free
/
freedombone
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
639 Commits
5 Branches
Struktur: 87034d5c6c
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von '87034d5c6c'
${ noResults }
freedombone/install-freedombone.sh

install-freedombone.sh 154KB
Verlauf Originalformat

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038 
  1. #!/bin/bash

  2. # Freedombone install script intended for use with Debian Jessie

  3. #

  4. # Note on dynamic dns

  5. # ===================

  6. #

  7. # I'm not particularly trying to promote freedns.afraid.org

  8. # as a service, it just happens to be a dynamic DNS system which

  9. # provides free (as in beer) accounts, and I'm trying to make the

  10. # process of setting up a working server as trivial as possible.

  11. # Other dynamic DNS systems are available, and if you're using

  12. # something different then comment out the section within

  13. # argument_checks and the call to dynamic_dns_freedns.

  14. #

  15. # Prerequisites

  16. # =============

  17. #

  18. # cd ~/

  19. # wget http://freedombone.uk.to/debian-jessie-console-armhf-2014-08-13.tar.xz

  20. #

  21. # Verify it.

  22. #

  23. # sha256sum debian-jessie-console-armhf-2014-08-13.tar.xz

  24. # fc225cfb3c2dfad92cccafa97e92c3cd3db9d94f4771af8da364ef59609f43de

  25. #

  26. # Uncompress it.

  27. #

  28. # tar xJf debian-jessie-console-armhf-2014-08-13.tar.xz

  29. # cd debian-jessie-console-armhf-2014-08-13

  30. #

  31. # sudo apt-get install u-boot-tools dosfstools git-core kpartx wget parted

  32. # sudo ./setup_sdcard.sh --mmc /dev/sdX --dtb beaglebone

  33. #

  34. # When finished eject the micrtoSD then reinsert it

  35. #

  36. # sudo cp /media/$USER/BOOT/bbb-uEnv.txt /media/$USER/BOOT/uEnv.txt

  37. # sync

  38. #

  39. # Eject microSD, insert into BBB, attach USB cable between BBB and laptop.

  40. # On Ubuntu wait until you see the "connected" message.

  41. #

  42. # ssh-keygen -f "/home/$USER/.ssh/known_hosts" -R 192.168.7.2

  43. # ssh debian@192.168.7.2 (password "temppwd")

  44. # su (password "root")

  45. # passwd

  46. # adduser $MY_USERNAME

  47. # sed -i '/iface eth0 inet dhcp/a\iface eth0 inet static' /etc/network/interfaces

  48. # sed -i '/iface eth0 inet static/a\    dns-nameservers 213.73.91.35 85.214.20.141' /etc/network/interfaces

  49. # sed -i "/iface eth0 inet static/a\    gateway $MY_ROUTER_IP" /etc/network/interfaces

  50. # sed -i '/iface eth0 inet static/a\    netmask 255.255.255.0' /etc/network/interfaces

  51. # sed -i "/iface eth0 inet static/a\    address $MY_BBB_STATIC_IP" /etc/network/interfaces

  52. # sed -i '/iface usb0 inet static/,/    gateway 192.168.7.1/ s/^/#/' /etc/network/interfaces

  53. # shutdown now

  54. #

  55. # Connect BBB to router

  56. #

  57. # scp install-freedombone.sh $MY_USERNAME@$MY_BBB_STATIC_IP:/home/$MY_USERNAME

  58. # ssh $MY_USERNAME@$MY_BBB_STATIC_IP

  59. # su

  60. # ./install-freedombone.sh [DOMAIN_NAME] [MY_USERNAME]

  61. 

  62. DOMAIN_NAME=$1

  63. MY_USERNAME=$2

  64. FREEDNS_SUBDOMAIN_CODE=$3

  65. SYSTEM_TYPE=$4

  66. 

  67. # Different system variants which may be specified within

  68. # the SYSTEM_TYPE option

  69. VARIANT_WRITER="writer"

  70. VARIANT_CLOUD="cloud"

  71. VARIANT_CHAT="chat"

  72. VARIANT_MAILBOX="mailbox"

  73. VARIANT_NONMAILBOX="nonmailbox"

  74. VARIANT_SOCIAL="social"

  75. VARIANT_MEDIA="media"

  76. 

  77. SSH_PORT=2222

  78. KERNEL_VERSION="v3.15.10-bone7"

  79. USE_HWRNG="yes"

  80. INSTALLED_WITHIN_DOCKER="no"

  81. 

  82. # If you want to run an encrypted mailing list specify its name here.

  83. # There should be no spaces in the name

  84. PRIVATE_MAILING_LIST=

  85. 

  86. # Domain name or freedns subdomain for mediagoblin installation

  87. MEDIAGOBLIN_DOMAIN_NAME=

  88. MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE=

  89. MEDIAGOBLIN_REPO=""

  90. MEDIAGOBLIN_ADMIN_PASSWORD=

  91. 

  92. # Domain name or freedns subdomain for microblog installation

  93. MICROBLOG_DOMAIN_NAME=

  94. MICROBLOG_FREEDNS_SUBDOMAIN_CODE=

  95. MICROBLOG_REPO="git://gitorious.org/social/mainline.git"

  96. MICROBLOG_ADMIN_PASSWORD=

  97. 

  98. # Domain name or redmatrix installation

  99. REDMATRIX_DOMAIN_NAME=

  100. REDMATRIX_FREEDNS_SUBDOMAIN_CODE=

  101. REDMATRIX_REPO="https://github.com/friendica/red.git"

  102. REDMATRIX_ADDONS_REPO="https://github.com/friendica/red-addons.git"

  103. REDMATRIX_ADMIN_PASSWORD=

  104. 

  105. # Domain name or freedns subdomain for Owncloud installation

  106. OWNCLOUD_DOMAIN_NAME=

  107. # Freedns dynamic dns code for owncloud

  108. OWNCLOUD_FREEDNS_SUBDOMAIN_CODE=

  109. OWNCLOUD_ARCHIVE="owncloud-7.0.2.tar.bz2"

  110. OWNCLOUD_DOWNLOAD="https://download.owncloud.org/community/$OWNCLOUD_ARCHIVE"

  111. OWNCLOUD_HASH="ea07124a1b9632aa5227240d655e4d84967fb6dd49e4a16d3207d6179d031a3a"

  112. 

  113. # Domain name or freedns subdomain for your wiki

  114. WIKI_FREEDNS_SUBDOMAIN_CODE=

  115. WIKI_DOMAIN_NAME=

  116. WIKI_ARCHIVE="dokuwiki-stable.tgz"

  117. WIKI_DOWNLOAD="http://download.dokuwiki.org/src/dokuwiki/$WIKI_ARCHIVE"

  118. WIKI_HASH="a0e79986b87b2744421ce3c33b43a21f296deadd81b1789c25fa4bb095e8e470"

  119. 

  120. # see https://www.dokuwiki.org/template:mnml-blog

  121. # https://andreashaerter.com/tmp/downloads/dokuwiki-template-mnml-blog/CHECKSUMS.asc

  122. WIKI_MNML_BLOG_ADDON_ARCHIVE="mnml-blog.tar.gz"

  123. WIKI_MNML_BLOG_ADDON="https://andreashaerter.com/downloads/dokuwiki-template-mnml-blog/latest"

  124. WIKI_MNML_BLOG_ADDON_HASH="428c280d09ee14326fef5cd6f6772ecfcd532f7b6779cd992ff79a97381cf39f"

  125. 

  126. # see https://www.dokuwiki.org/plugin:blogtng

  127. WIKI_BLOGTNG_ADDON_NAME="dokufreaks-plugin-blogtng-93a3fec"

  128. WIKI_BLOGTNG_ADDON_ARCHIVE="$WIKI_BLOGTNG_ADDON_NAME.zip"

  129. WIKI_BLOGTNG_ADDON="https://github.com/dokufreaks/plugin-blogtng/zipball/master"

  130. WIKI_BLOGTNG_ADDON_HASH="212b3ad918fdc92b2d49ef5d36bc9e086eab27532931ba6b87e05f35fd402a27"

  131. 

  132. # see https://www.dokuwiki.org/plugin:sqlite

  133. WIKI_SQLITE_ADDON_NAME="cosmocode-sqlite-7be4003"

  134. WIKI_SQLITE_ADDON_ARCHIVE="$WIKI_SQLITE_ADDON_NAME.tar.gz"

  135. WIKI_SQLITE_ADDON="https://github.com/cosmocode/sqlite/tarball/master"

  136. WIKI_SQLITE_ADDON_HASH="930335e647c7e62f3068689c256ee169fad2426b64f8360685d391ecb5eeda0c"

  137. 

  138. GPG_KEYSERVER="hkp://keys.gnupg.net"

  139. 

  140. # optionally you can provide your exported GPG key pair here

  141. # Note that the private key file will be deleted after use

  142. # If these are unspecified then a new GPG key will be created

  143. MY_GPG_PUBLIC_KEY=

  144. MY_GPG_PRIVATE_KEY=

  145. 

  146. # If you have existing mail within a Maildir

  147. # you can specify the directory here and the files

  148. # will be imported

  149. IMPORT_MAILDIR=

  150. 

  151. # The Debian package repository to use.

  152. DEBIAN_REPO="ftp.de.debian.org"

  153. 

  154. DEBIAN_VERSION="jessie"

  155. 

  156. # Directory where source code is downloaded and compiled

  157. INSTALL_DIR=$HOME/build

  158. 

  159. # device name for an attached usb drive

  160. USB_DRIVE=/dev/sda1

  161. 

  162. # memory limit for php in MB

  163. MAX_PHP_MEMORY=32

  164. 

  165. # default MariaDB password

  166. MARIADB_PASSWORD=

  167. 

  168. #list of encryption protocols

  169. SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2"

  170. 

  171. # list of ciphers to use

  172. SSL_CIPHERS="EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"

  173. 

  174. export DEBIAN_FRONTEND=noninteractive

  175. 

  176. # File which keeps track of what has already been installed

  177. COMPLETION_FILE=$HOME/freedombone-completed.txt

  178. if [ ! -f $COMPLETION_FILE ]; then

  179.     touch $COMPLETION_FILE

  180. fi

  181. 

  182. function show_help {

  183.   echo ''

  184.   echo './install-freedombone.sh [domain] [username] [subdomain code] [system type]'

  185.   echo ''

  186.   echo 'domain'

  187.   echo '------'

  188.   echo 'This is your domain name or freedns subdomain.'

  189.   echo ''

  190.   echo 'username'

  191.   echo '--------'

  192.   echo ''

  193.   echo 'This will be your username on the system. It should be all'

  194.   echo 'lower case and contain no spaces'

  195.   echo ''

  196.   echo 'subdomain code'

  197.   echo '--------------'

  198.   echo 'This is the freedns dynamic DNS code for your subdomain.'

  199.   echo "To find it from https://freedns.afraid.org select 'Dynamic DNS',"

  200.   echo "then 'quick cron example' and copy the code located between "

  201.   echo "'?' and '=='."

  202.   echo ''

  203.   echo 'system type'

  204.   echo '-----------'

  205.   echo 'This can either be blank if you wish to install the full system,'

  206.   echo "or for more specialised variants you can specify '$VARIANT_MAILBOX', '$VARIANT_CLOUD',"

  207.   echo "'$VARIANT_CHAT', '$VARIANT_SOCIAL', '$VARIANT_MEDIA' or '$VARIANT_WRITER'."

  208.   echo "If you wish to install everything except email then use the '$VARIANT_NONMAILBOX' variaint."

  209. 

  210. }

  211. 

  212. function argument_checks {

  213.   if [ ! -d /home/$MY_USERNAME ]; then

  214.       echo "There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."

  215.       exit 1

  216.   fi

  217.   if [ ! $DOMAIN_NAME ]; then

  218.       show_help

  219.       exit 2

  220.   fi

  221.   if [ ! $MY_USERNAME ]; then

  222.       show_help

  223.       exit 3

  224.   fi

  225.   if [ ! $FREEDNS_SUBDOMAIN_CODE ]; then

  226.       show_help

  227.       exit 4

  228.   fi

  229.   if [ $SYSTEM_TYPE ]; then

  230.       if [[ $SYSTEM_TYPE != $VARIANT_WRITER && $SYSTEM_TYPE != $VARIANT_CLOUD && $SYSTEM_TYPE != $VARIANT_CHAT && $SYSTEM_TYPE != $VARIANT_MAILBOX && $SYSTEM_TYPE != $VARIANT_NONMAILBOX && $SYSTEM_TYPE != $VARIANT_SOCIAL && $SYSTEM_TYPE != $VARIANT_MEDIA ]]; then

  231.           echo "'$SYSTEM_TYPE' is an unrecognised Freedombone variant."

  232.           exit 30

  233.       fi

  234.   fi

  235. }

  236. 

  237. function change_login_message {

  238.   if grep -Fxq "change_login_message" $COMPLETION_FILE; then

  239.       return

  240.   fi

  241.   echo '' > /etc/motd

  242.   echo ".---.                  .              .                   " >> /etc/motd

  243.   echo "|                      |              |                   " >> /etc/motd

  244.   echo "|--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-. " >> /etc/motd

  245.   echo "|    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-' " >> /etc/motd

  246.   echo "'    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'" >> /etc/motd

  247. 

  248.   if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then

  249.       echo '                 .    .        .            ' >> /etc/motd

  250.       echo '                 |\  /|        |   o        ' >> /etc/motd

  251.       echo "                 | \/ | .-. .-.|   .  .-.   " >> /etc/motd

  252.       echo "                 |    |(.-'(   |   | (   )  " >> /etc/motd

  253.       echo "                 '    '  --' -' --'  - -' - " >> /etc/motd

  254.   fi

  255. 

  256.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then

  257.       echo '              .  .   .  .     .          ' >> /etc/motd

  258.       echo '               \  \ /  /   o _|_         ' >> /etc/motd

  259.       echo '                \  \  /.--..  |  .-. .--.' >> /etc/motd

  260.       echo "                 \/ \/ |   |  | (.-' |   " >> /etc/motd

  261.       echo "                  ' '  ' -'  - -' --''   " >> /etc/motd

  262.   fi

  263. 

  264.   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then

  265.       echo '                  .--..             . ' >> /etc/motd

  266.       echo '                 :    |             | ' >> /etc/motd

  267.       echo '                 |    | .-. .  . .-.| ' >> /etc/motd

  268.       echo '                 :    |(   )|  |(   | ' >> /etc/motd

  269.       echo "                   --' - -'  -- - -' -" >> /etc/motd

  270.   fi

  271. 

  272.   if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then

  273.       echo '                  .--..         .   ' >> /etc/motd

  274.       echo '                 :    |        _|_  ' >> /etc/motd

  275.       echo '                 |    |--. .-.  |   ' >> /etc/motd

  276.       echo '                 :    |  |(   ) |   ' >> /etc/motd

  277.       echo "                   --''   - -' - -' " >> /etc/motd

  278.   fi

  279. 

  280.   if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then

  281.       echo '               .-.                    .  ' >> /etc/motd

  282.       echo '              (   )           o       |  ' >> /etc/motd

  283.       echo '                -.  .-.  .-.  .  .-.  |  ' >> /etc/motd

  284.       echo '              (   )(   )(     | (   ) |  ' >> /etc/motd

  285.       echo "                -'   -'   -'-'  - -' - - " >> /etc/motd

  286.   fi

  287. 

  288.   if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then

  289.       echo '             .    .           . .              ' >> /etc/motd

  290.       echo '             |\  /|        o  | |              ' >> /etc/motd

  291.       echo '             | \/ | .-.    .  | |.-.  .-.-. ,- ' >> /etc/motd

  292.       echo '             |    |(   )   |  | |   )(   ) :   ' >> /etc/motd

  293.       echo '             '    '  -' --'  - -' -'   -'-'  - ' >> /etc/motd

  294.   fi

  295. 

  296.   echo '' >> /etc/motd

  297.   echo '                  Freedom in the Cloud' >> /etc/motd

  298.   echo '' >> /etc/motd

  299.   echo 'change_login_message' >> $COMPLETION_FILE

  300. }

  301. 

  302. function search_for_attached_usb_drive {

  303.   # If a USB drive is attached then search for email,

  304.   # gpg, ssh keys and emacs configuration

  305.   if grep -Fxq "search_for_attached_usb_drive" $COMPLETION_FILE; then

  306.       return

  307.   fi

  308.   if [ -b $USB_DRIVE ]; then

  309.       if [ ! -d /media/usb ]; then

  310.           echo 'Mounting USB drive'

  311.           mkdir /media/usb

  312.           mount $USB_DRIVE /media/usb

  313.       fi

  314.       if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  315.           if [ -d /media/usb/Maildir ]; then

  316.               echo 'Maildir found on USB drive'

  317.               IMPORT_MAILDIR=/media/usb/Maildir

  318.           fi

  319.           if [ -d /media/usb/.gnupg ]; then

  320.               echo 'Importing GPG keyring'

  321.               cp -r /media/usb/.gnupg /home/$MY_USERNAME

  322.               chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg

  323.               if [ -f /home/$MY_USERNAME/.gnupg/secring.gpg ]; then

  324.                   shred -zu /media/usb/.gnupg/secring.gpg

  325.                   shred -zu /media/usb/.gnupg/random_seed

  326.                   shred -zu /media/usb/.gnupg/trustdb.gpg

  327.                   rm -rf /media/usb/.gnupg

  328.               else

  329.                   echo 'GPG files did not copy'

  330.                   exit 7

  331.               fi

  332.           fi

  333. 

  334.           if [ -f /media/usb/private_key.gpg ]; then

  335.               echo 'GPG private key found on USB drive'

  336.               MY_GPG_PRIVATE_KEY=/media/usb/private_key.gpg

  337.           fi

  338.           if [ -f /media/usb/public_key.gpg ]; then

  339.               echo 'GPG public key found on USB drive'

  340.               MY_GPG_PUBLIC_KEY=/media/usb/public_key.gpg

  341.           fi

  342.       fi

  343.       if [ -d /media/usb/.ssh ]; then

  344.           echo 'Importing ssh keys'

  345.           cp -r /media/usb/.ssh /home/$MY_USERNAME

  346.           chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh

  347.           # for security delete the ssh keys from the usb drive

  348.           if [ -f /home/$MY_USERNAME/.ssh/id_rsa ]; then

  349.               shred -zu /media/usb/.ssh/id_rsa

  350.               shred -zu /media/usb/.ssh/id_rsa.pub

  351.               shred -zu /media/usb/.ssh/known_hosts

  352.               rm -rf /media/usb/.ssh

  353.           else

  354.               echo 'ssh files did not copy'

  355.               exit 8

  356.           fi

  357.       fi

  358.       if [ -f /media/usb/.emacs ]; then

  359.           echo 'Importing .emacs file'

  360.           cp -f /media/usb/.emacs /home/$MY_USERNAME/.emacs

  361.           chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs

  362.       fi

  363.       if [ -d /media/usb/.emacs.d ]; then

  364.           echo 'Importing .emacs.d directory'

  365.           cp -r /media/usb/.emacs.d /home/$MY_USERNAME

  366.           chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs.d

  367.       fi

  368.       if [ -d /media/usb/personal ]; then

  369.           echo 'Importing personal directory'

  370.           cp -r /media/usb/personal /home/$MY_USERNAME

  371.           chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/personal

  372.       fi

  373.   else

  374.       if [ -d /media/usb ]; then

  375.           umount /media/usb

  376.           rm -rf /media/usb

  377.       fi

  378.       echo 'No USB drive attached'

  379.   fi

  380.   echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE

  381. }

  382. 

  383. function remove_proprietary_repos {

  384.   if grep -Fxq "remove_proprietary_repos" $COMPLETION_FILE; then

  385.       return

  386.   fi

  387.   sed -i 's/ non-free//g' /etc/apt/sources.list

  388.   echo 'remove_proprietary_repos' >> $COMPLETION_FILE

  389. }

  390. 

  391. function change_debian_repos {

  392.   if grep -Fxq "change_debian_repos" $COMPLETION_FILE; then

  393.       return

  394.   fi

  395.   rm -rf /var/lib/apt/lists/*

  396.   apt-get clean

  397.   sed -i "s/ftp.us.debian.org/$DEBIAN_REPO/g" /etc/apt/sources.list

  398. 

  399.   # ensure that there is a security repo

  400.   if ! grep -q "security" /etc/apt/sources.list; then

  401.       if grep -q "jessie" /etc/apt/sources.list; then

  402.           echo "deb http://security.debian.org/ jessie/updates main contrib" >> /etc/apt/sources.list

  403.           echo "#deb-src http://security.debian.org/ jessie/updates main contrib" >> /etc/apt/sources.list

  404.       else

  405.           if grep -q "wheezy" /etc/apt/sources.list; then

  406.               echo "deb http://security.debian.org/ wheezy/updates main contrib" >> /etc/apt/sources.list

  407.               echo "#deb-src http://security.debian.org/ wheezy/updates main contrib" >> /etc/apt/sources.list

  408.           fi

  409.       fi

  410.   fi

  411. 

  412.   apt-get update

  413.   apt-get -y --force-yes install apt-transport-https

  414.   echo 'change_debian_repos' >> $COMPLETION_FILE

  415. }

  416. 

  417. function initial_setup {

  418.   if grep -Fxq "initial_setup" $COMPLETION_FILE; then

  419.       return

  420.   fi

  421.   apt-get -y remove --purge apache*

  422.   apt-get -y dist-upgrade

  423.   apt-get -y install ca-certificates emacs24

  424.   echo 'initial_setup' >> $COMPLETION_FILE

  425. }

  426. 

  427. function install_editor {

  428.   if grep -Fxq "install_editor" $COMPLETION_FILE; then

  429.       return

  430.   fi

  431.   update-alternatives --set editor /usr/bin/emacs24

  432.   echo 'install_editor' >> $COMPLETION_FILE

  433. }

  434. 

  435. function enable_backports {

  436.   if grep -Fxq "enable_backports" $COMPLETION_FILE; then

  437.       return

  438.   fi

  439.   if ! grep -Fxq "deb http://$DEBIAN_REPO/debian jessie-backports main" /etc/apt/sources.list; then

  440.     echo "deb http://$DEBIAN_REPO/debian jessie-backports main" >> /etc/apt/sources.list

  441.   fi

  442.   echo 'enable_backports' >> $COMPLETION_FILE

  443. }

  444. 

  445. function update_the_kernel {

  446.   if grep -Fxq "update_the_kernel" $COMPLETION_FILE; then

  447.       return

  448.   fi

  449.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  450.       return

  451.   fi

  452.   cd /opt/scripts/tools

  453.   ./update_kernel.sh --kernel $KERNEL_VERSION

  454.   echo 'update_the_kernel' >> $COMPLETION_FILE

  455. }

  456. 

  457. function enable_zram {

  458.   if grep -Fxq "enable_zram" $COMPLETION_FILE; then

  459.       return

  460.   fi

  461.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  462.       return

  463.   fi

  464.   if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then

  465.       echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf

  466.   fi

  467.   echo '#!/bin/bash' > /etc/init.d/zram

  468.   echo '### BEGIN INIT INFO' >> /etc/init.d/zram

  469.   echo '# Provides: zram' >> /etc/init.d/zram

  470.   echo '# Required-Start:' >> /etc/init.d/zram

  471.   echo '# Required-Stop:' >> /etc/init.d/zram

  472.   echo '# Default-Start: 2 3 4 5' >> /etc/init.d/zram

  473.   echo '# Default-Stop: 0 1 6' >> /etc/init.d/zram

  474.   echo '# Short-Description: Increased Performance In Linux With zRam (Virtual Swap Compressed in RAM)' >> /etc/init.d/zram

  475.   echo '# Description: Adapted from systemd scripts at https://github.com/mystilleef/FedoraZram' >> /etc/init.d/zram

  476.   echo '### END INIT INFO' >> /etc/init.d/zram

  477.   echo 'start() {' >> /etc/init.d/zram

  478.   echo '    # get the number of CPUs' >> /etc/init.d/zram

  479.   echo '    num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram

  480.   echo '    # if something goes wrong, assume we have 1' >> /etc/init.d/zram

  481.   echo '    [ "$num_cpus" != 0 ] || num_cpus=1' >> /etc/init.d/zram

  482.   echo '    # set decremented number of CPUs' >> /etc/init.d/zram

  483.   echo '    decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram

  484.   echo '    # get the amount of memory in the machine' >> /etc/init.d/zram

  485.   echo '    mem_total_kb=$(grep MemTotal /proc/meminfo | grep -E --only-matching "[[:digit:]]+")' >> /etc/init.d/zram

  486.   echo '    mem_total=$((mem_total_kb * 1024))' >> /etc/init.d/zram

  487.   echo '    # load dependency modules' >> /etc/init.d/zram

  488.   echo '    modprobe zram num_devices=$num_cpus' >> /etc/init.d/zram

  489.   echo '    # initialize the devices' >> /etc/init.d/zram

  490.   echo '    for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram

  491.   echo '      echo $((mem_total / num_cpus)) > /sys/block/zram$i/disksize' >> /etc/init.d/zram

  492.   echo '    done' >> /etc/init.d/zram

  493.   echo '    # Creating swap filesystems' >> /etc/init.d/zram

  494.   echo '    for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram

  495.   echo '      mkswap /dev/zram$i' >> /etc/init.d/zram

  496.   echo '    done' >> /etc/init.d/zram

  497.   echo '    # Switch the swaps on' >> /etc/init.d/zram

  498.   echo '    for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram

  499.   echo '      swapon -p 100 /dev/zram$i' >> /etc/init.d/zram

  500.   echo '    done' >> /etc/init.d/zram

  501.   echo '}' >> /etc/init.d/zram

  502.   echo 'stop() {' >> /etc/init.d/zram

  503.   echo '    # get the number of CPUs' >> /etc/init.d/zram

  504.   echo '    num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram

  505.   echo '    # set decremented number of CPUs' >> /etc/init.d/zram

  506.   echo '    decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram

  507.   echo '    # Switching off swap' >> /etc/init.d/zram

  508.   echo '    for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram

  509.   echo '      if [ "$(grep /dev/zram$i /proc/swaps)" != "" ]; then' >> /etc/init.d/zram

  510.   echo '        swapoff /dev/zram$i' >> /etc/init.d/zram

  511.   echo '        sleep 1' >> /etc/init.d/zram

  512.   echo '      fi' >> /etc/init.d/zram

  513.   echo '    done' >> /etc/init.d/zram

  514.   echo '    sleep 1' >> /etc/init.d/zram

  515.   echo '    rmmod zram' >> /etc/init.d/zram

  516.   echo '}' >> /etc/init.d/zram

  517.   echo 'case "$1" in' >> /etc/init.d/zram

  518.   echo '    start)' >> /etc/init.d/zram

  519.   echo '        start' >> /etc/init.d/zram

  520.   echo '        ;;' >> /etc/init.d/zram

  521.   echo '    stop)' >> /etc/init.d/zram

  522.   echo '        stop' >> /etc/init.d/zram

  523.   echo '        ;;' >> /etc/init.d/zram

  524.   echo '    restart)' >> /etc/init.d/zram

  525.   echo '        stop' >> /etc/init.d/zram

  526.   echo '        sleep 3' >> /etc/init.d/zram

  527.   echo '        start' >> /etc/init.d/zram

  528.   echo '        ;;' >> /etc/init.d/zram

  529.   echo '    *)' >> /etc/init.d/zram

  530.   echo '        echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/zram

  531.   echo '        RETVAL=1' >> /etc/init.d/zram

  532.   echo 'esac' >> /etc/init.d/zram

  533.   echo 'exit $RETVAL' >> /etc/init.d/zram

  534.   chmod +x /etc/init.d/zram

  535.   update-rc.d zram defaults

  536.   echo 'enable_zram' >> $COMPLETION_FILE

  537. }

  538. 

  539. function random_number_generator {

  540.   if grep -Fxq "random_number_generator" $COMPLETION_FILE; then

  541.       return

  542.   fi

  543.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  544.       # it is assumed that docker uses the random number

  545.       # generator of the host system

  546.       return

  547.   fi

  548.   if [[ $USE_HWRNG == "yes" ]]; then

  549.     apt-get -y --force-yes install rng-tools

  550.     sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools

  551.   else

  552.     apt-get -y --force-yes install haveged

  553.   fi

  554.   echo 'random_number_generator' >> $COMPLETION_FILE

  555. }

  556. 

  557. function configure_ssh {

  558.   if grep -Fxq "configure_ssh" $COMPLETION_FILE; then

  559.       return

  560.   fi

  561.   sed -i "s/Port 22/Port $SSH_PORT/g" /etc/ssh/sshd_config

  562.   sed -i 's/PermitRootLogin without-password/PermitRootLogin no/g' /etc/ssh/sshd_config

  563.   sed -i 's/X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config

  564.   sed -i 's/ServerKeyBits 1024/ServerKeyBits 4096/g' /etc/ssh/sshd_config

  565.   sed -i 's/TCPKeepAlive yes/TCPKeepAlive no/g' /etc/ssh/sshd_config

  566.   sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config

  567.   sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config

  568.   echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config

  569.   echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config

  570.   echo 'Ciphers aes256-ctr,aes128-ctr' >> /etc/ssh/sshd_config

  571.   echo 'MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

  572.   KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1' >> /etc/ssh/sshd_config

  573.   apt-get -y --force-yes install fail2ban

  574.   echo 'configure_ssh' >> $COMPLETION_FILE

  575.   # Don't reboot if installing within docker

  576.   # random numbers will come from the host system

  577.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  578.       return

  579.   fi

  580.   echo ''

  581.   echo ''

  582.   echo '  *** Rebooting to initialise ssh settings and random number generator ***'

  583.   echo ''

  584.   echo "  *** Reconnect via ssh on port $SSH_PORT, then run this script again  ***"

  585.   echo ''

  586.   reboot

  587. }

  588. 

  589. function regenerate_ssh_keys {

  590.   if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE; then

  591.       return

  592.   fi

  593.   rm -f /etc/ssh/ssh_host_*

  594.   dpkg-reconfigure openssh-server

  595.   service ssh restart

  596.   echo 'regenerate_ssh_keys' >> $COMPLETION_FILE

  597. }

  598. 

  599. function configure_dns {

  600.   if grep -Fxq "configure_dns" $COMPLETION_FILE; then

  601.       return

  602.   fi

  603.   echo 'domain localdomain' > /etc/resolv.conf

  604.   echo 'search localdomain' >> /etc/resolv.conf

  605.   echo 'nameserver 213.73.91.35' >> /etc/resolv.conf

  606.   echo 'nameserver 85.214.20.141' >> /etc/resolv.conf

  607.   echo 'configure_dns' >> $COMPLETION_FILE

  608. }

  609. 

  610. function set_your_domain_name {

  611.   if grep -Fxq "set_your_domain_name" $COMPLETION_FILE; then

  612.       return

  613.   fi

  614.   echo "$DOMAIN_NAME" > /etc/hostname

  615.   hostname $DOMAIN_NAME

  616.   sed -i "s/127.0.1.1       arm/127.0.1.1       $DOMAIN_NAME/g" /etc/hosts

  617.   echo "127.0.1.1  $DOMAIN_NAME" >> /etc/hosts

  618.   echo 'set_your_domain_name' >> $COMPLETION_FILE

  619. }

  620. 

  621. function time_synchronisation {

  622.   if grep -Fxq "time_synchronisation" $COMPLETION_FILE; then

  623.       return

  624.   fi

  625.   apt-get -y --force-yes install tlsdate

  626.   apt-get -y remove ntpdate

  627. 

  628.   echo '#!/bin/bash' > /usr/bin/updatedate

  629.   echo 'TIMESOURCE=google.com' >> /usr/bin/updatedate

  630.   echo 'TIMESOURCE2=www.ptb.de' >> /usr/bin/updatedate

  631.   echo 'LOGFILE=/var/log/tlsdate.log' >> /usr/bin/updatedate

  632.   echo 'TIMEOUT=5' >> /usr/bin/updatedate

  633.   echo "EMAIL=$MY_USERNAME@$DOMAIN_NAME" >> /usr/bin/updatedate

  634.   echo '# File which contains the previous date as a number' >> /usr/bin/updatedate

  635.   echo 'BEFORE_DATE_FILE=/var/log/tlsdateprevious.txt' >> /usr/bin/updatedate

  636.   echo '# File which contains the previous date as a string' >> /usr/bin/updatedate

  637.   echo 'BEFORE_FULLDATE_FILE=/var/log/tlsdate.txt' >> /usr/bin/updatedate

  638.   echo 'DATE_BEFORE=$(date)' >> /usr/bin/updatedate

  639.   echo 'BEFORE=$(date -d "$Y-$M-$D" "+%s")' >> /usr/bin/updatedate

  640.   echo 'BACKWARDS_BETWEEN=0' >> /usr/bin/updatedate

  641.   echo '# If the date was previously set' >> /usr/bin/updatedate

  642.   echo 'if [[ -f "$BEFORE_DATE_FILE" ]]; then' >> /usr/bin/updatedate

  643.   echo '    BEFORE_FILE=$(cat $BEFORE_DATE_FILE)' >> /usr/bin/updatedate

  644.   echo '    BEFORE_FULLDATE=$(cat $BEFORE_FULLDATE_FILE)' >> /usr/bin/updatedate

  645.   echo '    # is the date going backwards?' >> /usr/bin/updatedate

  646.   echo '    if (( BEFORE_FILE > BEFORE )); then' >> /usr/bin/updatedate

  647.   echo '        echo -n "Date went backwards between tlsdate updates. " >> $LOGFILE' >> /usr/bin/updatedate

  648.   echo '        echo -n "$BEFORE_FILE > $BEFORE, " >> $LOGFILE' >> /usr/bin/updatedate

  649.   echo '        echo "$BEFORE_FULLDATE > $DATE_BEFORE" >> $LOGFILE' >> /usr/bin/updatedate

  650.   echo '        # Send a warning email' > /usr/bin/updatedate

  651.   echo '        echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate

  652.   echo '        # Try another time source' >> /usr/bin/updatedate

  653.   echo '        TIMESOURCE=$TIMESOURCE2' >> /usr/bin/updatedate

  654.   echo '        # try running without any parameters' >> /usr/bin/updatedate

  655.   echo '        tlsdate >> $LOGFILE' >> /usr/bin/updatedate

  656.   echo '        BACKWARDS_BETWEEN=1' >> /usr/bin/updatedate

  657.   echo '    fi' >> /usr/bin/updatedate

  658.   echo 'fi' >> /usr/bin/updatedate

  659.   echo '# Set the date' >> /usr/bin/updatedate

  660.   echo '/usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE -p 443 >> $LOGFILE' >> /usr/bin/updatedate

  661.   echo 'DATE_AFTER=$(date)' >> /usr/bin/updatedate

  662.   echo 'AFTER=$(date -d "$Y-$M-$D" '+%s')' >> /usr/bin/updatedate

  663.   echo '# After setting the date did it go backwards?' >> /usr/bin/updatedate

  664.   echo 'if (( AFTER < BEFORE )); then' >> /usr/bin/updatedate

  665.   echo '    echo "Incorrect date: $DATE_BEFORE -> $DATE_AFTER" >> $LOGFILE' >> /usr/bin/updatedate

  666.   echo '    # Send a warning email' >> /usr/bin/updatedate

  667.   echo '    echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate

  668.   echo '    # Try resetting the date from another time source' >> /usr/bin/updatedate

  669.   echo '    /usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE2 -p 443 >> $LOGFILE' >> /usr/bin/updatedate

  670.   echo '    DATE_AFTER=$(date)' >> /usr/bin/updatedate

  671.   echo '    AFTER=$(date -d "$Y-$M-$D" "+%s")' >> /usr/bin/updatedate

  672.   echo 'else' >> /usr/bin/updatedate

  673.   echo '    echo -n $TIMESOURCE >> $LOGFILE' >> /usr/bin/updatedate

  674.   echo '    if [[ -f "$BEFORE_DATE_FILE" ]]; then' >> /usr/bin/updatedate

  675.   echo '        echo -n " " >> $LOGFILE' >> /usr/bin/updatedate

  676.   echo '        echo -n $BEFORE_FILE >> $LOGFILE' >> /usr/bin/updatedate

  677.   echo '    fi' >> /usr/bin/updatedate

  678.   echo '    echo -n " " >> $LOGFILE' >> /usr/bin/updatedate

  679.   echo '    echo -n $BEFORE >> $LOGFILE' >> /usr/bin/updatedate

  680.   echo '    echo -n " " >> $LOGFILE' >> /usr/bin/updatedate

  681.   echo '    echo -n $AFTER >> $LOGFILE' >> /usr/bin/updatedate

  682.   echo '    echo -n " " >> $LOGFILE' >> /usr/bin/updatedate

  683.   echo '    echo $DATE_AFTER >> $LOGFILE' >> /usr/bin/updatedate

  684.   echo 'fi' >> /usr/bin/updatedate

  685.   echo '# Log the last date' >> /usr/bin/updatedate

  686.   echo 'if [ BACKWARDS_BETWEEN == 0 ]; then' >> /usr/bin/updatedate

  687.   echo '    echo "$AFTER" > $BEFORE_DATE_FILE' >> /usr/bin/updatedate

  688.   echo '    echo "$DATE_AFTER" > $BEFORE_FULLDATE_FILE' >> /usr/bin/updatedate

  689.   echo '    exit 0' >> /usr/bin/updatedate

  690.   echo 'else' >> /usr/bin/updatedate

  691.   echo '    exit 1' >> /usr/bin/updatedate

  692.   echo 'fi' >> /usr/bin/updatedate

  693.   chmod +x /usr/bin/updatedate

  694.   echo '*/15           * *   *   *   root /usr/bin/updatedate' >> /etc/crontab

  695.   service cron restart

  696. 

  697.   echo '#!/bin/bash' > /etc/init.d/tlsdate

  698.   echo '# /etc/init.d/tlsdate' >> /etc/init.d/tlsdate

  699.   echo '### BEGIN INIT INFO' >> /etc/init.d/tlsdate

  700.   echo '# Provides:          tlsdate' >> /etc/init.d/tlsdate

  701.   echo '# Required-Start:    $remote_fs $syslog' >> /etc/init.d/tlsdate

  702.   echo '# Required-Stop:     $remote_fs $syslog' >> /etc/init.d/tlsdate

  703.   echo '# Default-Start:     2 3 4 5' >> /etc/init.d/tlsdate

  704.   echo '# Default-Stop:      0 1 6' >> /etc/init.d/tlsdate

  705.   echo '# Short-Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate

  706.   echo '# Description:       Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate

  707.   echo '### END INIT INFO' >> /etc/init.d/tlsdate

  708.   echo '# Author: Bob Mottram <bob@robotics.uk.to>' >> /etc/init.d/tlsdate

  709.   echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin"' >> /etc/init.d/tlsdate

  710.   echo 'LOGFILE="/var/log/tlsdate.log"' >> /etc/init.d/tlsdate

  711.   echo 'TLSDATECOMMAND="tlsdate --timewarp -l -H www.ptb.de -p 443 >> $LOGFILE"' >> /etc/init.d/tlsdate

  712.   echo '#Start-Stop here' >> /etc/init.d/tlsdate

  713.   echo 'case "$1" in' >> /etc/init.d/tlsdate

  714.   echo '  start)' >> /etc/init.d/tlsdate

  715.   echo '    echo "tlsdate started"' >> /etc/init.d/tlsdate

  716.   echo '    $TLSDATECOMMAND' >> /etc/init.d/tlsdate

  717.   echo '    ;;' >> /etc/init.d/tlsdate

  718.   echo '  stop)' >> /etc/init.d/tlsdate

  719.   echo '    echo "tlsdate stopped"' >> /etc/init.d/tlsdate

  720.   echo '    ;;' >> /etc/init.d/tlsdate

  721.   echo '  restart)' >> /etc/init.d/tlsdate

  722.   echo '    echo "tlsdate restarted"' >> /etc/init.d/tlsdate

  723.   echo '    $TLSDATECOMMAND' >> /etc/init.d/tlsdate

  724.   echo '    ;;' >> /etc/init.d/tlsdate

  725.   echo '    *)' >> /etc/init.d/tlsdate

  726.   echo '  echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/tlsdate

  727.   echo '  exit 1' >> /etc/init.d/tlsdate

  728.   echo '  ;;' >> /etc/init.d/tlsdate

  729.   echo 'esac' >> /etc/init.d/tlsdate

  730.   echo 'exit 0' >> /etc/init.d/tlsdate

  731.   chmod +x /etc/init.d/tlsdate

  732.   update-rc.d tlsdate defaults

  733.   echo 'time_synchronisation' >> $COMPLETION_FILE

  734. }

  735. 

  736. function configure_firewall {

  737.   if grep -Fxq "configure_firewall" $COMPLETION_FILE; then

  738.       return

  739.   fi

  740.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  741.       # docker does its own firewalling

  742.       return

  743.   fi

  744.   iptables -P INPUT ACCEPT

  745.   ip6tables -P INPUT ACCEPT

  746.   iptables -F

  747.   ip6tables -F

  748.   iptables -X

  749.   ip6tables -X

  750.   iptables -P INPUT DROP

  751.   ip6tables -P INPUT DROP

  752.   iptables -A INPUT -i lo -j ACCEPT

  753.   iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

  754.   echo 'configure_firewall' >> $COMPLETION_FILE

  755. }

  756. 

  757. function save_firewall_settings {

  758.   iptables-save > /etc/firewall.conf

  759.   ip6tables-save > /etc/firewall6.conf

  760.   printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables

  761.   printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables

  762.   printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables

  763.   chmod +x /etc/network/if-up.d/iptables

  764. }

  765. 

  766. function configure_firewall_for_dns {

  767.   if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then

  768.       return

  769.   fi

  770.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  771.       # docker does its own firewalling

  772.       return

  773.   fi

  774.   iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT

  775.   save_firewall_settings

  776.   echo 'configure_firewall_for_dns' >> $COMPLETION_FILE

  777. }

  778. 

  779. function configure_firewall_for_xmpp {

  780.   if [ ! -d /etc/prosody ]; then

  781.       return

  782.   fi

  783.   if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then

  784.       return

  785.   fi

  786.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  787.       # docker does its own firewalling

  788.       return

  789.   fi

  790.   iptables -A INPUT -i eth0 -p tcp --dport 5222:5223 -j ACCEPT

  791.   iptables -A INPUT -i eth0 -p tcp --dport 5269 -j ACCEPT

  792.   iptables -A INPUT -i eth0 -p tcp --dport 5280:5281 -j ACCEPT

  793.   save_firewall_settings

  794.   echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE

  795. }

  796. 

  797. function configure_firewall_for_irc {

  798.   if [ ! -d /etc/ngircd ]; then

  799.       return

  800.   fi

  801.   if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then

  802.       return

  803.   fi

  804.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  805.       # docker does its own firewalling

  806.       return

  807.   fi

  808.   iptables -A INPUT -i eth0 -p tcp --dport 6697  -j ACCEPT

  809.   iptables -A INPUT -i eth0 -p tcp --dport 9999 -j ACCEPT

  810.   save_firewall_settings

  811.   echo 'configure_firewall_for_irc' >> $COMPLETION_FILE

  812. }

  813. 

  814. function configure_firewall_for_ftp {

  815.   if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then

  816.       return

  817.   fi

  818.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  819.       # docker does its own firewalling

  820.       return

  821.   fi

  822.   iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT

  823.   save_firewall_settings

  824.   echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE

  825. }

  826. 

  827. function configure_firewall_for_web_access {

  828.   if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then

  829.       return

  830.   fi

  831.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  832.       # docker does its own firewalling

  833.       return

  834.   fi

  835.   iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT

  836.   iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT

  837.   save_firewall_settings

  838.   echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE

  839. }

  840. 

  841. function configure_firewall_for_web_server {

  842.   if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then

  843.       return

  844.   fi

  845.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  846.       # docker does its own firewalling

  847.       return

  848.   fi

  849.   iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT

  850.   iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT

  851.   save_firewall_settings

  852.   echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE

  853. }

  854. 

  855. function configure_firewall_for_ssh {

  856.   if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then

  857.       return

  858.   fi

  859.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  860.       # docker does its own firewalling

  861.       return

  862.   fi

  863.   iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

  864.   iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT

  865.   save_firewall_settings

  866.   echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE

  867. }

  868. 

  869. function configure_firewall_for_git {

  870.   if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then

  871.       return

  872.   fi

  873.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  874.       # docker does its own firewalling

  875.       return

  876.   fi

  877.   iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT

  878.   save_firewall_settings

  879.   echo 'configure_firewall_for_git' >> $COMPLETION_FILE

  880. }

  881. 

  882. function configure_firewall_for_email {

  883.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  884.       return

  885.   fi

  886.   if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then

  887.       return

  888.   fi

  889.   if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then

  890.       # docker does its own firewalling

  891.       return

  892.   fi

  893.   iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT

  894.   iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT

  895.   iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT

  896.   iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT

  897.   save_firewall_settings

  898.   echo 'configure_firewall_for_email' >> $COMPLETION_FILE

  899. }

  900. 

  901. function configure_internet_protocol {

  902.   if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then

  903.       return

  904.   fi

  905.   sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf

  906.   sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf

  907.   sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf

  908.   sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf

  909.   sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf

  910.   sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf

  911.   sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf

  912.   sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf

  913.   sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf

  914.   sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf

  915.   echo '# ignore pings' >> /etc/sysctl.conf

  916.   echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf

  917.   echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf

  918.   echo '# disable ipv6' >> /etc/sysctl.conf

  919.   echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf

  920.   echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf

  921.   echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf

  922.   echo '# keepalive' >> /etc/sysctl.conf

  923.   echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf

  924.   echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf

  925.   echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf

  926.   echo 'configure_internet_protocol' >> $COMPLETION_FILE

  927. }

  928. 

  929. function script_to_make_self_signed_certificates {

  930.   if grep -Fxq "script_to_make_self_signed_certificates" $COMPLETION_FILE; then

  931.       return

  932.   fi

  933.   echo '#!/bin/bash' > /usr/bin/makecert

  934.   echo 'HOSTNAME=$1' >> /usr/bin/makecert

  935.   echo 'COUNTRY_CODE="US"' >> /usr/bin/makecert

  936.   echo 'AREA="Free Speech Zone"' >> /usr/bin/makecert

  937.   echo 'LOCATION="Freedomville"' >> /usr/bin/makecert

  938.   echo 'ORGANISATION="Freedombone"' >> /usr/bin/makecert

  939.   echo 'UNIT="Freedombone Unit"' >> /usr/bin/makecert

  940.   echo 'if ! which openssl > /dev/null ;then' >> /usr/bin/makecert

  941.   echo '    echo "$0: openssl is not installed, exiting" 1>&2' >> /usr/bin/makecert

  942.   echo '    exit 1' >> /usr/bin/makecert

  943.   echo 'fi' >> /usr/bin/makecert

  944.   echo 'openssl req -x509 -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt' >> /usr/bin/makecert

  945.   echo 'openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam' >> /usr/bin/makecert

  946.   echo 'chmod 400 /etc/ssl/private/$HOSTNAME.key' >> /usr/bin/makecert

  947.   echo 'chmod 640 /etc/ssl/certs/$HOSTNAME.crt' >> /usr/bin/makecert

  948.   echo 'chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam' >> /usr/bin/makecert

  949.   echo 'if [ -f /etc/init.d/nginx ]; then' >> /usr/bin/makecert

  950.   echo '  /etc/init.d/nginx reload' >> /usr/bin/makecert

  951.   echo 'fi' >> /usr/bin/makecert

  952.   echo '# add the public certificate to a separate directory' >> /usr/bin/makecert

  953.   echo '# so that we can redistribute it easily' >> /usr/bin/makecert

  954.   echo 'if [ ! -d /etc/ssl/mycerts ]; then' >> /usr/bin/makecert

  955.   echo '  mkdir /etc/ssl/mycerts' >> /usr/bin/makecert

  956.   echo 'fi' >> /usr/bin/makecert

  957.   echo 'cp /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/mycerts' >> /usr/bin/makecert

  958.   echo '# Create a bundle of your certificates' >> /usr/bin/makecert

  959.   echo 'cat /etc/ssl/mycerts/*.crt > /etc/ssl/freedombone-bundle.crt' >> /usr/bin/makecert

  960.   echo 'tar -czvf /etc/ssl/freedombone-certs.tar.gz /etc/ssl/mycerts/*.crt' >> /usr/bin/makecert

  961.   chmod +x /usr/bin/makecert

  962.   echo 'script_to_make_self_signed_certificates' >> $COMPLETION_FILE

  963. }

  964. 

  965. function configure_email {

  966.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  967.       return

  968.   fi

  969.   if grep -Fxq "configure_email" $COMPLETION_FILE; then

  970.       return

  971.   fi

  972.   apt-get -y remove postfix

  973.   apt-get -y --force-yes install exim4 sasl2-bin swaks libnet-ssleay-perl procmail

  974.   echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf

  975.   echo "dc_other_hostnames='$DOMAIN_NAME'" >> /etc/exim4/update-exim4.conf.conf

  976.   echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf

  977.   echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf

  978.   echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf

  979.   echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf

  980.   echo "dc_relay_nets='192.168.1.0/24'" >> /etc/exim4/update-exim4.conf.conf

  981.   echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf

  982.   echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf

  983.   echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf

  984.   echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf

  985.   echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf

  986.   echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf

  987.   update-exim4.conf

  988.   sed -i "s/START=no/START=yes/g" /etc/default/saslauthd

  989.   /etc/init.d/saslauthd start

  990. 

  991.   # make a tls certificate for email

  992.   makecert exim

  993.   mv /etc/ssl/private/exim.key /etc/exim4

  994.   mv /etc/ssl/certs/exim.crt /etc/exim4

  995.   mv /etc/ssl/certs/exim.dhparam /etc/exim4

  996.   chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam

  997.   chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam

  998. 

  999.   sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template

  1000.   sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template

  1001.   sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4

  1002.   if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then

  1003.     sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template

  1004.   fi

  1005. 

  1006.   adduser $MY_USERNAME sasl

  1007.   addgroup Debian-exim sasl

  1008.   /etc/init.d/exim4 restart

  1009.   if [ ! -d /etc/skel/Maildir ]; then

  1010.     mkdir -m 700 /etc/skel/Maildir

  1011.     mkdir -m 700 /etc/skel/Maildir/Sent

  1012.     mkdir -m 700 /etc/skel/Maildir/Sent/tmp

  1013.     mkdir -m 700 /etc/skel/Maildir/Sent/cur

  1014.     mkdir -m 700 /etc/skel/Maildir/Sent/new

  1015.     mkdir -m 700 /etc/skel/Maildir/.learn-spam

  1016.     mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur

  1017.     mkdir -m 700 /etc/skel/Maildir/.learn-spam/new

  1018.     mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp

  1019.     mkdir -m 700 /etc/skel/Maildir/.learn-ham

  1020.     mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur

  1021.     mkdir -m 700 /etc/skel/Maildir/.learn-ham/new

  1022.     mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp

  1023.     ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam

  1024.     ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham

  1025.   fi

  1026. 

  1027.   if [ ! -d /home/$MY_USERNAME/Maildir ]; then

  1028.     mkdir -m 700 /home/$MY_USERNAME/Maildir

  1029.     mkdir -m 700 /home/$MY_USERNAME/Maildir/cur

  1030.     mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp

  1031.     mkdir -m 700 /home/$MY_USERNAME/Maildir/new

  1032.     mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent

  1033.     mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur

  1034.     mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp

  1035.     mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new

  1036.     mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam

  1037.     mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur

  1038.     mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new

  1039.     mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp

  1040.     mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham

  1041.     mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur

  1042.     mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new

  1043.     mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp

  1044.     ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam

  1045.     ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham

  1046.     chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir

  1047.   fi

  1048.   echo 'configure_email' >> $COMPLETION_FILE

  1049. }

  1050. 

  1051. function spam_filtering {

  1052.   # NOTE: spamassassin installation currently doesn't work, sa-compile fails with a make error 23/09/2014

  1053.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  1054.       return

  1055.   fi

  1056.   if grep -Fxq "spam_filtering" $COMPLETION_FILE; then

  1057.       return

  1058.   fi

  1059.   apt-get -y --force-yes install exim4-daemon-heavy

  1060.   apt-get -y --force-yes install spamassassin

  1061.   sa-update -v

  1062.   sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin

  1063.   sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template

  1064.   # This configuration is based on https://wiki.debian.org/DebianSpamAssassin

  1065.   sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt

  1066.   sed -i '/domains = +local_domains : +relay_to_domains/a\    set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt

  1067.   sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1068.   echo 'warn  message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1069.   echo '      spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1070.   echo 'warn  message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1071.   echo '      spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1072.   echo 'warn  message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1073.   echo '      spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1074.   echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1075.   echo 'deny  message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1076.   echo '      spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1077.   echo '      condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data

  1078.   # procmail configuration

  1079.   echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc

  1080.   echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc

  1081.   echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc

  1082.   echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc

  1083.   echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc

  1084.   echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc

  1085.   echo '  * < 256000' >> /home/$MY_USERNAME/.procmailrc

  1086.   echo '| spamc' >> /home/$MY_USERNAME/.procmailrc

  1087.   echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc

  1088.   echo ':0' >> /home/$MY_USERNAME/.procmailrc

  1089.   echo '  * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc

  1090.   echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc

  1091.   echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc

  1092.   echo ':0' >> /home/$MY_USERNAME/.procmailrc

  1093.   echo '  * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc

  1094.   echo '.0-spam/' >> /home/$MY_USERNAME/.procmailrc

  1095.   echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc

  1096.   echo ':0' >> /home/$MY_USERNAME/.procmailrc

  1097.   echo '  * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc

  1098.   echo '.spam/' >> /home/$MY_USERNAME/.procmailrc

  1099.   chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc

  1100.   # filtering scripts

  1101.   echo '#!/bin/bash' > /usr/bin/filterspam

  1102.   echo 'USERNAME=$1' >> /usr/bin/filterspam

  1103.   echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam

  1104.   echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam

  1105.   echo '    exit' >> /usr/bin/filterspam

  1106.   echo 'fi' >> /usr/bin/filterspam

  1107.   echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam

  1108.   echo 'do' >> /usr/bin/filterspam

  1109.   echo '    spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam

  1110.   echo '    rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam

  1111.   echo 'done' >> /usr/bin/filterspam

  1112.   echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam

  1113.   echo 'do' >> /usr/bin/filterspam

  1114.   echo '    spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam

  1115.   echo '    rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam

  1116.   echo 'done' >> /usr/bin/filterspam

  1117. 

  1118.   echo '#!/bin/bash' > /usr/bin/filterham

  1119.   echo 'USERNAME=$1' >> /usr/bin/filterham

  1120.   echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham

  1121.   echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham

  1122.   echo '    exit' >> /usr/bin/filterham

  1123.   echo 'fi' >> /usr/bin/filterham

  1124.   echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham

  1125.   echo 'do' >> /usr/bin/filterham

  1126.   echo '    spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham

  1127.   echo '    rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham

  1128.   echo 'done' >> /usr/bin/filterham

  1129.   echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterham

  1130.   echo 'do' >> /usr/bin/filterham

  1131.   echo '    spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham

  1132.   echo '    rm "$MAILDIR/new/$f"' >> /usr/bin/filterham

  1133.   echo 'done' >> /usr/bin/filterham

  1134. 

  1135.   if ! grep -q "filterspam" /etc/crontab; then

  1136.     echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam $MY_USERNAME" >> /etc/crontab

  1137.   fi

  1138.   if ! grep -q "filterham" /etc/crontab; then

  1139.     echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham $MY_USERNAME" >> /etc/crontab

  1140.   fi

  1141.   chmod 655 /usr/bin/filterspam /usr/bin/filterham

  1142.   sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf

  1143.   sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf

  1144. 

  1145.   service spamassassin restart

  1146.   service exim4 restart

  1147.   service cron restart

  1148.   echo 'spam_filtering' >> $COMPLETION_FILE

  1149. }

  1150. 

  1151. function configure_imap {

  1152.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  1153.       return

  1154.   fi

  1155.   if grep -Fxq "configure_imap" $COMPLETION_FILE; then

  1156.       return

  1157.   fi

  1158.   apt-get -y --force-yes install dovecot-common dovecot-imapd

  1159.   makecert dovecot

  1160.   chown root:dovecot /etc/ssl/certs/dovecot.crt

  1161.   chown root:dovecot /etc/ssl/private/dovecot.key

  1162.   chown root:dovecot /etc/ssl/private/dovecot.dhparams

  1163. 

  1164.   sed -i 's|#ssl = yes|ssl = yes|g' /etc/dovecot/conf.d/10-ssl.conf

  1165.   sed -i 's|ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf

  1166.   sed -i 's|ssl_key = </etc/dovecot/private/dovecot.pem|/etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf

  1167.   sed -i 's|#ssl_dh_parameters_length = 1024|ssl_dh_parameters_length = 1024|g' /etc/dovecot/conf.d/10-ssl.conf

  1168.   sed -i 's/#ssl_prefer_server_ciphers = no/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf

  1169.   echo "ssl_cipher_list = '$SSL_CIPHERS'" >> /etc/dovecot/conf.d/10-ssl.conf

  1170. 

  1171. 

  1172.   sed -i 's/#listen = *, ::/listen = */g' /etc/dovecot/dovecot.conf

  1173.   sed -i 's/#disable_plaintext_auth = yes/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf

  1174.   sed -i 's/auth_mechanisms = plain/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf

  1175.   sed -i 's|#   mail_location = maildir:~/Maildir|   mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf

  1176.   echo 'configure_imap' >> $COMPLETION_FILE

  1177. }

  1178. 

  1179. function configure_gpg {

  1180.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  1181.       return

  1182.   fi

  1183.   if grep -Fxq "configure_gpg" $COMPLETION_FILE; then

  1184.       return

  1185.   fi

  1186.   apt-get -y --force-yes install gnupg

  1187. 

  1188.   if [ ! -d /home/$MY_USERNAME/.gnupg ]; then

  1189.       mkdir /home/$MY_USERNAME/.gnupg

  1190.       echo 'keyserver hkp://keys.gnupg.net' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  1191.       echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  1192.   fi

  1193. 

  1194.   sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf

  1195. 

  1196.   if ! grep -q "# default preferences" /home/$MY_USERNAME/.gnupg/gpg.conf; then

  1197.       echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  1198.       echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  1199.       echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  1200.       echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  1201.       echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf

  1202.   fi

  1203. 

  1204.   chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg

  1205. 

  1206.   if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then

  1207.       # use your existing GPG keys which were exported

  1208.       if [ ! -f $MY_GPG_PUBLIC_KEY ]; then

  1209.           echo "GPG public key file $MY_GPG_PUBLIC_KEY was not found"

  1210.           exit 5

  1211.       fi

  1212.       if [ ! -f $MY_GPG_PRIVATE_KEY ]; then

  1213.           echo "GPG private key file $MY_GPG_PRIVATE_KEY was not found"

  1214.           exit 6

  1215.       fi

  1216.       su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME

  1217.       su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME

  1218.       # for security ensure that the private key file doesn't linger around

  1219.       shred -zu $MY_GPG_PRIVATE_KEY

  1220.   else

  1221.       # Generate a GPG key

  1222.       echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf

  1223.       echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf

  1224.       echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf

  1225.       echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf

  1226.       echo "Name-Real:  $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf

  1227.       echo "Name-Email: $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf

  1228.       echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf

  1229.       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf

  1230.       su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME

  1231.       shred -zu /home/$MY_USERNAME/gpg-genkey.conf

  1232.       MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $DOMAIN_NAME | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}'" - $MY_USERNAME)

  1233.       MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg

  1234.       su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME

  1235.   fi

  1236. 

  1237.   echo 'configure_gpg' >> $COMPLETION_FILE

  1238. }

  1239. 

  1240. function email_client {

  1241.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  1242.       return

  1243.   fi

  1244.   if grep -Fxq "email_client" $COMPLETION_FILE; then

  1245.       return

  1246.   fi

  1247.   apt-get -y --force-yes install mutt-patched lynx abook

  1248.   if [ ! -d /home/$MY_USERNAME/.mutt ]; then

  1249.     mkdir /home/$MY_USERNAME/.mutt

  1250.   fi

  1251.   echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap

  1252.   chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt

  1253. 

  1254. 

  1255.   echo 'set mbox_type=Maildir' >> /etc/Muttrc

  1256.   echo 'set folder="~/Maildir"' >> /etc/Muttrc

  1257.   echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc

  1258.   echo 'set mbox="~/Maildir"' >> /etc/Muttrc

  1259.   echo 'set record="+Sent"' >> /etc/Muttrc

  1260.   echo 'set postponed="+Drafts"' >> /etc/Muttrc

  1261.   echo 'set trash="+Trash"' >> /etc/Muttrc

  1262.   echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc

  1263.   echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc

  1264.   echo 'set editor="emacs"' >> /etc/Muttrc

  1265.   echo 'set header_cache="+.cache"' >> /etc/Muttrc

  1266.   echo '' >> /etc/Muttrc

  1267.   echo 'macro index S "<tag-prefix><save-message>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc

  1268.   echo 'macro pager S "<save-message>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc

  1269.   echo 'macro index H "<tag-prefix><copy-message>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc

  1270.   echo 'macro pager H "<copy-message>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc

  1271.   echo '' >> /etc/Muttrc

  1272.   echo '# set up the sidebar' >> /etc/Muttrc

  1273.   echo 'set sidebar_width=12' >> /etc/Muttrc

  1274.   echo 'set sidebar_visible=yes' >> /etc/Muttrc

  1275.   echo "set sidebar_delim='|'" >> /etc/Muttrc

  1276.   echo 'set sidebar_sort=yes' >> /etc/Muttrc

  1277.   echo '' >> /etc/Muttrc

  1278.   echo 'set rfc2047_parameters' >> /etc/Muttrc

  1279.   echo '' >> /etc/Muttrc

  1280.   echo '# Show inbox and sent items' >> /etc/Muttrc

  1281.   echo 'mailboxes = =Sent' >> /etc/Muttrc

  1282.   echo '' >> /etc/Muttrc

  1283.   echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc

  1284.   echo 'color sidebar_new yellow default' >> /etc/Muttrc

  1285.   echo 'color normal white default' >> /etc/Muttrc

  1286.   echo 'color hdrdefault brightcyan default' >> /etc/Muttrc

  1287.   echo 'color signature green default' >> /etc/Muttrc

  1288.   echo 'color attachment brightyellow default' >> /etc/Muttrc

  1289.   echo 'color quoted green default' >> /etc/Muttrc

  1290.   echo 'color quoted1 white default' >> /etc/Muttrc

  1291.   echo 'color tilde blue default' >> /etc/Muttrc

  1292.   echo '' >> /etc/Muttrc

  1293.   echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc

  1294.   echo '# ctrl-o to open selected folder' >> /etc/Muttrc

  1295.   echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc

  1296.   echo 'bind index \Cn sidebar-next' >> /etc/Muttrc

  1297.   echo 'bind index \Co sidebar-open' >> /etc/Muttrc

  1298.   echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc

  1299.   echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc

  1300.   echo 'bind pager \Co sidebar-open' >> /etc/Muttrc

  1301.   echo '' >> /etc/Muttrc

  1302.   echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc

  1303.   echo "macro index,pager \Cb '<enter-command>toggle sidebar_visible<enter><redraw-screen>' 'toggle sidebar'" >> /etc/Muttrc

  1304.   echo '' >> /etc/Muttrc

  1305.   echo '# esc-m Mark new messages as read' >> /etc/Muttrc

  1306.   echo 'macro index <esc>m "T~N<enter>;WNT~O<enter>;WO\CT~T<enter>" "mark all messages read"' >> /etc/Muttrc

  1307.   echo '' >> /etc/Muttrc

  1308.   echo '# Collapsing threads' >> /etc/Muttrc

  1309.   echo 'macro index [ "<collapse-thread>" "collapse/uncollapse thread"' >> /etc/Muttrc

  1310.   echo 'macro index ] "<collapse-all>"    "collapse/uncollapse all threads"' >> /etc/Muttrc

  1311.   echo '' >> /etc/Muttrc

  1312.   echo '# threads containing new messages' >> /etc/Muttrc

  1313.   echo 'uncolor index "~(~N)"' >> /etc/Muttrc

  1314.   echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc

  1315.   echo '' >> /etc/Muttrc

  1316.   echo '# new messages themselves' >> /etc/Muttrc

  1317.   echo 'uncolor index "~N"' >> /etc/Muttrc

  1318.   echo 'color index brightyellow default "~N"' >> /etc/Muttrc

  1319.   echo '' >> /etc/Muttrc

  1320.   echo '# GPG/PGP integration' >> /etc/Muttrc

  1321.   echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc

  1322.   echo 'set pgp_timeout=60' >> /etc/Muttrc

  1323.   echo '' >> /etc/Muttrc

  1324.   echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc

  1325.   echo 'set pgp_autosign         # autosign all outgoing mails' >> /etc/Muttrc

  1326.   echo 'set pgp_autoencrypt      # Try to encrypt automatically' >> /etc/Muttrc

  1327.   echo 'set pgp_replyencrypt     # autocrypt replies to crypted' >> /etc/Muttrc

  1328.   echo 'set pgp_replysign        # autosign replies to signed' >> /etc/Muttrc

  1329.   echo 'set pgp_auto_decode=yes  # decode attachments' >> /etc/Muttrc

  1330.   echo 'set fcc_clear            # Keep cleartext copy of sent encrypted mail' >> /etc/Muttrc

  1331.   echo 'unset smime_is_default' >> /etc/Muttrc

  1332.   echo '' >> /etc/Muttrc

  1333.   echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc

  1334.   echo 'source ~/.mutt-alias' >> /etc/Muttrc

  1335.   echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc

  1336.   echo 'macro index,pager A "<pipe-message>abook --add-email-quiet<return>" "add the sender address to abook"' >> /etc/Muttrc

  1337. 

  1338.   cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc

  1339.   touch /home/$MY_USERNAME/.mutt-alias

  1340.   chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc

  1341.   chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias

  1342. 

  1343.   echo 'email_client' >> $COMPLETION_FILE

  1344. }

  1345. 

  1346. function folders_for_mailing_lists {

  1347.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  1348.       return

  1349.   fi

  1350.   if grep -Fxq "folders_for_mailing_lists" $COMPLETION_FILE; then

  1351.       return

  1352.   fi

  1353.   echo '#!/bin/bash' > /usr/bin/mailinglistrule

  1354.   echo 'MYUSERNAME=$1' >> /usr/bin/mailinglistrule

  1355.   echo 'MAILINGLIST=$2' >> /usr/bin/mailinglistrule

  1356.   echo 'SUBJECTTAG=$3' >> /usr/bin/mailinglistrule

  1357.   echo 'MUTTRC=/home/$MYUSERNAME/.muttrc' >> /usr/bin/mailinglistrule

  1358.   echo 'PM=/home/$MYUSERNAME/.procmailrc' >> /usr/bin/mailinglistrule

  1359.   echo 'LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST' >> /usr/bin/mailinglistrule

  1360. 

  1361.   echo 'if ! [[ $MYUSERNAME && $MAILINGLIST && $SUBJECTTAG ]]; then' >> /usr/bin/mailinglistrule

  1362.   echo '  echo "mailinglistsrule [user name] [mailing list name] [subject tag]"' >> /usr/bin/mailinglistrule

  1363.   echo '  exit 1' >> /usr/bin/mailinglistrule

  1364.   echo 'fi' >> /usr/bin/mailinglistrule

  1365.   echo 'if [ ! -d "$LISTDIR" ]; then' >> /usr/bin/mailinglistrule

  1366.   echo '  mkdir -m 700 $LISTDIR' >> /usr/bin/mailinglistrule

  1367.   echo '  mkdir -m 700 $LISTDIR/tmp' >> /usr/bin/mailinglistrule

  1368.   echo '  mkdir -m 700 $LISTDIR/new' >> /usr/bin/mailinglistrule

  1369.   echo '  mkdir -m 700 $LISTDIR/cur' >> /usr/bin/mailinglistrule

  1370.   echo 'fi' >> /usr/bin/mailinglistrule

  1371.   echo 'chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR' >> /usr/bin/mailinglistrule

  1372.   echo 'echo "" >> $PM' >> /usr/bin/mailinglistrule

  1373.   echo 'echo ":0" >> $PM' >> /usr/bin/mailinglistrule

  1374.   echo 'echo "  * ^Subject:.*()\[$SUBJECTTAG\]" >> $PM' >> /usr/bin/mailinglistrule

  1375.   echo 'echo "$LISTDIR/new" >> $PM' >> /usr/bin/mailinglistrule

  1376.   echo 'chown $MYUSERNAME:$MYUSERNAME $PM' >> /usr/bin/mailinglistrule

  1377.   echo 'if [ ! -f "$MUTTRC" ]; then' >> /usr/bin/mailinglistrule

  1378.   echo '  cp /etc/Muttrc $MUTTRC' >> /usr/bin/mailinglistrule

  1379.   echo '  chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/mailinglistrule

  1380.   echo 'fi' >> /usr/bin/mailinglistrule

  1381.   echo 'PROCMAILLOG=/home/$MYUSERNAME/log' >> /usr/bin/mailinglistrule

  1382.   echo 'if [ ! -d $PROCMAILLOG ]; then' >> /usr/bin/mailinglistrule

  1383.   echo '  mkdir $PROCMAILLOG' >> /usr/bin/mailinglistrule

  1384.   echo '  chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG' >> /usr/bin/mailinglistrule

  1385.   echo 'fi' >> /usr/bin/mailinglistrule

  1386.   echo 'MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /usr/bin/mailinglistrule

  1387.   echo 'if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then' >> /usr/bin/mailinglistrule

  1388.   echo '  sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC' >> /usr/bin/mailinglistrule

  1389.   echo '  chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/mailinglistrule

  1390.   echo 'fi' >> /usr/bin/mailinglistrule

  1391.   chmod +x /usr/bin/mailinglistrule

  1392.   echo 'folders_for_mailing_lists' >> $COMPLETION_FILE

  1393. }

  1394. 

  1395. function folders_for_email_addresses {

  1396.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  1397.       return

  1398.   fi

  1399.   if grep -Fxq "folders_for_email_addresses" $COMPLETION_FILE; then

  1400.       return

  1401.   fi

  1402.   echo '#!/bin/bash' > /usr/bin/emailrule

  1403.   echo 'MYUSERNAME=$1' >> /usr/bin/emailrule

  1404.   echo 'EMAILADDRESS=$2' >> /usr/bin/emailrule

  1405.   echo 'MAILINGLIST=$3' >> /usr/bin/emailrule

  1406.   echo 'MUTTRC=/home/$MYUSERNAME/.muttrc' >> /usr/bin/emailrule

  1407.   echo 'PM=/home/$MYUSERNAME/.procmailrc' >> /usr/bin/emailrule

  1408.   echo 'LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST' >> /usr/bin/emailrule

  1409.   echo 'if ! [[ $MYUSERNAME && $EMAILADDRESS && $MAILINGLIST ]]; then' >> /usr/bin/emailrule

  1410.   echo '  echo "emailrule [user name] [email address] [mailing list name]"' >> /usr/bin/emailrule

  1411.   echo '  exit 1' >> /usr/bin/emailrule

  1412.   echo 'fi' >> /usr/bin/emailrule

  1413.   echo 'if [ ! -d "$LISTDIR" ]; then' >> /usr/bin/emailrule

  1414.   echo '  mkdir -m 700 $LISTDIR' >> /usr/bin/emailrule

  1415.   echo '  mkdir -m 700 $LISTDIR/tmp' >> /usr/bin/emailrule

  1416.   echo '  mkdir -m 700 $LISTDIR/new' >> /usr/bin/emailrule

  1417.   echo '  mkdir -m 700 $LISTDIR/cur' >> /usr/bin/emailrule

  1418.   echo 'fi' >> /usr/bin/emailrule

  1419.   echo 'chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR' >> /usr/bin/emailrule

  1420.   echo 'echo "" >> $PM' >> /usr/bin/emailrule

  1421.   echo 'echo ":0" >> $PM' >> /usr/bin/emailrule

  1422.   echo 'echo "  * ^From: $EMAILADDRESS" >> $PM' >> /usr/bin/emailrule

  1423.   echo 'echo "$LISTDIR/new" >> $PM' >> /usr/bin/emailrule

  1424.   echo 'chown $MYUSERNAME:$MYUSERNAME $PM' >> /usr/bin/emailrule

  1425.   echo 'if [ ! -f "$MUTTRC" ]; then' >> /usr/bin/emailrule

  1426.   echo '  cp /etc/Muttrc $MUTTRC' >> /usr/bin/emailrule

  1427.   echo '  chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/emailrule

  1428.   echo 'fi' >> /usr/bin/emailrule

  1429.   echo 'PROCMAILLOG=/home/$MYUSERNAME/log' >> /usr/bin/emailrule

  1430.   echo 'if [ ! -d $PROCMAILLOG ]; then' >> /usr/bin/emailrule

  1431.   echo '  mkdir $PROCMAILLOG' >> /usr/bin/emailrule

  1432.   echo '  chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG' >> /usr/bin/emailrule

  1433.   echo 'fi' >> /usr/bin/emailrule

  1434.   echo 'MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /usr/bin/emailrule

  1435.   echo 'if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then' >> /usr/bin/emailrule

  1436.   echo '  sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC' >> /usr/bin/emailrule

  1437.   echo '  chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/emailrule

  1438.   echo 'fi' >> /usr/bin/emailrule

  1439.   chmod +x /usr/bin/emailrule

  1440.   echo 'folders_for_email_addresses' >> $COMPLETION_FILE

  1441. }

  1442. 

  1443. function dynamic_dns_freedns {

  1444.   if grep -Fxq "dynamic_dns_freedns" $COMPLETION_FILE; then

  1445.       return

  1446.   fi

  1447. 

  1448.   echo '#!/bin/bash' > /usr/bin/dynamicdns

  1449.   echo '# subdomain name 1' >> /usr/bin/dynamicdns

  1450.   echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns

  1451.   echo '# add any other subdomains below' >> /usr/bin/dynamicdns

  1452.   chmod 600 /usr/bin/dynamicdns

  1453.   chmod +x /usr/bin/dynamicdns

  1454. 

  1455.   if ! grep -q "dynamicdns" /etc/crontab; then

  1456.     sed -i '/# m h dom mon dow user command/a\*/5 * * * * root /usr/bin/timeout 240 /usr/bin/dynamicdns' /etc/crontab

  1457.   fi

  1458.   service cron restart

  1459.   echo 'dynamic_dns_freedns' >> $COMPLETION_FILE

  1460. }

  1461. 

  1462. function create_private_mailing_list {

  1463.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  1464.       return

  1465.   fi

  1466.   # This installation doesn't work, results in ruby errors

  1467.   # There is currently no schleuder package for Debian jessie

  1468.   if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then

  1469.       return

  1470.   fi

  1471.   if [ ! $PRIVATE_MAILING_LIST ]; then

  1472.       return

  1473.   fi

  1474.   if [ $PRIVATE_MAILING_LIST == $MY_USERNAME ]; then

  1475.       echo 'The name of the private mailing list should not be the'

  1476.       echo 'same as your username'

  1477.       exit 10

  1478.   fi

  1479.   if [ ! $MY_GPG_PUBLIC_KEY ]; then

  1480.       echo 'To create a private mailing list you need to specify a file'

  1481.       echo 'containing your exported GPG key within MY_GPG_PUBLIC_KEY at'

  1482.       echo 'the top of the script'

  1483.       exit 11

  1484.   fi

  1485.   apt-get -y --force-yes install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev

  1486.   gem install schleuder

  1487.   schleuder-fix-gem-dependencies

  1488.   schleuder-init-setup --gem

  1489.   # NOTE: this is version number sensitive and so might need changing

  1490.   ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder

  1491.   sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf

  1492.   sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf

  1493.   schleuder-newlist $PRIVATE_MAILING_LIST@$DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_USERNAME@$DOMAIN_NAME -initmember $MY_USERNAME@$DOMAIN_NAME -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive

  1494.   emailrule $MY_USERNAME $PRIVATE_MAILING_LIST@$DOMAIN_NAME $PRIVATE_MAILING_LIST

  1495. 

  1496.   echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder

  1497.   echo '  debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder

  1498.   echo '  driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder

  1499.   echo '  local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder

  1500.   echo '  local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder

  1501.   echo '  domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder

  1502.   echo '  user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder

  1503.   echo '  group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder

  1504.   echo '  require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder

  1505.   echo '  transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder

  1506. 

  1507.   echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder

  1508.   echo '  debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder

  1509.   echo '  driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder

  1510.   echo '  home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder

  1511.   echo '  command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder

  1512.   chown -R schleuder:schleuder /var/lib/schleuder

  1513.   update-exim4.conf.template -r

  1514.   update-exim4.conf

  1515.   service exim4 restart

  1516.   useradd -d /var/schleuderlists -s /bin/false schleuder

  1517.   adduser Debian-exim schleuder

  1518.   usermod -a -G mail schleuder

  1519.   #exim -d -bt $PRIVATE_MAILING_LIST@$DOMAIN_NAME

  1520.   echo 'create_private_mailing_list' >> $COMPLETION_FILE

  1521. }

  1522. 

  1523. function import_email {

  1524.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then

  1525.       return

  1526.   fi

  1527.   EMAIL_COMPLETE_MSG='  *** Freedombone mailbox installation is complete ***'

  1528.   if grep -Fxq "import_email" $COMPLETION_FILE; then

  1529.       if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then

  1530.           echo $EMAIL_COMPLETE_MSG

  1531.           if [ -d /media/usb ]; then

  1532.               umount /media/usb

  1533.               rm -rf /media/usb

  1534.               echo '            You can now remove the USB drive'

  1535.           fi

  1536.           exit 0

  1537.       fi

  1538.       return

  1539.   fi

  1540.   if [ $IMPORT_MAILDIR ]; then

  1541.       if [ -d $IMPORT_MAILDIR ]; then

  1542.           echo 'Transfering email files'

  1543.           cp -r $IMPORT_MAILDIR /home/$MY_USERNAME

  1544.           chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir

  1545.       else

  1546.           echo "Email import directory $IMPORT_MAILDIR not found"

  1547.           exit 9

  1548.       fi

  1549.   fi

  1550.   echo 'import_email' >> $COMPLETION_FILE

  1551.   if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then

  1552.       apt-get -y --force-yes autoremove

  1553.       # unmount any attached usb drive

  1554.       echo ''

  1555.       echo $EMAIL_COMPLETE_MSG

  1556.       echo ''

  1557.       if [ -d /media/usb ]; then

  1558.           umount /media/usb

  1559.           rm -rf /media/usb

  1560.           echo '            You can now remove the USB drive'

  1561.       fi

  1562.       exit 0

  1563.   fi

  1564. }

  1565. 

  1566. function install_web_server {

  1567.   if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then

  1568.       return

  1569.   fi

  1570.   if grep -Fxq "install_web_server" $COMPLETION_FILE; then

  1571.       return

  1572.   fi

  1573.   # remove apache

  1574.   apt-get -y remove --purge apache2

  1575.   if [ -d /etc/apache2 ]; then

  1576.     rm -rf /etc/apache2

  1577.   fi

  1578.   # install nginx

  1579.   apt-get -y --force-yes install nginx php5-fpm git

  1580.   # install a script to easily enable and disable nginx virtual hosts

  1581.   if [ ! -d $INSTALL_DIR ]; then

  1582.       mkdir $INSTALL_DIR

  1583.   fi

  1584.   cd $INSTALL_DIR

  1585.   git clone https://github.com/perusio/nginx_ensite

  1586.   cd $INSTALL_DIR/nginx_ensite

  1587.   cp nginx_* /usr/sbin

  1588.   nginx_dissite default

  1589.   echo 'install_web_server' >> $COMPLETION_FILE

  1590. }

  1591. 

  1592. function configure_php {

  1593.   sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini

  1594.   sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini

  1595.   sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini

  1596.   sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini

  1597.   sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini

  1598. }

  1599. 

  1600. function install_owncloud {

  1601.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then

  1602.       return

  1603.   fi

  1604.   OWNCLOUD_COMPLETION_MSG1=" *** Freedombone $SYSTEM_TYPE is now installed ***"

  1605.   OWNCLOUD_COMPLETION_MSG2="Open $OWNCLOUD_DOMAIN_NAME in a web browser to complete the setup"

  1606.   if grep -Fxq "install_owncloud" $COMPLETION_FILE; then

  1607.       if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then

  1608.           # unmount any attached usb drive

  1609.           if [ -d /media/usb ]; then

  1610.               umount /media/usb

  1611.               rm -rf /media/usb

  1612.           fi

  1613.           echo ''

  1614.           echo $OWNCLOUD_COMPLETION_MSG1

  1615.           echo $OWNCLOUD_COMPLETION_MSG2

  1616.           exit 0

  1617.       fi

  1618.       return

  1619.   fi

  1620.   # if this is exclusively a cloud setup

  1621.   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then

  1622.       OWNCLOUD_DOMAIN_NAME=$DOMAIN_NAME

  1623.       OWNCLOUD_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE

  1624.   fi

  1625.   if [ ! $OWNCLOUD_DOMAIN_NAME ]; then

  1626.       return

  1627.   fi

  1628.   if ! [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then

  1629.       if [ ! $SYSTEM_TYPE ]; then

  1630.           return

  1631.       fi

  1632.   fi

  1633.   apt-get -y --force-yes install php5 php5-gd php-xml-parser php5-intl wget

  1634.   apt-get -y --force-yes install php5-sqlite php5-mysql smbclient curl libcurl3 php5-curl bzip2

  1635. 

  1636.   if [ ! -d /var/www/$OWNCLOUD_DOMAIN_NAME ]; then

  1637.       mkdir /var/www/$OWNCLOUD_DOMAIN_NAME

  1638.       mkdir /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs

  1639.   fi

  1640. 

  1641.   echo 'server {' > /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1642.   echo '    listen 80;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1643.   echo "    server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1644.   echo '    rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1645.   echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1646. 

  1647.   echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1648.   echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1649.   echo "    root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1650.   echo "    server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1651. 

  1652.   echo '    ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1653.   echo "    ssl_certificate /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1654.   echo "    ssl_certificate_key /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1655.   echo "    ssl_dhparam /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1656. 

  1657.   echo '    ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1658.   echo '    ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1659.   echo "    ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1660.   echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1661.   echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1662.   echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1663.   echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1664.   echo '    # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1665.   echo '    # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1666.   echo '    # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1667. 

  1668.   echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1669.   echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1670.   echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1671.   echo '        allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1672.   echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1673.   echo '    }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1674. 

  1675.   echo '    client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1676.   echo '    client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1677.   echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1678. 

  1679.   echo '    rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1680.   echo '    rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1681.   echo '    rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1682. 

  1683.   echo '    index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1684.   echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1685.   echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1686. 

  1687.   echo '    location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1688.   echo '        allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1689.   echo '        log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1690.   echo '        access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1691.   echo '    }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1692. 

  1693.   echo '    location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1694.   echo '        deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1695.   echo '    }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1696. 

  1697.   echo '    location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1698.   echo '        # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1699.   echo '        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1700.   echo '        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1701. 

  1702.   echo '        rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1703.   echo '        rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1704. 

  1705.   echo '        rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1706. 

  1707.   echo '        try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1708.   echo '    }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1709. 

  1710.   echo '    location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1711.   echo '        try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1712.   echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1713.   echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1714.   echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1715.   echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1716.   echo '        fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1717.   echo '        fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1718.   echo '        fastcgi_param HTTPS on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1719.   echo '    }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1720. 

  1721.   echo '    # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1722.   echo '    location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1723.   echo '        expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1724.   echo "        # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1725.   echo '        access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1726.   echo '    }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1727.   echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME

  1728. 

  1729.   configure_php

  1730. 

  1731.   if [ ! -f /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key ]; then

  1732.       makecert $OWNCLOUD_DOMAIN_NAME

  1733.   fi

  1734. 

  1735.   # download owncloud

  1736.   cd $INSTALL_DIR

  1737.   if [ ! -f $INSTALL_DIR/$OWNCLOUD_ARCHIVE ]; then

  1738.       wget $OWNCLOUD_DOWNLOAD

  1739.   fi

  1740.   if [ ! -f $INSTALL_DIR/$OWNCLOUD_ARCHIVE ]; then

  1741.       echo 'Owncloud could not be downloaded.  Check that it exists at '

  1742.       echo $OWNCLOUD_DOWNLOAD

  1743.       echo 'And if neccessary update the version number and hash within this script'

  1744.       exit 18

  1745.   fi

  1746.   # Check that the hash is correct

  1747.   CHECKSUM=$(sha256sum $OWNCLOUD_ARCHIVE | awk -F ' ' '{print $1}')

  1748.   if [[ $CHECKSUM != $OWNCLOUD_HASH ]]; then

  1749.       echo 'The sha256 hash of the owncloud download is incorrect. Possibly the file may have been tampered with. Check the hash on the Owncloud web site.'

  1750.       echo $CHECKSUM

  1751.       echo $OWNCLOUD_HASH

  1752.       exit 19

  1753.   fi

  1754.   tar -xjf $OWNCLOUD_ARCHIVE

  1755.   echo 'Copying files...'

  1756.   cp -r owncloud/* /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs

  1757.   chown -R www-data:www-data /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs/apps

  1758.   chown -R www-data:www-data /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs/config

  1759.   chown www-data:www-data /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs

  1760. 

  1761.   nginx_ensite $OWNCLOUD_DOMAIN_NAME

  1762.   service php5-fpm restart

  1763.   service nginx restart

  1764. 

  1765.   # update the dynamic DNS

  1766.   if [ $OWNCLOUD_FREEDNS_SUBDOMAIN_CODE ]; then

  1767.       if [[ $OWNCLOUD_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ]]; then

  1768.           if ! grep -q "$OWNCLOUD_DOMAIN_NAME" /usr/bin/dynamicdns; then

  1769.               echo "# $OWNCLOUD_DOMAIN_NAME" >> /usr/bin/dynamicdns

  1770.               echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$OWNCLOUD_FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns

  1771.           fi

  1772.       fi

  1773.   else

  1774.       echo 'WARNING: No freeDNS subdomain code given for Owncloud. It is assumed that you are using some other dynamic DNS provider.'

  1775.   fi

  1776. 

  1777.   echo 'install_owncloud' >> $COMPLETION_FILE

  1778. 

  1779.   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then

  1780.       # unmount any attached usb drive

  1781.       if [ -d /media/usb ]; then

  1782.           umount /media/usb

  1783.           rm -rf /media/usb

  1784.       fi

  1785.       echo ''

  1786.       echo $OWNCLOUD_COMPLETION_MSG1

  1787.       echo $OWNCLOUD_COMPLETION_MSG2

  1788.       exit 0

  1789.   fi

  1790. }

  1791. 

  1792. function install_xmpp {

  1793.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then

  1794.       return

  1795.   fi

  1796.   if grep -Fxq "install_xmpp" $COMPLETION_FILE; then

  1797.       return

  1798.   fi

  1799.   apt-get -y --force-yes install prosody

  1800.   if [ ! -f "/etc/ssl/private/xmpp.key" ]; then

  1801.       makecert xmpp

  1802.   fi

  1803.   chown prosody:prosody /etc/ssl/private/xmpp.key

  1804.   chown prosody:prosody /etc/ssl/certs/xmpp.*

  1805.   cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua

  1806. 

  1807.   sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua

  1808.   sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua

  1809.   if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then

  1810.       sed -i '/certificate =/a\              dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua

  1811.   fi

  1812.   sed -i "s/example.com/$DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua

  1813.   sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua

  1814. 

  1815.   if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then

  1816.       echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1817.       echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1818.       echo '  "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1819.       echo '  "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1820.       echo '  "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1821.       echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1822.       echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1823.       echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1824.       echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1825.       echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1826.   fi

  1827.   ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua

  1828. 

  1829.   sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua

  1830.   sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua

  1831.   if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then

  1832.       sed -i '/certificate =/a\      dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua

  1833.   fi

  1834.   sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua

  1835.   if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then

  1836.       sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua

  1837.   fi

  1838.   if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then

  1839.       echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua

  1840.   fi

  1841.   sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua

  1842.   sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua

  1843.   sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua

  1844.   sed -i 's/example.com/$DOMAIN_NAME/g' /etc/prosody/prosody.cfg.lua

  1845. 

  1846.   service prosody restart

  1847.   touch /home/$MY_USERNAME/README

  1848. 

  1849.   if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then

  1850.       XMPP_PASSWORD=$(openssl rand -base64 8)

  1851.       prosodyctl register $MY_USERNAME $DOMAIN_NAME $XMPP_PASSWORD

  1852.       echo "Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README

  1853.       echo 'You can change it with: ' >> /home/$MY_USERNAME/README

  1854.       echo '' >> /home/$MY_USERNAME/README

  1855.       echo "    prosodyctl passwd $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/README

  1856.       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  1857.   fi

  1858.   echo 'install_xmpp' >> $COMPLETION_FILE

  1859. }

  1860. 

  1861. function install_irc_server {

  1862.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then

  1863.       return

  1864.   fi

  1865.   if grep -Fxq "install_irc_server" $COMPLETION_FILE; then

  1866.       return

  1867.   fi

  1868.   apt-get -y --force-yes install ngircd

  1869.   if [ ! "/etc/ssl/private/ngircd.key" ]; then

  1870.       makecert ngircd

  1871.   fi

  1872. 

  1873.   echo '**************************************************' > /etc/ngircd/motd

  1874.   echo '*           F R E E D O M B O N E   I R C        *' >> /etc/ngircd/motd

  1875.   echo '*                                                *' >> /etc/ngircd/motd

  1876.   echo '*               Freedom in the Cloud             *' >> /etc/ngircd/motd

  1877.   echo '**************************************************' >> /etc/ngircd/motd

  1878.   sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf

  1879.   sed -i "s/irc@irc.example.com/$MY_USERNAME@$DOMAIN_NAME/g" /etc/ngircd/ngircd.conf

  1880.   sed -i "s/irc.example.net/$DOMAIN_NAME/g" /etc/ngircd/ngircd.conf

  1881.   sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DOMAIN_NAME|g" /etc/ngircd/ngircd.conf

  1882.   sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf

  1883.   sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf

  1884.   sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf

  1885.   sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf

  1886.   sed -i 's/;Ports = 6697, 9999/Ports = 6697, 9999/g' /etc/ngircd/ngircd.conf

  1887.   sed -i 's/;Name = #ngircd/Name = #freedombone/g' /etc/ngircd/ngircd.conf

  1888.   sed -i 's/;Topic = Our ngircd testing channel/Topic = Freedombone chat channel/g' /etc/ngircd/ngircd.conf

  1889.   sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf

  1890.   sed -i 's|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#freedombone.key|g' /etc/ngircd/ngircd.conf

  1891.   sed -i 's/;CloakHost = cloaked.host/CloakHost = cloaked.host/g' /etc/ngircd/ngircd.conf

  1892.   IRC_SALT=$(openssl rand -base64 32)

  1893.   IRC_OPERATOR_PASSWORD=$(openssl rand -base64 8)

  1894.   sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf

  1895.   sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf

  1896.   sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf

  1897.   sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf

  1898.   sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf

  1899.   sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf

  1900.   service ngircd restart

  1901.   echo 'install_irc_server' >> $COMPLETION_FILE

  1902. }

  1903. 

  1904. function install_wiki {

  1905.   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then

  1906.       return

  1907.   fi

  1908.   if grep -Fxq "install_wiki" $COMPLETION_FILE; then

  1909.       return

  1910.   fi

  1911.   # if this is exclusively a writer setup

  1912.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then

  1913.       WIKI_DOMAIN_NAME=$DOMAIN_NAME

  1914.       WIKI_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE

  1915.   fi

  1916.   if [ ! $WIKI_DOMAIN_NAME ]; then

  1917.       return

  1918.   fi

  1919.   if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then

  1920.       if [ ! $SYSTEM_TYPE ]; then

  1921.           return

  1922.       fi

  1923.   fi

  1924.   apt-get -y --force-yes install php5 php5-gd php-xml-parser php5-intl wget

  1925.   apt-get -y --force-yes install php5-sqlite php5-mysql smbclient curl libcurl3 php5-curl bzip2

  1926. 

  1927.   if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then

  1928.       mkdir /var/www/$WIKI_DOMAIN_NAME

  1929.   fi

  1930.   if [ ! -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then

  1931.       mkdir /var/www/$WIKI_DOMAIN_NAME/htdocs

  1932.   fi

  1933. 

  1934.   if [ ! -f /etc/ssl/private/$WIKI_DOMAIN_NAME.key ]; then

  1935.       makecert $WIKI_DOMAIN_NAME

  1936.   fi

  1937. 

  1938.   # download the archive

  1939.   cd $INSTALL_DIR

  1940.   if [ ! -f $INSTALL_DIR/$WIKI_ARCHIVE ]; then

  1941.       wget $WIKI_DOWNLOAD

  1942.   fi

  1943.   if [ ! -f $INSTALL_DIR/$WIKI_ARCHIVE ]; then

  1944.       echo 'Dokuwiki could not be downloaded.  Check that it exists at '

  1945.       echo $WIKI_DOWNLOAD

  1946.       echo 'And if neccessary update the version number and hash within this script'

  1947.       exit 18

  1948.   fi

  1949.   # Check that the hash is correct

  1950.   CHECKSUM=$(sha256sum $WIKI_ARCHIVE | awk -F ' ' '{print $1}')

  1951.   if [[ $CHECKSUM != $WIKI_HASH ]]; then

  1952.       echo 'The sha256 hash of the Dokuwiki download is incorrect. Possibly the file may have been tampered with. Check the hash on the Dokuwiki web site.'

  1953.       echo $CHECKSUM

  1954.       echo $WIKI_HASH

  1955.       exit 21

  1956.   fi

  1957. 

  1958.   tar -xzvf $WIKI_ARCHIVE

  1959.   cd dokuwiki-*

  1960.   mv * /var/www/$WIKI_DOMAIN_NAME/htdocs/

  1961.   chmod -R 755 /var/www/$WIKI_DOMAIN_NAME/htdocs

  1962.   chown -R www-data:www-data /var/www/$WIKI_DOMAIN_NAME/htdocs

  1963. 

  1964.   if ! grep -q "video/ogg" /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then

  1965.       echo 'ogv     video/ogg' >> /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf

  1966.       echo 'mp4     video/mp4' >> /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf

  1967.       echo 'webm    video/webm' >> /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf

  1968.   fi

  1969. 

  1970.   echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1971.   echo '    listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1972.   echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1973.   echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1974.   echo "    error_log /var/www/$WIKI_DOMAIN_NAME/error.log;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1975.   echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1976.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1977.   echo '    # Uncomment this if you need to redirect HTTP to HTTPS' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1978.   echo '    #rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1979.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1980.   echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1981.   echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1982.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1983.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1984.   echo '    location ~ \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1985.   echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1986.   echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1987.   echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1988.   echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1989.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1990.   echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1991.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1992.   echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1993.   echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1994.   echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1995.   echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1996.   echo "    error_log /var/www/$WIKI_DOMAIN_NAME/error_ssl.log;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1997.   echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1998.   echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  1999.   echo '    client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2000.   echo '    client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2001.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2002.   echo '    ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2003.   echo "    ssl_certificate /etc/ssl/certs/$WIKI_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2004.   echo "    ssl_certificate_key /etc/ssl/private/$WIKI_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2005.   echo "    ssl_dhparam /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2006.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2007.   echo '    ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2008.   echo '    ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2009.   echo '    ssl_session_cache  builtin:1000  shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2010.   echo "    ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2011.   echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2012.   echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2013.   echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2014.   echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2015.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2016.   echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2017.   echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2018.   echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2019.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2020.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2021.   echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2022.   echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2023.   echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2024.   echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2025.   echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2026.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2027.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2028.   echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2029.   echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2030.   echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2031.   echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2032.   echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2033.   echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2034.   echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2035.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2036.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2037.   echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2038.   echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2039.   echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2040.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2041.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2042.   echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2043.   echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2044.   echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2045.   echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2046.   echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2047.   echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2048.   echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2049.   echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2050.   echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2051.   echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2052.   echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2053.   echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2054.   echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2055.   echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2056.   echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2057.   echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2058.   echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2059.   echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2060.   echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2061.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2062.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2063.   echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2064.   echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2065.   echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2066.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2067.   echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2068.   echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2069.   echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2070.   echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2071.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2072.   echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2073.   echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2074.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2075.   echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2076.   echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2077.   echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2078.   echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME

  2079. 

  2080.   configure_php

  2081. 

  2082.   nginx_ensite $WIKI_DOMAIN_NAME

  2083.   service php5-fpm restart

  2084.   service nginx restart

  2085. 

  2086.   # update the dynamic DNS

  2087.   if [ $WIKI_FREEDNS_SUBDOMAIN_CODE ]; then

  2088.       if [[ $WIKI_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ]]; then

  2089.           if ! grep -q "$WIKI_DOMAIN_NAME" /usr/bin/dynamicdns; then

  2090.               echo "# $WIKI_DOMAIN_NAME" >> /usr/bin/dynamicdns

  2091.               echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$WIKI_FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns

  2092.           fi

  2093.       fi

  2094.   else

  2095.       echo 'WARNING: No freeDNS subdomain code given for wiki installation. It is assumed that you are using some other dynamic DNS provider.'

  2096.   fi

  2097. 

  2098.   # add some post-install instructions

  2099.   if ! grep -q "Once you have set up the wiki" /home/$MY_USERNAME/README; then

  2100.       echo '' >> /home/$MY_USERNAME/README

  2101.       echo 'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README

  2102.       echo '' >> /home/$MY_USERNAME/README

  2103.       echo "  rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README

  2104.       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  2105.   fi

  2106. 

  2107.   echo 'install_wiki' >> $COMPLETION_FILE

  2108. }

  2109. 

  2110. function install_blog {

  2111.   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then

  2112.       return

  2113.   fi

  2114.   if grep -Fxq "install_blog" $COMPLETION_FILE; then

  2115.       return

  2116.   fi

  2117.   # if this is exclusively a writer setup

  2118.   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then

  2119.       WIKI_DOMAIN_NAME=$DOMAIN_NAME

  2120.       WIKI_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE

  2121.   fi

  2122.   if [ ! $WIKI_DOMAIN_NAME ]; then

  2123.       return

  2124.   fi

  2125. 

  2126.   apt-get -y --force-yes install unzip

  2127. 

  2128.   # download mnml-blog

  2129.   cd $INSTALL_DIR

  2130.   rm -f latest

  2131.   wget $WIKI_MNML_BLOG_ADDON

  2132.   if [ ! -f "$INSTALL_DIR/latest" ]; then

  2133.       echo 'Dokuwiki mnml-blog addon could not be downloaded. Check the Dokuwiki web site and alter WIKI_MNML_BLOG_ADDON at the top of this script as needed.'

  2134.       exit 21

  2135.   fi

  2136.   mv latest $WIKI_MNML_BLOG_ADDON_ARCHIVE

  2137. 

  2138.   # Check that the mnml-blog download hash is correct

  2139.   CHECKSUM=$(sha256sum $WIKI_MNML_BLOG_ADDON_ARCHIVE | awk -F ' ' '{print $1}')

  2140.   if [[ $CHECKSUM != $WIKI_MNML_BLOG_ADDON_HASH ]]; then

  2141.       echo 'The sha256 hash of the mnml-blog download is incorrect. Possibly the file may have been tampered with. Check the hash on the Dokuwiki mnmlblog web site and alter WIKI_MNML_BLOG_ADDON_HASH if needed.'

  2142.       echo $CHECKSUM

  2143.       echo $WIKI_MNML_BLOG_ADDON_HASH

  2144.       exit 22

  2145.   fi

  2146. 

  2147.   # download blogTNG

  2148.   wget $WIKI_BLOGTNG_ADDON

  2149.   if [ ! -f "$INSTALL_DIR/master" ]; then

  2150.       echo 'Dokuwiki blogTNG addon could not be downloaded. Check the Dokuwiki web site and alter WIKI_BLOGTNG_ADDON at the top of this script as needed.'

  2151.       exit 23

  2152.   fi

  2153.   mv master $WIKI_BLOGTNG_ADDON_ARCHIVE

  2154. 

  2155.   # Check that the blogTNG hash is correct

  2156.   CHECKSUM=$(sha256sum $WIKI_BLOGTNG_ADDON_ARCHIVE | awk -F ' ' '{print $1}')

  2157.   if [[ $CHECKSUM != $WIKI_BLOGTNG_ADDON_HASH ]]; then

  2158.       echo 'The sha256 hash of the blogTNG download is incorrect. Possibly the file may have been tampered with. Check the hash on the Dokuwiki blogTNG web site and alter WIKI_BLOGTNG_ADDON_HASH if needed.'

  2159.       echo $CHECKSUM

  2160.       echo $WIKI_BLOGTNG_ADDON_HASH

  2161.       exit 24

  2162.   fi

  2163. 

  2164.   # download dokuwiki sqlite plugin

  2165.   wget $WIKI_SQLITE_ADDON

  2166.   if [ ! -f "$INSTALL_DIR/master" ]; then

  2167.       echo 'Dokuwiki sqlite addon could not be downloaded. Check the Dokuwiki web site and alter WIKI_SQLITE_ADDON at the top of this script as needed.'

  2168.       exit 25

  2169.   fi

  2170.   mv master $WIKI_SQLITE_ADDON_ARCHIVE

  2171. 

  2172.   # Check that the sqlite plugin hash is correct

  2173.   CHECKSUM=$(sha256sum $WIKI_SQLITE_ADDON_ARCHIVE | awk -F ' ' '{print $1}')

  2174.   if [[ $CHECKSUM != $WIKI_SQLITE_ADDON_HASH ]]; then

  2175.       echo 'The sha256 hash of the Dokuwiki sqlite download is incorrect. Possibly the file may have been tampered with. Check the hash on the Dokuwiki sqlite plugin web site and alter WIKI_SQLITE_ADDON_HASH if needed.'

  2176.       echo $CHECKSUM

  2177.       echo $WIKI_SQLITE_ADDON_HASH

  2178.       exit 26

  2179.   fi

  2180. 

  2181.   # install dokuwiki sqlite plugin

  2182.   tar -xzvf $WIKI_SQLITE_ADDON_ARCHIVE

  2183.   if [ -d "$INSTALL_DIR/sqlite" ]; then

  2184.       rm -rf $INSTALL_DIR/sqlite

  2185.   fi

  2186.   mv $WIKI_SQLITE_ADDON_NAME sqlite

  2187.   cp -r sqlite /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/plugins/

  2188. 

  2189.   # install blogTNG

  2190.   if [ -d "$INSTALL_DIR/$WIKI_BLOGTNG_ADDON_NAME" ]; then

  2191.       rm -rf $INSTALL_DIR/$WIKI_BLOGTNG_ADDON_NAME

  2192.   fi

  2193.   unzip $WIKI_BLOGTNG_ADDON_ARCHIVE

  2194.   if [ -d "$INSTALL_DIR/blogtng" ]; then

  2195.       rm -rf $INSTALL_DIR/blogtng

  2196.   fi

  2197.   mv $WIKI_BLOGTNG_ADDON_NAME blogtng

  2198.   cp -r blogtng /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/plugins/

  2199. 

  2200.   # install mnml-blog

  2201.   tar -xzvf $WIKI_MNML_BLOG_ADDON_ARCHIVE

  2202.   cp -r mnml-blog /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/tpl

  2203.   cp -r /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/tpl/mnml-blog/blogtng-tpl/* /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/plugins/blogtng/tpl/default/

  2204. 

  2205.   # make a "freedombone" template so that if the default template gets

  2206.   # changed after an upgrade to blogTNG this doesn't necessarily change the appearance

  2207.   cp -r /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/plugins/blogtng/tpl/default /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/plugins/blogtng/tpl/freedombone

  2208. 

  2209.   if ! grep -q "To set up your blog" /home/$MY_USERNAME/README; then

  2210.       echo '' >> /home/$MY_USERNAME/README

  2211.       echo "To set up your blog go to" >> /home/$MY_USERNAME/README

  2212.       echo "https://$WIKI_DOMAIN_NAME/doku.php?id=start&do=admin&page=config" >> /home/$MY_USERNAME/README

  2213.       echo 'and set the template to mnml-blog' >> /home/$MY_USERNAME/README

  2214.       echo '' >> /home/$MY_USERNAME/README

  2215.       echo 'To edit things on the right hand sidebar (links, blogroll, etc) go to' >> /home/$MY_USERNAME/README

  2216.       echo "https://$WIKI_DOMAIN_NAME/doku.php?id=wiki:navigation_sidebar" >> /home/$MY_USERNAME/README

  2217.       echo 'and edit the page' >> /home/$MY_USERNAME/README

  2218.       echo '' >> /home/$MY_USERNAME/README

  2219.       echo 'To edit things to a header bar (home, contacts, etc) go to' >> /home/$MY_USERNAME/README

  2220.       echo "https://$WIKI_DOMAIN_NAME/doku.php?id=wiki:navigation_header" >> /home/$MY_USERNAME/README

  2221.       echo 'and select the "create this page" at the bottom.' >> /home/$MY_USERNAME/README

  2222.       echo 'You can then add somethething like:' >> /home/$MY_USERNAME/README

  2223.       echo '  * [[:start|Home]]' >> /home/$MY_USERNAME/README

  2224.       echo '  * [[:wiki|Wiki]]' >> /home/$MY_USERNAME/README

  2225.       echo '  * [[:contact|Contact]]' >> /home/$MY_USERNAME/README

  2226.       echo "Go to https://$WIKI_DOMAIN_NAME/doku.php?id=start&do=admin&page=config" >> /home/$MY_USERNAME/README

  2227.       echo 'and check "Show header navigation" to ensure that the header shows' >> /home/$MY_USERNAME/README

  2228.       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  2229.   fi

  2230. 

  2231.   echo 'install_blog' >> $COMPLETION_FILE

  2232. }

  2233. 

  2234. function get_mariadb_password {

  2235.   if [ -f /home/$MY_USERNAME/README ]; then

  2236.       if grep -q "MariaDB password" /home/$MY_USERNAME/README; then

  2237.           MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')

  2238.       fi

  2239.   fi

  2240. }

  2241. 

  2242. function get_mariadb_gnusocial_admin_password {

  2243.   if [ -f /home/$MY_USERNAME/README ]; then

  2244.       if grep -q "MariaDB gnusocial admin password" /home/$MY_USERNAME/README; then

  2245.           MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')

  2246.       fi

  2247.   fi

  2248. }

  2249. 

  2250. function get_mariadb_redmatrix_admin_password {

  2251.   if [ -f /home/$MY_USERNAME/README ]; then

  2252.       if grep -q "MariaDB Red Matrix admin password" /home/$MY_USERNAME/README; then

  2253.           REDMATRIX_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB Red Matrix admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')

  2254.       fi

  2255.   fi

  2256. }

  2257. 

  2258. function install_mariadb {

  2259.   if grep -Fxq "install_mariadb" $COMPLETION_FILE; then

  2260.       return

  2261.   fi

  2262.   apt-get -y --force-yes install python-software-properties debconf-utils

  2263.   apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db

  2264.   add-apt-repository 'deb http://mariadb.biz.net.id//repo/10.1/debian sid main'

  2265.   apt-get -y --force-yes install software-properties-common

  2266.   apt-get -y update

  2267. 

  2268.   get_mariadb_password

  2269.   if [ ! $MARIADB_PASSWORD ]; then

  2270.       MARIADB_PASSWORD=$(openssl rand -base64 32)

  2271.       echo '' >> /home/$MY_USERNAME/README

  2272.       echo "Your MariaDB password is: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README

  2273.       echo '' >> /home/$MY_USERNAME/README

  2274.       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  2275.   fi

  2276. 

  2277.   debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD"

  2278.   debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD"

  2279.   apt-get -y --force-yes install mariadb-server

  2280.   mysqladmin -u root password "$MARIADB_PASSWORD"

  2281.   echo 'install_mariadb' >> $COMPLETION_FILE

  2282. }

  2283. 

  2284. function install_gnu_social {

  2285.   if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then

  2286.       return

  2287.   fi

  2288.   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then

  2289.       return

  2290.   fi

  2291.   if [ ! $MICROBLOG_DOMAIN_NAME ]; then

  2292.       return

  2293.   fi

  2294. 

  2295.   install_mariadb

  2296.   get_mariadb_password

  2297. 

  2298.   apt-get -y --force-yes install php-gettext php5-curl php5-gd php5-mysql git

  2299. 

  2300.   if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then

  2301.       mkdir /var/www/$MICROBLOG_DOMAIN_NAME

  2302.   fi

  2303.   if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then

  2304.       mkdir /var/www/$MICROBLOG_DOMAIN_NAME/htdocs

  2305.   fi

  2306. 

  2307.   if [ ! -f /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/index.php ]; then

  2308.       cd $INSTALL_DIR

  2309.       git clone $MICROBLOG_REPO gnusocial

  2310. 

  2311.       rm -rf /var/www/$MICROBLOG_DOMAIN_NAME/htdocs

  2312.       mv gnusocial /var/www/$MICROBLOG_DOMAIN_NAME/htdocs

  2313.       chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs

  2314.       chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs

  2315.       chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/avatar

  2316.       chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/background

  2317.       chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/file

  2318.       chmod +x /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php

  2319.   fi

  2320. 

  2321.   get_mariadb_gnusocial_admin_password

  2322.   if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then

  2323.       MICROBLOG_ADMIN_PASSWORD=$(openssl rand -base64 32)

  2324.       echo '' >> /home/$MY_USERNAME/README

  2325.       echo "Your MariaDB gnusocial admin password is: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README

  2326.       echo '' >> /home/$MY_USERNAME/README

  2327.       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  2328.   fi

  2329. 

  2330.   echo "create database gnusocial;

  2331. CREATE USER 'gnusocialadmin'@'localhost' IDENTIFIED BY '$MICROBLOG_ADMIN_PASSWORD';

  2332. GRANT ALL PRIVILEGES ON gnusocial.* TO 'gnusocialadmin'@'localhost';

  2333. quit" > $INSTALL_DIR/batch.sql

  2334.   chmod 600 $INSTALL_DIR/batch.sql

  2335.   mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql

  2336.   shred -zu $INSTALL_DIR/batch.sql

  2337. 

  2338.   if [ ! -f "/etc/aliases" ]; then

  2339.       touch /etc/aliases

  2340.   fi

  2341.   if grep -q "www-data: root" /etc/aliases; then

  2342.       echo 'www-data: root' >> /etc/aliases

  2343.   fi

  2344.   if grep -q "/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" /etc/aliases; then

  2345.       echo "*: /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" >> /etc/aliases

  2346.   fi

  2347.   newaliases

  2348. 

  2349.   # update the dynamic DNS

  2350.   if [ $MICROBLOG_FREEDNS_SUBDOMAIN_CODE ]; then

  2351.       if [[ $MICROBLOG_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ]]; then

  2352.           if ! grep -q "$MICROBLOG_DOMAIN_NAME" /usr/bin/dynamicdns; then

  2353.               echo "# $MICROBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns

  2354.               echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$MICROBLOG_FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns

  2355.           fi

  2356.       fi

  2357.   else

  2358.       echo 'WARNING: No freeDNS subdomain code given for microblog. It is assumed that you are using some other dynamic DNS provider.'

  2359.   fi

  2360. 

  2361.   echo 'server {' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2362.   echo '    listen 80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2363.   echo "    server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2364.   echo "    root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2365.   echo "    error_log /var/www/$MICROBLOG_DOMAIN_NAME/error.log;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2366.   echo '    index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2367.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2368.   echo '    rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2369.   echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2370.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2371.   echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2372.   echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2373.   echo "    root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2374.   echo "    server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2375.   echo "    error_log /var/www/$MICROBLOG_DOMAIN_NAME/error_ssl.log;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2376.   echo '    index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2377.   echo '    charset utf-8;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2378.   echo '    client_max_body_size 20m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2379.   echo '    client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2380.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2381.   echo '    ssl on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2382.   echo "    ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2383.   echo "    ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2384.   echo "    ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2385.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2386.   echo '    ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2387.   echo '    ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2388.   echo '    ssl_session_cache  builtin:1000  shared:SSL:10m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2389.   echo "    ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2390.   echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2391.   echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2392.   echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2393.   echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2394.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2395.   echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2396.   echo '    location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2397.   echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2398.   echo '    }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2399.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2400.   echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2401.   echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2402.   echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2403.   echo '        allow all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2404.   echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2405.   echo '    }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2406.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2407.   echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2408.   echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2409.   echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2410.   echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2411.   echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2412.   echo '        expires 30d;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2413.   echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2414.   echo '    }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2415.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2416.   echo '    # block these file types' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2417.   echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2418.   echo '        deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2419.   echo '    }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2420.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2421.   echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2422.   echo '    # or a unix socket' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2423.   echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2424.   echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2425.   echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2426.   echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2427.   echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2428.   echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2429.   echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2430.   echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2431.   echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2432.   echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2433.   echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2434.   echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2435.   echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2436.   echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2437.   echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2438.   echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2439.   echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2440.   echo '    }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2441.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2442.   echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2443.   echo '    location ~ /\. {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2444.   echo '        deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2445.   echo '    }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2446.   echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2447.   echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2448.   echo '      deny  all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2449.   echo '    }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2450.   echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME

  2451. 

  2452.   configure_php

  2453. 

  2454.   if [ ! -f /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key ]; then

  2455.       makecert $MICROBLOG_DOMAIN_NAME

  2456.   fi

  2457. 

  2458.   nginx_ensite $MICROBLOG_DOMAIN_NAME

  2459.   service php5-fpm restart

  2460.   service nginx restart

  2461. 

  2462.   # some post-install instructions for the user

  2463.   if ! grep -q "To set up your microblog" /home/$MY_USERNAME/README; then

  2464.       echo '' >> /home/$MY_USERNAME/README

  2465.       echo "To set up your microblog go to" >> /home/$MY_USERNAME/README

  2466.       echo "https://$MICROBLOG_DOMAIN_NAME/install.php" >> /home/$MY_USERNAME/README

  2467.       echo 'and enter the following settings:' >> /home/$MY_USERNAME/README

  2468.       echo ' - Set a name for the site' >> /home/$MY_USERNAME/README

  2469.       echo ' - Server SSL: enable' >> /home/$MY_USERNAME/README

  2470.       echo ' - Hostname: localhost' >> /home/$MY_USERNAME/README

  2471.       echo ' - Type: MySql/MariaDB' >> /home/$MY_USERNAME/README

  2472.       echo ' - Name: gnusocial' >> /home/$MY_USERNAME/README

  2473.       echo ' - DB username: gnusocialadmin' >> /home/$MY_USERNAME/README

  2474.       echo " - DB Password; $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README

  2475.       echo " - Administrator nickname: $MY_USERNAME" >> /home/$MY_USERNAME/README

  2476.       echo " - Administrator password: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README

  2477.       echo ' - Subscribe to announcements: ticked' >> /home/$MY_USERNAME/README

  2478.       echo ' - Site profile: Community' >> /home/$MY_USERNAME/README

  2479.       echo '' >> /home/$MY_USERNAME/README

  2480.       echo "Navigate to https://$MICROBLOG_DOMAIN_NAME and you can then " >> /home/$MY_USERNAME/README

  2481.       echo 'complete the configuration via the *Admin* section on the header' >> /home/$MY_USERNAME/README

  2482.       echo 'bar.  Some recommended admin settings are:' >> /home/$MY_USERNAME/README

  2483.       echo '' >> /home/$MY_USERNAME/README

  2484.       echo 'Under the *Site* settings:' >> /home/$MY_USERNAME/README

  2485.       echo '    Text limit: 140' >> /home/$MY_USERNAME/README

  2486.       echo '    Dupe Limit: 60000' >> /home/$MY_USERNAME/README

  2487.       echo '' >> /home/$MY_USERNAME/README

  2488.       echo 'Under the *User* settings:' >> /home/$MY_USERNAME/README

  2489.       echo '    Bio limit: 1000' >> /home/$MY_USERNAME/README

  2490.       echo '' >> /home/$MY_USERNAME/README

  2491.       echo 'Under the *Access* settings:' >> /home/$MY_USERNAME/README

  2492.       echo '    /Invite only/ ticked' >> /home/$MY_USERNAME/README

  2493.       echo '' >> /home/$MY_USERNAME/README

  2494.       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  2495.   fi

  2496. 

  2497.   echo 'install_gnu_social' >> $COMPLETION_FILE

  2498. }

  2499. 

  2500. function install_redmatrix {

  2501.   if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then

  2502.       return

  2503.   fi

  2504.   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then

  2505.       return

  2506.   fi

  2507.   # if this is exclusively a writer setup

  2508.   if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then

  2509.       REDMATRIX_DOMAIN_NAME=$DOMAIN_NAME

  2510.       REDMATRIX_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE

  2511.   fi

  2512.   if [ ! $REDMATRIX_DOMAIN_NAME ]; then

  2513.       return

  2514.   fi

  2515. 

  2516.   install_mariadb

  2517.   get_mariadb_password

  2518. 

  2519.   apt-get -y --force-yes install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git git

  2520. 

  2521.   if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME ]; then

  2522.       mkdir /var/www/$REDMATRIX_DOMAIN_NAME

  2523.   fi

  2524.   if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs ]; then

  2525.       mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs

  2526.   fi

  2527. 

  2528.   if [ ! -f /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/index.php ]; then

  2529.       cd $INSTALL_DIR

  2530.       git clone $REDMATRIX_REPO redmatrix

  2531. 

  2532.       rm -rf /var/www/$REDMATRIX_DOMAIN_NAME/htdocs

  2533.       mv redmatrix /var/www/$REDMATRIX_DOMAIN_NAME/htdocs

  2534.       chown -R www-data:www-data /var/www/$REDMATRIX_DOMAIN_NAME/htdocs

  2535.       git clone $REDMATRIX_ADDONS_REPO /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/addon

  2536.   fi

  2537. 

  2538.   get_mariadb_redmatrix_admin_password

  2539.   if [ ! $REDMATRIX_ADMIN_PASSWORD ]; then

  2540.       REDMATRIX_ADMIN_PASSWORD=$(openssl rand -base64 32)

  2541.       echo '' >> /home/$MY_USERNAME/README

  2542.       echo "Your MariaDB Red Matrix admin password is: $REDMATRIX_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README

  2543.       echo '' >> /home/$MY_USERNAME/README

  2544.       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  2545.   fi

  2546. 

  2547.   echo "create database redmatrix;

  2548. CREATE USER 'redmatrixadmin'@'localhost' IDENTIFIED BY '$REDMATRIX_ADMIN_PASSWORD';

  2549. GRANT ALL PRIVILEGES ON redmatrix.* TO 'redmatrixadmin'@'localhost';

  2550. quit" > $INSTALL_DIR/batch.sql

  2551.   chmod 600 $INSTALL_DIR/batch.sql

  2552.   mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql

  2553.   shred -zu $INSTALL_DIR/batch.sql

  2554. 

  2555.   if ! grep -q "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs" /etc/crontab; then

  2556.       echo "12,22,32,42,52 * *   *   *   root cd /var/www/$REDMATRIX_DOMAIN_NAME/htdocs; /usr/bin/timeout 240 /usr/bin/php include/poller.php" >> /etc/crontab

  2557.   fi

  2558. 

  2559.   # update the dynamic DNS

  2560.   if [ $REDMATRIX_FREEDNS_SUBDOMAIN_CODE ]; then

  2561.       if [[ $REDMATRIX_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ]]; then

  2562.           if ! grep -q "$REDMATRIX_DOMAIN_NAME" /usr/bin/dynamicdns; then

  2563.               echo "# $REDMATRIX_DOMAIN_NAME" >> /usr/bin/dynamicdns

  2564.               echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$REDMATRIX_FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns

  2565.           fi

  2566.       fi

  2567.   else

  2568.       echo 'WARNING: No freeDNS code given for Red Matrix. It is assumed that you are using some other dynamic DNS provider.'

  2569.   fi

  2570. 

  2571.   echo 'server {' > /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2572.   echo '    listen 80;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2573.   echo "    server_name $REDMATRIX_DOMAIN_NAME;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2574.   echo "    root /var/www/$REDMATRIX_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2575.   echo "    error_log /var/www/$REDMATRIX_DOMAIN_NAME/error.log;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2576.   echo '    index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2577.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2578.   echo '    rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2579.   echo '}' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2580.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2581.   echo 'server {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2582.   echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2583.   echo "    root /var/www/$REDMATRIX_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2584.   echo "    server_name $REDMATRIX_DOMAIN_NAME;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2585.   echo "    error_log /var/www/$REDMATRIX_DOMAIN_NAME/error_ssl.log;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2586.   echo '    index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2587.   echo '    charset utf-8;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2588.   echo '    client_max_body_size 20m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2589.   echo '    client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2590.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2591.   echo '    ssl on;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2592.   echo "    ssl_certificate /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2593.   echo "    ssl_certificate_key /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2594.   echo "    ssl_dhparam /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2595.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2596.   echo '    ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2597.   echo '    ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2598.   echo '    ssl_session_cache  builtin:1000  shared:SSL:10m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2599.   echo "    ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2600.   echo "    ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2601.   echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2602.   echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2603.   echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2604.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2605.   echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2606.   echo '    location / {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2607.   echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2608.   echo '    }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2609.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2610.   echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2611.   echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2612.   echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2613.   echo '        allow all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2614.   echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2615.   echo '    }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2616.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2617.   echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2618.   echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2619.   echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2620.   echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2621.   echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2622.   echo '        expires 30d;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2623.   echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2624.   echo '    }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2625.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2626.   echo '    # block these file types' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2627.   echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2628.   echo '        deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2629.   echo '    }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2630.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2631.   echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2632.   echo '    # or a unix socket' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2633.   echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2634.   echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2635.   echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2636.   echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2637.   echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2638.   echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2639.   echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2640.   echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2641.   echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2642.   echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2643.   echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2644.   echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2645.   echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2646.   echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2647.   echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2648.   echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2649.   echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2650.   echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2651.   echo '    }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2652.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2653.   echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2654.   echo '    location ~ /\. {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2655.   echo '        deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2656.   echo '    }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2657.   echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2658.   echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2659.   echo '      deny  all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2660.   echo '    }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2661.   echo '}' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME

  2662. 

  2663.   configure_php

  2664. 

  2665.   if [ ! -f /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key ]; then

  2666.       makecert $REDMATRIX_DOMAIN_NAME

  2667.   fi

  2668. 

  2669.   if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3 ]; then

  2670.       mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3

  2671.   fi

  2672.   if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data] ]; then

  2673.       mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]

  2674.   fi

  2675.   if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3 ]; then

  2676.       mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3

  2677.       chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3

  2678.   fi

  2679.   chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl

  2680.   chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3

  2681. 

  2682.   nginx_ensite $REDMATRIX_DOMAIN_NAME

  2683.   service php5-fpm restart

  2684.   service nginx restart

  2685.   service cron restart

  2686. 

  2687.   # some post-install instructions for the user

  2688.   if ! grep -q "To set up your Red Matrix" /home/$MY_USERNAME/README; then

  2689.       echo '' >> /home/$MY_USERNAME/README

  2690.       echo "To set up your Red Matrix site go to" >> /home/$MY_USERNAME/README

  2691.       echo "https://$REDMATRIX_DOMAIN_NAME" >> /home/$MY_USERNAME/README

  2692.       echo 'You will need to have a non self-signed SSL certificate in order' >> /home/$MY_USERNAME/README

  2693.       echo "to use Red Matrix. Put the public certificate in /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt" >> /home/$MY_USERNAME/README

  2694.       echo "and the private certificate in /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key." >> /home/$MY_USERNAME/README

  2695.       echo 'If there is an intermediate certificate needed (such as with StartSSL) then' >> /home/$MY_USERNAME/README

  2696.       echo 'this will need to be concatenated onto the end of the crt file, like this:' >> /home/$MY_USERNAME/README

  2697.       echo '' >> /home/$MY_USERNAME/README

  2698.       echo "  cat /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.bundle.crt" >> /home/$MY_USERNAME/README

  2699.       echo '' >> /home/$MY_USERNAME/README

  2700.       echo "Then change ssl_certificate to /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.bundle.crt" >> /home/$MY_USERNAME/README

  2701.       echo "within /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME" >> /home/$MY_USERNAME/README

  2702.       echo '' >> /home/$MY_USERNAME/README

  2703.       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  2704.   fi

  2705. 

  2706.   echo 'install_redmatrix' >> $COMPLETION_FILE

  2707. }

  2708. 

  2709. function script_for_attaching_usb_drive {

  2710.   if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then

  2711.       return

  2712.   fi

  2713.   echo '#!/bin/bash' > /usr/bin/attach-music

  2714.   echo 'if [ -d /var/media ]; then' >> /usr/bin/attach-music

  2715.   echo '  umount /var/media' >> /usr/bin/attach-music

  2716.   echo 'fi' >> /usr/bin/attach-music

  2717.   echo 'if [ ! -d /var/media ]; then' >> /usr/bin/attach-music

  2718.   echo '  mkdir /var/media' >> /usr/bin/attach-music

  2719.   echo 'fi' >> /usr/bin/attach-music

  2720.   echo 'mount /dev/sda1 /var/media' >> /usr/bin/attach-music

  2721.   echo 'chown root:root /var/media' >> /usr/bin/attach-music

  2722.   echo 'chown -R minidlna:minidlna /var/media/*' >> /usr/bin/attach-music

  2723.   echo 'minidlnad -R' >> /usr/bin/attach-music

  2724.   chmod +x /usr/bin/attach-music

  2725.   ln -s /usr/bin/attach-music /usr/bin/attach-usb

  2726.   ln -s /usr/bin/attach-music /usr/bin/attach-videos

  2727.   ln -s /usr/bin/attach-music /usr/bin/attach-pictures

  2728.   ln -s /usr/bin/attach-music /usr/bin/attach-media

  2729.   echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE

  2730. }

  2731. 

  2732. function install_dlna_server {

  2733.   if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then

  2734.       return

  2735.   fi

  2736.   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then

  2737.       return

  2738.   fi

  2739.   apt-get -y --force-yes install minidlna

  2740.   sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf

  2741.   if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then

  2742.     echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf

  2743.   fi

  2744.   if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then

  2745. 	  echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf

  2746.   fi

  2747.   if ! grep -q "/var/media/Music" /etc/minidlna.conf; then

  2748. 	  echo "media_dir=A,/var/media/Music" >> /etc/minidlna.conf

  2749.   fi

  2750.   if ! grep -q "/var/media/Pictures" /etc/minidlna.conf; then

  2751. 	  echo "media_dir=P,/var/media/Pictures" >> /etc/minidlna.conf

  2752.   fi

  2753.   if ! grep -q "/var/media/Videos" /etc/minidlna.conf; then

  2754. 	  echo "media_dir=V,/var/media/Videos" >> /etc/minidlna.conf

  2755.   fi

  2756.   sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf

  2757.   sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf

  2758.   sed -i 's/#friendly_name=/friendly_name="Freedombone Media"/g' /etc/minidlna.conf

  2759.   sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf

  2760.   sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf

  2761.   sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf

  2762.   service minidlna force-reload

  2763.   service minidlna reload

  2764. 

  2765.   echo 'install_dlna_server' >> $COMPLETION_FILE

  2766. }

  2767. 

  2768. function install_mediagoblin {

  2769.   # These instructions don't work and need fixing

  2770.   return

  2771.   if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then

  2772.       return

  2773.   fi

  2774.   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then

  2775.       return

  2776.   fi

  2777.   # if this is exclusively a writer setup

  2778.   if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then

  2779.       MEDIAGOBLIN_DOMAIN_NAME=$DOMAIN_NAME

  2780.       MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE

  2781.   fi

  2782.   if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then

  2783.       return

  2784.   fi

  2785.   apt-get -y --force-yes install git-core python python-dev python-lxml python-imaging python-virtualenv

  2786.   apt-get -y --force-yes install python-gst-1.0 libjpeg8-dev sqlite3 libapache2-mod-fcgid gstreamer1.0-plugins-base gstreamer1.0-plugins-bad gstreamer1.0-plugins-good gstreamer1.0-plugins-ugly gstreamer1.0-libav python-numpy python-scipy libsndfile1-dev

  2787.   apt-get -y --force-yes install postgresql postgresql-client python-psycopg2 python-pip autotools-dev automake

  2788. 

  2789.   sudo -u postgres createuser -A -D mediagoblin

  2790.   sudo -u postgres createdb -E UNICODE -O mediagoblin mediagoblin

  2791. 

  2792.   adduser --system mediagoblin

  2793. 

  2794.   MEDIAGOBLIN_DOMAIN_ROOT="/srv/$MEDIAGOBLIN_DOMAIN_NAME"

  2795.   MEDIAGOBLIN_PATH="$MEDIAGOBLIN_DOMAIN_ROOT/mediagoblin"

  2796.   MEDIAGOBLIN_PATH_BIN="$MEDIAGOBLIN_PATH/mediagoblin/bin"

  2797. 

  2798.   if [ ! -d $MEDIAGOBLIN_DOMAIN_ROOT ]; then

  2799.       mkdir -p $MEDIAGOBLIN_DOMAIN_ROOT

  2800.   fi

  2801.   cd $MEDIAGOBLIN_DOMAIN_ROOT

  2802.   chown -hR mediagoblin: $MEDIAGOBLIN_DOMAIN_ROOT

  2803.   su -c "cd $MEDIAGOBLIN_DOMAIN_ROOT; git clone git://gitorious.org/mediagoblin/mediagoblin.git" - mediagoblin

  2804.   su -c "cd $MEDIAGOBLIN_PATH; git submodule init" - mediagoblin

  2805.   su -c "cd $MEDIAGOBLIN_PATH; git submodule update" - mediagoblin

  2806. 

  2807.   #su -c 'cd $MEDIAGOBLIN_PATH; ./experimental-bootstrap.sh' - mediagoblin

  2808.   #su -c 'cd $MEDIAGOBLIN_PATH; ./configure' - mediagoblin

  2809.   #su -c 'cd $MEDIAGOBLIN_PATH; make' - mediagoblin

  2810. 

  2811.   su -c "cd $MEDIAGOBLIN_PATH; virtualenv --system-site-packages ." - mediagoblin

  2812.   su -c "cd $MEDIAGOBLIN_PATH_BIN; python setup.py develop" - mediagoblin

  2813. 

  2814.   su -c "cp $MEDIAGOBLIN_PATH/mediagoblin.ini $MEDIAGOBLIN_PATH/mediagoblin_local.ini" - mediagoblin

  2815.   su -c "cp $MEDIAGOBLIN_PATH/paste.ini $MEDIAGOBLIN_PATH/paste_local.ini" - mediagoblin

  2816. 

  2817.   # update the dynamic DNS

  2818.   if [ $MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE ]; then

  2819.       if [[ $MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ]]; then

  2820.           if ! grep -q "$MEDIAGOBLIN_DOMAIN_NAME" /usr/bin/dynamicdns; then

  2821.               echo "# $MEDIAGOBLIN_DOMAIN_NAME" >> /usr/bin/dynamicdns

  2822.               echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns

  2823.           fi

  2824.       fi

  2825.   else

  2826.       echo 'WARNING: No freeDNS subdomain code given for mediagoblin. It is assumed that you are using some other dynamic DNS provider.'

  2827.   fi

  2828. 

  2829.   # see https://wiki.mediagoblin.org/Deployment / uwsgi with configs

  2830.   apt-get -y --force-yes install uwsgi uwsgi-plugin-python nginx-full supervisor

  2831. 

  2832.   echo 'server {' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2833.   echo '        include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2834.   echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2835.   echo '        autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2836.   echo '        default_type  application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2837.   echo '        sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2838.   echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2839.   echo '        # Gzip' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2840.   echo '        gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2841.   echo '        gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2842.   echo '        gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2843.   echo '        gzip_types text/plain text/html application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2844.   echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2845.   echo "        server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2846.   echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2847.   echo '        access_log /var/log/nginx/mg.access.log;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2848.   echo '        error_log /var/log/nginx/mg.error.log error;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2849.   echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2850.   echo '        #include global/common.conf;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2851.   echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2852.   echo '        client_max_body_size 100m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2853.   echo '        add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2854.   echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2855.   echo "        root $MEDIAGOBLIN_PATH/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2856.   echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2857.   echo '        location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2858.   echo "                alias $MEDIAGOBLIN_PATH/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2859.   echo '        }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2860.   echo '        location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2861.   echo "                alias $MEDIAGOBL_PATH/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2862.   echo '        }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2863.   echo '        location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2864.   echo '        }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2865.   echo '        location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2866.   echo '        }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2867.   echo '        location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2868.   echo '                uwsgi_pass unix:///tmp/mg.uwsgi.sock;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2869.   echo '                uwsgi_param SCRIPT_NAME "/";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2870.   echo '                include uwsgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2871.   echo '        }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2872.   echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

  2873. 

  2874.   echo 'uwsgi:' > /etc/uwsgi/apps-available/mg.yaml

  2875.   echo ' uid: mediagoblin' >> /etc/uwsgi/apps-available/mg.yaml

  2876.   echo ' gid: mediagoblin' >> /etc/uwsgi/apps-available/mg.yaml

  2877.   echo ' socket: /tmp/mg.uwsgi.sock' >> /etc/uwsgi/apps-available/mg.yaml

  2878.   echo ' chown-socket: www-data:www-data' >> /etc/uwsgi/apps-available/mg.yaml

  2879.   echo ' plugins: python' >> /etc/uwsgi/apps-available/mg.yaml

  2880.   echo " home: $MEDIAGOBLIN_PATH/" >> /etc/uwsgi/apps-available/mg.yaml

  2881.   echo " chdir: $MEDIAGOBLIN_PATH/" >> /etc/uwsgi/apps-available/mg.yaml

  2882.   echo " ini-paste: $MEDIAGOBLIN_PATH/paste_local.ini" >> /etc/uwsgi/apps-available/mg.yaml

  2883. 

  2884.   echo '[program:celery]' > /etc/supervisor/conf.d/mediagoblin.conf

  2885.   echo "command=$MEDIAGOBLIN_PATH_BIN/celery worker -l debug" >> /etc/supervisor/conf.d/mediagoblin.conf

  2886.   echo '' >> /etc/supervisor/conf.d/mediagoblin.conf

  2887.   echo '; Set PYTHONPATH to the directory containing celeryconfig.py' >> /etc/supervisor/conf.d/mediagoblin.conf

  2888.   echo "environment=PYTHONPATH='$MEDIAGOBLIN_PATH',MEDIAGOBLIN_CONFIG='$MEDIAGOBLIN_PATH/mediagoblin_local.ini',CELERY_CONFIG_MODULE='mediagoblin.init.celery.from_celery'" >> /etc/supervisor/conf.d/mediagoblin.conf

  2889.   echo '' >> /etc/supervisor/conf.d/mediagoblin.conf

  2890.   echo "directory=$MEDIAGOBLIN_PATH/" >> /etc/supervisor/conf.d/mediagoblin.conf

  2891.   echo 'user=mediagoblin' >> /etc/supervisor/conf.d/mediagoblin.conf

  2892.   echo 'numprocs=1' >> /etc/supervisor/conf.d/mediagoblin.conf

  2893.   echo '; uncomment below to enable logs saving' >> /etc/supervisor/conf.d/mediagoblin.conf

  2894.   echo ";stdout_logfile=/var/log/nginx/celeryd_stdout.log" >> /etc/supervisor/conf.d/mediagoblin.conf

  2895.   echo ";stderr_logfile=/var/log/nginx/celeryd_stderr.log" >> /etc/supervisor/conf.d/mediagoblin.conf

  2896.   echo 'autostart=true' >> /etc/supervisor/conf.d/mediagoblin.conf

  2897.   echo 'autorestart=false' >> /etc/supervisor/conf.d/mediagoblin.conf

  2898.   echo 'startsecs=10' >> /etc/supervisor/conf.d/mediagoblin.conf

  2899.   echo '' >> /etc/supervisor/conf.d/mediagoblin.conf

  2900.   echo '; Need to wait for currently executing tasks to finish at shutdown.' >> /etc/supervisor/conf.d/mediagoblin.conf

  2901.   echo '; Increase this if you have very long running tasks.' >> /etc/supervisor/conf.d/mediagoblin.conf

  2902.   echo 'stopwaitsecs = 600' >> /etc/supervisor/conf.d/mediagoblin.conf

  2903. 

  2904.   ln -s /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME /etc/nginx/sites-enabled/

  2905.   ln -s /etc/uwsgi/apps-available/mg.yaml /etc/uwsgi/apps-enabled/

  2906. 

  2907.   # change settings

  2908.   sed -i "s/notice@mediagoblin.example.org/$MY_USERNAME@$DOMAIN_NAME/g" $MEDIAGOBLIN_PATH/mediagoblin_local.ini

  2909.   sed -i 's/email_debug_mode = true/email_debug_mode = false/g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini

  2910.   sed -i 's|# sql_engine = postgresql:///mediagoblin|sql_engine = postgresql:///mediagoblin|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini

  2911. 

  2912.   # add extra media types

  2913.   if grep -q "media_types.audio" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then

  2914.       echo '[[mediagoblin.media_types.audio]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini

  2915.   fi

  2916.   if grep -q "media_types.video" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then

  2917.       echo '[[mediagoblin.media_types.video]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini

  2918.   fi

  2919.   if grep -q "media_types.stl" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then

  2920.       echo '[[mediagoblin.media_types.stl]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini

  2921.   fi

  2922. 

  2923.   su -c "cd $MEDIAGOBLIN_PATH_BIN; pip install scikits.audiolab" - mediagoblin

  2924.   su -c "cd $MEDIAGOBLIN_PATH_BIN; gmg dbupdate" - mediagoblin

  2925. 

  2926.   # systemd init scripts

  2927. 

  2928.   echo '[Unit]' > /etc/systemd/system/gmg.service

  2929.   echo 'Description=Mediagoblin' >> /etc/systemd/system/gmg.service

  2930.   echo '' >> /etc/systemd/system/gmg.service

  2931.   echo '[Service]' >> /etc/systemd/system/gmg.service

  2932.   echo 'Type=forking' >> /etc/systemd/system/gmg.service

  2933.   echo 'User=mediagoblin' >> /etc/systemd/system/gmg.service

  2934.   echo 'Group=mediagoblin' >> /etc/systemd/system/gmg.service

  2935.   echo '#Environment=CELERY_ALWAYS_EAGER=true' >> /etc/systemd/system/gmg.service

  2936.   echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/gmg.service

  2937.   echo "WorkingDirectory=$MEDIAGOBLIN_PATH" >> /etc/systemd/system/gmg.service

  2938.   echo "ExecStart=$MEDIAGOBLIN_PATH_BIN/paster serve $MEDIAGOBLIN_PATH/paste_local.ini --pid-file=/var/run/mediagoblin/paster.pid --log-file=/var/log/nginx/mediagoblin_paster.log --daemon --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543" >> /etc/systemd/system/gmg.service

  2939.   echo "ExecStop=$MEDIAGOBLIN_PATH_BIN/paster serve --pid-file=/var/run/mediagoblin/paster.pid $MEDIAGOBLIN_PATH/paste_local.ini stop" >> /etc/systemd/system/gmg.service

  2940.   echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/gmg.service

  2941.   echo '' >> /etc/systemd/system/gmg.service

  2942.   echo '[Install]' >> /etc/systemd/system/gmg.service

  2943.   echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gmg.service

  2944. 

  2945. 

  2946.   echo '[Unit]' > /etc/systemd/system/gmg-celeryd.service

  2947.   echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/gmg-celeryd.service

  2948.   echo '' >> /etc/systemd/system/gmg-celeryd.service

  2949.   echo '[Service]' >> /etc/systemd/system/gmg-celeryd.service

  2950.   echo 'User=mediagoblin' >> /etc/systemd/system/gmg-celeryd.service

  2951.   echo 'Group=mediagoblin' >> /etc/systemd/system/gmg-celeryd.service

  2952.   echo 'Type=simple' >> /etc/systemd/system/gmg-celeryd.service

  2953.   echo "WorkingDirectory=$MEDIAGOBLIN_PATH" >> /etc/systemd/system/gmg-celeryd.service

  2954.   echo "Environment='MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_PATH/mediagoblin_local.ini' CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery" >> /etc/systemd/system/gmg-celeryd.service

  2955.   echo "ExecStart=$MEDIAGOBLIN_PATH_BIN/celeryd" >> /etc/systemd/system/gmg-celeryd.service

  2956.   echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/gmg-celeryd.service

  2957.   echo '' >> /etc/systemd/system/gmg-celeryd.service

  2958.   echo '[Install]' >> /etc/systemd/system/gmg-celeryd.service

  2959.   echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gmg-celeryd.service

  2960. 

  2961.   systemctl start gmg.service

  2962.   systemctl start gmg-celeryd.service

  2963. 

  2964.   echo 'install_mediagoblin' >> $COMPLETION_FILE

  2965. }

  2966. 

  2967. function install_final {

  2968.   if grep -Fxq "install_final" $COMPLETION_FILE; then

  2969.       return

  2970.   fi

  2971.   # unmount any attached usb drive

  2972.   if [ -d /media/usb ]; then

  2973.       umount /media/usb

  2974.       rm -rf /media/usb

  2975.   fi

  2976.   apt-get -y --force-yes autoremove

  2977.   echo 'install_final' >> $COMPLETION_FILE

  2978.   echo ''

  2979.   echo '  *** Freedombone installation is complete. Rebooting... ***'

  2980.   echo ''

  2981.   if [ -f "/home/$MY_USERNAME/README" ]; then

  2982.       echo "See /home/$MY_USERNAME/README for post-installation instructions."

  2983.       echo ''

  2984.   fi

  2985.   reboot

  2986. }

  2987. 

  2988. argument_checks

  2989. configure_firewall

  2990. configure_firewall_for_ssh

  2991. configure_firewall_for_dns

  2992. configure_firewall_for_ftp

  2993. configure_firewall_for_web_access

  2994. remove_proprietary_repos

  2995. change_debian_repos

  2996. enable_backports

  2997. configure_dns

  2998. initial_setup

  2999. install_editor

  3000. change_login_message

  3001. update_the_kernel

  3002. enable_zram

  3003. random_number_generator

  3004. set_your_domain_name

  3005. time_synchronisation

  3006. configure_internet_protocol

  3007. configure_ssh

  3008. search_for_attached_usb_drive

  3009. regenerate_ssh_keys

  3010. script_to_make_self_signed_certificates

  3011. configure_email

  3012. #spam_filtering

  3013. configure_imap

  3014. configure_gpg

  3015. email_client

  3016. configure_firewall_for_email

  3017. folders_for_mailing_lists

  3018. folders_for_email_addresses

  3019. dynamic_dns_freedns

  3020. #create_private_mailing_list

  3021. import_email

  3022. script_for_attaching_usb_drive

  3023. install_web_server

  3024. configure_firewall_for_web_server

  3025. install_owncloud

  3026. install_xmpp

  3027. configure_firewall_for_xmpp

  3028. install_irc_server

  3029. configure_firewall_for_irc

  3030. install_wiki

  3031. install_blog

  3032. install_gnu_social

  3033. install_redmatrix

  3034. install_dlna_server

  3035. install_mediagoblin

  3036. install_final

  3037. echo 'Freedombone installation is complete'

  3038. exit 0