ' done' >> /usr/bin/filterham
  4384. echo ' fi' >> /usr/bin/filterham
  4385. echo 'done' >> /usr/bin/filterham
  4386. echo 'exit 0' >> /usr/bin/filterham
  4387. if ! grep -q "filterspam" /etc/crontab; then
  4388. echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam" >> /etc/crontab
  4389. fi
  4390. if ! grep -q "filterham" /etc/crontab; then
  4391. echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham" >> /etc/crontab
  4392. fi
  4393. chmod 655 /usr/bin/filterspam /usr/bin/filterham
  4394. sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf
  4395. sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf
  4396. # user preferences
  4397. if [ ! -d /home/$MY_USERNAME/.spamassassin ]; then
  4398. mkdir /home/$MY_USERNAME/.spamassassin
  4399. echo $'# How many points before a mail is considered spam.' > /home/$MY_USERNAME/.spamassassin/user_prefs
  4400. echo '# required_score 5' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4401. echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4402. echo $'# Whitelist and blacklist addresses are now file-glob-style patterns, so' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4403. echo $'# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4404. echo '# whitelist_from someone@somewhere.com' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4405. echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4406. echo $'# Add your own customised scores for some tests below. The default scores are' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4407. echo $'# read from the installed spamassassin rules files, but you can override them' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4408. echo $'# here. To see the list of tests and their default scores, go to' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4409. echo '# http://spamassassin.apache.org/tests.html .' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4410. echo '#' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4411. echo '# score SYMBOLIC_TEST_NAME n.nn' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4412. echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4413. echo $'# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4414. echo $'# definitely want to uncomment the following lines. They will switch off some' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4415. echo $'# rules that detect 8-bit characters, which commonly trigger on mails using CJK' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4416. echo $'# character sets, or that assume a western-style charset is in use. ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4417. echo '# ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4418. echo '# score HTML_COMMENT_8BITS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4419. echo '# score UPPERCASE_25_50 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4420. echo '# score UPPERCASE_50_75 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4421. echo '# score UPPERCASE_75_100 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4422. echo '# score OBSCURED_EMAIL 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4423. echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4424. echo $'# Speakers of any language that uses non-English, accented characters may wish' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4425. echo $'# to uncomment the following lines. They turn off rules that fire on' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4426. echo $'# misformatted messages generated by common mail apps in contravention of the' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4427. echo $'# email RFCs.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4428. echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4429. echo '# score SUBJ_ILLEGAL_CHARS 0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
  4430. fi
  4431. # this must be accessible by root
  4432. chown -R $MY_USERNAME:root /home/$MY_USERNAME/.spamassassin
  4433. systemctl restart spamassassin
  4434. systemctl restart exim4
  4435. systemctl restart cron
  4436. echo 'spam_filtering' >> $COMPLETION_FILE
  4437. }
  4438. function configure_imap {
  4439. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4440. return
  4441. fi
  4442. if grep -Fxq "configure_imap" $COMPLETION_FILE; then
  4443. return
  4444. fi
  4445. dpkg -P dovecot-imapd
  4446. dpkg -P dovecot-core
  4447. apt-get -y install dovecot-imapd
  4448. if [ ! -d /etc/dovecot ]; then
  4449. echo $"ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE"
  4450. exit 48
  4451. fi
  4452. if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then
  4453. ${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
  4454. check_certificates dovecot
  4455. fi
  4456. chown root:dovecot /etc/ssl/certs/dovecot.*
  4457. chown root:dovecot /etc/ssl/private/dovecot.*
  4458. if [ ! -f /etc/dovecot/conf.d/10-ssl.conf ]; then
  4459. echo $'Unable to find /etc/dovecot/conf.d/10-ssl.conf'
  4460. exit 83629
  4461. fi
  4462. sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
  4463. sed -i 's|ssl = no|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
  4464. sed -i 's|ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
  4465. sed -i 's|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
  4466. sed -i 's|ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
  4467. sed -i 's|#ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
  4468. sed -i 's|ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
  4469. sed -i 's|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = 2048|g' /etc/dovecot/conf.d/10-ssl.conf
  4470. sed -i 's/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
  4471. sed -i "s|#ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
  4472. sed -i "s|ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
  4473. echo "ssl_cipher_list = '$SSL_CIPHERS'" >> /etc/dovecot/conf.d/10-ssl.conf
  4474. if [ ! -f /etc/dovecot/conf.d/10-master.conf ]; then
  4475. echo $'Unable to find /etc/dovecot/conf.d/10-master.conf'
  4476. exit 49259
  4477. fi
  4478. sed -i 's/#process_limit =.*/process_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
  4479. sed -i 's/#default_client_limit.*/default_client_limit = 100/g' /etc/dovecot/conf.d/10-master.conf
  4480. sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
  4481. if [ ! -f /etc/dovecot/conf.d/10-logging.conf ]; then
  4482. echo $'Unable to find /etc/dovecot/conf.d/10-logging.conf'
  4483. exit 48936
  4484. fi
  4485. sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
  4486. if [ ! -f /etc/dovecot/dovecot.conf ]; then
  4487. echo $'Unable to find /etc/dovecot/dovecot.conf'
  4488. exit 43890
  4489. fi
  4490. sed -i 's/#listen =.*/listen = */g' /etc/dovecot/dovecot.conf
  4491. if [ ! -f /etc/dovecot/conf.d/10-auth.conf ]; then
  4492. echo $'Unable to find /etc/dovecot/conf.d/10-auth.conf'
  4493. exit 843256
  4494. fi
  4495. sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
  4496. sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
  4497. if [ ! -f /etc/dovecot/conf.d/10-mail.conf ]; then
  4498. echo $'Unable to find /etc/dovecot/conf.d/10-mail.conf'
  4499. exit 42036
  4500. fi
  4501. sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
  4502. # This long notify interval makes the system more suited for use with
  4503. # battery powered mobile devices
  4504. sed -i 's|#imap_idle_notify_interval =.*|imap_idle_notify_interval = 29|g' /etc/dovecot/conf.d/20-imap.conf
  4505. if [ -f /var/lib/dovecot/ssl-parameters.dat ]; then
  4506. rm /var/lib/dovecot/ssl-parameters.dat
  4507. fi
  4508. systemctl restart dovecot
  4509. echo 'configure_imap' >> $COMPLETION_FILE
  4510. }
  4511. function configure_imap_client_certs {
  4512. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4513. return
  4514. fi
  4515. if grep -Fxq "configure_imap_client_certs" $COMPLETION_FILE; then
  4516. return
  4517. fi
  4518. # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
  4519. sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
  4520. sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf
  4521. sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
  4522. sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
  4523. sed -i "s|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt|g" /etc/dovecot/conf.d/10-ssl.conf
  4524. sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
  4525. sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf
  4526. if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
  4527. echo '' >> /etc/dovecot/conf.d/10-auth.conf
  4528. echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf
  4529. echo ' driver = passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
  4530. echo ' args = /etc/dovecot/passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
  4531. echo ' deny = no' >> /etc/dovecot/conf.d/10-auth.conf
  4532. echo ' master = no' >> /etc/dovecot/conf.d/10-auth.conf
  4533. echo ' pass = no' >> /etc/dovecot/conf.d/10-auth.conf
  4534. echo '}' >> /etc/dovecot/conf.d/10-auth.conf
  4535. fi
  4536. if [[ $ONION_ONLY == "no" ]]; then
  4537. # make a CA cert
  4538. if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
  4539. if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
  4540. ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
  4541. else
  4542. ${PROJECT_NAME}-addcert -e $DEFAULT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --ca "" --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
  4543. fi
  4544. fi
  4545. fi
  4546. # CA configuration
  4547. echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
  4548. echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf
  4549. echo '' >> /etc/ssl/dovecot-ca.cnf
  4550. echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf
  4551. echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf
  4552. echo '' >> /etc/ssl/dovecot-ca.cnf
  4553. echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf
  4554. echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf
  4555. echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf
  4556. echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf
  4557. echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf
  4558. echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf
  4559. echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
  4560. echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
  4561. echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
  4562. echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf
  4563. echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
  4564. echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
  4565. echo '' >> /etc/ssl/dovecot-ca.cnf
  4566. echo '[ dovecot-ca_policy ]' >> /etc/ssl/dovecot-ca.cnf
  4567. echo 'commonName = supplied' >> /etc/ssl/dovecot-ca.cnf
  4568. echo 'stateOrProvinceName = supplied' >> /etc/ssl/dovecot-ca.cnf
  4569. echo 'countryName = supplied' >> /etc/ssl/dovecot-ca.cnf
  4570. echo 'emailAddress = optional' >> /etc/ssl/dovecot-ca.cnf
  4571. echo 'organizationName = supplied' >> /etc/ssl/dovecot-ca.cnf
  4572. echo 'organizationalUnitName = optional' >> /etc/ssl/dovecot-ca.cnf
  4573. echo '' >> /etc/ssl/dovecot-ca.cnf
  4574. echo '[ dovecot-ca_extensions ]' >> /etc/ssl/dovecot-ca.cnf
  4575. echo 'basicConstraints = CA:false' >> /etc/ssl/dovecot-ca.cnf
  4576. echo 'subjectKeyIdentifier = hash' >> /etc/ssl/dovecot-ca.cnf
  4577. echo 'authorityKeyIdentifier = keyid:always' >> /etc/ssl/dovecot-ca.cnf
  4578. echo 'keyUsage = digitalSignature,keyEncipherment' >> /etc/ssl/dovecot-ca.cnf
  4579. echo 'extendedKeyUsage = clientAuth' >> /etc/ssl/dovecot-ca.cnf
  4580. if [ -f /etc/ssl/ssldb ]; then
  4581. rm /etc/ssl/ssldb
  4582. fi
  4583. if [ -f /etc/ssl/sslserial ]; then
  4584. rm /etc/ssl/sslserial
  4585. fi
  4586. touch /etc/ssl/ssldb
  4587. echo 0001 > /etc/ssl/sslserial
  4588. #${PROJECT_NAME}-clientcert -u $MY_USERNAME
  4589. systemctl restart dovecot
  4590. echo 'configure_imap_client_certs' >> $COMPLETION_FILE
  4591. }
  4592. function create_gpg_subkey {
  4593. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4594. return
  4595. fi
  4596. if grep -Fxq "create_gpg_subkey" $COMPLETION_FILE; then
  4597. return
  4598. fi
  4599. apt-get -y install gnupg
  4600. GPG_KEY_USAGE=$1
  4601. if [[ $GPG_KEY_USAGE != "sign" && $GPG_KEY_USAGE != "auth" && $GPG_KEY_USAGE != "encrypt" ]]; then
  4602. echo $"Unknown subkey usage: $GPG_KEY_USAGE"
  4603. echo $'Available types: sign|auth|encrypt'
  4604. exit 14783
  4605. fi
  4606. KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g')
  4607. # Generate a GPG subkey
  4608. # Here a 2048bit length is used to be compatible with yubikey
  4609. echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
  4610. echo "Key-Grip: $KEYGRIP" > /home/$MY_USERNAME/gpg-genkey.conf
  4611. echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
  4612. echo 'Subkey-Length: 2048' >> /home/$MY_USERNAME/gpg-genkey.conf
  4613. echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf
  4614. echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
  4615. echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
  4616. echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf
  4617. echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
  4618. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
  4619. su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
  4620. shred -zu /home/$MY_USERNAME/gpg-genkey.conf
  4621. MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
  4622. echo 'create_gpg_subkey' >> $COMPLETION_FILE
  4623. }
  4624. function gpg_key_exists {
  4625. key_owner_username=$1
  4626. key_search_text=$2
  4627. if [[ $key_owner_username != "root" ]]; then
  4628. KEY_EXISTS=$(su -c "gpg --list-keys \"${key_search_text}\"" - $key_owner_username)
  4629. else
  4630. KEY_EXISTS=$(gpg --list-keys "${key_search_text}")
  4631. fi
  4632. if [ ! "$KEY_EXISTS" ]; then
  4633. echo "no"
  4634. return
  4635. fi
  4636. if [ "$KEY_EXISTS" == *"error"* ]; then
  4637. echo "no"
  4638. return
  4639. fi
  4640. echo "yes"
  4641. }
  4642. function gpg_pubkey_from_email {
  4643. key_owner_username=$1
  4644. key_email_address=$2
  4645. key_id=
  4646. if [[ $key_owner_username != "root" ]]; then
  4647. key_id=$(su -c "gpg --list-keys $key_email_address | grep 'pub '" - $key_owner_username | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
  4648. else
  4649. key_id=$(gpg --list-keys $key_email_address | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
  4650. fi
  4651. echo $key_id
  4652. }
  4653. function configure_gpg {
  4654. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4655. return
  4656. fi
  4657. if grep -Fxq "configure_gpg" $COMPLETION_FILE; then
  4658. return
  4659. fi
  4660. apt-get -y install gnupg
  4661. gpg_dir=/home/$MY_USERNAME/.gnupg
  4662. # if gpg keys directory was previously imported from usb
  4663. if [[ $GPG_KEYS_IMPORTED == "yes" && -d $gpg_dir ]]; then
  4664. echo $'GPG keys were imported'
  4665. sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
  4666. MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
  4667. if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
  4668. echo $'GPG public key ID could not be obtained'
  4669. fi
  4670. chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
  4671. chmod 700 $gpg_dir
  4672. chmod 600 $gpg_dir/*
  4673. echo 'configure_gpg' >> $COMPLETION_FILE
  4674. return
  4675. fi
  4676. if [ ! -d $gpg_dir ]; then
  4677. mkdir $gpg_dir
  4678. echo "keyserver $GPG_KEYSERVER" >> $gpg_dir/gpg.conf
  4679. echo 'keyserver-options auto-key-retrieve' >> $gpg_dir/gpg.conf
  4680. fi
  4681. sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
  4682. if ! grep -q "# default preferences" $gpg_dir/gpg.conf; then
  4683. echo '' >> $gpg_dir/gpg.conf
  4684. echo '# default preferences' >> $gpg_dir/gpg.conf
  4685. echo 'personal-digest-preferences SHA256' >> $gpg_dir/gpg.conf
  4686. echo 'cert-digest-algo SHA256' >> $gpg_dir/gpg.conf
  4687. echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> $gpg_dir/gpg.conf
  4688. fi
  4689. chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
  4690. chmod 700 $gpg_dir
  4691. chmod 600 $gpg_dir/*
  4692. if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then
  4693. echo $'Importing GPG keys from file'
  4694. echo $"Public key: $MY_GPG_PUBLIC_KEY"
  4695. echo $"Private key: $MY_GPG_PRIVATE_KEY"
  4696. # use your existing GPG keys which were exported
  4697. if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
  4698. echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found"
  4699. exit 2483
  4700. fi
  4701. if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
  4702. echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found"
  4703. exit 5383
  4704. fi
  4705. su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
  4706. su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
  4707. KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
  4708. if [[ $KEY_EXISTS == "no" ]]; then
  4709. echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported"
  4710. exit 13821
  4711. fi
  4712. # for security ensure that the private key file doesn't linger around
  4713. shred -zu $MY_GPG_PRIVATE_KEY
  4714. MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
  4715. if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
  4716. echo $'GPG public key ID could not be obtained'
  4717. fi
  4718. else
  4719. # Generate a GPG key
  4720. echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
  4721. echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
  4722. echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
  4723. echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
  4724. echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
  4725. echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
  4726. echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
  4727. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
  4728. echo $'Generating a new GPG key'
  4729. su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
  4730. KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
  4731. if [[ $KEY_EXISTS == "no" ]]; then
  4732. echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
  4733. exit 6362
  4734. fi
  4735. shred -zu /home/$MY_USERNAME/gpg-genkey.conf
  4736. MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
  4737. if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
  4738. echo $'GPG public key ID could not be obtained'
  4739. fi
  4740. MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
  4741. su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
  4742. if grep -q "configure_email" $COMPLETION_FILE; then
  4743. if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then
  4744. echo '' >> /home/$MY_USERNAME/README
  4745. echo '' >> /home/$MY_USERNAME/README
  4746. echo $'Change your GPG password' >> /home/$MY_USERNAME/README
  4747. echo '========================' >> /home/$MY_USERNAME/README
  4748. echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
  4749. echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
  4750. echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
  4751. echo $'You can change the it with:' >> /home/$MY_USERNAME/README
  4752. echo '' >> /home/$MY_USERNAME/README
  4753. echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
  4754. echo ' passwd' >> /home/$MY_USERNAME/README
  4755. echo ' save' >> /home/$MY_USERNAME/README
  4756. echo ' quit' >> /home/$MY_USERNAME/README
  4757. fi
  4758. if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then
  4759. echo '' >> /home/$MY_USERNAME/README
  4760. echo '' >> /home/$MY_USERNAME/README
  4761. echo $'Publish your GPG public key' >> /home/$MY_USERNAME/README
  4762. echo '===========================' >> /home/$MY_USERNAME/README
  4763. echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
  4764. echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
  4765. echo '' >> /home/$MY_USERNAME/README
  4766. echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
  4767. fi
  4768. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  4769. chmod 600 /home/$MY_USERNAME/README
  4770. fi
  4771. fi
  4772. echo 'configure_gpg' >> $COMPLETION_FILE
  4773. }
  4774. function configure_backup_key {
  4775. if grep -Fxq "configure_backup_key" $COMPLETION_FILE; then
  4776. return
  4777. fi
  4778. apt-get -y install gnupg
  4779. BACKUP_KEY_EXISTS=$(gpg_key_exists "root" "$MY_NAME (backup key)")
  4780. if [[ $BACKUP_KEY_EXISTS == "yes" ]]; then
  4781. return
  4782. fi
  4783. # Generate a GPG key for backups
  4784. BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
  4785. if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
  4786. echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
  4787. echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
  4788. echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
  4789. echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
  4790. echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
  4791. echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
  4792. echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf
  4793. echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
  4794. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
  4795. echo $'Backup key does not exist. Creating it.'
  4796. su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
  4797. shred -zu /home/$MY_USERNAME/gpg-genkey.conf
  4798. echo $'Checking that the Backup key was created'
  4799. BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
  4800. if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
  4801. echo $'Backup key could not be created'
  4802. exit 43382
  4803. fi
  4804. fi
  4805. MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
  4806. echo "Backup key: $MY_BACKUP_KEY_ID"
  4807. MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
  4808. su -c "gpg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
  4809. su -c "gpg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
  4810. if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
  4811. echo 'Public backup key could not be exported'
  4812. exit 36829
  4813. fi
  4814. if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then
  4815. echo 'Private backup key could not be exported'
  4816. exit 29235
  4817. fi
  4818. # import backup key to root user
  4819. gpg --import --import ${MY_BACKUP_KEY}_public.asc
  4820. gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
  4821. shred -zu ${MY_BACKUP_KEY}_public.asc
  4822. shred -zu ${MY_BACKUP_KEY}_private.asc
  4823. echo 'configure_backup_key' >> $COMPLETION_FILE
  4824. }
  4825. function encrypt_incoming_email {
  4826. # encrypts incoming mail using your GPG public key
  4827. # so even if an attacker gains access to the data at rest they still need
  4828. # to know your GPG key password to be able to read anything
  4829. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4830. return
  4831. fi
  4832. # update to the next commit
  4833. if [ -f /usr/bin/gpgit.pl ]; then
  4834. if grep -q "gpgit commit" $COMPLETION_FILE; then
  4835. CURRENT_GPGIT_COMMIT=$(grep "gpgit commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  4836. if [[ "$CURRENT_GPGIT_COMMIT" != "$GPGIT_COMMIT" ]]; then
  4837. cd $INSTALL_DIR/gpgit
  4838. git_pull $GPGIT_REPO $GPGIT_COMMIT
  4839. sed -i "s/gpgit commit.*/gpgit commit:$GPGIT_COMMIT/g" $COMPLETION_FILE
  4840. cp gpgit.pl /usr/bin/gpgit.pl
  4841. fi
  4842. else
  4843. echo "gpgit commit:$GPGIT_COMMIT" >> $COMPLETION_FILE
  4844. fi
  4845. fi
  4846. if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then
  4847. return
  4848. fi
  4849. if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
  4850. return
  4851. fi
  4852. if [ ! -f /usr/bin/gpgit.pl ]; then
  4853. apt-get -y install git libmail-gnupg-perl
  4854. cd $INSTALL_DIR
  4855. git_clone $GPGIT_REPO $INSTALL_DIR/gpgit
  4856. cd $INSTALL_DIR/gpgit
  4857. git checkout $GPGIT_COMMIT -b $GPGIT_COMMIT
  4858. if ! grep -q "gpgit commit" $COMPLETION_FILE; then
  4859. echo "gpgit commit:$GPGIT_COMMIT" >> $COMPLETION_FILE
  4860. else
  4861. sed -i "s/gpgit commit.*/gpgit commit:$GPGIT_COMMIT/g" $COMPLETION_FILE
  4862. fi
  4863. cp gpgit.pl /usr/bin
  4864. fi
  4865. # add a procmail rule
  4866. if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
  4867. echo '' >> /home/$MY_USERNAME/.procmailrc
  4868. echo ':0 f' >> /home/$MY_USERNAME/.procmailrc
  4869. echo "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc
  4870. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
  4871. echo '' >> /etc/skel/.procmailrc
  4872. echo ':0 f' >> /etc/skel/.procmailrc
  4873. echo -n '| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $USER@' >> /etc/skel/.procmailrc
  4874. echo "$DEFAULT_DOMAIN_NAME" >> /etc/skel/.procmailrc
  4875. fi
  4876. echo 'encrypt_incoming_email' >> $COMPLETION_FILE
  4877. }
  4878. function encrypt_outgoing_email {
  4879. # encrypts outgoing mail using your GPG public key
  4880. # so even if an attacker gains access to the data at rest they still need
  4881. # to know your GPG key password to be able to read sent mail
  4882. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4883. return
  4884. fi
  4885. if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then
  4886. return
  4887. fi
  4888. if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
  4889. return
  4890. fi
  4891. if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
  4892. return
  4893. fi
  4894. if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
  4895. return
  4896. fi
  4897. # obtain your public key ID
  4898. if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
  4899. MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
  4900. if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
  4901. return
  4902. fi
  4903. if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
  4904. return
  4905. fi
  4906. fi
  4907. if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
  4908. echo '' >> /home/$MY_USERNAME/.muttrc
  4909. echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
  4910. echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
  4911. else
  4912. sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
  4913. fi
  4914. if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
  4915. echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
  4916. else
  4917. sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
  4918. fi
  4919. echo 'encrypt_outgoing_email' >> $COMPLETION_FILE
  4920. }
  4921. function encrypt_all_email {
  4922. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4923. return
  4924. fi
  4925. if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
  4926. return
  4927. fi
  4928. if [ -f /usr/local/bin/${PROJECT_NAME}-encrypt-mail ]; then
  4929. cp /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
  4930. else
  4931. cp /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
  4932. fi
  4933. chmod +x /usr/bin/encmaildir
  4934. if grep -Fxq "encrypt_all_email" $COMPLETION_FILE; then
  4935. return
  4936. fi
  4937. if [ ! /home/$MY_USERNAME/README ]; then
  4938. touch /home/$MY_USERNAME/README
  4939. fi
  4940. if ! grep -q $"If you have imported legacy email which is not encrypted" /home/$MY_USERNAME/README; then
  4941. echo '' >> /home/$MY_USERNAME/README
  4942. echo '' >> /home/$MY_USERNAME/README
  4943. echo $'Encrypting legacy email' >> /home/$MY_USERNAME/README
  4944. echo '=======================' >> /home/$MY_USERNAME/README
  4945. echo $'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME/README
  4946. echo $'then it can be encrypted with the command:' >> /home/$MY_USERNAME/README
  4947. echo '' >> /home/$MY_USERNAME/README
  4948. echo ' encmaildir' >> /home/$MY_USERNAME/README
  4949. echo '' >> /home/$MY_USERNAME/README
  4950. echo $'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME/README
  4951. echo $'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME/README
  4952. echo $'and may be better done on a faster machine.' >> /home/$MY_USERNAME/README
  4953. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  4954. chmod 600 /home/$MY_USERNAME/README
  4955. fi
  4956. echo 'encrypt_all_email' >> $COMPLETION_FILE
  4957. }
  4958. function email_client {
  4959. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  4960. return
  4961. fi
  4962. if grep -Fxq "email_client" $COMPLETION_FILE; then
  4963. return
  4964. fi
  4965. apt-get -y install mutt-patched lynx abook
  4966. if [ ! -f /etc/Muttrc ]; then
  4967. echo $"ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE"
  4968. exit 49
  4969. fi
  4970. if [ ! -d /home/$MY_USERNAME/.mutt ]; then
  4971. mkdir /home/$MY_USERNAME/.mutt
  4972. fi
  4973. echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap
  4974. cp /home/$MY_USERNAME/.mutt/mailcap /etc/skel/.mutt
  4975. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
  4976. chown -R root:root /etc/skel/.mutt
  4977. echo 'set mbox_type=Maildir' >> /etc/Muttrc
  4978. echo 'set folder="~/Maildir"' >> /etc/Muttrc
  4979. echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc
  4980. echo 'set mbox="~/Maildir"' >> /etc/Muttrc
  4981. echo 'set record="+Sent"' >> /etc/Muttrc
  4982. echo 'set postponed="+Drafts"' >> /etc/Muttrc
  4983. echo 'set trash="+Trash"' >> /etc/Muttrc
  4984. echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc
  4985. echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc
  4986. echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /etc/Muttrc
  4987. echo 'set header_cache="+.cache"' >> /etc/Muttrc
  4988. echo '' >> /etc/Muttrc
  4989. echo 'macro index S "<tag-prefix><decode-save>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
  4990. echo 'macro pager S "<decode-save>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
  4991. echo 'macro index H "<tag-prefix><decode-copy>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
  4992. echo 'macro pager H "<decode-copy>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
  4993. echo '' >> /etc/Muttrc
  4994. echo '# set up the sidebar' >> /etc/Muttrc
  4995. echo 'set sidebar_width=22' >> /etc/Muttrc
  4996. echo 'set sidebar_visible=yes' >> /etc/Muttrc
  4997. echo "set sidebar_delim='|'" >> /etc/Muttrc
  4998. echo 'set sidebar_sort=yes' >> /etc/Muttrc
  4999. echo '' >> /etc/Muttrc
  5000. echo 'set rfc2047_parameters' >> /etc/Muttrc
  5001. echo '' >> /etc/Muttrc
  5002. echo '# Show inbox and sent items' >> /etc/Muttrc
  5003. echo 'mailboxes = =Sent =maybe-spam =spam' >> /etc/Muttrc
  5004. echo '' >> /etc/Muttrc
  5005. echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc
  5006. echo 'color sidebar_new yellow default' >> /etc/Muttrc
  5007. echo 'color normal white default' >> /etc/Muttrc
  5008. echo 'color hdrdefault brightcyan default' >> /etc/Muttrc
  5009. echo 'color signature green default' >> /etc/Muttrc
  5010. echo 'color attachment brightyellow default' >> /etc/Muttrc
  5011. echo 'color quoted green default' >> /etc/Muttrc
  5012. echo 'color quoted1 white default' >> /etc/Muttrc
  5013. echo 'color tilde blue default' >> /etc/Muttrc
  5014. echo '' >> /etc/Muttrc
  5015. echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc
  5016. echo '# ctrl-o to open selected folder' >> /etc/Muttrc
  5017. echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc
  5018. echo 'bind index \Cn sidebar-next' >> /etc/Muttrc
  5019. echo 'bind index \Co sidebar-open' >> /etc/Muttrc
  5020. echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc
  5021. echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc
  5022. echo 'bind pager \Co sidebar-open' >> /etc/Muttrc
  5023. echo '' >> /etc/Muttrc
  5024. echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc
  5025. echo "macro index,pager \Cb '<enter-command>toggle sidebar_visible<enter><redraw-screen>' 'toggle sidebar'" >> /etc/Muttrc
  5026. echo '' >> /etc/Muttrc
  5027. echo '# esc-m Mark new messages as read' >> /etc/Muttrc
  5028. echo 'macro index <esc>m "T~N<enter>;WNT~O<enter>;WO\CT~T<enter>" "mark all messages read"' >> /etc/Muttrc
  5029. echo '' >> /etc/Muttrc
  5030. echo '# Collapsing threads' >> /etc/Muttrc
  5031. echo 'macro index [ "<collapse-thread>" "collapse/uncollapse thread"' >> /etc/Muttrc
  5032. echo 'macro index ] "<collapse-all>" "collapse/uncollapse all threads"' >> /etc/Muttrc
  5033. echo '' >> /etc/Muttrc
  5034. echo '# threads containing new messages' >> /etc/Muttrc
  5035. echo 'uncolor index "~(~N)"' >> /etc/Muttrc
  5036. echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc
  5037. echo '' >> /etc/Muttrc
  5038. echo '# new messages themselves' >> /etc/Muttrc
  5039. echo 'uncolor index "~N"' >> /etc/Muttrc
  5040. echo 'color index brightyellow default "~N"' >> /etc/Muttrc
  5041. echo '' >> /etc/Muttrc
  5042. echo '# GPG/PGP integration' >> /etc/Muttrc
  5043. echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc
  5044. echo 'set pgp_timeout=1800' >> /etc/Muttrc
  5045. echo '' >> /etc/Muttrc
  5046. echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc
  5047. echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc
  5048. echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc
  5049. echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc
  5050. echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc
  5051. echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc
  5052. echo 'set fcc_clear=no # Keep encrypted copy of sent encrypted mail' >> /etc/Muttrc
  5053. echo 'unset smime_is_default' >> /etc/Muttrc
  5054. echo '' >> /etc/Muttrc
  5055. echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc
  5056. echo 'source ~/.mutt-alias' >> /etc/Muttrc
  5057. echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc
  5058. echo 'macro index,pager A "<pipe-message>abook --add-email-quiet<return>" "add the sender address to abook"' >> /etc/Muttrc
  5059. # create an Emacs configuration specifically for use with Mutt, which
  5060. # has word wrap and spell checking on by default
  5061. echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$MY_USERNAME/.emacs-mutt
  5062. echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs-mutt
  5063. echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs-mutt
  5064. echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs-mutt
  5065. echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs-mutt
  5066. echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs-mutt
  5067. echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs-mutt
  5068. echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs-mutt
  5069. echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs-mutt
  5070. echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs-mutt
  5071. echo "(dolist (hook '(text-mode-hook))" >> /home/$MY_USERNAME/.emacs-mutt
  5072. echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$MY_USERNAME/.emacs-mutt
  5073. echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs-mutt
  5074. echo '(setq auto-fill-mode 0)' >> /home/$MY_USERNAME/.emacs-mutt
  5075. echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt
  5076. echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$MY_USERNAME/.emacs-mutt
  5077. # add the emacs mutt configuration to the user profile skeleton
  5078. if [ ! -f /etc/skel/.emacs-mutt ]; then
  5079. cp /home/$MY_USERNAME/.emacs-mutt /etc/skel/.emacs-mutt
  5080. chown root:root /etc/skel/.emacs-mutt
  5081. fi
  5082. cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc
  5083. cp -f /etc/Muttrc /etc/skel/.muttrc
  5084. touch /home/$MY_USERNAME/.mutt-alias
  5085. cp /home/$MY_USERNAME/.mutt-alias /etc/skel/.mutt-alias
  5086. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs-mutt
  5087. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc
  5088. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias
  5089. # default user on generic images
  5090. if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then
  5091. cp -f /etc/Muttrc /home/${GENERIC_IMAGE_USERNAME}/.muttrc
  5092. chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.muttrc
  5093. touch /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
  5094. chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
  5095. cp /etc/skel/.emacs-mutt /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt
  5096. chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.emacs-mutt
  5097. fi
  5098. echo 'email_client' >> $COMPLETION_FILE
  5099. }
  5100. function email_archiving {
  5101. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  5102. return
  5103. fi
  5104. # ensure that the mail archive script is up to date
  5105. if [ -f /usr/local/bin/${PROJECT_NAME}-archive-mail ]; then
  5106. cp /usr/local/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
  5107. else
  5108. if [ -f /usr/bin/${PROJECT_NAME}-archive-mail ]; then
  5109. cp /usr/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
  5110. else
  5111. echo "/usr/bin/${PROJECT_NAME}-archive-email was not found. ${PROJECT_NAME} might not have fully installed."
  5112. exit 62379
  5113. fi
  5114. fi
  5115. chmod +x /etc/cron.daily/archivemail
  5116. # update to the next commit
  5117. if [ -d $INSTALL_DIR/cleanup-maildir ]; then
  5118. if grep -q "cleanup-maildir commit" $COMPLETION_FILE; then
  5119. CURRENT_CLEANUP_MAILDIR_COMMIT=$(grep "cleanup-maildir commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  5120. if [[ "$CURRENT_CLEANUP_MAILDIR_COMMIT" != "$CLEANUP_MAILDIR_COMMIT" ]]; then
  5121. cd $INSTALL_DIR/cleanup-maildir
  5122. git_pull $CLEANUP_MAILDIR_REPO $CLEANUP_MAILDIR_COMMIT
  5123. sed -i "s/cleanup-maildir commit.*/cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT/g" $COMPLETION_FILE
  5124. cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
  5125. fi
  5126. else
  5127. echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> $COMPLETION_FILE
  5128. fi
  5129. fi
  5130. if grep -Fxq "email_archiving" $COMPLETION_FILE; then
  5131. return
  5132. fi
  5133. if [ ! -d $INSTALL_DIR ]; then
  5134. mkdir $INSTALL_DIR
  5135. fi
  5136. cd $INSTALL_DIR
  5137. git_clone $CLEANUP_MAILDIR_REPO $INSTALL_DIR/cleanup-maildir
  5138. cd $INSTALL_DIR/cleanup-maildir
  5139. git checkout $CLEANUP_MAILDIR_COMMIT -b $CLEANUP_MAILDIR_COMMIT
  5140. if ! grep -q "cleanup-maildir commit" $COMPLETION_FILE; then
  5141. echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> $COMPLETION_FILE
  5142. else
  5143. sed -i "s/cleanup-maildir commit.*/cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT/g" $COMPLETION_FILE
  5144. fi
  5145. cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
  5146. echo 'email_archiving' >> $COMPLETION_FILE
  5147. }
  5148. # Ensure that the from field is correct when sending email from Mutt
  5149. function email_from_address {
  5150. if grep -Fxq "email_from_address" $COMPLETION_FILE; then
  5151. return
  5152. fi
  5153. if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
  5154. return
  5155. fi
  5156. if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
  5157. sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" /home/$MY_USERNAME/.muttrc
  5158. else
  5159. echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc
  5160. fi
  5161. echo 'email_from_address' >> $COMPLETION_FILE
  5162. }
  5163. function create_public_mailing_list {
  5164. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  5165. return
  5166. fi
  5167. if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then
  5168. return
  5169. fi
  5170. if [ ! $PUBLIC_MAILING_LIST ]; then
  5171. return
  5172. fi
  5173. # does the mailing list have a separate domain name?
  5174. if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then
  5175. PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
  5176. fi
  5177. PUBLIC_MAILING_LIST_USER="mlmmj"
  5178. apt-get -y install mlmmj
  5179. adduser --system $PUBLIC_MAILING_LIST_USER
  5180. addgroup $PUBLIC_MAILING_LIST_USER
  5181. adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER
  5182. echo ''
  5183. echo $"Creating the $PUBLIC_MAILING_LIST mailing list"
  5184. echo ''
  5185. # create the list
  5186. mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER
  5187. echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros
  5188. echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
  5189. echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
  5190. # router
  5191. echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5192. echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5193. echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5194. echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5195. echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5196. echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5197. echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5198. echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5199. echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5200. echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5201. echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5202. echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5203. echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  5204. # transport
  5205. echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  5206. echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  5207. echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  5208. echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  5209. echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  5210. echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  5211. echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  5212. echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  5213. echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  5214. if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
  5215. sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  5216. fi
  5217. if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
  5218. sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  5219. fi
  5220. if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
  5221. sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  5222. fi
  5223. if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
  5224. sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  5225. fi
  5226. if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then
  5227. sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary
  5228. fi
  5229. newaliases
  5230. update-exim4.conf.template -r
  5231. update-exim4.conf
  5232. systemctl restart exim4
  5233. if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then
  5234. echo '' >> /home/$MY_USERNAME/README
  5235. echo '' >> /home/$MY_USERNAME/README
  5236. echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README
  5237. echo '=================================' >> /home/$MY_USERNAME/README
  5238. echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README
  5239. echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
  5240. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  5241. chmod 600 /home/$MY_USERNAME/README
  5242. fi
  5243. ${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST"
  5244. echo 'create_public_mailing_list' >> $COMPLETION_FILE
  5245. }
  5246. function create_private_mailing_list {
  5247. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  5248. return
  5249. fi
  5250. # This installation doesn't work, results in ruby errors
  5251. # There is currently no schleuder package for Debian jessie
  5252. if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then
  5253. return
  5254. fi
  5255. if [ ! $PRIVATE_MAILING_LIST ]; then
  5256. return
  5257. fi
  5258. if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then
  5259. echo $'The name of the private mailing list should not be the same as your username'
  5260. exit 10
  5261. fi
  5262. if [ ! $MY_GPG_PUBLIC_KEY ]; then
  5263. echo $'To create a private mailing list you need to specify a file'
  5264. echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at'
  5265. echo $'the top of the script'
  5266. exit 11
  5267. fi
  5268. apt-get -y install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev
  5269. gem install schleuder
  5270. schleuder-fix-gem-dependencies
  5271. schleuder-init-setup --gem
  5272. # NOTE: this is version number sensitive and so might need changing
  5273. ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder
  5274. sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf
  5275. sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf
  5276. schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
  5277. ${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST
  5278. echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder
  5279. echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  5280. echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  5281. echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  5282. echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  5283. echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  5284. echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  5285. echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  5286. echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  5287. echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  5288. echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder
  5289. echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
  5290. echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
  5291. echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
  5292. echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
  5293. chown -R schleuder:schleuder /var/lib/schleuder
  5294. update-exim4.conf.template -r
  5295. update-exim4.conf
  5296. systemctl restart exim4
  5297. useradd -d /var/schleuderlists -s /bin/false schleuder
  5298. adduser Debian-exim schleuder
  5299. usermod -a -G mail schleuder
  5300. #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME
  5301. echo 'create_private_mailing_list' >> $COMPLETION_FILE
  5302. }
  5303. function split_gpg_key_into_fragments {
  5304. # split the gpg key into fragments if social key management is enabled
  5305. if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
  5306. echo 'Splitting GPG key. You may need to enter your passphrase.'
  5307. ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
  5308. if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
  5309. echo 'Yhe GPG key could not be split'
  5310. exit 86548
  5311. fi
  5312. fi
  5313. }
  5314. function import_email {
  5315. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  5316. return
  5317. fi
  5318. EMAIL_COMPLETE_MSG=$"
  5319. *** ${PROJECT_NAME} mailbox installation is complete ***
  5320. Now on your internet router forward ports
  5321. 25, 587, 465, 993 and 2222 to the ${PROJECT_NAME}
  5322. "
  5323. if grep -Fxq "import_email" $COMPLETION_FILE; then
  5324. if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
  5325. backup_to_friends_servers
  5326. intrusion_detection
  5327. split_gpg_key_into_fragments
  5328. clear
  5329. echo ''
  5330. echo "$EMAIL_COMPLETE_MSG"
  5331. if [ -d $USB_MOUNT ]; then
  5332. umount $USB_MOUNT
  5333. rm -rf $USB_MOUNT
  5334. echo $' You can now remove the USB drive'
  5335. fi
  5336. exit 0
  5337. fi
  5338. return
  5339. fi
  5340. if [ $IMPORT_MAILDIR ]; then
  5341. if [ -d $IMPORT_MAILDIR ]; then
  5342. echo $'Transfering email files'
  5343. cp -r $IMPORT_MAILDIR /home/$MY_USERNAME
  5344. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
  5345. else
  5346. echo $"Email import directory $IMPORT_MAILDIR not found"
  5347. exit 9
  5348. fi
  5349. fi
  5350. echo 'import_email' >> $COMPLETION_FILE
  5351. if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
  5352. backup_to_friends_servers
  5353. intrusion_detection
  5354. split_gpg_key_into_fragments
  5355. # unmount any attached usb drive
  5356. clear
  5357. echo ''
  5358. echo "$EMAIL_COMPLETE_MSG"
  5359. echo ''
  5360. if [ -d $USB_MOUNT ]; then
  5361. umount $USB_MOUNT
  5362. rm -rf $USB_MOUNT
  5363. echo $' You can now remove the USB drive'
  5364. fi
  5365. exit 0
  5366. fi
  5367. }
  5368. function install_web_server {
  5369. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
  5370. return
  5371. fi
  5372. # update to the next commit
  5373. if [ -d $INSTALL_DIR/nginx_ensite ]; then
  5374. if grep -q "Nginx-ensite commit" $COMPLETION_FILE; then
  5375. CURRENT_NGINX_ENSITE_COMMIT=$(grep "Nginx-ensite commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  5376. if [[ "$CURRENT_NGINX_ENSITE_COMMIT" != "$NGINX_ENSITE_COMMIT" ]]; then
  5377. $INSTALL_DIR/nginx_ensite
  5378. git_pull $NGINX_ENSITE_REPO $NGINX_ENSITE_COMMIT
  5379. sed -i "s/Nginx-ensite commit.*/Nginx-ensite commit:$NGINX_ENSITE_COMMIT/g" $COMPLETION_FILE
  5380. make install
  5381. fi
  5382. else
  5383. echo "Nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> $COMPLETION_FILE
  5384. fi
  5385. fi
  5386. if grep -Fxq "install_web_server" $COMPLETION_FILE; then
  5387. return
  5388. fi
  5389. # remove apache
  5390. apt-get -y remove --purge apache2
  5391. if [ -d /etc/apache2 ]; then
  5392. rm -rf /etc/apache2
  5393. fi
  5394. # install nginx
  5395. apt-get -y install nginx php5-fpm git
  5396. # limit the number of php processes
  5397. sed -i 's/; process.max =.*/process.max = 32/g' /etc/php5/fpm/php-fpm.conf
  5398. sed -i 's/;process_control_timeout =.*/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf
  5399. if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then
  5400. echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf
  5401. echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf
  5402. echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf
  5403. echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf
  5404. echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf
  5405. fi
  5406. if [ ! -d /etc/nginx ]; then
  5407. echo $"ERROR: nginx does not appear to have installed. $CHECK_MESSAGE"
  5408. exit 51
  5409. fi
  5410. # Nginx settings
  5411. echo 'user www-data;' > /etc/nginx/nginx.conf
  5412. #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf
  5413. echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf
  5414. echo '' >> /etc/nginx/nginx.conf
  5415. echo 'events {' >> /etc/nginx/nginx.conf
  5416. echo ' worker_connections 50;' >> /etc/nginx/nginx.conf
  5417. echo ' # multi_accept on;' >> /etc/nginx/nginx.conf
  5418. echo '}' >> /etc/nginx/nginx.conf
  5419. echo '' >> /etc/nginx/nginx.conf
  5420. echo 'http {' >> /etc/nginx/nginx.conf
  5421. echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf
  5422. echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf
  5423. echo '' >> /etc/nginx/nginx.conf
  5424. echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf
  5425. echo ' # Note that the Owncloud web interface seems to require a rate of around 140r/s' >> /etc/nginx/nginx.conf
  5426. echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf
  5427. echo '' >> /etc/nginx/nginx.conf
  5428. echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf
  5429. echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf
  5430. echo '' >> /etc/nginx/nginx.conf
  5431. echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf
  5432. echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf
  5433. echo '' >> /etc/nginx/nginx.conf
  5434. echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf
  5435. echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf
  5436. echo '' >> /etc/nginx/nginx.conf
  5437. echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf
  5438. echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf
  5439. echo '' >> /etc/nginx/nginx.conf
  5440. echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf
  5441. echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf
  5442. echo '' >> /etc/nginx/nginx.conf
  5443. echo ' ##' >> /etc/nginx/nginx.conf
  5444. echo ' # Basic Settings' >> /etc/nginx/nginx.conf
  5445. echo ' ##' >> /etc/nginx/nginx.conf
  5446. echo '' >> /etc/nginx/nginx.conf
  5447. echo ' sendfile on;' >> /etc/nginx/nginx.conf
  5448. echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf
  5449. echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf
  5450. echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf
  5451. echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf
  5452. echo ' server_tokens off;' >> /etc/nginx/nginx.conf
  5453. echo '' >> /etc/nginx/nginx.conf
  5454. echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf
  5455. echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf
  5456. echo '' >> /etc/nginx/nginx.conf
  5457. echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf
  5458. echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf
  5459. echo '' >> /etc/nginx/nginx.conf
  5460. echo ' ##' >> /etc/nginx/nginx.conf
  5461. echo ' # Logging Settings' >> /etc/nginx/nginx.conf
  5462. echo ' ##' >> /etc/nginx/nginx.conf
  5463. echo '' >> /etc/nginx/nginx.conf
  5464. echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf
  5465. echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf
  5466. echo '' >> /etc/nginx/nginx.conf
  5467. echo ' ###' >> /etc/nginx/nginx.conf
  5468. echo ' # Gzip Settings' >> /etc/nginx/nginx.conf
  5469. echo ' ##' >> /etc/nginx/nginx.conf
  5470. echo ' gzip on;' >> /etc/nginx/nginx.conf
  5471. echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf
  5472. echo '' >> /etc/nginx/nginx.conf
  5473. echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf
  5474. echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf
  5475. echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf
  5476. echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf
  5477. echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf
  5478. echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf
  5479. echo '' >> /etc/nginx/nginx.conf
  5480. echo ' ##' >> /etc/nginx/nginx.conf
  5481. echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf
  5482. echo ' ##' >> /etc/nginx/nginx.conf
  5483. echo '' >> /etc/nginx/nginx.conf
  5484. echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf
  5485. echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf
  5486. echo '}' >> /etc/nginx/nginx.conf
  5487. # install a script to easily enable and disable nginx virtual hosts
  5488. if [ ! -d $INSTALL_DIR ]; then
  5489. mkdir $INSTALL_DIR
  5490. fi
  5491. cd $INSTALL_DIR
  5492. git_clone $NGINX_ENSITE_REPO $INSTALL_DIR/nginx_ensite
  5493. cd $INSTALL_DIR/nginx_ensite
  5494. git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT
  5495. if ! grep -q "Nginx-ensite commit" $COMPLETION_FILE; then
  5496. echo "Nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> $COMPLETION_FILE
  5497. else
  5498. sed -i "s/Nginx-ensite commit.*/Nginx-ensite commit:$NGINX_ENSITE_COMMIT/g" $COMPLETION_FILE
  5499. fi
  5500. make install
  5501. nginx_dissite default
  5502. echo 'install_web_server' >> $COMPLETION_FILE
  5503. }
  5504. function configure_php {
  5505. sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini
  5506. sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
  5507. sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini
  5508. sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini
  5509. sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini
  5510. }
  5511. function install_mariadb {
  5512. if grep -Fxq "install_mariadb" $COMPLETION_FILE; then
  5513. return
  5514. fi
  5515. apt-get -y install python-software-properties debconf-utils
  5516. apt-get -y install software-properties-common
  5517. apt-get -y update
  5518. get_mariadb_password
  5519. if [ ! $MARIADB_PASSWORD ]; then
  5520. if [ -f $IMAGE_PASSWORD_FILE ]; then
  5521. MARIADB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  5522. else
  5523. MARIADB_PASSWORD="$(openssl rand -base64 32)"
  5524. fi
  5525. echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
  5526. chmod 600 $DATABASE_PASSWORD_FILE
  5527. echo '' >> /home/$MY_USERNAME/README
  5528. echo '' >> /home/$MY_USERNAME/README
  5529. echo 'MariaDB / MySql' >> /home/$MY_USERNAME/README
  5530. echo '===============' >> /home/$MY_USERNAME/README
  5531. echo $"Your MariaDB password is: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README
  5532. echo '' >> /home/$MY_USERNAME/README
  5533. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  5534. chmod 600 /home/$MY_USERNAME/README
  5535. fi
  5536. debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD"
  5537. debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD"
  5538. apt-get -y install mariadb-server
  5539. apt-get -y remove --purge apache*
  5540. if [ -d /etc/apache2 ]; then
  5541. rm -rf /etc/apache2
  5542. echo $'Removed Apache installation after MariaDB install'
  5543. fi
  5544. if [ ! -d /etc/mysql ]; then
  5545. echo $"ERROR: mariadb-server does not appear to have installed. $CHECK_MESSAGE"
  5546. exit 54
  5547. fi
  5548. mysqladmin -u root password "$MARIADB_PASSWORD"
  5549. echo 'install_mariadb' >> $COMPLETION_FILE
  5550. }
  5551. function backup_databases_script_header {
  5552. if [ ! -f /usr/bin/backupdatabases ]; then
  5553. # daily
  5554. echo '#!/bin/sh' > /usr/bin/backupdatabases
  5555. echo '' >> /usr/bin/backupdatabases
  5556. echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases
  5557. echo '' >> /usr/bin/backupdatabases
  5558. echo -n 'MYSQL_PASSWORD=$(cat ' >> /usr/bin/backupdatabases
  5559. echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/backupdatabases
  5560. echo 'umask 0077' >> /usr/bin/backupdatabases
  5561. echo '' >> /usr/bin/backupdatabases
  5562. echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases
  5563. echo "if [ -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backupdatabases
  5564. echo ' exit 1' >> /usr/bin/backupdatabases
  5565. echo 'fi' >> /usr/bin/backupdatabases
  5566. chmod 600 /usr/bin/backupdatabases
  5567. chmod +x /usr/bin/backupdatabases
  5568. echo '#!/bin/sh' > /etc/cron.daily/backupdatabasesdaily
  5569. echo '/usr/bin/backupdatabases' >> /etc/cron.daily/backupdatabasesdaily
  5570. chmod 600 /etc/cron.daily/backupdatabasesdaily
  5571. chmod +x /etc/cron.daily/backupdatabasesdaily
  5572. # weekly
  5573. echo '#!/bin/sh' > /etc/cron.weekly/backupdatabasesweekly
  5574. echo '' >> /etc/cron.weekly/backupdatabasesweekly
  5575. echo 'umask 0077' >> /etc/cron.weekly/backupdatabasesweekly
  5576. chmod 600 /etc/cron.weekly/backupdatabasesweekly
  5577. chmod +x /etc/cron.weekly/backupdatabasesweekly
  5578. # monthly
  5579. echo '#!/bin/sh' > /etc/cron.monthly/backupdatabasesmonthly
  5580. echo '' >> /etc/cron.monthly/backupdatabasesmonthly
  5581. echo 'umask 0077' >> /etc/cron.monthly/backupdatabasesmonthly
  5582. chmod 600 /etc/cron.monthly/backupdatabasesmonthly
  5583. chmod +x /etc/cron.monthly/backupdatabasesmonthly
  5584. fi
  5585. }
  5586. function repair_databases_script {
  5587. if [ -f /etc/cron.hourly/repair ]; then
  5588. sed -i "s|/usr/bin/repairdatabase|${PROJECT_NAME}-repair-database|g" /etc/cron.hourly/repair
  5589. fi
  5590. if grep -Fxq "repair_databases_script" $COMPLETION_FILE; then
  5591. return
  5592. fi
  5593. if [ ! -f $DATABASE_PASSWORD_FILE ]; then
  5594. return
  5595. fi
  5596. echo '#!/bin/bash' > /etc/cron.hourly/repair
  5597. echo '' >> /etc/cron.hourly/repair
  5598. chmod 600 /etc/cron.hourly/repair
  5599. chmod +x /etc/cron.hourly/repair
  5600. echo 'repair_databases_script' >> $COMPLETION_FILE
  5601. }
  5602. function install_owncloud_music_app {
  5603. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  5604. return
  5605. fi
  5606. if ! grep -Fxq "install_owncloud" $COMPLETION_FILE; then
  5607. echo $'Tried to install the Owncloud music app, but Owncloud installation was not found'
  5608. exit 9823
  5609. fi
  5610. # update to the next commit
  5611. if [ -d /usr/share/owncloud/apps/music ]; then
  5612. if grep -q "Owncloud music app commit" $COMPLETION_FILE; then
  5613. CURRENT_OWNCLOUD_MUSIC_APP_COMMIT=$(grep "Owncloud music app commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  5614. if [[ "$OWNCLOUD_MUSIC_APP_COMMIT" != "$OWNCLOUD_MUSIC_APP_COMMIT" ]]; then
  5615. cd /usr/share/owncloud/apps/music
  5616. git_pull $OWNCLOUD_MUSIC_APP_REPO $OWNCLOUD_MUSIC_APP_COMMIT
  5617. sed -i "s/Owncloud music app commit.*/Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT/g" $COMPLETION_FILE
  5618. fi
  5619. else
  5620. echo "Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT" >> $COMPLETION_FILE
  5621. fi
  5622. fi
  5623. if grep -Fxq "install_owncloud_music_app" $COMPLETION_FILE; then
  5624. return
  5625. fi
  5626. cd /usr/share/owncloud/apps
  5627. git_clone $OWNCLOUD_MUSIC_APP_REPO Music
  5628. cd /usr/share/owncloud/apps/Music
  5629. git checkout $OWNCLOUD_MUSIC_APP_COMMIT -b $OWNCLOUD_MUSIC_APP_COMMIT
  5630. if ! grep -q "Owncloud music app commit" $COMPLETION_FILE; then
  5631. echo "Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT" >> $COMPLETION_FILE
  5632. else
  5633. sed -i "s/Owncloud music app commit.*/Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT/g" $COMPLETION_FILE
  5634. fi
  5635. if grep -q $"Music player in Owncloud" /home/$MY_USERNAME/README; then
  5636. echo '' >> /home/$MY_USERNAME/README
  5637. echo '' >> /home/$MY_USERNAME/README
  5638. echo $'Music player in Owncloud' >> /home/$MY_USERNAME/README
  5639. echo '========================' >> /home/$MY_USERNAME/README
  5640. echo $'To enable the music app within ouwncloud log in to the Owncloud' >> /home/$MY_USERNAME/README
  5641. echo $'administrator account then go to Apps on the left hand dropdown' >> /home/$MY_USERNAME/README
  5642. echo $'menu and enable the music app. You can then log out and log back' >> /home/$MY_USERNAME/README
  5643. echo $'in as your Owncloud user and select music from the left hand' >> /home/$MY_USERNAME/README
  5644. echo $'dropdown menu.' >> /home/$MY_USERNAME/README
  5645. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  5646. chmod 600 /home/$MY_USERNAME/README
  5647. fi
  5648. echo 'install_owncloud_music_app' >> $COMPLETION_FILE
  5649. }
  5650. function add_ddns_domain {
  5651. if [[ $ONION_ONLY != "no" ]]; then
  5652. return
  5653. fi
  5654. if [ ! $CURRENT_DDNS_DOMAIN ]; then
  5655. echo $'ddns domain not specified'
  5656. exit 5638
  5657. fi
  5658. if [ ! -f /etc/inadyn.conf ]; then
  5659. echo $'Unable to find inadyn configuration file /etc/inadyn.conf'
  5660. exit 5745
  5661. fi
  5662. if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then
  5663. echo '' >> /etc/inadyn.conf
  5664. echo "system $DDNS_PROVIDER" >> /etc/inadyn.conf
  5665. echo ' ssl' >> /etc/inadyn.conf
  5666. echo " checkip-url $GET_IP_ADDRESS_URL /" >> /etc/inadyn.conf
  5667. if [ $DDNS_USERNAME ]; then
  5668. echo " username $DDNS_USERNAME" >> /etc/inadyn.conf
  5669. fi
  5670. if [ $DDNS_PASSWORD ]; then
  5671. echo " password $DDNS_PASSWORD" >> /etc/inadyn.conf
  5672. fi
  5673. fi
  5674. if ! grep -q "$CURRENT_DDNS_DOMAIN" /etc/inadyn.conf; then
  5675. echo " alias $CURRENT_DDNS_DOMAIN" >> /etc/inadyn.conf
  5676. fi
  5677. chmod 600 /etc/inadyn.conf
  5678. systemctl restart inadyn
  5679. systemctl daemon-reload
  5680. # clear the arguments
  5681. CURRENT_DDNS_DOMAIN=
  5682. }
  5683. function configure_owncloud_onion_site {
  5684. if [ ! $OWNCLOUD_DOMAIN_NAME ]; then
  5685. return
  5686. fi
  5687. if [ ! -f /etc/owncloud/config.php ]; then
  5688. return
  5689. fi
  5690. if [ ! -f /var/lib/tor/hidden_service_owncloud/hostname ]; then
  5691. return
  5692. fi
  5693. OWNCLOUD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_owncloud/hostname)
  5694. if ! grep -q "${OWNCLOUD_ONION_HOSTNAME}" /etc/owncloud/config.php; then
  5695. sed -i "s|0 => '${OWNCLOUD_DOMAIN_NAME}',|0 => '${OWNCLOUD_DOMAIN_NAME}',
  5696. 1 => '${OWNCLOUD_ONION_HOSTNAME}',|g" /etc/owncloud/config.php
  5697. sed -i "s|'writable' => false,|'writable' => false,
  5698. ),
  5699. 1 =>
  5700. array (
  5701. 'path' => '/usr/share/owncloud/apps',
  5702. 'url' => '/apps',
  5703. 'writable' => false,|g" /etc/owncloud/config.php
  5704. echo $'Owncloud configured for onion site'
  5705. fi
  5706. }
  5707. function install_owncloud {
  5708. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  5709. return
  5710. fi
  5711. OWNCLOUD_COMPLETION_MSG1=$" *** ${PROJECT_NAME} $SYSTEM_TYPE is now installed ***"
  5712. OWNCLOUD_COMPLETION_MSG2=$"Open $OWNCLOUD_DOMAIN_NAME in a web browser to complete the setup"
  5713. if grep -Fxq "install_owncloud" $COMPLETION_FILE; then
  5714. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
  5715. install_owncloud_music_app
  5716. backup_to_friends_servers
  5717. intrusion_detection
  5718. split_gpg_key_into_fragments
  5719. # unmount any attached usb drive
  5720. if [ -d $USB_MOUNT ]; then
  5721. umount $USB_MOUNT
  5722. rm -rf $USB_MOUNT
  5723. fi
  5724. echo ''
  5725. echo "$OWNCLOUD_COMPLETION_MSG1"
  5726. echo "$OWNCLOUD_COMPLETION_MSG2"
  5727. exit 0
  5728. fi
  5729. return
  5730. fi
  5731. # if this is exclusively a cloud setup
  5732. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
  5733. if [ ! $DEFAULT_DOMAIN_NAME ]; then
  5734. echo $'No default domain name when installing cloud variant'
  5735. exit 5380
  5736. fi
  5737. fi
  5738. if [ ! $OWNCLOUD_DOMAIN_NAME ]; then
  5739. echo $'No Owncloud domain name was specified'
  5740. exit 3095
  5741. fi
  5742. if [[ $SYSTEM_TYPE != "$VARIANT_CLOUD" ]]; then
  5743. if [[ $SYSTEM_TYPE != "$VARIANT_FULL" ]]; then
  5744. echo $"Owncloud install did not recognise the system type $SYSTEM_TYPE"
  5745. exit 6746
  5746. fi
  5747. fi
  5748. apt-get -y install fonts-linuxlibertine fonts-sil-gentium-basic fonts-way-microhei
  5749. apt-get -y install libjs-twitter-bootstrap
  5750. apt-get -y install owncloud
  5751. apt-get -y remove --purge apache*
  5752. if [ -d /etc/apache2 ]; then
  5753. rm -rf /etc/apache2
  5754. echo $'Removed Apache installation after Owncloud install'
  5755. fi
  5756. install_mariadb
  5757. get_mariadb_password
  5758. get_mariadb_owncloud_admin_password
  5759. if [ ! $OWNCLOUD_ADMIN_PASSWORD ]; then
  5760. if [ -f $IMAGE_PASSWORD_FILE ]; then
  5761. OWNCLOUD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  5762. else
  5763. OWNCLOUD_ADMIN_PASSWORD="$(openssl rand -base64 32)"
  5764. fi
  5765. fi
  5766. if ! grep -q "Owncloud database user" /home/$MY_USERNAME/README; then
  5767. echo '' >> /home/$MY_USERNAME/README
  5768. echo '' >> /home/$MY_USERNAME/README
  5769. echo 'Owncloud' >> /home/$MY_USERNAME/README
  5770. echo '========' >> /home/$MY_USERNAME/README
  5771. echo $'Owncloud database user: owncloudadmin' >> /home/$MY_USERNAME/README
  5772. echo $"Owncloud database password: $OWNCLOUD_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
  5773. echo $'Owncloud database name: owncloud' >> /home/$MY_USERNAME/README
  5774. echo '' >> /home/$MY_USERNAME/README
  5775. echo $'After creating an administrator account then create a user account via' >> /home/$MY_USERNAME/README
  5776. echo $"the Users dropdown menu entry. The username should be '$MY_USERNAME'." >> /home/$MY_USERNAME/README
  5777. echo '' >> /home/$MY_USERNAME/README
  5778. echo $'On mobile devices you can download the Owncloud client via F-Droid.' >> /home/$MY_USERNAME/README
  5779. echo '' >> /home/$MY_USERNAME/README
  5780. echo $'To synchronise calendar entries with Android "install CalDAV Sync Adapter"' >> /home/$MY_USERNAME/README
  5781. echo $'using F-Droid then go to settings/accounts and add a CalDav account with' >> /home/$MY_USERNAME/README
  5782. echo $"the URL https://$OWNCLOUD_DOMAIN_NAME/remote.php/caldav/principals/$MY_USERNAME" >> /home/$MY_USERNAME/README
  5783. echo $'and the username and password shown above.' >> /home/$MY_USERNAME/README
  5784. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  5785. chmod 600 /home/$MY_USERNAME/README
  5786. fi
  5787. create_database owncloud "$OWNCLOUD_ADMIN_PASSWORD"
  5788. if [ ! -d /var/www/$OWNCLOUD_DOMAIN_NAME ]; then
  5789. mkdir /var/www/$OWNCLOUD_DOMAIN_NAME
  5790. fi
  5791. if [ -d /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs ]; then
  5792. rm -rf /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
  5793. fi
  5794. ln -s /usr/share/owncloud /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
  5795. if [[ $ONION_ONLY == "no" ]]; then
  5796. echo 'server {' > /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5797. echo ' listen 80;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5798. echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5799. echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5800. echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5801. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5802. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5803. echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5804. echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5805. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5806. echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5807. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5808. echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5809. echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5810. echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5811. echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5812. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5813. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5814. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5815. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5816. echo ' ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5817. echo " ssl_certificate /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5818. echo " ssl_certificate_key /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5819. echo " ssl_dhparam /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5820. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5821. echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5822. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5823. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5824. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5825. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5826. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5827. echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5828. echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5829. echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5830. echo ' # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5831. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5832. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5833. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5834. echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5835. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5836. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5837. echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5838. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5839. echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5840. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5841. echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5842. echo ' rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5843. echo ' rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5844. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5845. echo ' index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5846. echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5847. echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5848. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5849. echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5850. echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5851. echo ' log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5852. echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5853. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5854. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5855. echo ' location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5856. echo ' deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5857. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5858. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5859. echo ' location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5860. echo ' # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5861. echo ' rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5862. echo ' rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5863. echo ' rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5864. echo ' rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5865. echo ' rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5866. echo ' try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5867. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5868. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5869. echo ' location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5870. echo ' try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5871. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5872. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5873. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5874. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5875. echo ' fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5876. echo ' fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5877. echo ' fastcgi_param HTTPS on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5878. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5879. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5880. echo ' # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5881. echo ' location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5882. echo ' expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5883. echo " # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5884. echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5885. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5886. echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5887. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5888. else
  5889. echo -n '' > /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5890. fi
  5891. echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5892. echo " listen 127.0.0.1:${OWNCLOUD_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5893. echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5894. echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5895. echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5896. echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5897. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5898. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5899. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5900. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5901. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5902. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5903. echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5904. echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5905. echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5906. echo ' # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5907. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5908. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5909. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5910. echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5911. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5912. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5913. echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5914. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5915. echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5916. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5917. echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5918. echo ' rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5919. echo ' rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5920. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5921. echo ' index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5922. echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5923. echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5924. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5925. echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5926. echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5927. echo ' log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5928. echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5929. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5930. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5931. echo ' location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5932. echo ' deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5933. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5934. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5935. echo ' location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5936. echo ' # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5937. echo ' rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5938. echo ' rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5939. echo ' rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5940. echo ' rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5941. echo ' rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5942. echo ' try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5943. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5944. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5945. echo ' location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5946. echo ' try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5947. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5948. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5949. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5950. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5951. echo ' fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5952. echo ' fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5953. echo ' fastcgi_param HTTPS off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5954. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5955. echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5956. echo ' # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5957. echo ' location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5958. echo ' expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5959. echo " # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5960. echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5961. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5962. echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  5963. configure_php
  5964. if [[ $ONION_ONLY == "no" ]]; then
  5965. if [ ! -f /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam ]; then
  5966. if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
  5967. ${PROJECT_NAME}-addcert -h $OWNCLOUD_DOMAIN_NAME --dhkey $DH_KEYLENGTH
  5968. else
  5969. ${PROJECT_NAME}-addcert -e $OWNCLOUD_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
  5970. fi
  5971. check_certificates $OWNCLOUD_DOMAIN_NAME
  5972. fi
  5973. fi
  5974. # Ensure that the database gets backed up locally, if remote
  5975. # backups are not being used
  5976. backup_databases_script_header
  5977. echo '' >> /usr/bin/backupdatabases
  5978. echo $'# Backup Owncloud database' >> /usr/bin/backupdatabases
  5979. echo 'TEMPFILE=/root/owncloud.sql' >> /usr/bin/backupdatabases
  5980. echo 'DAILYFILE=/var/backups/owncloud_daily.sql' >> /usr/bin/backupdatabases
  5981. echo 'mysqldump --password="$MYSQL_PASSWORD" owncloud > $TEMPFILE' >> /usr/bin/backupdatabases
  5982. echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
  5983. echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases
  5984. echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
  5985. echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
  5986. echo '' >> /usr/bin/backupdatabases
  5987. echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
  5988. echo ' mysql -u root --password="$MYSQL_PASSWORD" owncloud -o < $DAILYFILE' >> /usr/bin/backupdatabases
  5989. echo '' >> /usr/bin/backupdatabases
  5990. echo ' # Send a warning email' >> /usr/bin/backupdatabases
  5991. echo ' echo "Unable to create a backup of the Owncloud database. Attempted to restore from yesterdays backup" | mail -s "Owncloud backup" $EMAIL' >> /usr/bin/backupdatabases
  5992. echo ' else' >> /usr/bin/backupdatabases
  5993. echo ' # Send a warning email' >> /usr/bin/backupdatabases
  5994. echo ' echo "Unable to create a backup of the Owncloud database." | mail -s "Owncloud backup" $EMAIL' >> /usr/bin/backupdatabases
  5995. echo ' fi' >> /usr/bin/backupdatabases
  5996. echo 'else' >> /usr/bin/backupdatabases
  5997. echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
  5998. echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
  5999. echo '' >> /usr/bin/backupdatabases
  6000. echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
  6001. echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
  6002. echo 'fi' >> /usr/bin/backupdatabases
  6003. nginx_ensite $OWNCLOUD_DOMAIN_NAME
  6004. OWNCLOUD_ONION_HOSTNAME=$(add_onion_service owncloud 80 ${OWNCLOUD_ONION_PORT})
  6005. systemctl restart php5-fpm
  6006. systemctl restart nginx
  6007. if ! grep -q "Owncloud onion domain" /home/$MY_USERNAME/README; then
  6008. echo "Owncloud onion domain: ${OWNCLOUD_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
  6009. echo '' >> /home/$MY_USERNAME/README
  6010. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  6011. chmod 600 /home/$MY_USERNAME/README
  6012. fi
  6013. echo "Owncloud onion domain:${OWNCLOUD_ONION_HOSTNAME}" >> $COMPLETION_FILE
  6014. # update the dynamic DNS
  6015. CURRENT_DDNS_DOMAIN=$OWNCLOUD_DOMAIN_NAME
  6016. add_ddns_domain
  6017. echo "Owncloud domain:$OWNCLOUD_DOMAIN_NAME" >> $COMPLETION_FILE
  6018. echo 'install_owncloud' >> $COMPLETION_FILE
  6019. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
  6020. install_owncloud_music_app
  6021. backup_to_friends_servers
  6022. intrusion_detection
  6023. split_gpg_key_into_fragments
  6024. # unmount any attached usb drive
  6025. if [ -d $USB_MOUNT ]; then
  6026. umount $USB_MOUNT
  6027. rm -rf $USB_MOUNT
  6028. fi
  6029. echo ''
  6030. echo "$OWNCLOUD_COMPLETION_MSG1"
  6031. echo "$OWNCLOUD_COMPLETION_MSG2"
  6032. exit 0
  6033. fi
  6034. }
  6035. function install_gogs {
  6036. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  6037. return
  6038. fi
  6039. if [ ! $GIT_DOMAIN_NAME ]; then
  6040. return
  6041. fi
  6042. export GOPATH=/home/git/go
  6043. systemctl set-environment GOPATH=/home/git/go
  6044. # update to the next commit
  6045. if [ -d /var/www/$GIT_DOMAIN_NAME ]; then
  6046. if grep -q "Gogs commit" $COMPLETION_FILE; then
  6047. CURRENT_GOGS_COMMIT=$(grep "Gogs commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  6048. if [[ "$CURRENT_GOGS_COMMIT" != "$GOGS_COMMIT" ]]; then
  6049. cd $GOPATH/src/github.com/gogits/gogs
  6050. git_pull $GIT_DOMAIN_REPO $GOGS_COMMIT
  6051. sed -i "s/Gogs commit.*/Gogs commit:$GOGS_COMMIT/g" $COMPLETION_FILE
  6052. go get -u ./...
  6053. if [ ! "$?" = "0" ]; then
  6054. exit 52792
  6055. fi
  6056. go build
  6057. if [ ! "$?" = "0" ]; then
  6058. exit 36226
  6059. fi
  6060. systemctl restart gogs
  6061. fi
  6062. else
  6063. echo "Gogs commit:$GOGS_COMMIT" >> $COMPLETION_FILE
  6064. fi
  6065. fi
  6066. if grep -Fxq "install_gogs" $COMPLETION_FILE; then
  6067. return
  6068. fi
  6069. # http://gogs.io/docs/installation/install_from_source.md
  6070. # add a gogs user account
  6071. adduser --disabled-login --gecos 'Gogs' git
  6072. # install Go
  6073. apt-get -y install golang libpam0g-dev
  6074. if ! grep -q "export GOPATH=/home/git/go" ~/.bashrc; then
  6075. echo 'export GOPATH=/home/git/go' >> ~/.bashrc
  6076. echo 'systemctl set-environment GOPATH=/home/git/go' >> ~/.bashrc
  6077. fi
  6078. if [ ! -d $GOPATH ]; then
  6079. mkdir -p $GOPATH
  6080. fi
  6081. GO_PACKAGE_MANAGER_REPO2=$(echo "$GO_PACKAGE_MANAGER_REPO" | sed 's|https://||g')
  6082. go get -u $GO_PACKAGE_MANAGER_REPO2
  6083. if [ ! "$?" = "0" ]; then
  6084. exit 479832
  6085. fi
  6086. # clone the repo
  6087. if [ ! -d $GOPATH/src/github.com/gogits ]; then
  6088. mkdir -p $GOPATH/src/github.com/gogits
  6089. fi
  6090. git_clone $GIT_DOMAIN_REPO $GOPATH/src/github.com/gogits/gogs
  6091. if [ ! -d $GOPATH/src/github.com/gogits/gogs ]; then
  6092. echo $"Unable to clone repo $GOPATH/src/github.com/gogits/gogs"
  6093. exit 85482
  6094. fi
  6095. cd $GOPATH/src/github.com/gogits/gogs
  6096. git checkout $GOGS_COMMIT -b $GOGS_COMMIT
  6097. if ! grep -q "Gogs commit" $COMPLETION_FILE; then
  6098. echo "Gogs commit:$GOGS_COMMIT" >> $COMPLETION_FILE
  6099. else
  6100. sed -i "s/Gogs commit.*/Gogs commit:$GOGS_COMMIT/g" $COMPLETION_FILE
  6101. fi
  6102. # install
  6103. go get -u ./...
  6104. go build
  6105. if [ ! "$?" = "0" ]; then
  6106. exit 546750
  6107. fi
  6108. install_mariadb
  6109. get_mariadb_password
  6110. get_mariadb_git_admin_password
  6111. if [ ! $GIT_ADMIN_PASSWORD ]; then
  6112. if [ -f $IMAGE_PASSWORD_FILE ]; then
  6113. GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  6114. else
  6115. GIT_ADMIN_PASSWORD="$(openssl rand -base64 32)"
  6116. fi
  6117. fi
  6118. if ! grep -q $"Gogs admin user password" /home/$MY_USERNAME/README; then
  6119. echo '' >> /home/$MY_USERNAME/README
  6120. echo '' >> /home/$MY_USERNAME/README
  6121. echo 'Gogs' >> /home/$MY_USERNAME/README
  6122. echo '====' >> /home/$MY_USERNAME/README
  6123. echo $'Database type: MySql' >> /home/$MY_USERNAME/README
  6124. echo $'Database host: 127.0.0.1:3306' >> /home/$MY_USERNAME/README
  6125. echo $'Database user: root' >> /home/$MY_USERNAME/README
  6126. echo $"Database password: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README
  6127. echo $'Database name: gogs' >> /home/$MY_USERNAME/README
  6128. echo $'Gogs admin user: gogsadmin' >> /home/$MY_USERNAME/README
  6129. echo $"Gogs admin user password: $GIT_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
  6130. echo $"Gogs admin user email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
  6131. echo '' >> /home/$MY_USERNAME/README
  6132. echo $'Install Steps For First-time Run:' >> /home/$MY_USERNAME/README
  6133. echo $'Leave email service settings empty' >> /home/$MY_USERNAME/README
  6134. echo $'Check "Enable Register Confirmation"' >> /home/$MY_USERNAME/README
  6135. echo $'Check "Enable Mail Notification"' >> /home/$MY_USERNAME/README
  6136. echo '' >> /home/$MY_USERNAME/README
  6137. echo $'After the initial install edit /home/git/go/src/github.com/gogits/gogs/custom/conf/app.ini' >> /home/$MY_USERNAME/README
  6138. echo $'and within the [server] section set:' >> /home/$MY_USERNAME/README
  6139. echo " DOMAIN = $GIT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
  6140. echo " ROOT_URL = http://$GIT_DOMAIN_NAME/" >> /home/$MY_USERNAME/README
  6141. echo " SSH_PORT = $SSH_PORT" >> /home/$MY_USERNAME/README
  6142. echo $'If you want to disable new account registrations then append the following:' >> /home/$MY_USERNAME/README
  6143. echo ' [service]' >> /home/$MY_USERNAME/README
  6144. echo ' DISABLE_REGISTRATION = true' >> /home/$MY_USERNAME/README
  6145. echo $'Then restart with:' >> /home/$MY_USERNAME/README
  6146. echo ' systemctl restart gogs' >> /home/$MY_USERNAME/README
  6147. echo '' >> /home/$MY_USERNAME/README
  6148. echo $"Note that there's a usability/security trade-off made here." >> /home/$MY_USERNAME/README
  6149. echo $"In order to allow git clone via http we don't redirect everything" >> /home/$MY_USERNAME/README
  6150. echo $'over https. Instead only critical things such as user login,' >> /home/$MY_USERNAME/README
  6151. echo $'settings and admin are encrypted.' >> /home/$MY_USERNAME/README
  6152. echo $'There are also potential security issues with cloning/pulling/pushing' >> /home/$MY_USERNAME/README
  6153. echo $'code over http, since a determined adversary could inject malware' >> /home/$MY_USERNAME/README
  6154. echo $'into the stream as it passes, so beware.' >> /home/$MY_USERNAME/README
  6155. echo $'If you have a bought domain and a non-self signed cert then you' >> /home/$MY_USERNAME/README
  6156. echo $"should change /etc/nginx/sites-available/$GIT_DOMAIN_NAME to redirect everything over https." >> /home/$MY_USERNAME/README
  6157. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  6158. chmod 600 /home/$MY_USERNAME/README
  6159. fi
  6160. create_database gogs "$GOGS_ADMIN_PASSWORD"
  6161. chmod 600 /home/git/go/src/github.com/gogits/gogs/custom/conf/app.ini
  6162. chown -R git:git /home/git
  6163. cp $GOPATH/src/github.com/gogits/gogs/scripts/systemd/gogs.service /etc/systemd/system
  6164. sed -i 's|#After=mysqld.service|After=mysqld.service|g' /etc/systemd/system/gogs.service
  6165. sed -i "s|WorkingDirectory=.*|WorkingDirectory=$GOPATH/src/github.com/gogits/gogs|g" /etc/systemd/system/gogs.service
  6166. sed -i "s|ExecStart=.*|ExecStart=$GOPATH/src/github.com/gogits/gogs/gogs web|g" /etc/systemd/system/gogs.service
  6167. sed -i "s|Environment.*|Environment=\"USER=git\" \"HOME=/home/git\" \"GOPATH=/home/git/go\"|g" /etc/systemd/system/gogs.service
  6168. systemctl enable gogs
  6169. systemctl daemon-reload
  6170. systemctl restart gogs
  6171. if [ ! -d /var/www/$GIT_DOMAIN_NAME ]; then
  6172. mkdir /var/www/$GIT_DOMAIN_NAME
  6173. fi
  6174. if [ -d /var/www/$GIT_DOMAIN_NAME/htdocs ]; then
  6175. rm -rf /var/www/$GIT_DOMAIN_NAME/htdocs
  6176. fi
  6177. if [[ $ONION_ONLY == "no" ]]; then
  6178. echo 'server {' > /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6179. echo ' listen 80;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6180. echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6181. echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6182. echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6183. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6184. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6185. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6186. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6187. echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6188. echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6189. echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6190. echo ' location ^~ /user/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6191. echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6192. echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6193. echo ' location ^~ /admin/ {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6194. echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6195. echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6196. echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6197. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6198. echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6199. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6200. echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6201. echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6202. echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6203. echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6204. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6205. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6206. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6207. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6208. echo ' ssl on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6209. echo " ssl_certificate /etc/ssl/certs/$GIT_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6210. echo " ssl_certificate_key /etc/ssl/private/$GIT_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6211. echo " ssl_dhparam /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6212. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6213. echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6214. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6215. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6216. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6217. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6218. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6219. echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6220. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6221. echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6222. echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6223. echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6224. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6225. echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6226. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6227. echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6228. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6229. echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6230. echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6231. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6232. echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6233. echo ' allow all;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6234. echo ' log_not_found off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6235. echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6236. echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6237. echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6238. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6239. else
  6240. echo -n '' > /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6241. fi
  6242. echo 'server {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6243. echo " listen 127.0.0.1:${GIT_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6244. echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6245. echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6246. echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6247. echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6248. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6249. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6250. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6251. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6252. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6253. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6254. echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6255. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6256. echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6257. echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6258. echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6259. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6260. echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6261. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6262. echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6263. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6264. echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6265. echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6266. echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6267. echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6268. echo ' allow all;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6269. echo ' log_not_found off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6270. echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6271. echo ' }' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6272. echo '}' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
  6273. configure_php
  6274. if [[ $ONION_ONLY == "no" ]]; then
  6275. if [ ! -f /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam ]; then
  6276. if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
  6277. ${PROJECT_NAME}-addcert -h $GIT_DOMAIN_NAME --dhkey $DH_KEYLENGTH
  6278. else
  6279. ${PROJECT_NAME}-addcert -e $GIT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
  6280. fi
  6281. check_certificates $GIT_DOMAIN_NAME
  6282. fi
  6283. fi
  6284. nginx_ensite $GIT_DOMAIN_NAME
  6285. if [ ! -d /var/lib/tor ]; then
  6286. echo $'No Tor installation found. Gogs onion site cannot be configured.'
  6287. exit 877367
  6288. fi
  6289. if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
  6290. echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/' >> /etc/tor/torrc
  6291. echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}" >> /etc/tor/torrc
  6292. echo "HiddenServicePort 9418 127.0.0.1:9418" >> /etc/tor/torrc
  6293. echo $'Added onion site for Gogs'
  6294. fi
  6295. systemctl restart tor
  6296. wait_for_onion_service 'gogs'
  6297. GIT_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_gogs/hostname)
  6298. systemctl restart php5-fpm
  6299. systemctl restart nginx
  6300. if ! grep -q "Gogs onion domain" /home/$MY_USERNAME/README; then
  6301. echo "Gogs onion domain: ${GIT_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
  6302. echo '' >> /home/$MY_USERNAME/README
  6303. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  6304. chmod 600 /home/$MY_USERNAME/README
  6305. fi
  6306. if ! grep -q "Gogs onion domain" $COMPLETION_FILE; then
  6307. echo "Gogs onion domain:${GIT_ONION_HOSTNAME}" >> $COMPLETION_FILE
  6308. fi
  6309. # update the dynamic DNS
  6310. CURRENT_DDNS_DOMAIN=$GIT_DOMAIN_NAME
  6311. add_ddns_domain
  6312. echo "Gogs domain:$GIT_DOMAIN_NAME" >> $COMPLETION_FILE
  6313. echo 'install_gogs' >> $COMPLETION_FILE
  6314. }
  6315. function tox_avahi {
  6316. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  6317. return
  6318. fi
  6319. if grep -Fxq "tox_avahi" $COMPLETION_FILE; then
  6320. return
  6321. fi
  6322. if [ ! -d /etc/avahi ]; then
  6323. echo $'tox_avahi: avahi is not installed'
  6324. exit 87359
  6325. fi
  6326. # install a command to obtain the Tox ID
  6327. cd $INSTALL_DIR
  6328. git_clone $TOXID_REPO $INSTALL_DIR/toxid
  6329. if [ ! -d $INSTALL_DIR/toxid ]; then
  6330. exit 63921
  6331. fi
  6332. cd $INSTALL_DIR/toxid
  6333. make
  6334. if [ ! "$?" = "0" ]; then
  6335. exit 58432
  6336. fi
  6337. make install
  6338. toxavahi
  6339. # publish regularly
  6340. if ! grep -q "toxavahi" /etc/crontab; then
  6341. echo "* * * * * root toxavahi > /dev/null" >> /etc/crontab
  6342. fi
  6343. systemctl restart avahi-daemon
  6344. echo 'tox_avahi' >> $COMPLETION_FILE
  6345. }
  6346. function install_tox_node {
  6347. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
  6348. return
  6349. fi
  6350. # update to the next commit
  6351. if [ -d $INSTALL_DIR/toxcore ]; then
  6352. if grep -q "toxcore commit" $COMPLETION_FILE; then
  6353. CURRENT_TOX_COMMIT=$(grep "toxcore commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  6354. if [[ "$CURRENT_TOX_COMMIT" != "$TOX_COMMIT" ]]; then
  6355. cd $INSTALL_DIR/toxcore
  6356. git_pull $TOX_REPO $TOX_COMMIT
  6357. sed -i "s/toxcore commit.*/toxcore commit:$TOX_COMMIT/g" $COMPLETION_FILE
  6358. autoreconf -i
  6359. ./configure --enable-daemon
  6360. make
  6361. make install
  6362. systemctl restart tox-bootstrapd.service
  6363. fi
  6364. else
  6365. echo "toxcore commit:$TOX_COMMIT" >> $COMPLETION_FILE
  6366. fi
  6367. fi
  6368. if grep -Fxq "install_tox_node" $COMPLETION_FILE; then
  6369. return
  6370. fi
  6371. # toxcore
  6372. apt-get -y install build-essential libtool autotools-dev
  6373. apt-get -y install automake checkinstall check git yasm
  6374. apt-get -y install libsodium13 libsodium-dev libcap2-bin
  6375. apt-get -y install libconfig9 libconfig-dev
  6376. cd $INSTALL_DIR
  6377. git_clone $TOX_REPO $INSTALL_DIR/toxcore
  6378. cd $INSTALL_DIR/toxcore
  6379. git checkout $TOX_COMMIT -b $TOX_COMMIT
  6380. if ! grep -q "toxcore commit" $COMPLETION_FILE; then
  6381. echo "toxcore commit:$TOX_COMMIT" >> $COMPLETION_FILE
  6382. else
  6383. sed -i "s/toxcore commit.*/toxcore commit:$TOX_COMMIT/g" $COMPLETION_FILE
  6384. fi
  6385. autoreconf -i
  6386. ./configure --enable-daemon
  6387. if [ ! "$?" = "0" ]; then
  6388. exit 78467
  6389. fi
  6390. make
  6391. if [ ! "$?" = "0" ]; then
  6392. exit 84562
  6393. fi
  6394. make install
  6395. cp /usr/local/lib/libtoxcore* /usr/lib/
  6396. if [ ! -f /usr/local/bin/tox-bootstrapd ]; then
  6397. echo $"File not found /usr/local/bin/tox-bootstrapd"
  6398. exit 73862
  6399. fi
  6400. useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
  6401. chmod 700 /var/lib/tox-bootstrapd
  6402. if [ ! -f $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf ]; then
  6403. echo $"File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf"
  6404. exit 476835
  6405. fi
  6406. # remove Maildir
  6407. if [ -d /var/lib/tox-bootstrapd/Maildir ]; then
  6408. rm -rf /var/lib/tox-bootstrapd/Maildir
  6409. fi
  6410. # create configuration file
  6411. echo "port = $TOX_PORT" > /etc/tox-bootstrapd.conf
  6412. echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> /etc/tox-bootstrapd.conf
  6413. echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> /etc/tox-bootstrapd.conf
  6414. echo 'enable_ipv6 = true' >> /etc/tox-bootstrapd.conf
  6415. echo 'enable_ipv4_fallback = true' >> /etc/tox-bootstrapd.conf
  6416. echo 'enable_lan_discovery = true' >> /etc/tox-bootstrapd.conf
  6417. echo 'enable_tcp_relay = true' >> /etc/tox-bootstrapd.conf
  6418. echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> /etc/tox-bootstrapd.conf
  6419. echo 'enable_motd = true' >> /etc/tox-bootstrapd.conf
  6420. echo 'motd = "tox-bootstrapd"' >> /etc/tox-bootstrapd.conf
  6421. if [ $TOX_NODES ]; then
  6422. echo 'bootstrap_nodes = (' >> /etc/tox-bootstrapd.conf
  6423. toxcount=0
  6424. while [ "x${TOX_NODES[toxcount]}" != "x" ]
  6425. do
  6426. toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
  6427. toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
  6428. toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
  6429. toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
  6430. toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
  6431. echo "{ // $toxval_maintainer" >> /etc/tox-bootstrapd.conf
  6432. if [[ $toxval_ipv6 != 'NONE' ]]; then
  6433. echo " address = \"$toxval_ipv6\"" >> /etc/tox-bootstrapd.conf
  6434. else
  6435. echo " address = \"$toxval_ipv4\"" >> /etc/tox-bootstrapd.conf
  6436. fi
  6437. echo " port = $toxval_port" >> /etc/tox-bootstrapd.conf
  6438. echo " public_key = \"$toxval_pubkey\"" >> /etc/tox-bootstrapd.conf
  6439. toxcount=$(( $toxcount + 1 ))
  6440. if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
  6441. echo "}," >> /etc/tox-bootstrapd.conf
  6442. else
  6443. echo "}" >> /etc/tox-bootstrapd.conf
  6444. fi
  6445. done
  6446. echo ')' >> /etc/tox-bootstrapd.conf
  6447. fi
  6448. if [ ! -f $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
  6449. echo $"File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
  6450. exit 7359
  6451. fi
  6452. cp $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/
  6453. enable_ipv6
  6454. systemctl daemon-reload
  6455. systemctl enable tox-bootstrapd.service
  6456. systemctl start tox-bootstrapd.service
  6457. if [ ! "$?" = "0" ]; then
  6458. systemctl status tox-bootstrapd.service
  6459. exit 5846
  6460. fi
  6461. TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT})
  6462. if ! grep -q "tox onion domain" $COMPLETION_FILE; then
  6463. echo "tox onion domain:${TOX_ONION_HOSTNAME}" >> $COMPLETION_FILE
  6464. else
  6465. sed -i "s|tox onion domain.*|tox onion domain:${TOX_ONION_HOSTNAME}|g" $COMPLETION_FILE
  6466. fi
  6467. systemctl restart tox-bootstrapd.service
  6468. TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1)
  6469. if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
  6470. echo $'Could not obtain the tox node public key'
  6471. exit 6529
  6472. fi
  6473. # save the public key for later reference
  6474. echo "$TOX_PUBLIC_KEY" > $TOX_BOOTSTRAP_ID_FILE
  6475. configure_firewall_for_tox
  6476. if ! grep -q $"Your Tox node public key is" /home/$MY_USERNAME/README; then
  6477. echo '' >> /home/$MY_USERNAME/README
  6478. echo '' >> /home/$MY_USERNAME/README
  6479. echo 'Tox' >> /home/$MY_USERNAME/README
  6480. echo '===' >> /home/$MY_USERNAME/README
  6481. echo $"tox onion domain: ${TOX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
  6482. echo $"Your Tox node public key is: $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README
  6483. echo $'In the Toxic client you can connect to it with:' >> /home/$MY_USERNAME/README
  6484. echo " /connect $DEFAULT_DOMAIN_NAME.local $TOX_PORT $TOX_PUBLIC_KEY" >> /home/$MY_USERNAME/README
  6485. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  6486. chmod 600 /home/$MY_USERNAME/README
  6487. fi
  6488. echo 'install_tox_node' >> $COMPLETION_FILE
  6489. }
  6490. function install_tox_client {
  6491. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
  6492. return
  6493. fi
  6494. # update to the next commit
  6495. if [ -d $INSTALL_DIR/toxic ]; then
  6496. if grep -q "Toxic commit" $COMPLETION_FILE; then
  6497. CURRENT_TOXIC_COMMIT=$(grep "Toxic commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  6498. if [[ "$CURRENT_TOXIC_COMMIT" != "$TOXIC_COMMIT" ]]; then
  6499. cd $INSTALL_DIR/toxic
  6500. git_pull $TOXIC_REPO $TOXIC_COMMIT
  6501. sed -i "s/Toxic commit.*/Toxic commit:$TOXIC_COMMIT/g" $COMPLETION_FILE
  6502. make
  6503. make install
  6504. fi
  6505. else
  6506. echo "Toxic commit:$TOXIC_COMMIT" >> $COMPLETION_FILE
  6507. fi
  6508. fi
  6509. if grep -Fxq "install_tox_client" $COMPLETION_FILE; then
  6510. return
  6511. fi
  6512. apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev libcurl4-openssl-dev
  6513. cd $INSTALL_DIR
  6514. git_clone $TOXIC_REPO $INSTALL_DIR/toxic
  6515. cd $INSTALL_DIR/toxic
  6516. git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT
  6517. if ! grep -q "Toxic commit" $COMPLETION_FILE; then
  6518. echo "Toxic commit:$TOXIC_COMMIT" >> $COMPLETION_FILE
  6519. else
  6520. sed -i "s/Toxic commit.*/Toxic commit:$TOXIC_COMMIT/g" $COMPLETION_FILE
  6521. fi
  6522. make
  6523. if [ ! -f $INSTALL_DIR/toxic/build/toxic ]; then
  6524. exit 74872
  6525. fi
  6526. make install
  6527. su -c "echo 'n
  6528. /nick $MY_USERNAME
  6529. /exit
  6530. ' | /usr/bin/toxic -d" - $MY_USERNAME
  6531. echo 'install_tox_client' >> $COMPLETION_FILE
  6532. }
  6533. function install_xmpp {
  6534. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  6535. return
  6536. fi
  6537. if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
  6538. return
  6539. fi
  6540. apt-get -y install lua-sec lua-bitop
  6541. apt-get -y install prosody prosody-modules mercurial
  6542. if [ ! -d /etc/prosody ]; then
  6543. echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
  6544. exit 52
  6545. fi
  6546. # obtain the prosody modules
  6547. cd $INSTALL_DIR
  6548. hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
  6549. if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then
  6550. echo $'mod_onions prosody module could not be found'
  6551. exit 73254
  6552. fi
  6553. # install the onions module
  6554. cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua
  6555. if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then
  6556. echo $'mod_onions.lua could not be copied to the prosody modules directory'
  6557. exit 63952
  6558. fi
  6559. # create a certificate
  6560. if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
  6561. ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
  6562. check_certificates xmpp
  6563. fi
  6564. chown prosody:prosody /etc/ssl/private/xmpp.key
  6565. chown prosody:prosody /etc/ssl/certs/xmpp.*
  6566. cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
  6567. sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
  6568. sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
  6569. if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
  6570. sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
  6571. fi
  6572. if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
  6573. sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
  6574. fi
  6575. if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
  6576. sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
  6577. fi
  6578. if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
  6579. sed -i '/certificate =/a\ depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
  6580. fi
  6581. if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
  6582. sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
  6583. fi
  6584. sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
  6585. sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
  6586. if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
  6587. echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6588. echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6589. echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6590. echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6591. echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6592. echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6593. echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6594. echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6595. echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6596. echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6597. echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6598. fi
  6599. ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
  6600. sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
  6601. sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
  6602. if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
  6603. sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
  6604. fi
  6605. if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
  6606. sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
  6607. fi
  6608. if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
  6609. sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
  6610. fi
  6611. if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
  6612. sed -i '/certificate =/a\ depth = "1";' /etc/prosody/prosody.cfg.lua
  6613. fi
  6614. if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
  6615. sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
  6616. fi
  6617. sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
  6618. if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
  6619. sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
  6620. fi
  6621. if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
  6622. echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6623. fi
  6624. sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
  6625. sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
  6626. sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
  6627. sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
  6628. sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
  6629. sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
  6630. systemctl restart prosody
  6631. touch /home/$MY_USERNAME/README
  6632. if [ ! -d /var/lib/tor ]; then
  6633. echo $'No Tor installation found. XMPP onion site cannot be configured.'
  6634. exit 877367
  6635. fi
  6636. if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
  6637. echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
  6638. echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
  6639. echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
  6640. echo $'Added onion site for XMPP chat'
  6641. fi
  6642. systemctl restart tor
  6643. wait_for_onion_service 'xmpp'
  6644. if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
  6645. echo $'XMPP onion site hostname not found'
  6646. exit 65349
  6647. fi
  6648. XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
  6649. if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
  6650. echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6651. echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6652. echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  6653. fi
  6654. if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then
  6655. echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
  6656. else
  6657. sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
  6658. fi
  6659. if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
  6660. if [ -f $IMAGE_PASSWORD_FILE ]; then
  6661. XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  6662. else
  6663. XMPP_PASSWORD="$(openssl rand -base64 8)"
  6664. fi
  6665. prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
  6666. echo '' >> /home/$MY_USERNAME/README
  6667. echo '' >> /home/$MY_USERNAME/README
  6668. echo $'XMPP' >> /home/$MY_USERNAME/README
  6669. echo '====' >> /home/$MY_USERNAME/README
  6670. echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
  6671. echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
  6672. echo $'You can change it with: ' >> /home/$MY_USERNAME/README
  6673. echo '' >> /home/$MY_USERNAME/README
  6674. echo " prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
  6675. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  6676. chmod 600 /home/$MY_USERNAME/README
  6677. fi
  6678. echo 'install_xmpp' >> $COMPLETION_FILE
  6679. }
  6680. function install_watchdog_script {
  6681. if grep -Fxq "install_watchdog_script" $COMPLETION_FILE; then
  6682. return
  6683. fi
  6684. echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME
  6685. echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  6686. echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  6687. # application specific stuff is added later
  6688. chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME
  6689. if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then
  6690. echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab
  6691. fi
  6692. echo 'install_watchdog_script' >> $COMPLETION_FILE
  6693. }
  6694. function install_irc_server {
  6695. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  6696. return
  6697. fi
  6698. if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
  6699. return
  6700. fi
  6701. apt-get -y install ngircd
  6702. # for mesh peers also install an irc client
  6703. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  6704. apt-get -y install irssi
  6705. fi
  6706. if [ ! -d /etc/ngircd ]; then
  6707. echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
  6708. exit 53
  6709. fi
  6710. if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
  6711. ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
  6712. check_certificates ngircd
  6713. fi
  6714. DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
  6715. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  6716. DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
  6717. fi
  6718. echo '**************************************************' > /etc/ngircd/motd
  6719. echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd
  6720. echo '* *' >> /etc/ngircd/motd
  6721. echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd
  6722. echo '**************************************************' >> /etc/ngircd/motd
  6723. sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
  6724. sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
  6725. sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
  6726. sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
  6727. sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
  6728. sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
  6729. sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
  6730. sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
  6731. sed -i "s/;Ports =.*/Ports = $IRC_PORT, $IRC_ONION_PORT/g" /etc/ngircd/ngircd.conf
  6732. sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
  6733. sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
  6734. sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
  6735. sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
  6736. sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
  6737. IRC_SALT="$(openssl rand -base64 32)"
  6738. if [ -f $IMAGE_PASSWORD_FILE ]; then
  6739. IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  6740. else
  6741. IRC_OPERATOR_PASSWORD="$(openssl rand -base64 8)"
  6742. fi
  6743. sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
  6744. sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
  6745. sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
  6746. sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
  6747. sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
  6748. sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
  6749. if [ $IRC_PASSWORD ]; then
  6750. sed -i "0,/RE/s/Password =.*/Password = $IRC_PASSWORD/" /etc/ngircd/ngircd.conf
  6751. fi
  6752. # If we are on a mesh then DNS is not available
  6753. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  6754. sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
  6755. fi
  6756. mkdir /var/run/ircd
  6757. chown -R irc:irc /var/run/ircd
  6758. mkdir /var/run/ngircd
  6759. touch /var/run/ngircd/ngircd.pid
  6760. chown -R irc:irc /var/run/ngircd
  6761. IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_PORT})
  6762. if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
  6763. echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
  6764. fi
  6765. systemctl restart ngircd
  6766. # keep the daemon running
  6767. echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  6768. echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  6769. echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  6770. echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  6771. echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  6772. echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  6773. echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  6774. echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
  6775. if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
  6776. echo '' >> /home/$MY_USERNAME/README
  6777. echo '' >> /home/$MY_USERNAME/README
  6778. echo $'IRC Server' >> /home/$MY_USERNAME/README
  6779. echo '==========' >> /home/$MY_USERNAME/README
  6780. echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
  6781. echo '' >> /home/$MY_USERNAME/README
  6782. echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
  6783. echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
  6784. echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
  6785. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  6786. chmod 600 /home/$MY_USERNAME/README
  6787. fi
  6788. echo 'install_irc_server' >> $COMPLETION_FILE
  6789. }
  6790. function get_wiki_admin_password {
  6791. if [ -f /home/$MY_USERNAME/README ]; then
  6792. if grep -q "Wiki password" /home/$MY_USERNAME/README; then
  6793. WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
  6794. fi
  6795. fi
  6796. }
  6797. function install_wiki {
  6798. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then
  6799. return
  6800. fi
  6801. if grep -Fxq "install_wiki" $COMPLETION_FILE; then
  6802. return
  6803. fi
  6804. if [ ! $WIKI_DOMAIN_NAME ]; then
  6805. return
  6806. fi
  6807. apt-get -y install dokuwiki
  6808. apt-get -y remove --purge apache*
  6809. if [ -d /etc/apache2 ]; then
  6810. rm -rf /etc/apache2
  6811. echo $'Removed Apache installation after Dokuwiki install'
  6812. fi
  6813. if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
  6814. mkdir /var/www/$WIKI_DOMAIN_NAME
  6815. fi
  6816. if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
  6817. rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
  6818. fi
  6819. ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
  6820. mkdir /var/lib/dokuwiki/custom
  6821. cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
  6822. ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
  6823. chown www-data /var/lib/dokuwiki/custom
  6824. chown www-data /var/lib/dokuwiki/custom/local.php
  6825. chown -R www-data /etc/dokuwiki
  6826. chown -R www-data /usr/share/dokuwiki/lib/
  6827. chmod 600 /var/lib/dokuwiki/custom/local.php
  6828. chmod -R 755 /usr/share/dokuwiki/lib
  6829. sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
  6830. sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
  6831. sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
  6832. # set the admin user
  6833. sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
  6834. # disallow registration of new users
  6835. if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
  6836. echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
  6837. fi
  6838. if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
  6839. echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
  6840. fi
  6841. if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
  6842. echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
  6843. fi
  6844. if ! grep -q "authtype" /etc/dokuwiki/local.php; then
  6845. echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
  6846. fi
  6847. get_wiki_admin_password
  6848. if [ ! $WIKI_ADMIN_PASSWORD ]; then
  6849. if [ -f $IMAGE_PASSWORD_FILE ]; then
  6850. WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  6851. else
  6852. WIKI_ADMIN_PASSWORD="$(openssl rand -base64 16)"
  6853. fi
  6854. fi
  6855. HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
  6856. echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
  6857. chmod 640 /var/lib/dokuwiki/acl/users.auth.php
  6858. if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
  6859. echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf
  6860. fi
  6861. if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
  6862. echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf
  6863. fi
  6864. if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
  6865. echo 'webm video/webm' >> /etc/dokuwiki/mime.conf
  6866. fi
  6867. if [[ $ONION_ONLY == "no" ]]; then
  6868. echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6869. echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6870. echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6871. echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6872. echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6873. echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6874. echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6875. echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6876. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6877. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6878. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6879. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6880. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6881. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6882. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6883. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6884. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6885. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6886. echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6887. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6888. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6889. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6890. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6891. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6892. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6893. echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6894. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6895. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6896. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6897. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6898. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6899. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6900. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6901. echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6902. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6903. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6904. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6905. echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6906. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6907. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6908. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6909. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6910. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6911. echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6912. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6913. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6914. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6915. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6916. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6917. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6918. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6919. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6920. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6921. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6922. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6923. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6924. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6925. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6926. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6927. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6928. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6929. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6930. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6931. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6932. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6933. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6934. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6935. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6936. echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6937. echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6938. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6939. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6940. echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6941. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6942. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6943. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6944. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6945. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6946. echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6947. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6948. echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6949. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6950. echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6951. echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6952. echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6953. echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6954. echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6955. echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6956. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6957. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6958. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6959. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6960. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6961. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6962. echo ' ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6963. echo " ssl_certificate /etc/ssl/certs/$WIKI_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6964. echo " ssl_certificate_key /etc/ssl/private/$WIKI_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6965. echo " ssl_dhparam /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6966. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6967. echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6968. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6969. echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6970. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6971. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6972. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6973. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6974. echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6975. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6976. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6977. echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6978. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6979. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6980. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6981. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6982. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6983. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6984. echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6985. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6986. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6987. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6988. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6989. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6990. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6991. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6992. echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6993. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6994. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6995. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6996. echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6997. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6998. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  6999. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7000. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7001. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7002. echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7003. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7004. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7005. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7006. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7007. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7008. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7009. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7010. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7011. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7012. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7013. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7014. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7015. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7016. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7017. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7018. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7019. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7020. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7021. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7022. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7023. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7024. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7025. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7026. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7027. echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7028. echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7029. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7030. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7031. echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7032. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7033. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7034. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7035. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7036. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7037. echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7038. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7039. else
  7040. echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7041. fi
  7042. echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7043. echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7044. echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7045. echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7046. echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7047. echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7048. echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7049. echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7050. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7051. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7052. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7053. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7054. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7055. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7056. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7057. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7058. echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7059. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7060. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7061. echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7062. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7063. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7064. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7065. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7066. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7067. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7068. echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7069. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7070. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7071. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7072. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7073. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7074. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7075. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7076. echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7077. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7078. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7079. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7080. echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7081. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7082. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7083. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7084. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7085. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7086. echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7087. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7088. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7089. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7090. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7091. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7092. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7093. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7094. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7095. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7096. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7097. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7098. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7099. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7100. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7101. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7102. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7103. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7104. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7105. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7106. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7107. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7108. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7109. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7110. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7111. echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7112. echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7113. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7114. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7115. echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7116. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7117. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7118. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7119. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7120. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7121. echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  7122. if [[ $ONION_ONLY == "no" ]]; then
  7123. if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then
  7124. if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
  7125. ${PROJECT_NAME}-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH
  7126. else
  7127. ${PROJECT_NAME}-addcert -e $WIKI_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
  7128. fi
  7129. check_certificates $WIKI_DOMAIN_NAME
  7130. fi
  7131. fi
  7132. configure_php
  7133. nginx_ensite $WIKI_DOMAIN_NAME
  7134. WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
  7135. systemctl restart php5-fpm
  7136. systemctl restart nginx
  7137. echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
  7138. # update the dynamic DNS
  7139. CURRENT_DDNS_DOMAIN=$WIKI_DOMAIN_NAME
  7140. add_ddns_domain
  7141. # add some post-install instructions
  7142. if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
  7143. echo '' >> /home/$MY_USERNAME/README
  7144. echo '' >> /home/$MY_USERNAME/README
  7145. echo $'Wiki' >> /home/$MY_USERNAME/README
  7146. echo '====' >> /home/$MY_USERNAME/README
  7147. echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
  7148. echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
  7149. echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
  7150. echo '' >> /home/$MY_USERNAME/README
  7151. echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
  7152. echo '' >> /home/$MY_USERNAME/README
  7153. echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
  7154. echo '' >> /home/$MY_USERNAME/README
  7155. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  7156. chmod 600 /home/$MY_USERNAME/README
  7157. fi
  7158. echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
  7159. echo 'install_wiki' >> $COMPLETION_FILE
  7160. }
  7161. function get_blog_admin_password {
  7162. if [ -f /home/$MY_USERNAME/README ]; then
  7163. if grep -q "Your blog password is" /home/$MY_USERNAME/README; then
  7164. FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
  7165. fi
  7166. fi
  7167. }
  7168. function install_blog {
  7169. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  7170. return
  7171. fi
  7172. if [ ! $FULLBLOG_DOMAIN_NAME ]; then
  7173. echo $'The blog domain name was not specified'
  7174. exit 5062
  7175. fi
  7176. # update to the next commit
  7177. if [ -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs ]; then
  7178. if grep -q "Blog commit" $COMPLETION_FILE; then
  7179. CURRENT_FULLBLOG_COMMIT=$(grep "Blog commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  7180. if [[ "$CURRENT_FULLBLOG_COMMIT" != "$FULLBLOG_COMMIT" ]]; then
  7181. cd /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
  7182. git_pull $FULLBLOG_REPO $FULLBLOG_COMMIT
  7183. sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
  7184. chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
  7185. fi
  7186. else
  7187. echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
  7188. fi
  7189. fi
  7190. if grep -Fxq "install_blog" $COMPLETION_FILE; then
  7191. return
  7192. fi
  7193. if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
  7194. mkdir /var/www/$FULLBLOG_DOMAIN_NAME
  7195. fi
  7196. cd /var/www/$FULLBLOG_DOMAIN_NAME
  7197. git_clone $FULLBLOG_REPO htdocs
  7198. cd htdocs
  7199. git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT
  7200. if ! grep -q "Blog commit" $COMPLETION_FILE; then
  7201. echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
  7202. else
  7203. sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
  7204. fi
  7205. cd /var/www/$FULLBLOG_DOMAIN_NAME
  7206. chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
  7207. if [[ $ONION_ONLY == "no" ]]; then
  7208. echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7209. echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7210. echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7211. echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7212. echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7213. echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7214. echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7215. echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7216. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7217. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7218. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7219. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7220. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7221. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7222. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7223. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7224. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7225. echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7226. echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7227. echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7228. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7229. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7230. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7231. echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7232. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7233. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7234. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7235. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7236. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7237. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7238. echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7239. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7240. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7241. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7242. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7243. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7244. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7245. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7246. echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7247. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7248. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7249. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7250. echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7251. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7252. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7253. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7254. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7255. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7256. echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7257. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7258. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7259. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7260. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7261. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7262. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7263. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7264. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7265. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7266. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7267. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7268. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7269. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7270. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7271. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7272. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7273. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7274. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7275. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7276. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7277. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7278. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7279. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7280. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7281. echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7282. echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7283. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7284. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7285. echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7286. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7287. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7288. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7289. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7290. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7291. echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7292. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7293. echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7294. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7295. echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7296. echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7297. echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7298. echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7299. echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7300. echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7301. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7302. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7303. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7304. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7305. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7306. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7307. echo ' ssl on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7308. echo " ssl_certificate /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7309. echo " ssl_certificate_key /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7310. echo " ssl_dhparam /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7311. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7312. echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7313. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7314. echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7315. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7316. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7317. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7318. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7319. echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7320. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7321. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7322. echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7323. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7324. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7325. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7326. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7327. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7328. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7329. echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7330. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7331. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7332. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7333. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7334. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7335. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7336. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7337. echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7338. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7339. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7340. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7341. echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7342. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7343. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7344. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7345. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7346. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7347. echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7348. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7349. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7350. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7351. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7352. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7353. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7354. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7355. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7356. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7357. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7358. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7359. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7360. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7361. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7362. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7363. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7364. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7365. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7366. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7367. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7368. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7369. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7370. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7371. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7372. echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7373. echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7374. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7375. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7376. echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7377. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7378. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7379. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7380. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7381. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7382. echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7383. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7384. else
  7385. echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7386. fi
  7387. echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7388. echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7389. echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7390. echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7391. echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7392. echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7393. echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7394. echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7395. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7396. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7397. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7398. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7399. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7400. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7401. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7402. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7403. echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7404. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7405. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7406. echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7407. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7408. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7409. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7410. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7411. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7412. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7413. echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7414. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7415. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7416. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7417. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7418. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7419. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7420. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7421. echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7422. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7423. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7424. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7425. echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7426. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7427. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7428. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7429. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7430. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7431. echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7432. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7433. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7434. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7435. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7436. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7437. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7438. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7439. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7440. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7441. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7442. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7443. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7444. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7445. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7446. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7447. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7448. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7449. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7450. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7451. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7452. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7453. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7454. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7455. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7456. echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7457. echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7458. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7459. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7460. echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7461. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7462. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7463. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7464. echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7465. echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7466. echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7467. if [[ $ONION_ONLY == "no" ]]; then
  7468. if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then
  7469. if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
  7470. ${PROJECT_NAME}-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
  7471. else
  7472. ${PROJECT_NAME}-addcert -e $FULLBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
  7473. fi
  7474. check_certificates $FULLBLOG_DOMAIN_NAME
  7475. fi
  7476. fi
  7477. configure_php
  7478. # blog settings
  7479. cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
  7480. sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
  7481. sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
  7482. sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
  7483. sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
  7484. sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
  7485. # create a user password
  7486. get_blog_admin_password
  7487. if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then
  7488. if [ -f $IMAGE_PASSWORD_FILE ]; then
  7489. FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  7490. else
  7491. FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 16)"
  7492. fi
  7493. echo '' >> /home/$MY_USERNAME/README
  7494. echo '' >> /home/$MY_USERNAME/README
  7495. echo $'HTMLy Blog' >> /home/$MY_USERNAME/README
  7496. echo '==========' >> /home/$MY_USERNAME/README
  7497. echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README
  7498. echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
  7499. echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
  7500. echo $'Edit your blog title and time zone at:' >> /home/$MY_USERNAME/README
  7501. echo " /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini" >> /home/$MY_USERNAME/README
  7502. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  7503. chmod 600 /home/$MY_USERNAME/README
  7504. fi
  7505. # create a user
  7506. echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
  7507. echo "password = '$FULLBLOG_ADMIN_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
  7508. echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
  7509. echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
  7510. echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
  7511. nginx_ensite $FULLBLOG_DOMAIN_NAME
  7512. FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})
  7513. systemctl restart php5-fpm
  7514. systemctl restart nginx
  7515. if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then
  7516. echo "Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
  7517. echo '' >> /home/$MY_USERNAME/README
  7518. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  7519. chmod 600 /home/$MY_USERNAME/README
  7520. fi
  7521. echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
  7522. # update the dynamic DNS
  7523. CURRENT_DDNS_DOMAIN=$FULLBLOG_DOMAIN_NAME
  7524. add_ddns_domain
  7525. echo 'install_blog' >> $COMPLETION_FILE
  7526. }
  7527. function install_gnu_social {
  7528. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  7529. return
  7530. fi
  7531. if [ ! $MICROBLOG_DOMAIN_NAME ]; then
  7532. echo $'No domain name was given for the microblog'
  7533. exit 7359
  7534. fi
  7535. # update to the next commit
  7536. if [ -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
  7537. if grep -q "GNU Social commit" $COMPLETION_FILE; then
  7538. CURRENT_GNUSOCIAL_COMMIT=$(grep "GNU Social commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  7539. if [[ "$CURRENT_GNUSOCIAL_COMMIT" != "$GNUSOCIAL_COMMIT" ]]; then
  7540. cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  7541. git_pull $MICROBLOG_REPO $GNUSOCIAL_COMMIT
  7542. sed -i "s/GNU Social commit.*/GNU Social commit:$GNUSOCIAL_COMMIT/g" $COMPLETION_FILE
  7543. chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  7544. fi
  7545. else
  7546. echo "GNU Social commit:$GNUSOCIAL_COMMIT" >> $COMPLETION_FILE
  7547. fi
  7548. fi
  7549. if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
  7550. return
  7551. fi
  7552. install_mariadb
  7553. get_mariadb_password
  7554. repair_databases_script
  7555. apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
  7556. if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then
  7557. mkdir /var/www/$MICROBLOG_DOMAIN_NAME
  7558. fi
  7559. if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
  7560. git_clone $MICROBLOG_REPO /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  7561. if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
  7562. echo $'Unable to clone gnusocial repo'
  7563. exit 87525
  7564. fi
  7565. fi
  7566. cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  7567. git checkout $GNUSOCIAL_COMMIT -b $GNUSOCIAL_COMMIT
  7568. if ! grep -q "GNU Social commit" $COMPLETION_FILE; then
  7569. echo "GNU Social commit:$GNUSOCIAL_COMMIT" >> $COMPLETION_FILE
  7570. else
  7571. sed -i "s/GNU Social commit.*/GNU Social commit:$GNUSOCIAL_COMMIT/g" $COMPLETION_FILE
  7572. fi
  7573. chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  7574. chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  7575. chmod +x /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php
  7576. get_mariadb_gnusocial_admin_password
  7577. if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then
  7578. if [ -f $IMAGE_PASSWORD_FILE ]; then
  7579. MICROBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  7580. else
  7581. MICROBLOG_ADMIN_PASSWORD="$(openssl rand -base64 32)"
  7582. fi
  7583. fi
  7584. create_database gnusocial "$MICROBLOG_ADMIN_PASSWORD" $MY_USERNAME
  7585. if [ ! -f "/etc/aliases" ]; then
  7586. touch /etc/aliases
  7587. fi
  7588. if grep -q "www-data: root" /etc/aliases; then
  7589. echo 'www-data: root' >> /etc/aliases
  7590. fi
  7591. if grep -q "/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" /etc/aliases; then
  7592. echo "*: /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" >> /etc/aliases
  7593. fi
  7594. newaliases
  7595. # update the dynamic DNS
  7596. CURRENT_DDNS_DOMAIN=$MICROBLOG_DOMAIN_NAME
  7597. add_ddns_domain
  7598. if [[ $ONION_ONLY == "no" ]]; then
  7599. echo 'server {' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7600. echo ' listen 80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7601. echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7602. echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7603. echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7604. echo " error_log /var/log/nginx/${MICROBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7605. echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7606. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7607. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7608. echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
  7609. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7610. echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7611. echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7612. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7613. echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7614. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7615. echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7616. echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7617. echo ' index index.php index.html index.htm;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7618. echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7619. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7620. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7621. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7622. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7623. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7624. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7625. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7626. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7627. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7628. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7629. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7630. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7631. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7632. echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7633. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7634. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7635. echo ' ssl on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7636. echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7637. echo " ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7638. echo " ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7639. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7640. echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7641. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7642. echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7643. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7644. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7645. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7646. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7647. echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7648. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7649. echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7650. echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7651. echo ' break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7652. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7653. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7654. echo ' location ~* ^/(.*)\.(ico|css|js|gif|png|jpg|bmp|JPG|jpeg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7655. echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7656. echo ' rewrite ^/(.*)$ /$1 break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7657. echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7658. echo ' expires max;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7659. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7660. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7661. echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7662. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7663. echo " error_log /var/log/nginx/${MICROBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7664. echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7665. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7666. else
  7667. echo -n '' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7668. fi
  7669. echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7670. echo " listen 127.0.0.1:${MICROBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7671. echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7672. echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7673. echo ' index index.php index.html index.htm;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7674. echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7675. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7676. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7677. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7678. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7679. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7680. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7681. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7682. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7683. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7684. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7685. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7686. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7687. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7688. echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7689. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7690. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7691. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7692. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7693. echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7694. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7695. echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7696. echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7697. echo ' break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7698. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7699. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7700. echo ' location ~* ^/(.*)\.(ico|css|js|gif|png|jpg|bmp|JPG|jpeg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7701. echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7702. echo ' rewrite ^/(.*)$ /$1 break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7703. echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7704. echo ' expires max;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7705. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7706. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7707. echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7708. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7709. echo " error_log /var/log/nginx/${MICROBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7710. echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  7711. configure_php
  7712. if [[ $ONION_ONLY == "no" ]]; then
  7713. if [ ! -f /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam ]; then
  7714. ${PROJECT_NAME}-addcert -e $MICROBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
  7715. check_certificates $MICROBLOG_DOMAIN_NAME
  7716. fi
  7717. fi
  7718. # Ensure that the database gets backed up locally, if remote
  7719. # backups are not being used
  7720. backup_databases_script_header
  7721. if ! grep -q "GNU Social" /usr/bin/backupdatabases; then
  7722. echo '' >> /usr/bin/backupdatabases
  7723. echo $'# Backup the GNU Social database' >> /usr/bin/backupdatabases
  7724. echo 'TEMPFILE=/root/gnusocial.sql' >> /usr/bin/backupdatabases
  7725. echo 'DAILYFILE=/var/backups/gnusocial_daily.sql' >> /usr/bin/backupdatabases
  7726. echo 'mysqldump --password="$MYSQL_PASSWORD" gnusocial > $TEMPFILE' >> /usr/bin/backupdatabases
  7727. echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
  7728. echo 'if [ "$FILESIZE" -eq "0" ]; then' >> /usr/bin/backupdatabases
  7729. echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
  7730. echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
  7731. echo '' >> /usr/bin/backupdatabases
  7732. echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
  7733. echo ' mysql -u root --password="$MYSQL_PASSWORD" gnusocial -o < $DAILYFILE' >> /usr/bin/backupdatabases
  7734. echo '' >> /usr/bin/backupdatabases
  7735. echo ' # Send a warning email' >> /usr/bin/backupdatabases
  7736. echo ' echo "Unable to create a backup of the GNU Social database. Attempted to restore from yesterdays backup" | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases
  7737. echo ' else' >> /usr/bin/backupdatabases
  7738. echo ' # Send a warning email' >> /usr/bin/backupdatabases
  7739. echo ' echo "Unable to create a backup of the GNU Social database." | mail -s "GNU Social backup" $EMAIL' >> /usr/bin/backupdatabases
  7740. echo ' fi' >> /usr/bin/backupdatabases
  7741. echo 'else' >> /usr/bin/backupdatabases
  7742. echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
  7743. echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
  7744. echo '' >> /usr/bin/backupdatabases
  7745. echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
  7746. echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
  7747. echo 'fi' >> /usr/bin/backupdatabases
  7748. fi
  7749. if ! grep -q "GNU Social" /etc/cron.weekly/backupdatabasesweekly; then
  7750. echo '' >> /etc/cron.weekly/backupdatabasesweekly
  7751. echo $'# GNU Social' >> /etc/cron.weekly/backupdatabasesweekly
  7752. echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
  7753. echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
  7754. echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
  7755. echo 'if [ -f /var/backups/gnusocial_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
  7756. echo ' cp -f /var/backups/gnusocial_daily.sql /var/backups/gnusocial_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
  7757. echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
  7758. fi
  7759. if ! grep -q "GNU Social" /etc/cron.monthly/backupdatabasesmonthly; then
  7760. echo '' >> /etc/cron.monthly/backupdatabasesmonthly
  7761. echo $'# GNU Social' >> /etc/cron.monthly/backupdatabasesmonthly
  7762. echo 'if [ -f /var/backups/gnusocial_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
  7763. echo ' cp -f /var/backups/gnusocial_monthly.sql /var/backups/gnusocial_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
  7764. echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
  7765. echo 'if [ -f /var/backups/gnusocial_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
  7766. echo ' cp -f /var/backups/gnusocial_weekly.sql /var/backups/gnusocial_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
  7767. echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
  7768. fi
  7769. if ! grep -q "gnusocial" /etc/cron.hourly/repair; then
  7770. echo "${PROJECT_NAME}-repair-database gnusocial" >> /etc/cron.hourly/repair
  7771. fi
  7772. nginx_ensite $MICROBLOG_DOMAIN_NAME
  7773. # NOTE: For the typical case always enable SSL and only
  7774. # disable it if in onion only mode. This is due to complexities
  7775. # with the way URLs are generated by GNU Social
  7776. gnu_social_ssl='always'
  7777. if [[ $ONION_ONLY != 'no' ]]; then
  7778. gnu_social_ssl='never'
  7779. fi
  7780. # Create the configuration
  7781. gnu_social_installer=/var/www/${MICROBLOG_DOMAIN_NAME}/htdocs/scripts/install_cli.php
  7782. ${gnu_social_installer} --server "${MICROBLOG_DOMAIN_NAME}" \
  7783. --host="localhost" --database="gnusocial" \
  7784. --dbtype=mysql --username="root" -v \
  7785. --password="$MARIADB_PASSWORD" \
  7786. --sitename="${MICROBLOG_DOMAIN_NAME}" --fancy='yes' \
  7787. --admin-nick="$MY_USERNAME" \
  7788. --admin-pass="$MICROBLOG_ADMIN_PASSWORD" \
  7789. --site-profile="community" \
  7790. --ssl=${gnu_social_ssl}
  7791. if [ ! "$?" = "0" ]; then
  7792. # failed to install
  7793. echo $'Could not install GNU Social'
  7794. exit 72357
  7795. fi
  7796. MICROBLOG_ONION_HOSTNAME=$(add_onion_service microblog 80 ${MICROBLOG_ONION_PORT})
  7797. systemctl restart php5-fpm
  7798. systemctl restart nginx
  7799. if ! grep -q "GNU Social onion domain" /home/$MY_USERNAME/README; then
  7800. echo "GNU Social onion domain: ${MICROBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
  7801. echo '' >> /home/$MY_USERNAME/README
  7802. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  7803. chmod 600 /home/$MY_USERNAME/README
  7804. fi
  7805. echo "GNU Social onion domain:${MICROBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
  7806. # some post-install instructions for the user
  7807. if ! grep -q $"Microblog administrator" /home/$MY_USERNAME/README; then
  7808. echo '' >> /home/$MY_USERNAME/README
  7809. echo '' >> /home/$MY_USERNAME/README
  7810. echo $'Microblog' >> /home/$MY_USERNAME/README
  7811. echo '=========' >> /home/$MY_USERNAME/README
  7812. echo $"Microblog administrator nickname: $MY_USERNAME" >> /home/$MY_USERNAME/README
  7813. echo $"Microblog administrator password: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
  7814. echo '' >> /home/$MY_USERNAME/README
  7815. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  7816. chmod 600 /home/$MY_USERNAME/README
  7817. fi
  7818. echo "GNU Social domain:$MICROBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
  7819. echo 'install_gnu_social' >> $COMPLETION_FILE
  7820. }
  7821. function install_gnu_social_theme {
  7822. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  7823. return
  7824. fi
  7825. # update to the next commit
  7826. if grep -q "addPlugin('Qvitter')" /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php; then
  7827. if grep -q "GNU Social theme commit" $COMPLETION_FILE; then
  7828. CURRENT_MICROBLOG_THEME_COMMIT=$(grep "GNU Social theme commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  7829. if [[ "$CURRENT_MICROBLOG_THEME_COMMIT" != "$MICROBLOG_THEME_COMMIT" ]]; then
  7830. cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
  7831. git_pull $MICROBLOG_THEME_REPO $MICROBLOG_THEME_COMMIT
  7832. sed -i "s/GNU Social theme commit.*/GNU Social theme commit:$MICROBLOG_THEME_COMMIT/g" $COMPLETION_FILE
  7833. chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local
  7834. fi
  7835. else
  7836. echo "GNU Social theme commit:$MICROBLOG_THEME_COMMIT" >> $COMPLETION_FILE
  7837. fi
  7838. fi
  7839. if grep -Fxq "install_gnu_social_theme" $COMPLETION_FILE; then
  7840. return
  7841. fi
  7842. if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins ]; then
  7843. mkdir -p /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
  7844. fi
  7845. cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
  7846. git_clone $MICROBLOG_THEME_REPO Qvitter
  7847. cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter
  7848. git checkout $MICROBLOG_THEME_COMMIT -b $MICROBLOG_THEME_COMMIT
  7849. if ! grep -q "addPlugin('Qvitter')" /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php; then
  7850. echo "addPlugin('Qvitter');" >> /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
  7851. fi
  7852. if ! grep -q "GNU Social theme commit" $COMPLETION_FILE; then
  7853. echo "GNU Social theme commit:$MICROBLOG_THEME_COMMIT" >> $COMPLETION_FILE
  7854. fi
  7855. chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  7856. echo 'install_gnu_social_theme' >> $COMPLETION_FILE
  7857. }
  7858. function install_hubzilla {
  7859. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  7860. return
  7861. fi
  7862. if [ ! $HUBZILLA_DOMAIN_NAME ]; then
  7863. return
  7864. fi
  7865. # For now it probably won't install as onion-only. This might change in future
  7866. if [[ $ONION_ONLY != "no" ]]; then
  7867. return
  7868. fi
  7869. # update to the next commit
  7870. if [ -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
  7871. if grep -q "Hubzilla commit" $COMPLETION_FILE; then
  7872. CURRENT_HUBZILLA_COMMIT=$(grep "Hubzilla commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  7873. if [[ "$CURRENT_HUBZILLA_COMMIT" != "$HUBZILLA_COMMIT" ]]; then
  7874. cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
  7875. git_pull $HUBZILLA_REPO $HUBZILLA_COMMIT
  7876. sed -i "s/Hubzilla commit.*/Hubzilla commit:$HUBZILLA_COMMIT/g" $COMPLETION_FILE
  7877. chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
  7878. fi
  7879. else
  7880. echo "Hubzilla commit:$HUBZILLA_COMMIT" >> $COMPLETION_FILE
  7881. fi
  7882. if grep -q "Hubzilla addons commit" $COMPLETION_FILE; then
  7883. CURRENT_HUBZILLA_ADDONS_COMMIT=$(grep "Hubzilla addons commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  7884. if [[ "$CURRENT_HUBZILLA_ADDONS_COMMIT" != "$HUBZILLA_ADDONS_COMMIT" ]]; then
  7885. cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/addon
  7886. git_pull $HUBZILLA_ADDONS_REPO $HUBZILLA_ADDONS_COMMIT
  7887. sed -i "s/Hubzilla addons commit.*/Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT/g" $COMPLETION_FILE
  7888. chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
  7889. fi
  7890. else
  7891. echo "Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT" >> $COMPLETION_FILE
  7892. fi
  7893. fi
  7894. if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then
  7895. return
  7896. fi
  7897. install_mariadb
  7898. get_mariadb_password
  7899. repair_databases_script
  7900. apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
  7901. apt-get -y install php5-dev imagemagick php5-imagick
  7902. if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
  7903. mkdir /var/www/$HUBZILLA_DOMAIN_NAME
  7904. fi
  7905. if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
  7906. mkdir /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
  7907. fi
  7908. if [ ! -f /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/index.php ]; then
  7909. cd $INSTALL_DIR
  7910. git_clone $HUBZILLA_REPO hubzilla
  7911. git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
  7912. if ! grep -q "Hubzilla commit" $COMPLETION_FILE; then
  7913. echo "Hubzilla commit:$HUBZILLA_COMMIT" >> $COMPLETION_FILE
  7914. else
  7915. sed -i "s/Hubzilla commit.*/Hubzilla commit:$HUBZILLA_COMMIT/g" $COMPLETION_FILE
  7916. fi
  7917. rm -rf /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
  7918. mv hubzilla /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
  7919. git_clone $HUBZILLA_ADDONS_REPO /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/addon
  7920. cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/addon
  7921. git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
  7922. if ! grep -q "Hubzilla addons commit" $COMPLETION_FILE; then
  7923. echo "Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT" >> $COMPLETION_FILE
  7924. else
  7925. sed -i "s/Hubzilla addons commit.*/Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT/g" $COMPLETION_FILE
  7926. fi
  7927. # some extra themes
  7928. git_clone $HUBZILLA_THEMES_REPO /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/redmatrix-themes1
  7929. cp -r /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/redmatrix-themes1/* view/theme/
  7930. chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
  7931. fi
  7932. get_mariadb_hubzilla_admin_password
  7933. if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
  7934. if [ -f $IMAGE_PASSWORD_FILE ]; then
  7935. HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  7936. else
  7937. HUBZILLA_ADMIN_PASSWORD="$(openssl rand -base64 32)"
  7938. fi
  7939. echo '' >> /home/$MY_USERNAME/README
  7940. echo '' >> /home/$MY_USERNAME/README
  7941. echo 'Hubzilla' >> /home/$MY_USERNAME/README
  7942. echo '==========' >> /home/$MY_USERNAME/README
  7943. echo $"Your MariaDB Hubzilla admin password is: $HUBZILLA_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
  7944. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  7945. chmod 600 /home/$MY_USERNAME/README
  7946. fi
  7947. create_database hubzilla "$HUBZILLA_ADMIN_PASSWORD"
  7948. if ! grep -q "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" /etc/crontab; then
  7949. echo "12,22,32,42,52 * * * * root cd /var/www/$HUBZILLA_DOMAIN_NAME/htdocs; /usr/bin/timeout 500 /usr/bin/php include/poller.php" >> /etc/crontab
  7950. fi
  7951. # update the dynamic DNS
  7952. CURRENT_DDNS_DOMAIN=$HUBZILLA_DOMAIN_NAME
  7953. add_ddns_domain
  7954. if [[ $ONION_ONLY == "no" ]]; then
  7955. echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7956. echo ' listen 80;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7957. echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7958. echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7959. echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7960. echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7961. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7962. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7963. echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7964. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7965. echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7966. echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7967. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7968. echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7969. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7970. echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7971. echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7972. echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7973. echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7974. echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7975. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7976. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7977. echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7978. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7979. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7980. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7981. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7982. echo ' ssl on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7983. echo " ssl_certificate /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.bundle.crt;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7984. echo " ssl_certificate_key /etc/ssl/private/$HUBZILLA_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7985. echo " ssl_dhparam /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7986. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7987. echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7988. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7989. echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7990. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7991. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7992. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7993. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7994. echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7995. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7996. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7997. echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7998. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  7999. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8000. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8001. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8002. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8003. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8004. echo ' allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8005. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8006. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8007. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8008. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8009. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8010. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8011. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8012. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8013. echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8014. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8015. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8016. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8017. echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8018. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8019. echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8020. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8021. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8022. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8023. echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8024. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8025. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8026. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8027. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8028. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8029. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8030. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8031. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8032. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8033. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8034. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8035. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8036. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8037. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8038. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8039. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8040. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8041. echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8042. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8043. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8044. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8045. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8046. echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8047. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8048. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8049. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8050. echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8051. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8052. echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8053. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8054. else
  8055. echo -n '' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8056. fi
  8057. echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8058. echo " listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8059. echo " root /var/www/$HUBZILLA_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8060. echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8061. echo " error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8062. echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8063. echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8064. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8065. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8066. echo ' access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8067. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8068. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8069. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8070. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8071. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8072. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8073. echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8074. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8075. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8076. echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8077. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8078. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8079. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8080. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8081. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8082. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8083. echo ' allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8084. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8085. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8086. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8087. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8088. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8089. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8090. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8091. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8092. echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8093. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8094. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8095. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8096. echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8097. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8098. echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8099. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8100. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8101. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8102. echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8103. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8104. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8105. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8106. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8107. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8108. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8109. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8110. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8111. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8112. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8113. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8114. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8115. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8116. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8117. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8118. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8119. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8120. echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8121. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8122. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8123. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8124. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8125. echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8126. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8127. echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8128. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8129. echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8130. echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8131. echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
  8132. configure_php
  8133. if [[ $ONION_ONLY == "no" ]]; then
  8134. if [ ! -f /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam ]; then
  8135. ${PROJECT_NAME}-addcert -e $HUBZILLA_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
  8136. check_certificates $HUBZILLA_DOMAIN_NAME
  8137. fi
  8138. fi
  8139. if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl/smarty3 ]; then
  8140. mkdir /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl/smarty3
  8141. fi
  8142. if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store" ]; then
  8143. mkdir "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store"
  8144. fi
  8145. if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]" ]; then
  8146. mkdir "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]"
  8147. fi
  8148. if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3" ]; then
  8149. mkdir "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3"
  8150. chmod 777 "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store/[data]/smarty3"
  8151. fi
  8152. chmod 777 /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl
  8153. chown -R www-data:www-data "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs/store"
  8154. chmod 777 /var/www/$HUBZILLA_DOMAIN_NAME/htdocs/view/tpl/smarty3
  8155. # Ensure that the database gets backed up locally, if remote
  8156. # backups are not being used
  8157. backup_databases_script_header
  8158. echo '' >> /usr/bin/backupdatabases
  8159. echo $'# Backup the Hubzilla database' >> /usr/bin/backupdatabases
  8160. echo 'TEMPFILE=/root/hubzilla.sql' >> /usr/bin/backupdatabases
  8161. echo 'DAILYFILE=/var/backups/hubzilla_daily.sql' >> /usr/bin/backupdatabases
  8162. echo 'mysqldump --password="$MYSQL_PASSWORD" hubzilla > $TEMPFILE' >> /usr/bin/backupdatabases
  8163. echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> /usr/bin/backupdatabases
  8164. echo 'if [ "$FILESIZE" -lt "1024" ]; then' >> /usr/bin/backupdatabases
  8165. echo ' if [ -f $DAILYFILE ]; then' >> /usr/bin/backupdatabases
  8166. echo ' cp $DAILYFILE $TEMPFILE' >> /usr/bin/backupdatabases
  8167. echo '' >> /usr/bin/backupdatabases
  8168. echo ' # try to restore yesterdays database' >> /usr/bin/backupdatabases
  8169. echo ' mysql -u root --password="$MYSQL_PASSWORD" hubzilla -o < $DAILYFILE' >> /usr/bin/backupdatabases
  8170. echo '' >> /usr/bin/backupdatabases
  8171. echo ' # Send a warning email' >> /usr/bin/backupdatabases
  8172. echo ' echo "Unable to create a backup of the Hubzilla database. Attempted to restore from yesterdays backup" | mail -s "Hubzilla backup" $EMAIL' >> /usr/bin/backupdatabases
  8173. echo ' else' >> /usr/bin/backupdatabases
  8174. echo ' # Send a warning email' >> /usr/bin/backupdatabases
  8175. echo ' echo "Unable to create a backup of the Hubzilla database." | mail -s "Hubzilla backup" $EMAIL' >> /usr/bin/backupdatabases
  8176. echo ' fi' >> /usr/bin/backupdatabases
  8177. echo 'else' >> /usr/bin/backupdatabases
  8178. echo ' chmod 600 $TEMPFILE' >> /usr/bin/backupdatabases
  8179. echo ' mv $TEMPFILE $DAILYFILE' >> /usr/bin/backupdatabases
  8180. echo '' >> /usr/bin/backupdatabases
  8181. echo ' # Make the backup readable only by root' >> /usr/bin/backupdatabases
  8182. echo ' chmod 600 $DAILYFILE' >> /usr/bin/backupdatabases
  8183. echo 'fi' >> /usr/bin/backupdatabases
  8184. echo '' >> /etc/cron.weekly/backupdatabasesweekly
  8185. echo '# Hubzilla' >> /etc/cron.weekly/backupdatabasesweekly
  8186. echo 'if [ -f /var/backups/hubzilla_weekly.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
  8187. echo ' cp -f /var/backups/hubzilla_weekly.sql /var/backups/hubzilla_2weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
  8188. echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
  8189. echo 'if [ -f /var/backups/hubzilla_daily.sql ]; then' >> /etc/cron.weekly/backupdatabasesweekly
  8190. echo ' cp -f /var/backups/hubzilla_daily.sql /var/backups/hubzilla_weekly.sql' >> /etc/cron.weekly/backupdatabasesweekly
  8191. echo 'fi' >> /etc/cron.weekly/backupdatabasesweekly
  8192. echo '' >> /etc/cron.monthly/backupdatabasesmonthly
  8193. echo '# Hubzilla' >> /etc/cron.monthly/backupdatabasesmonthly
  8194. echo 'if [ -f /var/backups/hubzilla_monthly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
  8195. echo ' cp -f /var/backups/hubzilla_monthly.sql /var/backups/hubzilla_2monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
  8196. echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
  8197. echo 'if [ -f /var/backups/hubzilla_weekly.sql ]; then' >> /etc/cron.monthly/backupdatabasesmonthly
  8198. echo ' cp -f /var/backups/hubzilla_weekly.sql /var/backups/hubzilla_monthly.sql' >> /etc/cron.monthly/backupdatabasesmonthly
  8199. echo 'fi' >> /etc/cron.monthly/backupdatabasesmonthly
  8200. if ! grep -q "hubzilla" /etc/cron.hourly/repair; then
  8201. echo "${PROJECT_NAME}-repair-database hubzilla" >> /etc/cron.hourly/repair
  8202. # remove legacy stuff
  8203. sed -i 's|/usr/bin/repairdatabase redmatrix||g' /etc/cron.hourly/repair
  8204. fi
  8205. chown -R www-data:www-data /var/www/$HUBZILLA_DOMAIN_NAME/htdocs
  8206. nginx_ensite $HUBZILLA_DOMAIN_NAME
  8207. HUBZILLA_ONION_HOSTNAME=$(add_onion_service hubzilla 80 ${HUBZILLA_ONION_PORT})
  8208. systemctl restart php5-fpm
  8209. systemctl restart nginx
  8210. systemctl restart cron
  8211. if ! grep -q "Hubzilla onion domain" /home/$MY_USERNAME/README; then
  8212. echo "Hubzilla onion domain: ${HUBZILLA_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
  8213. echo '' >> /home/$MY_USERNAME/README
  8214. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  8215. chmod 600 /home/$MY_USERNAME/README
  8216. fi
  8217. echo "Hubzilla domain:${HUBZILLA_DOMAIN_NAME}" >> $COMPLETION_FILE
  8218. echo "Hubzilla onion domain:${HUBZILLA_ONION_HOSTNAME}" >> $COMPLETION_FILE
  8219. echo 'install_hubzilla' >> $COMPLETION_FILE
  8220. }
  8221. function script_for_attaching_usb_drive {
  8222. if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
  8223. return
  8224. fi
  8225. echo '#!/bin/bash' > /usr/bin/attach-music
  8226. echo 'remove-music' >> /usr/bin/attach-music
  8227. echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
  8228. echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music
  8229. echo 'fi' >> /usr/bin/attach-music
  8230. echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
  8231. echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
  8232. echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
  8233. echo 'service minidlna restart' >> /usr/bin/attach-music
  8234. echo 'minidlnad -R' >> /usr/bin/attach-music
  8235. chmod +x /usr/bin/attach-music
  8236. ln -s /usr/bin/attach-music /usr/bin/attach-usb
  8237. ln -s /usr/bin/attach-music /usr/bin/attach-videos
  8238. ln -s /usr/bin/attach-music /usr/bin/attach-pictures
  8239. ln -s /usr/bin/attach-music /usr/bin/attach-media
  8240. echo '#!/bin/bash' > /usr/bin/remove-music
  8241. echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
  8242. echo " umount $USB_MOUNT" >> /usr/bin/remove-music
  8243. echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music
  8244. echo 'fi' >> /usr/bin/remove-music
  8245. chmod +x /usr/bin/remove-music
  8246. ln -s /usr/bin/remove-music /usr/bin/detach-music
  8247. ln -s /usr/bin/remove-music /usr/bin/detach-usb
  8248. ln -s /usr/bin/remove-music /usr/bin/remove-usb
  8249. ln -s /usr/bin/remove-music /usr/bin/detach-media
  8250. ln -s /usr/bin/remove-music /usr/bin/remove-media
  8251. ln -s /usr/bin/remove-music /usr/bin/detach-videos
  8252. ln -s /usr/bin/remove-music /usr/bin/remove-videos
  8253. ln -s /usr/bin/remove-music /usr/bin/detach-pictures
  8254. ln -s /usr/bin/remove-music /usr/bin/remove-pictures
  8255. echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
  8256. }
  8257. function install_dlna_server {
  8258. if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then
  8259. return
  8260. fi
  8261. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  8262. return
  8263. fi
  8264. apt-get -y install minidlna
  8265. if [ ! -f /etc/minidlna.conf ]; then
  8266. echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
  8267. exit 55
  8268. fi
  8269. sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
  8270. if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
  8271. echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
  8272. fi
  8273. if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
  8274. echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
  8275. fi
  8276. if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
  8277. echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
  8278. fi
  8279. if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
  8280. echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
  8281. fi
  8282. if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
  8283. echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
  8284. fi
  8285. sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
  8286. if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  8287. sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
  8288. else
  8289. sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
  8290. fi
  8291. sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
  8292. sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
  8293. sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
  8294. sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
  8295. sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
  8296. service minidlna force-reload
  8297. service minidlna reload
  8298. sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
  8299. if ! grep -q "max_user_watches" $COMPLETION_FILE; then
  8300. echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
  8301. fi
  8302. /sbin/sysctl -p
  8303. echo 'install_dlna_server' >> $COMPLETION_FILE
  8304. }
  8305. function install_mediagoblin {
  8306. return
  8307. if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
  8308. return
  8309. fi
  8310. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  8311. return
  8312. fi
  8313. if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
  8314. return
  8315. fi
  8316. apt-get -y install git-core python python-dev python-lxml python-imaging python-virtualenv
  8317. apt-get -y install postgresql postgresql-client python-psycopg2
  8318. apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject
  8319. apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools
  8320. apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev
  8321. apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools
  8322. su -c "createuser -A -D mediagoblin" - postgres
  8323. su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres
  8324. adduser --disabled-login --gecos 'Mediagoblin' mediagoblin
  8325. MEDIAGOBLIN_DOMAIN_ROOT="/home/mediagoblin"
  8326. MEDIAGOBLIN_PATH="$MEDIAGOBLIN_DOMAIN_ROOT/mediagoblin"
  8327. MEDIAGOBLIN_PATH_BIN="$MEDIAGOBLIN_PATH/mediagoblin/bin"
  8328. mkdir -p $MEDIAGOBLIN_DOMAIN_ROOT
  8329. chown -hR mediagoblin: $MEDIAGOBLIN_DOMAIN_ROOT
  8330. su -c "cd $MEDIAGOBLIN_DOMAIN_ROOT; git clone $MEDIAGOBLIN_REPO" - mediagoblin
  8331. cd $MEDIAGOBLIN_DOMAIN_ROOT
  8332. git checkout -q v0.7.1
  8333. su -c "cd $MEDIAGOBLIN_PATH; git submodule init" - mediagoblin
  8334. su -c "cd $MEDIAGOBLIN_PATH; git submodule update" - mediagoblin
  8335. su -c "cd $MEDIAGOBLIN_PATH; (virtualenv --python=python2 --system-site-packages . || cd $MEDIAGOBLIN_PATH; virtualenv --python=python2 .) && ./bin/python setup.py develop" - mediagoblin
  8336. su -c "cd $MEDIAGOBLIN_PATH; ./bin/easy_install flup" - mediagoblin
  8337. if [ -f $MEDIAGOBLIN_PATH/lib/python2.7/no-global-site-packages.txt ]; then
  8338. virtualenv deactivate
  8339. rm -f $MEDIAGOBLIN_PATH/lib/python2.7/no-global-site-packages.txt
  8340. su -c "cd $MEDIAGOBLIN_PATH; source bin/activate" - mediagoblin
  8341. fi
  8342. if [ -f $MEDIAGOBLIN_PATH/mediagoblin.example.ini ]; then
  8343. # this is for versions > 0.7.1
  8344. su -c "cp $MEDIAGOBLIN_PATH/mediagoblin.example.ini $MEDIAGOBLIN_PATH/mediagoblin_local.ini" - mediagoblin
  8345. sed -i 's|# data_basedir.*|data_basedir = "/var/lib/mediagoblin"|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  8346. else
  8347. su -c "cp $MEDIAGOBLIN_PATH/mediagoblin.ini $MEDIAGOBLIN_PATH/mediagoblin_local.ini" - mediagoblin
  8348. fi
  8349. sed -i 's|# sql_engine.*|sql_engine = postgresql:///mediagoblin|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  8350. sed -i "s/email_sender_address.*/email_sender_address = \"$MY_EMAIL_ADDRESS\"/g" $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  8351. sed -i 's|email_debug_mode.*|email_debug_mode = false|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  8352. # add extra media types
  8353. if ! grep -q "media_types.stl" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
  8354. echo '[[mediagoblin.media_types.stl]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  8355. fi
  8356. if ! grep -q "media_types.audio" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
  8357. echo '[[mediagoblin.media_types.audio]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  8358. fi
  8359. if ! grep -q "media_types.video" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
  8360. echo '[[mediagoblin.media_types.video]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  8361. fi
  8362. #su -c 'cd $MEDIAGOBLIN_PATH; ./bin/pip install scikits.audiolab' - mediagoblin
  8363. #su -c "cd $MEDIAGOBLIN_PATH; git submodule update && ./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate" - mediagoblin
  8364. su -c "cd $MEDIAGOBLIN_PATH; ./bin/gmg dbupdate" - mediagoblin
  8365. echo 'server {' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8366. echo ' listen 80;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8367. echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8368. echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8369. echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8370. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8371. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8372. echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8373. echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8374. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8375. echo ' location ^~ /auth/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8376. echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8377. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8378. echo ' location ^~ /u/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8379. echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8380. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8381. echo ' location ^~ /submit/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8382. echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8383. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8384. echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8385. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8386. echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8387. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8388. echo " root /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8389. echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8390. echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8391. echo " error_log /var/log/nginx/${MEDIAGOBLIN_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8392. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8393. echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8394. echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8395. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8396. echo ' ssl on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8397. echo " ssl_certificate /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8398. echo " ssl_certificate_key /etc/ssl/private/$MEDIAGOBLIN_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8399. echo " ssl_dhparam /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8400. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8401. echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8402. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8403. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8404. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8405. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8406. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8407. echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8408. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8409. echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8410. echo ' proxy_pass http://localhost:6543;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8411. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8412. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8413. echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8414. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8415. echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8416. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8417. echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8418. echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8419. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8420. echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8421. echo ' allow all;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8422. echo ' log_not_found off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8423. echo ' access_log off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8424. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8425. echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  8426. if [ ! -f /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam ]; then
  8427. if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
  8428. ${PROJECT_NAME}-addcert -h $MEDIAGOBLIN_DOMAIN_NAME --dhkey $DH_KEYLENGTH
  8429. else
  8430. ${PROJECT_NAME}-addcert -e $MEDIAGOBLIN_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
  8431. fi
  8432. check_certificates $MEDIAGOBLIN_DOMAIN_NAME
  8433. fi
  8434. nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
  8435. systemctl restart php5-fpm
  8436. systemctl restart nginx
  8437. /usr/sbin/nginx -s reload
  8438. # update the dynamic DNS
  8439. CURRENT_DDNS_DOMAIN=$MEDIAGOBLIN_DOMAIN_NAME
  8440. add_ddns_domain
  8441. # init with systemd
  8442. echo '[Unit]' > /etc/systemd/system/mediagoblin.service
  8443. echo 'Description=Mediagoblin (Media Server)' >> /etc/systemd/system/mediagoblin.service
  8444. echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin.service
  8445. echo 'After=network.target' >> /etc/systemd/system/mediagoblin.service
  8446. echo 'After=postgresql.service' >> /etc/systemd/system/mediagoblin.service
  8447. echo '' >> /etc/systemd/system/mediagoblin.service
  8448. echo '[Service]' >> /etc/systemd/system/mediagoblin.service
  8449. echo 'Type=simple' >> /etc/systemd/system/mediagoblin.service
  8450. echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin.service
  8451. echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin.service
  8452. echo 'WorkingDirectory=/home/mediagoblin/mediagoblin' >> /etc/systemd/system/mediagoblin.service
  8453. echo 'ExecStart=/home/mediagoblin/mediagoblin/lazyserver.sh --server-name=broadcast' >> /etc/systemd/system/mediagoblin.service
  8454. echo 'Restart=always' >> /etc/systemd/system/mediagoblin.service
  8455. echo 'Environment="USER=mediagoblin","HOME=/home/mediagoblin"' >> /etc/systemd/system/mediagoblin.service
  8456. echo '' >> /etc/systemd/system/mediagoblin.service
  8457. echo '[Install]' >> /etc/systemd/system/mediagoblin.service
  8458. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin.service
  8459. systemctl enable mediagoblin
  8460. systemctl restart mediagoblin
  8461. echo 'install_mediagoblin' >> $COMPLETION_FILE
  8462. }
  8463. function create_upgrade_script {
  8464. if [ -f /usr/local/bin/${PROJECT_NAME}-upgrade ]; then
  8465. cp /usr/local/bin/${PROJECT_NAME}-upgrade /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
  8466. else
  8467. cp /usr/bin/${PROJECT_NAME}-upgrade /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
  8468. fi
  8469. if grep -Fxq "create_upgrade_script" $COMPLETION_FILE; then
  8470. return
  8471. fi
  8472. apt-get -y install unattended-upgrades
  8473. echo 'create_upgrade_script' >> $COMPLETION_FILE
  8474. }
  8475. function intrusion_detection {
  8476. if grep -Fxq "intrusion_detection" $COMPLETION_FILE; then
  8477. return
  8478. fi
  8479. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  8480. return
  8481. fi
  8482. apt-get -y install tripwire
  8483. apt-get -y autoremove
  8484. cd /etc/tripwire
  8485. cp site.key $DEFAULT_DOMAIN_NAME-site.key
  8486. echo '*** Installing intrusion detection ***'
  8487. echo '
  8488. ' | tripwire --init
  8489. # make a script for easy resetting of the tripwire
  8490. echo '#!/bin/sh' > /usr/bin/reset-tripwire
  8491. echo 'tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt' >> /usr/bin/reset-tripwire
  8492. chmod +x /usr/bin/reset-tripwire
  8493. sed -i 's/SYSLOGREPORTING.*/SYSLOGREPORTING =false/g' /etc/tripwire/twcfg.txt
  8494. # only send emails if something has changed
  8495. sed -i 's|MAILNOVIOLATIONS.*|MAILNOVIOLATIONS = false|g' /etc/tripwire/twcfg.txt
  8496. sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt
  8497. sed -i 's|/etc/rc.boot.*||g' /etc/tripwire/twpol.txt
  8498. # Don't show any changes to /proc
  8499. sed -i 's|/proc.*||g' /etc/tripwire/twpol.txt
  8500. # Don't report log changes
  8501. sed -i 's|/var/log.*||g' /etc/tripwire/twpol.txt
  8502. # Ignore /etc/tripwire
  8503. if ! grep -q "!/etc/tripwire" /etc/tripwire/twpol.txt; then
  8504. sed -i '\|/etc\t\t->.*|a\ !/etc/tripwire;' /etc/tripwire/twpol.txt
  8505. fi
  8506. # Avoid logging the changed database
  8507. sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
  8508. # recreate the configuration
  8509. echo '
  8510. ' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
  8511. # reset
  8512. echo '
  8513. ' | reset-tripwire
  8514. echo 'intrusion_detection' >> $COMPLETION_FILE
  8515. }
  8516. # see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
  8517. # Local Redirection and Anonymizing Middlebox
  8518. function route_outgoing_traffic_through_tor {
  8519. if grep -Fxq "route_outgoing_traffic_through_tor" $COMPLETION_FILE; then
  8520. return
  8521. fi
  8522. if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
  8523. return
  8524. fi
  8525. apt-get -y install tor tor-arm
  8526. ### set variables
  8527. # Destinations you don't want routed through Tor
  8528. _non_tor="192.168.1.0/24 192.168.0.0/24"
  8529. # The user that Tor runs as
  8530. _tor_uid="debian-tor"
  8531. # Tor's TransPort
  8532. _trans_port="9040"
  8533. # Your internal interface
  8534. _int_if="eth0"
  8535. ### Set iptables *nat
  8536. iptables -t nat -A OUTPUT -o lo -j RETURN
  8537. iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
  8538. iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
  8539. # Allow clearnet access for hosts in $_non_tor
  8540. for _clearnet in $_non_tor; do
  8541. iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
  8542. iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN
  8543. done
  8544. # Redirect all other pre-routing and output to Tor
  8545. iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
  8546. iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53
  8547. iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port
  8548. ### set iptables *filter
  8549. iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  8550. # Allow clearnet access for hosts in $_non_tor
  8551. for _clearnet in $_non_tor 127.0.0.0/8; do
  8552. iptables -A OUTPUT -d $_clearnet -j ACCEPT
  8553. done
  8554. # Allow only Tor output
  8555. iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
  8556. iptables -A OUTPUT -j REJECT
  8557. save_firewall_settings
  8558. if ! grep -q "fs.file-max" /etc/sysctl.conf; then
  8559. echo "fs.file-max=100000" >> /etc/sysctl.conf
  8560. /sbin/sysctl -p
  8561. fi
  8562. echo 'domain localdomain' > /etc/resolv.conf
  8563. echo 'search localdomain' >> /etc/resolv.conf
  8564. echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
  8565. if ! grep -q "VirtualAddrNetworkIPv4" /etc/tor/torrc; then
  8566. echo 'VirtualAddrNetworkIPv4 10.192.0.0/10' >> /etc/tor/torrc
  8567. fi
  8568. if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
  8569. echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
  8570. fi
  8571. if ! grep -q "TransPort" /etc/tor/torrc; then
  8572. echo 'TransPort 9040' >> /etc/tor/torrc
  8573. fi
  8574. if ! grep -q "TransListenAddress 127.0.0.1" /etc/tor/torrc; then
  8575. echo 'TransListenAddress 127.0.0.1' >> /etc/tor/torrc
  8576. fi
  8577. if ! grep -q "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
  8578. echo "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
  8579. fi
  8580. if ! grep -q "DNSPort" /etc/tor/torrc; then
  8581. echo 'DNSPort 53' >> /etc/tor/torrc
  8582. fi
  8583. if ! grep -q "DNSListenAddress 127.0.0.1" /etc/tor/torrc; then
  8584. echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
  8585. fi
  8586. if ! grep -q "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
  8587. echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
  8588. fi
  8589. echo 'route_outgoing_traffic_through_tor' >> $COMPLETION_FILE
  8590. }
  8591. # A command to create a git repository for a project
  8592. function create_git_project {
  8593. if grep -Fxq "create_git_project" $COMPLETION_FILE; then
  8594. return
  8595. fi
  8596. apt-get -y install git
  8597. echo '#!/bin/bash' > /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8598. echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8599. echo 'GIT_PROJECT_NAME=$1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8600. echo 'if [ ! $GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8601. echo ' echo "Please specify a project name, without any spaces"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8602. echo ' exit 1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8603. echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8604. echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8605. echo 'if [ ! -d /home/$USER/projects/$GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8606. echo ' mkdir -p /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8607. echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8608. echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8609. echo 'cd /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8610. echo 'git init --bare' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8611. echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8612. echo -n 'echo "Your project has been created, ' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8613. echo 'use the following command to clone the repository"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8614. echo -n " git clone ssh://$MY_USERNAME@$DEFAULT_DOMAIN_NAME:$SSH_PORT" >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8615. echo '/home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8616. echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8617. echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8618. chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND
  8619. echo 'create_git_project' >> $COMPLETION_FILE
  8620. }
  8621. function check_date {
  8622. curr_date=$(date)
  8623. if [[ $curr_date == *"1970"* ]]; then
  8624. apt-get -y install ntp
  8625. fi
  8626. }
  8627. function install_dynamicdns {
  8628. if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
  8629. return
  8630. fi
  8631. if [[ $ONION_ONLY != "no" ]]; then
  8632. return
  8633. fi
  8634. # update to the next commit
  8635. if [ -d $INSTALL_DIR/inadyn ]; then
  8636. if grep -q "inadyn commit" $COMPLETION_FILE; then
  8637. CURRENT_INADYN_COMMIT=$(grep "inadyn commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  8638. if [[ "$CURRENT_INADYN_COMMIT" != "$INADYN_COMMIT" ]]; then
  8639. cd $INSTALL_DIR/inadyn
  8640. git_pull $INADYN_REPO $INADYN_COMMIT
  8641. sed -i "s/inadyn commit.*/inadyn commit:$INADYN_COMMIT/g" $COMPLETION_FILE
  8642. ./configure
  8643. USE_OPENSSL=1 make
  8644. make install
  8645. systemctl restart inadyn
  8646. fi
  8647. else
  8648. echo "inadyn commit:$INADYN_COMMIT" >> $COMPLETION_FILE
  8649. fi
  8650. fi
  8651. if grep -Fxq "install_dynamicdns" $COMPLETION_FILE; then
  8652. return
  8653. fi
  8654. # Here we compile from source because the current package
  8655. # doesn't support https, which could result in passwords
  8656. # being leaked
  8657. # Debian version 1.99.4-1
  8658. # https version 1.99.8
  8659. apt-get -y install build-essential curl libgnutls28-dev automake1.11
  8660. git_clone $INADYN_REPO $INSTALL_DIR/inadyn
  8661. if [ ! -d $INSTALL_DIR/inadyn ]; then
  8662. echo 'inadyn repo not cloned'
  8663. echo -n | openssl s_client -showcerts -connect github.com:443 -CApath /etc/ssl/certs
  8664. exit 6785
  8665. fi
  8666. cd $INSTALL_DIR/inadyn
  8667. git checkout $INADYN_COMMIT -b $INADYN_COMMIT
  8668. if ! grep -q "inadyn commit" $COMPLETION_FILE; then
  8669. echo "inadyn commit:$INADYN_COMMIT" >> $COMPLETION_FILE
  8670. else
  8671. sed -i "s/inadyn commit.*/inadyn commit:$INADYN_COMMIT/g" $COMPLETION_FILE
  8672. fi
  8673. ./configure
  8674. if [ ! "$?" = "0" ]; then
  8675. exit 74890
  8676. fi
  8677. USE_OPENSSL=1 make
  8678. if [ ! "$?" = "0" ]; then
  8679. exit 74858
  8680. fi
  8681. make install
  8682. if [ ! "$?" = "0" ]; then
  8683. exit 3785
  8684. fi
  8685. # create an unprivileged user
  8686. #useradd -r -s /bin/false debian-inadyn
  8687. # create a configuration file
  8688. echo 'background' > /etc/inadyn.conf
  8689. echo 'verbose 1' >> /etc/inadyn.conf
  8690. echo 'period 300' >> /etc/inadyn.conf
  8691. echo 'startup-delay 60' >> /etc/inadyn.conf
  8692. echo 'cache-dir /run/inadyn' >> /etc/inadyn.conf
  8693. echo 'logfile /dev/null' >> /etc/inadyn.conf
  8694. chmod 600 /etc/inadyn.conf
  8695. echo '[Unit]' > /etc/systemd/system/inadyn.service
  8696. echo 'Description=inadyn (DynDNS updater)' >> /etc/systemd/system/inadyn.service
  8697. echo 'After=network.target' >> /etc/systemd/system/inadyn.service
  8698. echo '' >> /etc/systemd/system/inadyn.service
  8699. echo '[Service]' >> /etc/systemd/system/inadyn.service
  8700. echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf' >> /etc/systemd/system/inadyn.service
  8701. echo 'Restart=always' >> /etc/systemd/system/inadyn.service
  8702. echo 'Type=forking' >> /etc/systemd/system/inadyn.service
  8703. echo '' >> /etc/systemd/system/inadyn.service
  8704. echo '[Install]' >> /etc/systemd/system/inadyn.service
  8705. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/inadyn.service
  8706. systemctl enable inadyn
  8707. systemctl start inadyn
  8708. systemctl daemon-reload
  8709. echo 'install_dynamicdns' >> $COMPLETION_FILE
  8710. }
  8711. function get_voip_server_password {
  8712. if [ -f /home/$MY_USERNAME/README ]; then
  8713. if grep -q "VoIP server password" /home/$MY_USERNAME/README; then
  8714. if [ ! $VOIP_SERVER_PASSWORD ]; then
  8715. VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  8716. fi
  8717. fi
  8718. fi
  8719. }
  8720. function get_sip_server_password {
  8721. if [ -f /home/$MY_USERNAME/README ]; then
  8722. if grep -q "SIP server password" /home/$MY_USERNAME/README; then
  8723. if [ ! $SIP_SERVER_PASSWORD ]; then
  8724. SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  8725. fi
  8726. fi
  8727. fi
  8728. }
  8729. function install_ipfs {
  8730. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
  8731. return
  8732. fi
  8733. export GOPATH=/home/git/go
  8734. systemctl set-environment GOPATH=/home/git/go
  8735. # update to the next commit
  8736. if [ -d /home/git/go/src/github.com/ipfs/go-ipfs ]; then
  8737. if grep -q "ipfs commit" $COMPLETION_FILE; then
  8738. CURRENT_IPFS_COMMIT=$(grep "ipfs commit" $COMPLETION_FILE | awk -F ':' '{print $2}')
  8739. if [[ "$CURRENT_IPFS_COMMIT" != "$IPFS_COMMIT" ]]; then
  8740. cd /home/git/go/src/github.com/ipfs/go-ipfs
  8741. git_pull $IPFS_GO_REPO $IPFS_COMMIT
  8742. sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
  8743. chown -R git:git /home/git
  8744. systemctl restart ipfs
  8745. systemctl daemon-reload
  8746. fi
  8747. else
  8748. echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
  8749. fi
  8750. fi
  8751. if grep -Fxq "install_ipfs" $COMPLETION_FILE; then
  8752. return
  8753. fi
  8754. apt-get -y install golang libpam0g-dev fuse
  8755. if [ ! -d /home/git ]; then
  8756. # add a gogs user account
  8757. adduser --disabled-login --gecos 'Gogs' git
  8758. # install Go
  8759. if ! grep -q "export GOPATH=/home/git/go" ~/.bashrc; then
  8760. echo 'export GOPATH=/home/git/go' >> ~/.bashrc
  8761. echo 'systemctl set-environment GOPATH=/home/git/go' >> ~/.bashrc
  8762. fi
  8763. export GOPATH=/home/git/go
  8764. if [ ! -d $GOPATH ]; then
  8765. mkdir -p $GOPATH
  8766. fi
  8767. fi
  8768. IPFS_PATH=/home/git/go/bin
  8769. if ! grep -q 'GOPATH/bin' ~/.bashrc; then
  8770. export PATH="$GOPATH/bin:$PATH:"
  8771. echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
  8772. fi
  8773. # set gopath for the user
  8774. if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
  8775. echo 'export GOPATH=/home/git/go' >> /home/$MY_USERNAME/.bashrc
  8776. echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
  8777. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
  8778. fi
  8779. IPFS_GO_REPO2=$(echo "$IPFS_GO_REPO" | sed 's|https://||g')
  8780. go get -u ${IPFS_GO_REPO2}/cmd/ipfs
  8781. if [ ! "$?" = "0" ]; then
  8782. exit 8242
  8783. fi
  8784. cd /home/git/go/src/$IPFS_GO_REPO2
  8785. git checkout $IPFS_COMMIT -b $IPFS_COMMIT
  8786. if ! grep -q "ipfs commit" $COMPLETION_FILE; then
  8787. echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
  8788. else
  8789. sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
  8790. fi
  8791. # initialise
  8792. su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
  8793. if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
  8794. echo "IPFS could not be initialised for user $MY_USERNAME"
  8795. exit 7358
  8796. fi
  8797. # directories to mount to
  8798. if [ ! -d /ipfs ]; then
  8799. mkdir /ipfs
  8800. mkdir /ipns
  8801. chown $MY_USERNAME:$MY_USERNAME /ipfs
  8802. chown $MY_USERNAME:$MY_USERNAME /ipns
  8803. fi
  8804. if [ -f /etc/fuse.conf ]; then
  8805. chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
  8806. fi
  8807. if [ -f /dev/fuse ]; then
  8808. chown $MY_USERNAME:$MY_USERNAME /dev/fuse
  8809. fi
  8810. echo '[Unit]' > /etc/systemd/system/ipfs.service
  8811. echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service
  8812. echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
  8813. echo 'After=network.target' >> /etc/systemd/system/ipfs.service
  8814. echo '' >> /etc/systemd/system/ipfs.service
  8815. echo '[Service]' >> /etc/systemd/system/ipfs.service
  8816. echo 'Type=simple' >> /etc/systemd/system/ipfs.service
  8817. echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
  8818. echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
  8819. echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
  8820. echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
  8821. echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
  8822. echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=/home/git/go\"" >> /etc/systemd/system/ipfs.service
  8823. echo '' >> /etc/systemd/system/ipfs.service
  8824. echo '[Install]' >> /etc/systemd/system/ipfs.service
  8825. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
  8826. systemctl enable ipfs
  8827. systemctl daemon-reload
  8828. systemctl restart ipfs
  8829. if [ -d /etc/avahi ]; then
  8830. su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
  8831. if [ ! -f /tmp/ipfsid ]; then
  8832. echo 'No IPFS identity was created'
  8833. exit 37895
  8834. fi
  8835. IPFS_PEER_ID=$(cat /tmp/ipfsid)
  8836. if [ ${#IPFS_PEER_ID} -lt 10 ]; then
  8837. echo 'Invalid IPFS peer ID'
  8838. echo "$IPFS_PEER_ID"
  8839. exit 74782
  8840. fi
  8841. # Add an avahi service
  8842. echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/ipfs.service
  8843. echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/ipfs.service
  8844. echo '<service-group>' >> /etc/avahi/services/ipfs.service
  8845. echo ' <name replace-wildcards="yes">%h IPFS</name>' >> /etc/avahi/services/ipfs.service
  8846. echo ' <service>' >> /etc/avahi/services/ipfs.service
  8847. echo ' <type>_ipfs._tcp</type>' >> /etc/avahi/services/ipfs.service
  8848. echo " <port>$IPFS_PORT</port>" >> /etc/avahi/services/ipfs.service
  8849. echo " <txt-record>$IPFS_PEER_ID</txt-record>" >> /etc/avahi/services/ipfs.service
  8850. echo ' </service>' >> /etc/avahi/services/ipfs.service
  8851. echo '</service-group>' >> /etc/avahi/services/ipfs.service
  8852. rm /tmp/ipfsid
  8853. fi
  8854. echo 'install_ipfs' >> $COMPLETION_FILE
  8855. }
  8856. function install_voip {
  8857. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
  8858. return
  8859. fi
  8860. if grep -Fxq "install_voip" $COMPLETION_FILE; then
  8861. return
  8862. fi
  8863. apt-get -y install mumble-server
  8864. get_voip_server_password
  8865. if [ ! $VOIP_SERVER_PASSWORD ]; then
  8866. if [ -f $IMAGE_PASSWORD_FILE ]; then
  8867. VOIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  8868. else
  8869. VOIP_SERVER_PASSWORD="$(openssl rand -base64 16)"
  8870. if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
  8871. VOIP_SERVER_PASSWORD="$(openssl rand -base64 16)"
  8872. fi
  8873. fi
  8874. fi
  8875. # Make an ssl cert for the server
  8876. if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
  8877. ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
  8878. check_certificates mumble
  8879. fi
  8880. # Check that the cert was created
  8881. if [ ! -f /etc/ssl/certs/mumble.crt ]; then
  8882. echo $'VoIP server certificate not created'
  8883. exit 57892
  8884. fi
  8885. if [ ! -f /etc/ssl/private/mumble.key ]; then
  8886. echo $'VoIP server key not created'
  8887. exit 57893
  8888. fi
  8889. if [ ! -d /var/lib/mumble-server ]; then
  8890. mkdir /var/lib/mumble-server
  8891. fi
  8892. cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
  8893. cp /etc/ssl/private/mumble.key /var/lib/mumble-server
  8894. chown -R mumble-server:mumble-server /var/lib/mumble-server
  8895. sed -i "s|welcometext=.*|welcometext=\"<br />Welcome to $DEFAULT_DOMAIN_NAME <b>VoIP</b>.<br />Chat freely!<br />\"|g" /etc/mumble-server.ini
  8896. if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
  8897. sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini
  8898. fi
  8899. sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini
  8900. sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini
  8901. sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini
  8902. sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
  8903. sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
  8904. if ! grep -q "allowping" /etc/mumble-server.ini; then
  8905. echo 'allowping=False' >> /etc/mumble-server.ini
  8906. fi
  8907. sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
  8908. sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini
  8909. sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
  8910. sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
  8911. sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
  8912. sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
  8913. sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
  8914. sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
  8915. sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini
  8916. sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
  8917. sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
  8918. sed -i "s|port=.*|port=${VOIP_PORT}|g" /etc/mumble-server.ini
  8919. VOIP_ONION_HOSTNAME=$(add_onion_service voip ${VOIP_PORT} ${VOIP_PORT})
  8920. if ! grep -q $"VoIP onion domain" $COMPLETION_FILE; then
  8921. echo "VoIP onion domain:$VOIP_ONION_HOSTNAME" >> $COMPLETION_FILE
  8922. fi
  8923. systemctl restart mumble-server
  8924. if ! grep -q $"VoIP Server" /home/$MY_USERNAME/README; then
  8925. echo '' >> /home/$MY_USERNAME/README
  8926. echo '' >> /home/$MY_USERNAME/README
  8927. echo $'VoIP Server' >> /home/$MY_USERNAME/README
  8928. echo '===========' >> /home/$MY_USERNAME/README
  8929. echo $"VoIP onion domain:$VOIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
  8930. echo $'VoIP server username: mumble-server' >> /home/$MY_USERNAME/README
  8931. if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then
  8932. echo $"VoIP server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
  8933. fi
  8934. echo '' >> /home/$MY_USERNAME/README
  8935. echo $'To connect to the VoIP server use your username and the server password shown above.' >> /home/$MY_USERNAME/README
  8936. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  8937. chmod 600 /home/$MY_USERNAME/README
  8938. fi
  8939. echo 'install_voip' >> $COMPLETION_FILE
  8940. }
  8941. function install_sip {
  8942. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
  8943. return
  8944. fi
  8945. if grep -Fxq "install_sip" $COMPLETION_FILE; then
  8946. return
  8947. fi
  8948. apt-get -y install sipwitch
  8949. get_sip_server_password
  8950. if [ ! $SIP_SERVER_PASSWORD ]; then
  8951. if [ -f $IMAGE_PASSWORD_FILE ]; then
  8952. SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  8953. else
  8954. SIP_SERVER_PASSWORD="$(openssl rand -base64 10)"
  8955. fi
  8956. fi
  8957. echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
  8958. echo '<sipwitch>' >> /etc/sipwitch.conf
  8959. echo '<provision>' >> /etc/sipwitch.conf
  8960. echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
  8961. echo '<extension>201</extension>' >> /etc/sipwitch.conf
  8962. echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
  8963. echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
  8964. echo '</user>' >> /etc/sipwitch.conf
  8965. echo '</provision>' >> /etc/sipwitch.conf
  8966. echo '<access>' >> /etc/sipwitch.conf
  8967. echo '</access>' >> /etc/sipwitch.conf
  8968. echo '<stack>' >> /etc/sipwitch.conf
  8969. echo " <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
  8970. echo ' <mapped>200</mapped>' >> /etc/sipwitch.conf
  8971. echo ' <threading>2</threading>' >> /etc/sipwitch.conf
  8972. echo ' <interface>*</interface>' >> /etc/sipwitch.conf
  8973. echo ' <dumping>false</dumping>' >> /etc/sipwitch.conf
  8974. echo ' <system>system</system>' >> /etc/sipwitch.conf
  8975. echo ' <anon>anonymous</anon>' >> /etc/sipwitch.conf
  8976. echo '</stack>' >> /etc/sipwitch.conf
  8977. echo '<timers>' >> /etc/sipwitch.conf
  8978. echo ' <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
  8979. echo ' <ring>4</ring>' >> /etc/sipwitch.conf
  8980. echo ' <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
  8981. echo ' <cfna>4</cfna>' >> /etc/sipwitch.conf
  8982. echo ' <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
  8983. echo ' <reset>6</reset>' >> /etc/sipwitch.conf
  8984. echo '</timers>' >> /etc/sipwitch.conf
  8985. echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
  8986. echo '<registry>' >> /etc/sipwitch.conf
  8987. echo ' <prefix>200</prefix>' >> /etc/sipwitch.conf
  8988. echo ' <range>100</range>' >> /etc/sipwitch.conf
  8989. echo ' <keysize>77</keysize>' >> /etc/sipwitch.conf
  8990. echo ' <mapped>200</mapped>' >> /etc/sipwitch.conf
  8991. echo ' <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
  8992. echo '</registry>' >> /etc/sipwitch.conf
  8993. echo '<routing>' >> /etc/sipwitch.conf
  8994. echo '</routing>' >> /etc/sipwitch.conf
  8995. echo '</sipwitch>' >> /etc/sipwitch.conf
  8996. sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
  8997. groupadd sipwitch
  8998. usermod -aG sipwitch $MY_USERNAME
  8999. SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
  9000. if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then
  9001. echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE
  9002. fi
  9003. systemctl restart sipwitch
  9004. if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
  9005. echo '' >> /home/$MY_USERNAME/README
  9006. echo '' >> /home/$MY_USERNAME/README
  9007. echo $'SIP Server' >> /home/$MY_USERNAME/README
  9008. echo '==========' >> /home/$MY_USERNAME/README
  9009. echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
  9010. echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
  9011. echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
  9012. echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
  9013. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  9014. chmod 600 /home/$MY_USERNAME/README
  9015. fi
  9016. echo 'install_sip' >> $COMPLETION_FILE
  9017. }
  9018. function install_final {
  9019. if grep -Fxq "install_final" $COMPLETION_FILE; then
  9020. return
  9021. fi
  9022. # unmount any attached usb drive
  9023. if [ -d $USB_MOUNT ]; then
  9024. umount $USB_MOUNT
  9025. rm -rf $USB_MOUNT
  9026. fi
  9027. split_gpg_key_into_fragments
  9028. echo 'install_final' >> $COMPLETION_FILE
  9029. clear
  9030. echo ''
  9031. echo $"
  9032. *** ${PROJECT_NAME} installation is complete. Rebooting... ***
  9033. Now forward these ports from your internet router
  9034. HTTP 80
  9035. HTTPS 443
  9036. SSH 2222
  9037. DLNA 1900
  9038. DLNA 8200
  9039. XMPP 5222-5223
  9040. XMPP 5269
  9041. XMPP 5280-5281
  9042. IRC 6697
  9043. Git 9418
  9044. Email 25
  9045. Email 587
  9046. Email 465
  9047. Email 993
  9048. VoIP 64738
  9049. VoIP 5060
  9050. Tox 33445
  9051. IPFS 4001
  9052. "
  9053. if [ -f "/home/$MY_USERNAME/README" ]; then
  9054. echo $"See /home/$MY_USERNAME/README for post-installation instructions."
  9055. echo ''
  9056. fi
  9057. if [ ! -f $IMAGE_PASSWORD_FILE ]; then
  9058. reboot
  9059. fi
  9060. }
  9061. read_configuration
  9062. set_default_onion_domains
  9063. locale_setup
  9064. parse_args
  9065. check_domains
  9066. install_not_on_BBB
  9067. remove_default_user
  9068. configure_firewall
  9069. configure_firewall_ping
  9070. configure_firewall_for_ssh
  9071. configure_firewall_for_dns
  9072. configure_firewall_for_ftp
  9073. configure_firewall_for_web_access
  9074. configure_firewall_for_voip
  9075. configure_firewall_for_sip
  9076. configure_firewall_for_avahi
  9077. configure_firewall_for_zeronet
  9078. configure_firewall_for_ipfs
  9079. remove_proprietary_repos
  9080. change_debian_repos
  9081. enable_backports
  9082. configure_dns
  9083. initial_setup
  9084. install_tor
  9085. enable_ssh_via_onion
  9086. check_date
  9087. install_dynamicdns
  9088. randomize_cron
  9089. create_freedns_updater
  9090. mark_admin_user_account
  9091. enforce_good_passwords
  9092. install_editor
  9093. change_login_message
  9094. enable_zram
  9095. random_number_generator
  9096. set_your_domain_name
  9097. time_synchronisation
  9098. configure_internet_protocol
  9099. create_git_project
  9100. configure_ssh
  9101. configure_ssh_onion
  9102. allow_ssh_to_onion_address
  9103. remove_instructions_from_motd
  9104. check_hwrng
  9105. search_for_attached_usb_drive
  9106. regenerate_ssh_keys
  9107. create_mirrors
  9108. create_upgrade_script
  9109. letsencrypt_renewals
  9110. install_zeronet
  9111. install_watchdog_script
  9112. configure_avahi
  9113. create_avahi_onion_domains
  9114. install_zeronet_blog
  9115. install_zeronet_mail
  9116. install_zeronet_forum
  9117. #install_atheros_wifi
  9118. configure_firewall_for_cjdns
  9119. mesh_cjdns
  9120. mesh_cjdns_tools
  9121. configure_firewall_for_batman
  9122. mesh_batman_bridge
  9123. configure_firewall_for_babel
  9124. mesh_babel
  9125. route_outgoing_traffic_through_tor
  9126. configure_email
  9127. create_procmail
  9128. spam_filtering
  9129. configure_imap
  9130. #configure_imap_client_certs
  9131. configure_gpg
  9132. configure_backup_key
  9133. encrypt_incoming_email
  9134. encrypt_outgoing_email
  9135. email_client
  9136. email_archiving
  9137. email_from_address
  9138. configure_firewall_for_email
  9139. create_public_mailing_list
  9140. #create_private_mailing_list
  9141. encrypt_all_email
  9142. import_email
  9143. script_for_attaching_usb_drive
  9144. install_web_server
  9145. configure_firewall_for_web_server
  9146. install_owncloud
  9147. install_owncloud_music_app
  9148. configure_owncloud_onion_site
  9149. install_gogs
  9150. install_xmpp
  9151. install_tox_node
  9152. install_tox_client
  9153. tox_avahi
  9154. configure_firewall_for_xmpp
  9155. install_irc_server
  9156. configure_firewall_for_irc
  9157. install_voip
  9158. install_sip
  9159. install_wiki
  9160. install_blog
  9161. mark_blog_domain
  9162. install_gnu_social
  9163. install_gnu_social_theme
  9164. install_hubzilla
  9165. install_dlna_server
  9166. configure_firewall_for_dlna
  9167. #install_mediagoblin
  9168. #install_ipfs
  9169. repair_databases_script
  9170. backup_to_friends_servers
  9171. intrusion_detection
  9172. install_final
  9173. echo "${PROJECT_NAME} installation is complete"
  9174. exit 0